Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
bv2DbIiZeK.exe

Overview

General Information

Sample name:bv2DbIiZeK.exe
renamed because original name is a hash value
Original sample name:f33a0556ba844ec2745fceff565bdacaf0b26412b940dbf19b4ca97013057842.exe
Analysis ID:1556368
MD5:5526f8b855b92a67fbdfa72a46efbe28
SHA1:593100b5694703f31613adbc6f8ccecfc1950a45
SHA256:f33a0556ba844ec2745fceff565bdacaf0b26412b940dbf19b4ca97013057842
Tags:45-130-145-152exeuser-JAMESWT_MHT
Infos:

Detection

CredGrabber, Meduza Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected CredGrabber
Yara detected Meduza Stealer
AI detected suspicious sample
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Suricata IDS alerts with low severity for network traffic
Terminates after testing mutex exists (may check infected machine status)
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • bv2DbIiZeK.exe (PID: 592 cmdline: "C:\Users\user\Desktop\bv2DbIiZeK.exe" MD5: 5526F8B855B92A67FBDFA72A46EFBE28)
  • cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "45.130.145.152", "anti_vm": false, "anti_dbg": false, "port": 15666, "build_name": "Seo", "self_destruct": false, "extensions": ".txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite", "links": "", "grabber_max_size": 4194304}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
    Process Memory Space: bv2DbIiZeK.exe PID: 592JoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
      Process Memory Space: bv2DbIiZeK.exe PID: 592JoeSecurity_CredGrabberYara detected CredGrabberJoe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.bv2DbIiZeK.exe.1ef42620000.0.raw.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
          0.2.bv2DbIiZeK.exe.1ef42620000.0.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-15T10:28:47.646469+010020494411A Network Trojan was detected192.168.2.64970945.130.145.15215666TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-15T10:28:47.646469+010020508061A Network Trojan was detected192.168.2.64970945.130.145.15215666TCP
            2024-11-15T10:28:47.651707+010020508061A Network Trojan was detected192.168.2.64970945.130.145.15215666TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-15T10:28:47.646469+010020508071A Network Trojan was detected192.168.2.64970945.130.145.15215666TCP
            2024-11-15T10:28:47.651707+010020508071A Network Trojan was detected192.168.2.64970945.130.145.15215666TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: 0.2.bv2DbIiZeK.exe.1ef42620000.0.unpackMalware Configuration Extractor: Meduza Stealer {"C2 url": "45.130.145.152", "anti_vm": false, "anti_dbg": false, "port": 15666, "build_name": "Seo", "self_destruct": false, "extensions": ".txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite", "links": "", "grabber_max_size": 4194304}
            Multi AV Scanner detection for submitted file
            Source: bv2DbIiZeK.exeReversingLabs: Detection: 50%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426916A0 CryptUnprotectData,LocalFree,0_2_000001EF426916A0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF42657C80 CryptUnprotectData,LocalFree,0_2_000001EF42657C80
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426F8060 CryptUnprotectData,CompareStringEx,ExitProcess,0_2_000001EF426F8060
            Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.6:49710 version: TLS 1.2
            Source: bv2DbIiZeK.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426DBA38 FindClose,FindFirstFileExW,GetLastError,0_2_000001EF426DBA38
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426DBAE8 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_000001EF426DBAE8
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426F80C8 FindFirstFileW,ExitProcess,0_2_000001EF426F80C8
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426AA4B0 GetLogicalDriveStringsW,0_2_000001EF426AA4B0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: D:\sources\migration\Jump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: D:\sources\migration\wtr\Jump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.6:49709 -> 45.130.145.152:15666
            Source: Network trafficSuricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.6:49709 -> 45.130.145.152:15666
            Source: global trafficTCP traffic: 192.168.2.6:49709 -> 45.130.145.152:15666
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
            Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
            Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
            Source: Joe Sandbox ViewIP Address: 45.130.145.152 45.130.145.152
            Source: Joe Sandbox ViewASN Name: ASBAXETNRU ASBAXETNRU
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: unknownDNS query: name: api.ipify.org
            Source: unknownDNS query: name: api.ipify.org
            Source: Network trafficSuricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.6:49709 -> 45.130.145.152:15666
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426A7BC0 recv,recv,closesocket,WSACleanup,0_2_000001EF426A7BC0
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
            Source: global trafficDNS traffic detected: DNS query: api.ipify.org
            Source: bv2DbIiZeK.exe, 00000000.00000003.2255833247.000001EF431A0000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2255979771.000001EF431A4000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2255867429.000001EF431A0000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2162129451.000001EF43191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.microsoft.t/Regi
            Source: bv2DbIiZeK.exe, 00000000.00000003.2164391354.000001EF40965000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: bv2DbIiZeK.exe, 00000000.00000002.2258031248.000001EF42240000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2256533387.000001EF4223F000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2256470694.000001EF4223D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
            Source: bv2DbIiZeK.exe, 00000000.00000003.2163157026.000001EF4229D000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000002.2258031248.000001EF42240000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2256533387.000001EF4223F000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2256470694.000001EF4223D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
            Source: bv2DbIiZeK.exe, 00000000.00000003.2178075673.000001EF40984000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2177238718.000001EF40983000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2178497787.000001EF422C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
            Source: bv2DbIiZeK.exe, 00000000.00000003.2179424239.000001EF40983000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2177238718.000001EF40983000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2178497787.000001EF422C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
            Source: bv2DbIiZeK.exe, 00000000.00000003.2164391354.000001EF40965000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: bv2DbIiZeK.exe, 00000000.00000003.2164391354.000001EF40965000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: bv2DbIiZeK.exe, 00000000.00000003.2164391354.000001EF40965000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: bv2DbIiZeK.exe, 00000000.00000003.2178075673.000001EF409AA000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2178075673.000001EF40984000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2177238718.000001EF40983000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2178497787.000001EF422C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
            Source: bv2DbIiZeK.exe, 00000000.00000003.2179424239.000001EF40983000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2177238718.000001EF40983000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2178497787.000001EF422C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
            Source: bv2DbIiZeK.exe, 00000000.00000003.2164391354.000001EF40965000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: bv2DbIiZeK.exe, 00000000.00000003.2164391354.000001EF40965000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: bv2DbIiZeK.exe, 00000000.00000003.2164391354.000001EF40965000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: bv2DbIiZeK.exe, 00000000.00000003.2178497787.000001EF422C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
            Source: bv2DbIiZeK.exe, 00000000.00000003.2171788991.000001EF42DF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
            Source: bv2DbIiZeK.exe, 00000000.00000003.2169041009.000001EF42480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
            Source: bv2DbIiZeK.exe, 00000000.00000003.2169041009.000001EF42480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
            Source: bv2DbIiZeK.exe, 00000000.00000003.2171788991.000001EF42E04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
            Source: bv2DbIiZeK.exe, 00000000.00000003.2179424239.000001EF40983000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2177238718.000001EF40983000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2178497787.000001EF422C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
            Source: bv2DbIiZeK.exe, 00000000.00000003.2164391354.000001EF40965000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: bv2DbIiZeK.exe, 00000000.00000003.2164391354.000001EF40965000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: bv2DbIiZeK.exe, 00000000.00000003.2172984663.000001EF438FF000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2171788991.000001EF42DFC000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2169911837.000001EF42314000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2169041009.000001EF42539000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2171500000.000001EF42590000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
            Source: bv2DbIiZeK.exe, 00000000.00000003.2171788991.000001EF42DF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org#
            Source: bv2DbIiZeK.exe, 00000000.00000003.2169041009.000001EF42480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
            Source: bv2DbIiZeK.exe, 00000000.00000003.2169041009.000001EF42480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
            Source: bv2DbIiZeK.exe, 00000000.00000003.2169041009.000001EF42480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
            Source: bv2DbIiZeK.exe, 00000000.00000003.2178075673.000001EF40984000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2177238718.000001EF40983000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2178497787.000001EF422C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
            Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
            Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.6:49710 version: TLS 1.2
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426A8CC0 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,GetObjectW,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,DeleteObject,EnterCriticalSection,EnterCriticalSection,GdiplusShutdown,LeaveCriticalSection,LeaveCriticalSection,0_2_000001EF426A8CC0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426AD700 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,0_2_000001EF426AD700
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426F86D8 NtQueryObject,CoInitializeEx,0_2_000001EF426F86D8
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426F86B8 NtAllocateVirtualMemory,LdrEnumerateLoadedModules,0_2_000001EF426F86B8
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426F86B0 RtlInitUnicodeString,NtAllocateVirtualMemory,CoInitializeEx,0_2_000001EF426F86B0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426F86A8 NtQuerySystemInformation,0_2_000001EF426F86A8
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426ACFC0 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,NtDuplicateObject,GetCurrentProcess,NtDuplicateObject,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,0_2_000001EF426ACFC0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABA2C60 NtQueryVirtualMemory,NtProtectVirtualMemory,0_2_00007FF64ABA2C60
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426C96B80_2_000001EF426C96B8
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426AA7600_2_000001EF426AA760
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426B04400_2_000001EF426B0440
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426AB4100_2_000001EF426AB410
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4267E4E00_2_000001EF4267E4E0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4265D5100_2_000001EF4265D510
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4267B5BD0_2_000001EF4267B5BD
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4265E5A00_2_000001EF4265E5A0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF42681A800_2_000001EF42681A80
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426AFA580_2_000001EF426AFA58
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426B1B000_2_000001EF426B1B00
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426DBAE80_2_000001EF426DBAE8
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF42650BD00_2_000001EF42650BD0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426A7BC00_2_000001EF426A7BC0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426A18D00_2_000001EF426A18D0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426A99600_2_000001EF426A9960
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4265C9C00_2_000001EF4265C9C0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426C5EB40_2_000001EF426C5EB4
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4265EC500_2_000001EF4265EC50
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426A8CC00_2_000001EF426A8CC0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426A2D100_2_000001EF426A2D10
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426512C00_2_000001EF426512C0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426A84000_2_000001EF426A8400
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426640B00_2_000001EF426640B0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426971A00_2_000001EF426971A0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426936700_2_000001EF42693670
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426C765C0_2_000001EF426C765C
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426906160_2_000001EF42690616
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426AD7000_2_000001EF426AD700
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426467700_2_000001EF42646770
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426497600_2_000001EF42649760
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426967200_2_000001EF42696720
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426477B00_2_000001EF426477B0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426BB7B00_2_000001EF426BB7B0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426BD4740_2_000001EF426BD474
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426264800_2_000001EF42626480
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4266E4190_2_000001EF4266E419
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426DE5000_2_000001EF426DE500
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4266C4E00_2_000001EF4266C4E0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426C14C40_2_000001EF426C14C4
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426E35700_2_000001EF426E3570
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426896000_2_000001EF42689600
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426C85DC0_2_000001EF426C85DC
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4268D5900_2_000001EF4268D590
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426ADA500_2_000001EF426ADA50
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF42659A590_2_000001EF42659A59
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426BDABC0_2_000001EF426BDABC
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426C6B2C0_2_000001EF426C6B2C
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4268DBD00_2_000001EF4268DBD0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4266CB900_2_000001EF4266CB90
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426D08240_2_000001EF426D0824
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4268F8200_2_000001EF4268F820
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426518F00_2_000001EF426518F0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426269000_2_000001EF42626900
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4268D8B00_2_000001EF4268D8B0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426948A00_2_000001EF426948A0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426989800_2_000001EF42698980
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426DE9800_2_000001EF426DE980
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4267B5BD0_2_000001EF4267B5BD
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426C99340_2_000001EF426C9934
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4268FE500_2_000001EF4268FE50
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426BDE4C0_2_000001EF426BDE4C
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4267AF000_2_000001EF4267AF00
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4268DF000_2_000001EF4268DF00
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF42657ED00_2_000001EF42657ED0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4265BEE00_2_000001EF4265BEE0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426C9EBC0_2_000001EF426C9EBC
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF42676F700_2_000001EF42676F70
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426A3F800_2_000001EF426A3F80
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4268CF600_2_000001EF4268CF60
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426C6FDC0_2_000001EF426C6FDC
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4269EFD00_2_000001EF4269EFD0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF42697C200_2_000001EF42697C20
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426A0CA00_2_000001EF426A0CA0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426C7D880_2_000001EF426C7D88
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4267FD8E0_2_000001EF4267FD8E
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF42651D4E0_2_000001EF42651D4E
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4266FDF90_2_000001EF4266FDF9
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4265AE000_2_000001EF4265AE00
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426BD28C0_2_000001EF426BD28C
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4268D2600_2_000001EF4268D260
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426852200_2_000001EF42685220
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4269F3700_2_000001EF4269F370
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426BE3540_2_000001EF426BE354
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426960800_2_000001EF42696080
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426270100_2_000001EF42627010
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426A21000_2_000001EF426A2100
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426260C00_2_000001EF426260C0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426BD0A40_2_000001EF426BD0A4
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426901800_2_000001EF42690180
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426A61330_2_000001EF426A6133
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426A61230_2_000001EF426A6123
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABDAB900_2_00007FF64ABDAB90
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABB03F00_2_00007FF64ABB03F0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABBCC280_2_00007FF64ABBCC28
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABA5BF00_2_00007FF64ABA5BF0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABFBB880_2_00007FF64ABFBB88
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64AC05C4C0_2_00007FF64AC05C4C
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABF9C740_2_00007FF64ABF9C74
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABD39B00_2_00007FF64ABD39B0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABC58960_2_00007FF64ABC5896
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABCE9600_2_00007FF64ABCE960
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABC2B100_2_00007FF64ABC2B10
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABC4A800_2_00007FF64ABC4A80
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABD7A800_2_00007FF64ABD7A80
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64AC1BFF00_2_00007FF64AC1BFF0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABFA1080_2_00007FF64ABFA108
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABD8E000_2_00007FF64ABD8E00
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64AC02E100_2_00007FF64AC02E10
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABB3E200_2_00007FF64ABB3E20
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABBBF000_2_00007FF64ABBBF00
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABADED00_2_00007FF64ABADED0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABF2EE80_2_00007FF64ABF2EE8
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABC6E900_2_00007FF64ABC6E90
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABF242C0_2_00007FF64ABF242C
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABF73540_2_00007FF64ABF7354
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABC73600_2_00007FF64ABC7360
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABB45100_2_00007FF64ABB4510
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABBD4D70_2_00007FF64ABBD4D7
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABAE4500_2_00007FF64ABAE450
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABBC1E00_2_00007FF64ABBC1E0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABAF1600_2_00007FF64ABAF160
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64AC032AC0_2_00007FF64AC032AC
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABF28340_2_00007FF64ABF2834
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABC77F20_2_00007FF64ABC77F2
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABD57900_2_00007FF64ABD5790
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABFA7880_2_00007FF64ABFA788
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABF37740_2_00007FF64ABF3774
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABC28D00_2_00007FF64ABC28D0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABC78E00_2_00007FF64ABC78E0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABF26300_2_00007FF64ABF2630
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABE85E00_2_00007FF64ABE85E0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABBA5F00_2_00007FF64ABBA5F0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABAF5A00_2_00007FF64ABAF5A0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABB35500_2_00007FF64ABB3550
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABC45500_2_00007FF64ABC4550
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABAD5600_2_00007FF64ABAD560
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABBF5700_2_00007FF64ABBF570
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABC35700_2_00007FF64ABC3570
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABF55700_2_00007FF64ABF5570
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: String function: 000001EF42651D20 appears 56 times
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: String function: 000001EF4264D510 appears 52 times
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: String function: 000001EF4264FB70 appears 35 times
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: String function: 000001EF42656990 appears 41 times
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: String function: 00007FF64ABA80E0 appears 36 times
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: String function: 000001EF426B86D8 appears 36 times
            Source: classification engineClassification label: mal100.troj.spyw.winEXE@1/0@1/2
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4265E5A0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_000001EF4265E5A0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4268F820 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,SysAllocStringByteLen,SysFreeString,SysAllocStringByteLen,SysFreeString,SysStringByteLen,SysFreeString,SysFreeString,SysStringByteLen,SysFreeString,SysFreeString,0_2_000001EF4268F820
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeMutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E6963857B4EDF
            Source: bv2DbIiZeK.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: bv2DbIiZeK.exeReversingLabs: Detection: 50%
            Source: bv2DbIiZeK.exeString found in binary or memory: --help
            Source: bv2DbIiZeK.exeString found in binary or memory: --help
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: bv2DbIiZeK.exeStatic PE information: Image base 0x140000000 > 0x60000000
            Source: bv2DbIiZeK.exeStatic file information: File size 1851904 > 1048576
            Source: bv2DbIiZeK.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x137a00
            Source: bv2DbIiZeK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: bv2DbIiZeK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: bv2DbIiZeK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: bv2DbIiZeK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: bv2DbIiZeK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: bv2DbIiZeK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: bv2DbIiZeK.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Source: bv2DbIiZeK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: bv2DbIiZeK.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: bv2DbIiZeK.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: bv2DbIiZeK.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: bv2DbIiZeK.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: bv2DbIiZeK.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4265D510 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,0_2_000001EF4265D510
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4268CB00 push rsp; retf 0_2_000001EF4268CBA1
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4268CBB8 push rsp; retf 0_2_000001EF4268CBB9
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4268CBBC push rsp; retf 0_2_000001EF4268CBBD
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4268CBB0 push rsp; retf 0_2_000001EF4268CBB1
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4268CBB4 push rsp; retf 0_2_000001EF4268CBB5
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4268CBC0 push rsp; retf 0_2_000001EF4268CBC1
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4268CBC4 push rsp; retf 0_2_000001EF4268CBC5
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4268CBAC push rsp; retf 0_2_000001EF4268CBAD
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABC7C00 push rcx; iretd 0_2_00007FF64ABC7C01
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426971A0 ExitProcess,ExitProcess,OpenMutexA,ExitProcess,CreateMutexA,CreateMutexExA,ExitProcess,ReleaseMutex,CloseHandle,0_2_000001EF426971A0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-91094
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-91214
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426DBA38 FindClose,FindFirstFileExW,GetLastError,0_2_000001EF426DBA38
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426DBAE8 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_000001EF426DBAE8
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426F80C8 FindFirstFileW,ExitProcess,0_2_000001EF426F80C8
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426AA4B0 GetLogicalDriveStringsW,0_2_000001EF426AA4B0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426BFBD0 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,0_2_000001EF426BFBD0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: D:\sources\migration\Jump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: D:\sources\migration\wtr\Jump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
            Source: bv2DbIiZeK.exe, 00000000.00000003.2256256990.000001EF42244000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000002.2258061373.000001EF42246000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`c+B
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
            Source: bv2DbIiZeK.exe, 00000000.00000002.2258181340.000001EF422B5000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2163157026.000001EF422B5000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2256056883.000001EF422B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
            Source: bv2DbIiZeK.exe, 00000000.00000002.2257391727.000001EF4090B000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2256345781.000001EF4090B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft-hyper-v-client-migration-replacement.mannnt.man
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
            Source: bv2DbIiZeK.exe, 00000000.00000003.2166972667.000001EF422F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeAPI call chain: ExitProcess graph end nodegraph_0-88985
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeAPI call chain: ExitProcess graph end nodegraph_0-88982
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426AD700 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,0_2_000001EF426AD700
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426DDC60 GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_000001EF426DDC60
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426DDC60 GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_000001EF426DDC60
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF4265D510 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,0_2_000001EF4265D510
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426F82A8 SetUnhandledExceptionFilter,0_2_000001EF426F82A8
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426B83E8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_000001EF426B83E8
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64ABF5088 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF64ABF5088
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_00007FF64AC08E48 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF64AC08E48
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: GetLocaleInfoEx,FormatMessageA,0_2_000001EF426DB634
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: EnumSystemLocalesW,0_2_000001EF426CF494
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: EnumSystemLocalesW,0_2_000001EF426CF564
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: EnumSystemLocalesW,0_2_000001EF426C4518
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: GetLocaleInfoW,0_2_000001EF426C4A5C
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_000001EF426CFB7C
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_000001EF426CF9A0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_000001EF426CF148
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF64AC00C0C
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00007FF64AC00A28
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: EnumSystemLocalesW,0_2_00007FF64AC00520
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00007FF64AC001C4
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: EnumSystemLocalesW,0_2_00007FF64ABFC240
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: GetLocaleInfoW,0_2_00007FF64ABFC5D4
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: EnumSystemLocalesW,0_2_00007FF64AC005F0
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyNameJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426D5CD8 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_000001EF426D5CD8
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426A9410 GetUserNameW,0_2_000001EF426A9410
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeCode function: 0_2_000001EF426C96B8 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_000001EF426C96B8

            Stealing of Sensitive Information

            barindex
            Yara detected CredGrabber
            Source: Yara matchFile source: Process Memory Space: bv2DbIiZeK.exe PID: 592, type: MEMORYSTR
            Yara detected Meduza Stealer
            Source: Yara matchFile source: 0.2.bv2DbIiZeK.exe.1ef42620000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.bv2DbIiZeK.exe.1ef42620000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: bv2DbIiZeK.exe PID: 592, type: MEMORYSTR
            Found many strings related to Crypto-Wallets (likely being stolen)
            Source: bv2DbIiZeK.exe, 00000000.00000003.2179089816.000001EF4090B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum\wallets
            Source: bv2DbIiZeK.exe, 00000000.00000003.2179089816.000001EF4090B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\ElectronCash\configa
            Source: bv2DbIiZeK.exe, 00000000.00000003.2164711090.000001EF4092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ny1aaXAgMjMuMDEgKHg2NCkgWzIzLjAxXQpNb3ppbGxhIEZpcmVmb3ggKHg2NCBlbi1VUykgWzExOC4wLjFdCk1vemlsbGEgTWFpbnRlbmFuY2UgU2VydmljZSBbMTE4LjAuMV0KTWljcm9zb2Z0IE9mZmljZSBQcm9mZXNzaW9uYWwgUGx1cyAyMDE5IC0gZW4tdXMgWzE2LjAuMTY4MjcuMjAxMzBdCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMjIgWDY0IEFkZGl0aW9uYWwgUnVudGltZSAtIDE0LjM2LjMyNTMyIFsxNC4zNi4zMjUzMl0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBMaWNlbnNpbmcgQ29tcG9uZW50IFsxNi4wLjE2ODI3LjIwMTMwXQpPZmZpY2UgMTYgQ2xpY2stdG8tUnVuIEV4dGVuc2liaWxpdHkgQ29tcG9uZW50IDY0LWJpdCBSZWdpc3RyYXRpb24gWzE2LjAuMTY4MjcuMjAwNTZdCkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkgWzIzLjAwNi4yMDMyMF0KTWljcm9zb2Z0IFZpc3VhbCBDKysgMjAyMiBYNjQgTWluaW11bSBSdW50aW1lIC0gMTQuMzYuMzI1MzIgWzE0LjM2LjMyNTMyXQpHb29nbGUgQ2hyb21lIFsxMTcuMC41OTM4LjEzNF0KTWljcm9zb2Z0IEVkZ2UgWzExNy4wLjIwNDUuNTVdCk1pY3Jvc29mdCBFZGdlIFVwZGF0ZSBbMS4zLjE3Ny4xMV0KTWljcm9zb2Z0IEVkZ2UgV2ViVmlldzIgUnVudGltZSBbMTE3LjAuMjA0NS40N10KSmF2YSBBdXRvIFVwZGF0ZXIgWzIuOC4zODEuOV0KSmF2YSA4IFVwZGF0ZSAzODEgWzguMC4zODEwLjldCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMTUtMjAyMiBSZWRpc3RyaWJ1dGFibGUgKHg2NCkgLSAxNC4zNi4zMjUzMiBbMTQuMzYuMzI1MzIuMF0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBFeHRlbnNpYmlsaXR5IENvbXBvbmVudCBbMTYuMC4xNjgyNy4yMDEzMF0K
            Source: bv2DbIiZeK.exe, 00000000.00000003.2179089816.000001EF4090B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Exodusilla\IceCatef
            Source: bv2DbIiZeK.exe, 00000000.00000003.2179089816.000001EF4090B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binanceron
            Source: bv2DbIiZeK.exe, 00000000.00000002.2257935528.000001EF42230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
            Source: bv2DbIiZeK.exe, 00000000.00000002.2257935528.000001EF42230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
            Tries to harvest and steal Bitcoin Wallet information
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCKJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Users\user\Desktop\bv2DbIiZeK.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected CredGrabber
            Source: Yara matchFile source: Process Memory Space: bv2DbIiZeK.exe PID: 592, type: MEMORYSTR
            Yara detected Meduza Stealer
            Source: Yara matchFile source: 0.2.bv2DbIiZeK.exe.1ef42620000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.bv2DbIiZeK.exe.1ef42620000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: bv2DbIiZeK.exe PID: 592, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
            Command and Scripting Interpreter            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		1
            OS Credential Dumping            		12
            System Time Discovery            		Remote Services1
            Screen Capture            		21
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts3
            Native API            		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
            Obfuscated Files or Information            		LSASS Memory21
            Security Software Discovery            		Remote Desktop Protocol1
            Email Collection            		1
            Non-Standard Port            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
            DLL Side-Loading            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin Shares1
            Archive Collected Data            		2
            Ingress Tool Transfer            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS1
            Account Discovery            		Distributed Component Object Model2
            Data from Local System            		2
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
            System Owner/User Discovery            		SSHKeylogging3
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
            System Network Configuration Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync3
            File and Directory Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem24
            System Information Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            bv2DbIiZeK.exe50%ReversingLabsWin64.Spyware.Meduzastealer

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            api.ipify.org
            		104.26.13.205
            		truefalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://api.ipify.org/false
                		high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://ac.ecosia.org/autocomplete?q=bv2DbIiZeK.exe, 00000000.00000003.2164391354.000001EF40965000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://duckduckgo.com/chrome_newtabbv2DbIiZeK.exe, 00000000.00000003.2164391354.000001EF40965000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://api.ipify.orgbv2DbIiZeK.exe, 00000000.00000002.2258031248.000001EF42240000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2256533387.000001EF4223F000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2256470694.000001EF4223D000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://duckduckgo.com/ac/?q=bv2DbIiZeK.exe, 00000000.00000003.2164391354.000001EF40965000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://www.google.com/images/branding/product/ico/googleg_lodp.icobv2DbIiZeK.exe, 00000000.00000003.2164391354.000001EF40965000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYtbv2DbIiZeK.exe, 00000000.00000003.2171788991.000001EF42E04000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgbv2DbIiZeK.exe, 00000000.00000003.2179424239.000001EF40983000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2177238718.000001EF40983000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2178497787.000001EF422C1000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.bv2DbIiZeK.exe, 00000000.00000003.2178075673.000001EF40984000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2177238718.000001EF40983000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2178497787.000001EF422C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchbv2DbIiZeK.exe, 00000000.00000003.2164391354.000001EF40965000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYibv2DbIiZeK.exe, 00000000.00000003.2178497787.000001EF422C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3bv2DbIiZeK.exe, 00000000.00000003.2179424239.000001EF40983000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2177238718.000001EF40983000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2178497787.000001EF422C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=bv2DbIiZeK.exe, 00000000.00000003.2164391354.000001EF40965000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=bv2DbIiZeK.exe, 00000000.00000003.2164391354.000001EF40965000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://support.mozilla.orgbv2DbIiZeK.exe, 00000000.00000003.2171788991.000001EF42DF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://support.mozilla.org/products/firefoxgro.allbv2DbIiZeK.exe, 00000000.00000003.2169041009.000001EF42480000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.ecosia.org/newtab/bv2DbIiZeK.exe, 00000000.00000003.2164391354.000001EF40965000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://ns.microsoft.t/Regibv2DbIiZeK.exe, 00000000.00000003.2255833247.000001EF431A0000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2255979771.000001EF431A4000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2255867429.000001EF431A0000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2162129451.000001EF43191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpgbv2DbIiZeK.exe, 00000000.00000003.2178075673.000001EF409AA000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2178075673.000001EF40984000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2177238718.000001EF40983000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2178497787.000001EF422C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=bv2DbIiZeK.exe, 00000000.00000003.2164391354.000001EF40965000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brbv2DbIiZeK.exe, 00000000.00000003.2169041009.000001EF42480000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_bv2DbIiZeK.exe, 00000000.00000003.2178075673.000001EF40984000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2177238718.000001EF40983000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2178497787.000001EF422C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&ctabv2DbIiZeK.exe, 00000000.00000003.2179424239.000001EF40983000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2177238718.000001EF40983000.00000004.00000020.00020000.00000000.sdmp, bv2DbIiZeK.exe, 00000000.00000003.2178497787.000001EF422C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high

                                                            World Map of Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public IPs

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            104.26.13.205
                                                            		api.ipify.orgUnited States
                                                            		13335CLOUDFLARENETUSfalse
                                                            45.130.145.152
                                                            		unknownRussian Federation
                                                            		49392ASBAXETNRUtrue

                                                            General Information

                                                            Joe Sandbox version:41.0.0 Charoite
                                                            Analysis ID:1556368
                                                            Start date and time:2024-11-15 10:27:47 +01:00
                                                            Joe Sandbox product:CloudBasic
                                                            Overall analysis duration:0h 5m 50s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                            Number of analysed new started processes analysed:7
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:0
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Sample name:bv2DbIiZeK.exe
                                                            renamed because original name is a hash value
                                                            Original Sample Name:f33a0556ba844ec2745fceff565bdacaf0b26412b940dbf19b4ca97013057842.exe
                                                            Detection:MAL
                                                            Classification:mal100.troj.spyw.winEXE@1/0@1/2
                                                            EGA Information:
                                                            • Successful, ratio: 100%
                                                            HCA Information:
                                                            • Successful, ratio: 91%
                                                            • Number of executed functions: 90
                                                            • Number of non-executed functions: 104
                                                            Cookbook Comments:
                                                            • Found application associated with file extension: .exe

                                                            Warnings

                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                            • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                            • Report size exceeded maximum capacity and may have missing network information.
                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                            • VT rate limit hit for: bv2DbIiZeK.exe

                                                            Simulations

                                                            Behavior and APIs

                                                            No simulations

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            104.26.13.2052b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                            • api.ipify.org/
                                                            file.exeGet hashmaliciousUnknownBrowse
                                                            • api.ipify.org/
                                                            file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                            • api.ipify.org/
                                                            file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                            • api.ipify.org/
                                                            file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                            • api.ipify.org/
                                                            Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                                                            • api.ipify.org/
                                                            file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                            • api.ipify.org/
                                                            file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                                                            • api.ipify.org/
                                                            file.exeGet hashmaliciousUnknownBrowse
                                                            • api.ipify.org/
                                                            file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, Stealc, VidarBrowse
                                                            • api.ipify.org/
                                                            45.130.145.152YU7jHNMJjG.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                              6Ev0Nd7z2t.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                6HWYiong4s.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                  btoRtc7o3v.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                    HZ1BUCfTne.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                      kBZhM3H0Qm.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                        y2m8g4DArI.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                          seRpOAk8gH.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                            1n72lp2XjT.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                              fyL0RS744g.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse

                                                                                Domains

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                api.ipify.orgYU7jHNMJjG.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 172.67.74.152
                                                                                6Ev0Nd7z2t.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.12.205
                                                                                6HWYiong4s.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 172.67.74.152
                                                                                btoRtc7o3v.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.12.205
                                                                                HZ1BUCfTne.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 172.67.74.152
                                                                                kBZhM3H0Qm.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 172.67.74.152
                                                                                y2m8g4DArI.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.13.205
                                                                                seRpOAk8gH.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.12.205
                                                                                1n72lp2XjT.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.13.205
                                                                                fyL0RS744g.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.12.205

                                                                                ASNs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                CLOUDFLARENETUSNewVoicemail - +1 392 504 7XXX00-33Rebecca.silvaTranscript.htmlGet hashmaliciousUnknownBrowse
                                                                                • 104.16.123.96
                                                                                YU7jHNMJjG.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 172.67.74.152
                                                                                6Ev0Nd7z2t.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.12.205
                                                                                6HWYiong4s.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 172.67.74.152
                                                                                btoRtc7o3v.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.12.205
                                                                                HZ1BUCfTne.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 172.67.74.152
                                                                                kBZhM3H0Qm.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 172.67.74.152
                                                                                y2m8g4DArI.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.13.205
                                                                                seRpOAk8gH.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.12.205
                                                                                1n72lp2XjT.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.13.205
                                                                                ASBAXETNRUYU7jHNMJjG.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 45.130.145.152
                                                                                6Ev0Nd7z2t.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 45.130.145.152
                                                                                6HWYiong4s.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 45.130.145.152
                                                                                btoRtc7o3v.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 45.130.145.152
                                                                                HZ1BUCfTne.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 45.130.145.152
                                                                                kBZhM3H0Qm.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 45.130.145.152
                                                                                y2m8g4DArI.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 45.130.145.152
                                                                                seRpOAk8gH.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 45.130.145.152
                                                                                1n72lp2XjT.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 45.130.145.152
                                                                                fyL0RS744g.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 45.130.145.152

                                                                                JA3 Fingerprints

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                37f463bf4616ecd445d4a1937da06e19YU7jHNMJjG.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.13.205
                                                                                6Ev0Nd7z2t.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.13.205
                                                                                6HWYiong4s.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.13.205
                                                                                btoRtc7o3v.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.13.205
                                                                                HZ1BUCfTne.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.13.205
                                                                                kBZhM3H0Qm.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.13.205
                                                                                y2m8g4DArI.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.13.205
                                                                                seRpOAk8gH.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.13.205
                                                                                1n72lp2XjT.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.13.205
                                                                                fyL0RS744g.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                • 104.26.13.205

                                                                                Dropped Files

                                                                                No context

                                                                                Created / dropped Files

                                                                                No created / dropped files found

                                                                                Static File Info

                                                                                General

                                                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                Entropy (8bit):6.850220226960451
                                                                                TrID:
                                                                                • Win64 Executable GUI (202006/5) 92.65%
                                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                File name:bv2DbIiZeK.exe
                                                                                File size:1'851'904 bytes
                                                                                MD5:5526f8b855b92a67fbdfa72a46efbe28
                                                                                SHA1:593100b5694703f31613adbc6f8ccecfc1950a45
                                                                                SHA256:f33a0556ba844ec2745fceff565bdacaf0b26412b940dbf19b4ca97013057842
                                                                                SHA512:deb34b0a60300516dcf2806a4a9201e4205703bca27f563013c49c3a711c442f1876b719901cd2c634b0f1b9760bdba970456b852335e36dda17a81960c80b90
                                                                                SSDEEP:24576:APgPjwrmemcbk5ehMEP6h0lhSMXlzuRfqYc4w79fmCKFTN:mUNmk5ejuncdf
                                                                                TLSH:6785BF67FA4474F7E87091348CA70B57A73BB441836287DB2698662A5E537C42F3BF80
                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<...x.w.x.w.x.w.h*t.p.w.h*s.w.w.h*r.%.w.3.r...w.3.t.r.w.3.s.m.w.@.r.V.w.@.s.t.w.0+s.\.w.3.v.u.w.x.v...w.3+~.n.w.3+..y.w.3+u.y.w

                                                                                File Icon

                                                                                Icon Hash:00928e8e8686b000

                                                                                Static PE Info

                                                                                General

                                                                                Entrypoint:0x140068db8
                                                                                Entrypoint Section:.text
                                                                                Digitally signed:false
                                                                                Imagebase:0x140000000
                                                                                Subsystem:windows gui
                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                Time Stamp:0x672A2615 [Tue Nov 5 14:05:09 2024 UTC]
                                                                                TLS Callbacks:
                                                                                CLR (.Net) Version:
                                                                                OS Version Major:6
                                                                                OS Version Minor:0
                                                                                File Version Major:6
                                                                                File Version Minor:0
                                                                                Subsystem Version Major:6
                                                                                Subsystem Version Minor:0
                                                                                Import Hash:979454a65972c76dcd425798f051e66e

                                                                                Entrypoint Preview

                                                                                Instruction
                                                                                dec eax
                                                                                sub esp, 28h
                                                                                call 00007F940867103Ch
                                                                                dec eax
                                                                                add esp, 28h
                                                                                jmp 00007F94086703EFh
                                                                                int3
                                                                                int3
                                                                                dec eax
                                                                                sub esp, 28h
                                                                                dec ebp
                                                                                mov eax, dword ptr [ecx+38h]
                                                                                dec eax
                                                                                mov ecx, edx
                                                                                dec ecx
                                                                                mov edx, ecx
                                                                                call 00007F9408670582h
                                                                                mov eax, 00000001h
                                                                                dec eax
                                                                                add esp, 28h
                                                                                ret
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                inc eax
                                                                                push ebx
                                                                                inc ebp
                                                                                mov ebx, dword ptr [eax]
                                                                                dec eax
                                                                                mov ebx, edx
                                                                                inc ecx
                                                                                and ebx, FFFFFFF8h
                                                                                dec esp
                                                                                mov ecx, ecx
                                                                                inc ecx
                                                                                test byte ptr [eax], 00000004h
                                                                                dec esp
                                                                                mov edx, ecx
                                                                                je 00007F9408670585h
                                                                                inc ecx
                                                                                mov eax, dword ptr [eax+08h]
                                                                                dec ebp
                                                                                arpl word ptr [eax+04h], dx
                                                                                neg eax
                                                                                dec esp
                                                                                add edx, ecx
                                                                                dec eax
                                                                                arpl ax, cx
                                                                                dec esp
                                                                                and edx, ecx
                                                                                dec ecx
                                                                                arpl bx, ax
                                                                                dec edx
                                                                                mov edx, dword ptr [eax+edx]
                                                                                dec eax
                                                                                mov eax, dword ptr [ebx+10h]
                                                                                mov ecx, dword ptr [eax+08h]
                                                                                dec eax
                                                                                mov eax, dword ptr [ebx+08h]
                                                                                test byte ptr [ecx+eax+03h], 0000000Fh
                                                                                je 00007F940867057Dh
                                                                                movzx eax, byte ptr [ecx+eax+03h]
                                                                                and eax, FFFFFFF0h
                                                                                dec esp
                                                                                add ecx, eax
                                                                                dec esp
                                                                                xor ecx, edx
                                                                                dec ecx
                                                                                mov ecx, ecx
                                                                                pop ebx
                                                                                jmp 00007F940866FFAEh
                                                                                int3
                                                                                inc eax
                                                                                push ebx
                                                                                dec eax
                                                                                sub esp, 20h
                                                                                dec eax
                                                                                mov ebx, ecx
                                                                                xor ecx, ecx
                                                                                call dword ptr [0001B2EFh]
                                                                                dec eax
                                                                                mov ecx, ebx
                                                                                call dword ptr [0001B2DEh]
                                                                                call dword ptr [0001B228h]
                                                                                dec eax
                                                                                mov ecx, eax
                                                                                mov edx, C0000409h
                                                                                dec eax
                                                                                add esp, 20h
                                                                                pop ebx
                                                                                dec eax
                                                                                jmp dword ptr [0001B2D4h]
                                                                                dec eax
                                                                                mov dword ptr [esp+00h], ecx

                                                                                Data Directories

                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x1bad340x64.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x1c60000x1e0.rsrc
                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1c00000x582c.pdata
                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x1c70000x1ec8.reloc
                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x1af5c00x38.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x1af7800x28.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1af4800x140.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x840000x3a0.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                Sections

                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                .text0x10000x829bc0x82a00de31c101e2e12791cf5ba8d7e1f8800eFalse0.5204694976076555data6.517331379202456IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                .rdata0x840000x1379ce0x137a006874bcbb5b251e6c76eb2d50cbeeb962False0.5867068416566386OpenPGP Secret Key6.740736072260912IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .data0x1bc0000x38540x1e00ec58ecde7347958bc3316e2765de7f98False0.18411458333333333data3.7806079944399755IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                .pdata0x1c00000x582c0x5a00e918791e54d22356033ffd22c63696d7False0.48333333333333334PEX Binary Archive5.797933837224379IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .rsrc0x1c60000x1e00x200c42f687ad326746e03982f0db0a277bdFalse0.529296875data4.7137725829467545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .reloc0x1c70000x1ec80x20005c76bdd43a83c4d82f28c527b58e6952False0.652099609375data6.406061516145914IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                Resources

                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                RT_MANIFEST0x1c60600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                Imports

                                                                                DLLImport
                                                                                ntdll.dllRtlImageDirectoryEntryToData, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlCompareMemory, NtProtectVirtualMemory, RtlImageNtHeader, NtQueryVirtualMemory, RtlGetNtVersionNumbers
                                                                                KERNEL32.dllFindNextFileW, FindFirstFileExW, FindClose, VirtualFree, VirtualAlloc, GetModuleHandleW, LoadLibraryA, ReadFile, WriteFile, CreateFileW, UnmapViewOfFile, CloseHandle, CreateFileMappingW, MapViewOfFile, GetProcAddress, GetCurrentProcess, VirtualQuery, EnterCriticalSection, GetModuleFileNameW, LeaveCriticalSection, MultiByteToWideChar, ExitProcess, WideCharToMultiByte, GetTickCount, GetLastError, VirtualProtect, VirtualQueryEx, ReadProcessMemory, WriteProcessMemory, GetSystemInfo, InitializeCriticalSection, DeleteCriticalSection, SetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, GetSystemTimeAsFileTime, HeapAlloc, HeapFree, GetCurrentThreadId, GetStdHandle, GetFileType, GetStartupInfoW, RaiseException, GetCommandLineA, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, InitializeCriticalSectionAndSpinCount, FreeLibrary, LoadLibraryExW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, HeapReAlloc, HeapSize, GetCPInfo, GetStringTypeW, IsValidCodePage, GetACP, GetOEMCP, GetModuleHandleExW, GetConsoleOutputCP, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, GetProcessHeap, SetStdHandle, ReadConsoleW, FlushFileBuffers, WriteConsoleW, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, QueryPerformanceCounter, GetCurrentProcessId, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, RtlUnwind, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, QueryPerformanceFrequency, TryAcquireSRWLockExclusive, InitializeCriticalSectionEx, DecodePointer, LCMapStringEx
                                                                                USER32.dllLoadAcceleratorsA, LoadAcceleratorsW
                                                                                ADVAPI32.dllGetTokenInformation, OpenProcessToken

                                                                                Possible Origin

                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                EnglishUnited States

                                                                                Network Behavior

                                                                                Suricata IDS Alerts

                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                2024-11-15T10:28:47.646469+01002049441ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt1192.168.2.64970945.130.145.15215666TCP
                                                                                2024-11-15T10:28:47.646469+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.64970945.130.145.15215666TCP
                                                                                2024-11-15T10:28:47.646469+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.64970945.130.145.15215666TCP
                                                                                2024-11-15T10:28:47.651707+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.64970945.130.145.15215666TCP
                                                                                2024-11-15T10:28:47.651707+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.64970945.130.145.15215666TCP

                                                                                Network Port Distribution

                                                                                TCP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Nov 15, 2024 10:28:40.069421053 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:40.074704885 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:40.074934959 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:40.587131977 CET49710443192.168.2.6104.26.13.205
                                                                                Nov 15, 2024 10:28:40.587177038 CET44349710104.26.13.205192.168.2.6
                                                                                Nov 15, 2024 10:28:40.587351084 CET49710443192.168.2.6104.26.13.205
                                                                                Nov 15, 2024 10:28:40.597515106 CET49710443192.168.2.6104.26.13.205
                                                                                Nov 15, 2024 10:28:40.597560883 CET44349710104.26.13.205192.168.2.6
                                                                                Nov 15, 2024 10:28:41.216480017 CET44349710104.26.13.205192.168.2.6
                                                                                Nov 15, 2024 10:28:41.216810942 CET49710443192.168.2.6104.26.13.205
                                                                                Nov 15, 2024 10:28:41.431051016 CET49710443192.168.2.6104.26.13.205
                                                                                Nov 15, 2024 10:28:41.431077003 CET44349710104.26.13.205192.168.2.6
                                                                                Nov 15, 2024 10:28:41.432094097 CET44349710104.26.13.205192.168.2.6
                                                                                Nov 15, 2024 10:28:41.432163000 CET49710443192.168.2.6104.26.13.205
                                                                                Nov 15, 2024 10:28:41.434139013 CET49710443192.168.2.6104.26.13.205
                                                                                Nov 15, 2024 10:28:41.475339890 CET44349710104.26.13.205192.168.2.6
                                                                                Nov 15, 2024 10:28:41.605390072 CET44349710104.26.13.205192.168.2.6
                                                                                Nov 15, 2024 10:28:41.605532885 CET44349710104.26.13.205192.168.2.6
                                                                                Nov 15, 2024 10:28:41.605705976 CET49710443192.168.2.6104.26.13.205
                                                                                Nov 15, 2024 10:28:41.605706930 CET49710443192.168.2.6104.26.13.205
                                                                                Nov 15, 2024 10:28:41.623285055 CET49710443192.168.2.6104.26.13.205
                                                                                Nov 15, 2024 10:28:41.623311043 CET44349710104.26.13.205192.168.2.6
                                                                                Nov 15, 2024 10:28:47.646469116 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.651609898 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.651626110 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.651644945 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.651654005 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.651706934 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.651729107 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.651738882 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.651741028 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.651772976 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.651776075 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.651783943 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.651810884 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.651829958 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.651869059 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.651880026 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.651910067 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.656719923 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.656733036 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.656754017 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.656764030 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.656781912 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.656790972 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.656802893 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.656822920 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.656862974 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.656933069 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.656974077 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.657119036 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.657129049 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.657150030 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.657195091 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.657223940 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.661920071 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.661988974 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.661998987 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.662029028 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.662070990 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.662471056 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.662553072 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.662638903 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.662683964 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.662687063 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.662710905 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.662722111 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.662749052 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.662822962 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.662870884 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.666574955 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.666623116 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.666933060 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.666977882 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.667362928 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.667373896 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.667407990 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.667416096 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.667424917 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.667426109 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.667454004 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.667459965 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.667483091 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.667489052 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.667499065 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.667522907 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.667531013 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.667572021 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.667582989 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.667620897 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.667629004 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.667660952 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.667668104 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.667704105 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.667733908 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.667743921 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.667761087 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.667779922 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.667783022 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.667804003 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.667829990 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.667862892 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.667896986 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.667924881 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.667937040 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.667949915 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.667979956 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.667989969 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668000937 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668010950 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668030977 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668050051 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668050051 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668061972 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668092012 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668107033 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668116093 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668118000 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668140888 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668154001 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668155909 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668164968 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668194056 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668210030 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668219090 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668230057 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668250084 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668262005 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668277979 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668299913 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668342113 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668356895 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668368101 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668380976 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668389082 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668392897 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668414116 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668430090 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668467045 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668478012 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668509007 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668556929 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668566942 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668596029 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668615103 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668642044 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668675900 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668768883 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668780088 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668808937 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668812037 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668818951 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668847084 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668869019 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668896914 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668908119 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668936014 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668943882 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668955088 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668962955 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668977976 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.668978930 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668991089 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.668996096 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.669018984 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.669035912 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.669056892 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.669068098 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.669097900 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.669105053 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.669122934 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.669142962 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.669154882 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.669166088 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.669176102 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.669195890 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.669215918 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.671591997 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.671633005 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.671659946 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.671674013 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.671886921 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.671910048 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672065973 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.672286987 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672297955 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672333956 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672348022 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672370911 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.672415972 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672429085 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672445059 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.672461033 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.672476053 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.672497988 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672524929 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672544956 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.672549963 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672560930 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672565937 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.672584057 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.672600985 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.672625065 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672641039 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672668934 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.672683001 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.672694921 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672707081 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672734976 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.672755003 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.672786951 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672797918 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672841072 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.672843933 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672854900 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672885895 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.672925949 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672945023 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672970057 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.672986984 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.672988892 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673029900 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673063993 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673110962 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673145056 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673156023 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673187017 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673203945 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673204899 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673216105 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673244953 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673269033 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673295975 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673305988 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673347950 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673376083 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673404932 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673443079 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673449039 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673460960 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673465014 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673486948 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673491955 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673506975 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673530102 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673533916 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673574924 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673576117 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673585892 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673607111 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673634052 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673648119 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673660040 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673677921 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673686981 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673703909 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673719883 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673722982 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673759937 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673795938 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673806906 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673818111 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673847914 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673851967 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673871040 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673894882 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673906088 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673942089 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.673944950 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673959017 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.673985004 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.674011946 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.674016953 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674060106 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674065113 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.674072027 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674096107 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.674108028 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.674122095 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674140930 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674150944 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674168110 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.674177885 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.674177885 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674201012 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.674215078 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.674221992 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674261093 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.674318075 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674329042 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674364090 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.674474001 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674504995 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674521923 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.674540043 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.674540043 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674561024 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674582958 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.674603939 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.674643993 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674654961 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674691916 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674701929 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.674704075 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674714088 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674727917 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674738884 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.674753904 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.674772978 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.674777985 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674788952 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674824953 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674833059 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.674834967 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.674874067 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.675033092 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.675044060 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.675077915 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.675215006 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.675225019 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.675235033 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.675244093 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.675259113 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.675270081 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.675280094 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.675295115 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.675322056 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.675349951 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.675380945 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.675390005 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.675400019 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.675414085 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.675430059 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.675894022 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.675906897 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.675916910 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.675926924 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.675935984 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.675945997 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.675950050 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.675957918 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.675965071 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.675970078 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.675981045 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.675985098 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.675991058 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.676002979 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.676012039 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.676028013 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.676038980 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.676045895 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.676064968 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.676065922 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.676080942 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.676088095 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.676105976 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.676115990 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.676136017 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.676145077 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.676147938 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.676177025 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.676182032 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.676222086 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.676222086 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.676258087 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.676331997 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.676367044 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.676376104 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.676376104 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.676387072 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.676403046 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.676414967 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.676429033 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.676465988 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.676476002 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.676486015 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.676495075 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.676505089 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.676511049 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.676532030 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.676547050 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.677140951 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677155972 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677174091 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677184105 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677196026 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.677207947 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677217960 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.677221060 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677234888 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.677256107 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.677352905 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677365065 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677373886 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677383900 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677392960 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.677402020 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677413940 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677423000 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.677433968 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677444935 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677462101 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677470922 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.677472115 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677496910 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677496910 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.677511930 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677514076 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.677546024 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.677550077 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677587032 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.677589893 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677601099 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677611113 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677625895 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.677634954 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677642107 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.677648067 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677659035 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.677666903 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677675962 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.677678108 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677694082 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.677716970 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.677748919 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677768946 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677840948 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.677865028 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677910089 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.677949905 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678018093 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678030014 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678040028 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678057909 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678061962 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678069115 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678078890 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678087950 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678101063 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678112984 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678118944 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678183079 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678193092 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678205013 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678211927 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678224087 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678239107 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678248882 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678260088 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678281069 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678289890 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678297043 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678309917 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678311110 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678322077 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678328037 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678334951 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678344965 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678349018 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678369045 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678375006 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678394079 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678406954 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678415060 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678451061 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678462029 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678472996 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678483963 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678507090 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678519964 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678541899 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678553104 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678563118 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678571939 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678580999 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678586960 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678599119 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678601980 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678611994 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678626060 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678653002 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678661108 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678672075 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678706884 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678715944 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678728104 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678759098 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678765059 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678807020 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678854942 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678865910 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678869963 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678911924 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.678946018 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678956032 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678966045 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.678993940 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.679003000 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.722794056 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.723212957 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.723284006 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.723340034 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.723393917 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.723453045 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.723515987 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.723572016 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.723634958 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.723686934 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.770179033 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.770210028 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.770657063 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.770746946 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.770796061 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.770858049 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.770904064 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.770965099 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.771019936 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.771090984 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.822736025 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.822925091 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.874963045 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.875169992 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.890672922 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.891006947 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.891067028 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.891119003 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.891179085 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.891230106 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.891288996 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.891354084 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.891412973 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.891475916 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.891532898 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.891556025 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.896178007 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.896189928 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.896236897 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.896445036 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.896482944 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.896532059 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.896569014 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.896646976 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.896657944 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.896697998 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.896743059 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.896775961 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.896800041 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.896821022 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.896847010 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.896857023 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.896882057 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.896899939 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.896902084 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.896930933 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.896939993 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.896970034 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.897070885 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.897080898 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.897114992 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.897125006 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.897162914 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.897175074 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.897275925 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.897303104 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.897305012 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.897322893 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.897340059 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.897378922 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.897388935 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.897398949 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.897411108 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.897419930 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.897425890 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.897430897 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.897449970 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.897480011 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.897520065 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.897532940 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.897578955 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.897680998 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.897692919 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.897728920 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.897840023 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.897859097 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.897877932 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.897891045 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.897932053 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.897949934 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.897983074 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.897996902 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.898056984 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898066044 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898097038 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.898190975 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898200989 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898238897 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.898392916 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898401976 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898432970 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.898468018 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898494959 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898509026 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.898524046 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.898613930 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898622990 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898653030 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.898667097 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.898682117 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898690939 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898719072 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898722887 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898758888 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898783922 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898806095 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898808002 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.898817062 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898832083 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.898838043 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898854017 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.898868084 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.898883104 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.898910999 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898951054 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.898977041 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.898986101 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899003983 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899008989 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.899029970 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.899045944 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.899082899 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899092913 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899110079 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899118900 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899123907 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.899137974 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.899144888 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899161100 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.899190903 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.899243116 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899252892 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899283886 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.899333000 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899369955 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.899414062 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899450064 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899458885 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899476051 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.899492025 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.899503946 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.899673939 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899683952 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899708986 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899715900 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.899744034 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899753094 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.899785995 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.899816990 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899827003 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899857998 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.899873972 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899888039 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899913073 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899921894 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899944067 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.899946928 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899965048 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899971008 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.899991035 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.899991989 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900006056 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900023937 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900028944 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900058985 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900068045 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900072098 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900095940 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900110960 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900151014 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900161028 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900187969 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900202990 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900212049 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900222063 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900249004 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900258064 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900259018 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900293112 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900316000 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900351048 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900435925 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900445938 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900500059 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900532007 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900542974 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900573015 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900578022 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900587082 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900593042 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900614023 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900634050 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900645018 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900655031 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900686026 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900757074 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900767088 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900769949 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900779009 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900794983 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900800943 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900804043 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900820971 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900835991 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900841951 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900876999 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900878906 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900913954 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.900959015 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.900998116 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901002884 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901036978 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901058912 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901067972 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901098967 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901113033 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901169062 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901179075 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901215076 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901304007 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901320934 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901338100 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901357889 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901411057 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901443958 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901457071 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901477098 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901520967 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901540041 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901551008 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901561022 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901566982 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901572943 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901592016 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901608944 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901662111 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901698112 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901707888 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901717901 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901746988 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901757002 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901757956 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901776075 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901783943 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901793957 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901803017 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901812077 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901819944 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901834965 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901859999 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901874065 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901885033 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901904106 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901911974 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.901920080 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901945114 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.901990891 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902000904 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902009010 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902018070 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902036905 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.902051926 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.902070999 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.902089119 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902101994 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902110100 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902117968 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902127028 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.902127028 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902137041 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902146101 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.902167082 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.902189970 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.902249098 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902259111 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902267933 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902276993 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902287006 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.902306080 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.902322054 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.902339935 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902350903 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902359009 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902369022 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902380943 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902381897 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.902407885 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.902427912 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.902476072 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902487040 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902494907 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902517080 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.902530909 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.902801037 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902810097 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902841091 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.902859926 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902869940 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902880907 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902901888 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.902909994 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.902916908 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.903026104 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.903188944 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903234959 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.903338909 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903348923 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903361082 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903372049 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.903392076 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.903399944 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.903417110 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903433084 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903449059 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903464079 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.903477907 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.903505087 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.903595924 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903634071 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.903666019 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903675079 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903682947 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903691053 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903702021 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903706074 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.903724909 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.903750896 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.903810024 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903819084 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903827906 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903839111 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903844118 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.903848886 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903858900 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903865099 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.903870106 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903887033 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.903911114 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.903933048 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.903971910 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.904190063 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.904200077 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.904207945 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.904232025 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.904243946 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.904252052 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.904256105 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.904266119 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.904274940 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.904280901 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.904300928 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.904315948 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.904340029 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.904376984 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.904388905 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.904414892 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.904422998 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.904428005 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.904445887 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.904464006 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.904517889 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.904526949 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.904548883 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.904557943 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.904561043 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.904598951 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.904685020 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.904694080 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.904732943 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.905107975 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905117989 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905128956 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905137062 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905145884 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905155897 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905159950 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.905180931 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.905198097 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905206919 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905208111 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.905220985 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905235052 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905261040 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.905287981 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905297995 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905307055 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905316114 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905324936 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905324936 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.905339003 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905340910 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.905350924 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.905384064 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.905411005 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905441046 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905452013 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.905493975 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.905543089 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905551910 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905577898 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.905596018 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.905635118 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905669928 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.905713081 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905750990 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.905762911 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.905797958 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905833006 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905848980 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905850887 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.905859947 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905862093 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.905869961 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905879021 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905891895 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.905960083 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.905965090 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905977011 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905986071 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.905996084 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906018019 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906039000 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906043053 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906054020 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906064034 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906073093 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906080961 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906084061 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906102896 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906105042 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906115055 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906124115 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906127930 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906147957 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906169891 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906176090 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906186104 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906194925 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906203032 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906212091 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906232119 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906243086 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906336069 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906347036 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906356096 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906363964 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906389952 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906407118 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906450033 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906459093 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906467915 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906476021 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906490088 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906522036 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906569004 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906622887 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906781912 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906793118 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906800985 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906810045 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906825066 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906851053 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906857967 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906868935 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906883001 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906892061 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906899929 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906903982 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906909943 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906915903 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906938076 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906955957 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.906968117 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906982899 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.906991959 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907001972 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907006979 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907011986 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907030106 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907048941 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907131910 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907141924 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907150030 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907157898 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907179117 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907196999 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907208920 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907217026 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907226086 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907234907 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907243013 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907249928 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907249928 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907263994 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907300949 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907366991 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907377958 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907387018 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907397985 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907402992 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907407045 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907417059 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907426119 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907428980 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907435894 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907449961 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907465935 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907478094 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907483101 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907511950 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907531023 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907540083 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907563925 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907571077 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907581091 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907594919 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907608032 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907627106 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907681942 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907691956 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907700062 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907707930 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907732964 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907752037 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907764912 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907773972 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907804012 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907804966 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907814980 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907843113 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907862902 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907905102 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907916069 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907936096 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907943964 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907944918 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.907965899 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.907985926 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.908127069 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.908137083 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.908160925 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.908169985 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.908176899 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.908191919 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.908200979 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.908214092 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.908226013 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.908260107 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.908277035 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.908286095 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.908318996 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.908443928 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.908484936 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.908488989 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.908531904 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.908540010 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.908566952 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.908575058 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.908586979 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.908615112 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.908617020 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.908638000 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.908652067 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.908711910 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.908723116 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.908732891 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.908751011 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.908759117 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.908768892 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.908801079 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.908838034 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.908874989 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.908921957 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.908970118 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.908981085 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909010887 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909015894 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909028053 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909039021 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909044981 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909061909 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909077883 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909122944 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909135103 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909169912 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909226894 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909235954 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909275055 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909284115 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909306049 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909308910 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909316063 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909334898 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909352064 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909367085 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909379959 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909420013 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909430981 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909440994 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909451962 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909475088 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909476995 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909493923 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909550905 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909560919 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909569025 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909591913 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909606934 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909617901 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909635067 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909635067 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909643888 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909650087 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909662008 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909673929 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909691095 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909707069 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909727097 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909739971 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909771919 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909774065 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909781933 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909807920 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909810066 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909820080 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909827948 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909843922 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909888029 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909898043 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909931898 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.909953117 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909962893 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909971952 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.909987926 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.910003901 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.910053968 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.910063982 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.910073042 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.910082102 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.910101891 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.910106897 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.910151958 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.910196066 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.910206079 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.910213947 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.910232067 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.910244942 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.910244942 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.910679102 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.950705051 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.950865984 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.951384068 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.951447010 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.951487064 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.951544046 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.951582909 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.951654911 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.951700926 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.951761007 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.951805115 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.951857090 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.951904058 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.951960087 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.952008009 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.952071905 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.952116013 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.952178955 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.952220917 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.952279091 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.952320099 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.960896969 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.960961103 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.960978031 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.961039066 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.961049080 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.961102009 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.961129904 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:47.961153984 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.961219072 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.961266041 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.961323977 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.961373091 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.961437941 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:47.961474895 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.002883911 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:48.003041029 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.003117085 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.003165007 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.003228903 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.003282070 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.003348112 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.003379107 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.050764084 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:48.050873995 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.069484949 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:48.069631100 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.069695950 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.069744110 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.069797039 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.069842100 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.074940920 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:48.075088024 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.075158119 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.075201988 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.075253010 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.075278044 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.118700981 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:48.118783951 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.158142090 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:48.158303022 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.158401966 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:48.158430099 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.158482075 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.158521891 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.158576012 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.158643007 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.158700943 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.158747911 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.158807039 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.158848047 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.158900023 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.158915043 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.163486004 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:48.163630962 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.206773043 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:48.206825972 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.227844000 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:48.227983952 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.228034973 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:48.228039980 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.228086948 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.228140116 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.228183985 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.228240967 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.228283882 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.228338003 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.228384972 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.228430986 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.228477955 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.228526115 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.232882977 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:48.233036041 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.233246088 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.233302116 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.233354092 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.233402014 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.233444929 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.233496904 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.233510971 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.274774075 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:48.274820089 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.306710958 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:48.306848049 CET156664970945.130.145.152192.168.2.6
                                                                                Nov 15, 2024 10:28:48.306871891 CET4970915666192.168.2.645.130.145.152
                                                                                Nov 15, 2024 10:28:48.307034016 CET4970915666192.168.2.645.130.145.152

                                                                                DNS Queries

                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                Nov 15, 2024 10:28:40.573158979 CET192.168.2.61.1.1.10x147dStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                                                                DNS Answers

                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                Nov 15, 2024 10:28:40.580051899 CET1.1.1.1192.168.2.60x147dNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                Nov 15, 2024 10:28:40.580051899 CET1.1.1.1192.168.2.60x147dNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                Nov 15, 2024 10:28:40.580051899 CET1.1.1.1192.168.2.60x147dNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false

                                                                                HTTPS Proxied Packets

                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                0192.168.2.649710104.26.13.205443592C:\Users\user\Desktop\bv2DbIiZeK.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-11-15 09:28:41 UTC100OUTGET / HTTP/1.1
                                                                                Accept: text/html; text/plain; */*
                                                                                Host: api.ipify.org
                                                                                Cache-Control: no-cache
                                                                                2024-11-15 09:28:41 UTC399INHTTP/1.1 200 OK
                                                                                Date: Fri, 15 Nov 2024 09:28:41 GMT
                                                                                Content-Type: text/plain
                                                                                Content-Length: 14
                                                                                Connection: close
                                                                                Vary: Origin
                                                                                cf-cache-status: DYNAMIC
                                                                                Server: cloudflare
                                                                                CF-RAY: 8e2e366b48a8466c-DFW
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1185&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=738&delivery_rate=2475213&cwnd=251&unsent_bytes=0&cid=217a746a0e5575e7&ts=405&x=0"
                                                                                2024-11-15 09:28:41 UTC14INData Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 39
                                                                                Data Ascii: 173.254.250.89


                                                                                Statistics

                                                                                CPU Usage

                                                                                Click to jump to process

                                                                                Memory Usage

                                                                                Click to jump to process

                                                                                High Level Behavior Distribution

                                                                                Click to dive into process behavior distribution

                                                                                System Behavior

                                                                                General

                                                                                Target ID:0
                                                                                Start time:04:28:39
                                                                                Start date:15/11/2024
                                                                                Path:C:\Users\user\Desktop\bv2DbIiZeK.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Users\user\Desktop\bv2DbIiZeK.exe"
                                                                                Imagebase:0x7ff64aba0000
                                                                                File size:1'851'904 bytes
                                                                                MD5 hash:5526F8B855B92A67FBDFA72A46EFBE28
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                Disassembly

                                                                                Reset < >

                                                                                  Execution Graph

                                                                                  Execution Coverage:6.2%
                                                                                  Dynamic/Decrypted Code Coverage:78.9%
                                                                                  Signature Coverage:23.4%
                                                                                  Total number of Nodes:2000
                                                                                  Total number of Limit Nodes:126
                                                                                  execution_graph 88859 7ff64abace40 88860 7ff64abace69 88859->88860 88863 7ff64abace82 88859->88863 88861 7ff64abacf63 88940 7ff64aba3580 88861->88940 88863->88861 88864 7ff64abace9e _Yarn 88863->88864 88865 7ff64abacf25 88863->88865 88866 7ff64abaced0 88863->88866 88869 7ff64ac08b14 std::_Facet_Register 53 API calls 88865->88869 88868 7ff64abacf5d 88866->88868 88943 7ff64ac08b14 88866->88943 88957 7ff64aba34c0 53 API calls 3 library calls 88868->88957 88869->88864 88958 7ff64ac0e998 53 API calls 2 library calls 88940->88958 88944 7ff64ac08b1f _Yarn 88943->88944 88945 7ff64abacee6 88944->88945 88947 7ff64ac08b3e 88944->88947 88959 7ff64ac0287c 88944->88959 88945->88864 88952 7ff64abf5374 88945->88952 88948 7ff64ac08b49 88947->88948 88962 7ff64ac09868 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc std::_Xinvalid_argument 88947->88962 88963 7ff64aba34c0 53 API calls 3 library calls 88948->88963 88951 7ff64ac08b4f 88970 7ff64abf51ec 51 API calls _invalid_parameter_noinfo 88952->88970 88954 7ff64abf538d 88971 7ff64abf53a4 17 API calls _invalid_parameter_noinfo_noreturn 88954->88971 88957->88861 88964 7ff64ac028bc 88959->88964 88963->88951 88969 7ff64ac00ed4 RtlEnterCriticalSection 88964->88969 88970->88954 88972 1ef4269783a 88973 1ef42697855 88972->88973 89043 1ef4269bb70 88973->89043 88976 1ef42697899 89078 1ef4269bc60 52 API calls Concurrency::cancel_current_task 88976->89078 88977 1ef4269797e 89060 1ef42684e60 88977->89060 88980 1ef42697a01 ISource 88981 1ef42697a45 OpenMutexA 88980->88981 88991 1ef42697c05 88980->88991 88982 1ef42697a8a ExitProcess 88981->88982 88983 1ef42697a96 CreateMutexA 88981->88983 88982->88983 89064 1ef42690970 88983->89064 88984 1ef426978d2 88985 1ef42697975 ExitProcess 88984->88985 89079 1ef4268f820 66 API calls 3 library calls 88984->89079 88985->88977 88994 1ef42697900 89009 1ef42697945 88994->89009 89080 1ef426652c0 88994->89080 88998 1ef42697925 89098 1ef42661300 RtlPcToFileHeader RaiseException 88998->89098 89002 1ef42697935 89099 1ef42691800 52 API calls _Strcoll 89002->89099 89009->88985 89044 1ef4269bb86 89043->89044 89059 1ef4269bc3a 89043->89059 89100 1ef42695200 89044->89100 89047 1ef4269bc4c 89049 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 89047->89049 89048 1ef4269bb98 89051 1ef4269bbe9 89048->89051 89054 1ef4269788f 89048->89054 89126 1ef42692dc0 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 89048->89126 89050 1ef4269bc5d 89049->89050 89127 1ef42664440 52 API calls 3 library calls 89051->89127 89054->88976 89054->88977 89055 1ef4269bc06 89128 1ef42692b70 50 API calls 2 library calls 89055->89128 89057 1ef4269bc29 89129 1ef426d7db4 89057->89129 89134 1ef42692bf0 50 API calls 2 library calls 89059->89134 89061 1ef42684e82 89060->89061 89061->89061 89191 1ef426865c0 89061->89191 89063 1ef42684e96 89063->88980 89065 1ef4269099c 89064->89065 89197 1ef426910e0 52 API calls ISource 89065->89197 89067 1ef42690a63 89198 1ef426633a0 89067->89198 89078->88984 89079->88994 89081 1ef426652f7 89080->89081 89083 1ef42665345 89081->89083 89205 1ef42668af0 89081->89205 89087 1ef42665378 89083->89087 89229 1ef426613e0 89083->89229 89084 1ef42665542 89234 1ef4264e870 52 API calls 89084->89234 89085 1ef426654f8 89086 1ef42665509 89085->89086 89233 1ef426695d0 52 API calls 2 library calls 89085->89233 89086->88998 89087->89084 89087->89085 89090 1ef42665584 89091 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 89090->89091 89092 1ef42665595 89091->89092 89235 1ef42663a20 89092->89235 89094 1ef426655ba 89095 1ef42668af0 52 API calls 89094->89095 89096 1ef426655cd 89095->89096 89096->88998 89098->89002 89099->89009 89101 1ef42695254 _Strcoll 89100->89101 89124 1ef4269556a ISource 89101->89124 89125 1ef4269569f ISource _Strcoll ctype 89101->89125 89142 1ef42691ac0 89101->89142 89103 1ef42695357 89155 1ef4269a810 52 API calls 3 library calls 89103->89155 89106 1ef4269557e 89106->89048 89107 1ef42684e60 52 API calls 89108 1ef426958fa 89107->89108 89166 1ef42692b70 50 API calls 2 library calls 89108->89166 89110 1ef42695907 89111 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 89110->89111 89112 1ef42695917 89111->89112 89167 1ef4264d450 52 API calls 89112->89167 89114 1ef426954c3 89114->89112 89118 1ef4269568a 89114->89118 89119 1ef426956b6 89114->89119 89114->89125 89115 1ef42695929 89168 1ef4264d390 52 API calls 2 library calls 89115->89168 89116 1ef4269536a ISource _Strcoll 89116->89112 89116->89114 89120 1ef426955bd ISource 89116->89120 89118->89115 89156 1ef426d4e90 89118->89156 89121 1ef426d4e90 std::_Facet_Register 52 API calls 89119->89121 89119->89125 89123 1ef4269592f 89120->89123 89120->89124 89120->89125 89121->89125 89135 1ef426d4bd0 89124->89135 89125->89107 89125->89123 89127->89055 89128->89057 89130 1ef426d7df0 RtlPcToFileHeader 89129->89130 89131 1ef426d7dd3 Concurrency::cancel_current_task 89129->89131 89132 1ef426d7e08 89130->89132 89133 1ef426d7e17 RaiseException 89130->89133 89131->89130 89132->89133 89133->89059 89134->89047 89136 1ef426d4bd9 89135->89136 89137 1ef426d4be4 89136->89137 89138 1ef426d5254 IsProcessorFeaturePresent 89136->89138 89137->89106 89139 1ef426d526c 89138->89139 89169 1ef426d5448 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 89139->89169 89141 1ef426d527f 89141->89106 89143 1ef42691af8 89142->89143 89154 1ef42691b6e 89142->89154 89145 1ef42691b06 memcpy_s 89143->89145 89147 1ef42691b5d 89143->89147 89148 1ef42691b81 89143->89148 89145->89103 89146 1ef42691bc4 89171 1ef4264d390 52 API calls 2 library calls 89146->89171 89147->89146 89150 1ef426d4e90 std::_Facet_Register 52 API calls 89147->89150 89152 1ef426d4e90 std::_Facet_Register 52 API calls 89148->89152 89153 1ef42691b73 memcpy_s 89148->89153 89150->89154 89151 1ef42691bca 89152->89153 89153->89103 89154->89153 89170 1ef4264d450 52 API calls 89154->89170 89155->89116 89158 1ef426d4e9b 89156->89158 89159 1ef426d4eb4 89158->89159 89161 1ef426d4eba 89158->89161 89172 1ef426d0150 89158->89172 89175 1ef426c0454 89158->89175 89159->89125 89164 1ef426d4ec5 89161->89164 89182 1ef426d5cac RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 89161->89182 89183 1ef4264d390 52 API calls 2 library calls 89164->89183 89165 1ef426d4ecb 89166->89110 89168->89123 89169->89141 89171->89151 89184 1ef426d018c 89172->89184 89180 1ef426c67a4 wcsftime 89175->89180 89176 1ef426c67ef 89190 1ef426bcb7c 8 API calls _set_errno_from_matherr 89176->89190 89177 1ef426c67d6 HeapAlloc 89179 1ef426c67ed 89177->89179 89177->89180 89179->89158 89180->89176 89180->89177 89181 1ef426d0150 std::_Facet_Register 2 API calls 89180->89181 89181->89180 89182->89164 89183->89165 89189 1ef426c2f5c EnterCriticalSection 89184->89189 89190->89179 89192 1ef42686685 89191->89192 89195 1ef426865f0 ctype 89191->89195 89196 1ef4268a790 52 API calls 4 library calls 89192->89196 89194 1ef4268669a 89194->89063 89195->89063 89196->89194 89197->89067 89199 1ef426633ea 89198->89199 89204 1ef4264d450 52 API calls 89199->89204 89206 1ef42668b2e 89205->89206 89207 1ef42668bae 89205->89207 89239 1ef426685f0 52 API calls 89206->89239 89209 1ef426d4bd0 _Strcoll 4 API calls 89207->89209 89211 1ef42668bdb 89209->89211 89210 1ef42668b3b 89212 1ef42668b9b 89210->89212 89214 1ef42668bf0 89210->89214 89211->89083 89212->89207 89240 1ef426695d0 52 API calls 2 library calls 89212->89240 89241 1ef4264e870 52 API calls 89214->89241 89216 1ef42668c32 89217 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 89216->89217 89218 1ef42668c43 89217->89218 89219 1ef42668af0 52 API calls 89218->89219 89220 1ef42668c9b 89218->89220 89219->89220 89221 1ef42668da0 89220->89221 89223 1ef42668d62 89220->89223 89243 1ef4264e870 52 API calls 89221->89243 89222 1ef42668d73 89222->89083 89223->89222 89242 1ef426695d0 52 API calls 2 library calls 89223->89242 89226 1ef42668de2 89227 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 89226->89227 89228 1ef42668df3 89227->89228 89228->89083 89230 1ef42661406 ctype 89229->89230 89231 1ef4266146f 89229->89231 89230->89231 89244 1ef42661020 89230->89244 89231->89087 89233->89086 89234->89090 89236 1ef42663a44 89235->89236 89258 1ef42663bc0 89236->89258 89239->89210 89240->89207 89241->89216 89242->89222 89243->89226 89245 1ef42661046 89244->89245 89246 1ef4266104b ISource ctype 89244->89246 89245->89246 89247 1ef426610ad 89245->89247 89248 1ef426610be 89245->89248 89246->89230 89249 1ef426d4e90 std::_Facet_Register 52 API calls 89247->89249 89250 1ef426610d7 89248->89250 89252 1ef426610e6 89248->89252 89253 1ef426610e4 89248->89253 89249->89246 89251 1ef4266120f 89250->89251 89250->89253 89257 1ef4264d390 52 API calls 2 library calls 89251->89257 89252->89246 89255 1ef426d4e90 std::_Facet_Register 52 API calls 89252->89255 89253->89246 89256 1ef426d4e90 std::_Facet_Register 52 API calls 89253->89256 89255->89246 89256->89246 89257->89246 89273 1ef426dc41c 89258->89273 89260 1ef42663bf0 89261 1ef426dc41c std::_Lockit::_Lockit EnterCriticalSection 89260->89261 89263 1ef42663c15 89260->89263 89261->89263 89262 1ef42663c8d 89264 1ef426d4bd0 _Strcoll 4 API calls 89262->89264 89263->89262 89277 1ef4264e510 76 API calls 6 library calls 89263->89277 89265 1ef42663a56 89264->89265 89265->89094 89267 1ef42663c9f 89268 1ef42663ca5 89267->89268 89269 1ef42663d06 89267->89269 89278 1ef426dca00 52 API calls std::_Facet_Register 89268->89278 89279 1ef4264e050 52 API calls 2 library calls 89269->89279 89272 1ef42663d0b 89274 1ef426dc42b 89273->89274 89275 1ef426dc430 89273->89275 89280 1ef426c2fcc EnterCriticalSection std::_Locinfo::_Locinfo_ctor 89274->89280 89275->89260 89277->89267 89278->89262 89279->89272 89281 1ef426b247e 89286 1ef426b2df0 89281->89286 89284 1ef426d4bd0 _Strcoll 4 API calls 89285 1ef426b24bb 89284->89285 89287 1ef426b2e0e 89286->89287 89288 1ef426b2e41 89287->89288 89312 1ef4268bc80 89287->89312 89295 1ef426b3710 89288->89295 89291 1ef426b2486 89291->89284 89292 1ef426b2e7a 89292->89291 89294 1ef426b3710 52 API calls 89292->89294 89324 1ef42667540 52 API calls 4 library calls 89292->89324 89294->89292 89296 1ef426b3733 89295->89296 89299 1ef426b372d 89295->89299 89297 1ef426b374a 89296->89297 89325 1ef42672fd0 89296->89325 89297->89299 89301 1ef426b37e4 89297->89301 89298 1ef426b37b7 89298->89292 89299->89298 89300 1ef4268bc80 52 API calls 89299->89300 89300->89298 89344 1ef4264e870 52 API calls 89301->89344 89303 1ef426b3826 89304 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 89303->89304 89305 1ef426b3837 89304->89305 89309 1ef426b3865 89305->89309 89345 1ef42667540 52 API calls 4 library calls 89305->89345 89307 1ef426b3910 89307->89292 89308 1ef426b3710 52 API calls 89308->89309 89309->89307 89309->89308 89346 1ef42667540 52 API calls 4 library calls 89309->89346 89313 1ef4268bcc8 89312->89313 89320 1ef4268bcf8 ctype 89312->89320 89314 1ef4268bce4 89313->89314 89317 1ef4268bd3a 89313->89317 89316 1ef4268be24 89314->89316 89318 1ef426d4e90 std::_Facet_Register 52 API calls 89314->89318 89370 1ef4264d390 52 API calls 2 library calls 89316->89370 89319 1ef426d4e90 std::_Facet_Register 52 API calls 89317->89319 89317->89320 89318->89320 89319->89320 89323 1ef4268bde1 ISource 89320->89323 89369 1ef42660670 52 API calls ISource 89320->89369 89322 1ef4268be2a 89323->89288 89324->89292 89326 1ef4267300d 89325->89326 89328 1ef426730a3 89326->89328 89329 1ef42673081 89326->89329 89334 1ef4267301d ISource 89326->89334 89327 1ef426d4bd0 _Strcoll 4 API calls 89330 1ef4267324f 89327->89330 89332 1ef426b7114 49 API calls 89328->89332 89347 1ef426b7114 89329->89347 89330->89297 89338 1ef426730d1 ctype 89332->89338 89333 1ef426731f1 89333->89334 89336 1ef426732d7 89333->89336 89334->89327 89337 1ef42673304 89336->89337 89343 1ef42672fd0 52 API calls 89336->89343 89337->89297 89338->89333 89340 1ef426b7114 49 API calls 89338->89340 89342 1ef42673287 89338->89342 89364 1ef42667540 52 API calls 4 library calls 89338->89364 89339 1ef4267331b 89339->89297 89340->89338 89342->89333 89365 1ef426b7bf4 49 API calls 3 library calls 89342->89365 89343->89339 89344->89303 89345->89309 89346->89309 89348 1ef426b714e 89347->89348 89349 1ef426b7130 89347->89349 89366 1ef426b73fc EnterCriticalSection 89348->89366 89367 1ef426bcb7c 8 API calls _set_errno_from_matherr 89349->89367 89352 1ef426b7135 89368 1ef426b86b8 49 API calls _invalid_parameter_noinfo 89352->89368 89356 1ef426b7140 _local_unwind 89356->89334 89364->89338 89365->89342 89367->89352 89368->89356 89369->89316 89370->89322 89371 7ff64abf8c40 89372 7ff64abf8c45 RtlFreeHeap 89371->89372 89373 7ff64abf8c74 89371->89373 89372->89373 89374 7ff64abf8c60 GetLastError 89372->89374 89375 7ff64abf8c6d __free_lconv_mon 89374->89375 89377 7ff64abf8d50 10 API calls memcpy_s 89375->89377 89377->89373 89378 1ef42672e30 89379 1ef42672e47 89378->89379 89384 1ef42672e52 ctype 89378->89384 89380 1ef42672e63 ctype 89381 1ef42672f8d 89381->89380 89382 1ef426b7ee4 _fread_nolock 52 API calls 89381->89382 89382->89380 89384->89380 89384->89381 89385 1ef426b7ee4 89384->89385 89388 1ef426b7f04 89385->89388 89387 1ef426b7efc 89387->89384 89389 1ef426b7f2e 89388->89389 89397 1ef426b7f5d 89388->89397 89390 1ef426b7f7a 89389->89390 89391 1ef426b7f3d memcpy_s 89389->89391 89389->89397 89399 1ef426b73fc EnterCriticalSection 89390->89399 89400 1ef426bcb7c 8 API calls _set_errno_from_matherr 89391->89400 89396 1ef426b7f52 89401 1ef426b86b8 49 API calls _invalid_parameter_noinfo 89396->89401 89397->89387 89400->89396 89401->89397 89402 1ef4267baf0 89587 1ef4264f020 89402->89587 89406 1ef4267bb61 ISource 89406->89406 89407 1ef426633a0 52 API calls 89406->89407 89419 1ef4267e288 89406->89419 89466 1ef4267bc7f ISource 89406->89466 89407->89466 89408 1ef4267c006 89628 1ef4264f320 89408->89628 89411 1ef4267c195 89412 1ef4267c1d9 ISource 89411->89412 89411->89419 89413 1ef426503b0 55 API calls 89412->89413 89414 1ef4267c20c 89413->89414 89416 1ef4267cb12 89414->89416 89549 1ef4267c85c ISource ctype 89414->89549 89631 1ef42663ef0 89414->89631 89807 1ef4264fbe0 53 API calls Concurrency::cancel_current_task 89416->89807 89796 1ef4264fbe0 53 API calls Concurrency::cancel_current_task 89419->89796 89422 1ef4267e2bc 89797 1ef4264fb70 89422->89797 89425 1ef4267e2d3 89429 1ef4264fb70 53 API calls 89425->89429 89426 1ef4267e23c ISource 89428 1ef426d4bd0 _Strcoll 4 API calls 89426->89428 89427 1ef4267e19d ISource 89427->89426 89437 1ef4267e4c6 89427->89437 89431 1ef4267e26d 89428->89431 89433 1ef4267e2e3 89429->89433 89432 1ef4267e30c 89435 1ef4264fb70 53 API calls 89432->89435 89803 1ef4264ea20 89433->89803 89434 1ef42656c10 52 API calls 89434->89549 89447 1ef4267e328 89435->89447 89651 1ef426a2d10 89437->89651 89439 1ef4267e531 memcpy_s 89442 1ef4267e560 GetModuleFileNameW 89439->89442 89440 1ef426503b0 55 API calls 89524 1ef4267c298 89440->89524 89441 1ef42656c10 52 API calls 89550 1ef4267d5b1 ISource ctype 89441->89550 89444 1ef4267e5a0 89442->89444 89444->89444 89448 1ef42656990 52 API calls 89444->89448 89445 1ef426a2540 124 API calls 89445->89524 89446 1ef42661a80 52 API calls 89446->89466 89808 1ef4264d390 52 API calls 2 library calls 89447->89808 89451 1ef4267e5be 89448->89451 89449 1ef4264f020 52 API calls 89449->89524 89450 1ef42660ac0 52 API calls 89450->89466 89455 1ef42656990 52 API calls 89451->89455 89453 1ef426503b0 55 API calls 89453->89550 89454 1ef4264eeb0 53 API calls 89454->89524 89458 1ef4267e7cb 89455->89458 89456 1ef4267e3c9 89820 1ef4264fbe0 53 API calls Concurrency::cancel_current_task 89456->89820 89461 1ef42656c10 52 API calls 89458->89461 89459 1ef4267e33a 89809 1ef426663e0 89459->89809 89460 1ef4267e4a9 89824 1ef4264fbe0 53 API calls Concurrency::cancel_current_task 89460->89824 89467 1ef4267e7db 89461->89467 89463 1ef4267e3e6 89469 1ef4264fb70 53 API calls 89463->89469 89466->89408 89466->89419 89466->89446 89466->89450 89602 1ef42656c10 89466->89602 89615 1ef426503b0 89466->89615 89621 1ef426a2540 89466->89621 89721 1ef426742c0 89466->89721 89825 1ef42664980 51 API calls 89467->89825 89484 1ef4267e408 89469->89484 89471 1ef4267e3b2 89473 1ef4264fb70 53 API calls 89471->89473 89473->89456 89475 1ef4267e492 89477 1ef4264fb70 53 API calls 89475->89477 89476 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 89478 1ef4267e38b 89476->89478 89477->89460 89818 1ef4264d450 52 API calls 89478->89818 89480 1ef4267e7f9 89486 1ef42656990 52 API calls 89480->89486 89481 1ef4267e39d 89485 1ef4264ea20 2 API calls 89481->89485 89483 1ef4267e47d 89489 1ef4264ea20 2 API calls 89483->89489 89821 1ef4264d390 52 API calls 2 library calls 89484->89821 89488 1ef4267e3a3 89485->89488 89490 1ef4267ea70 89486->89490 89819 1ef4264fa60 52 API calls 2 library calls 89488->89819 89491 1ef4267e483 89489->89491 89492 1ef42656c10 52 API calls 89490->89492 89823 1ef4264fa60 52 API calls 2 library calls 89491->89823 89496 1ef4267ea80 89492->89496 89493 1ef426503b0 55 API calls 89493->89549 89495 1ef426742c0 52 API calls 89495->89524 89826 1ef42664980 51 API calls 89496->89826 89499 1ef4267e41a 89505 1ef426663e0 52 API calls 89499->89505 89500 1ef426a2540 124 API calls 89500->89549 89501 1ef426a2540 124 API calls 89501->89550 89504 1ef4267ea9f 89508 1ef42656990 52 API calls 89504->89508 89506 1ef4267e457 89505->89506 89507 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 89506->89507 89509 1ef4267e46b 89507->89509 89510 1ef4267ed0b 89508->89510 89822 1ef4264d450 52 API calls 89509->89822 89827 1ef4264efe0 52 API calls 89510->89827 89513 1ef42656990 52 API calls 89513->89550 89514 1ef4267ed26 89828 1ef42664980 51 API calls 89514->89828 89516 1ef4264eeb0 53 API calls 89516->89549 89517 1ef4264eeb0 53 API calls 89517->89550 89520 1ef42661a80 52 API calls 89520->89524 89521 1ef426742c0 52 API calls 89521->89550 89522 1ef426742c0 52 API calls 89522->89549 89523 1ef4267ed3d 89525 1ef42656990 52 API calls 89523->89525 89524->89425 89524->89433 89524->89440 89524->89445 89524->89449 89524->89454 89524->89495 89524->89520 89526 1ef42660ac0 52 API calls 89524->89526 89524->89549 89642 1ef42650070 89524->89642 89729 1ef42662870 52 API calls 3 library calls 89524->89729 89730 1ef426609e0 89524->89730 89527 1ef4267f210 89525->89527 89526->89524 89528 1ef42656c10 52 API calls 89527->89528 89530 1ef4267f220 89528->89530 89829 1ef42664980 51 API calls 89530->89829 89532 1ef4267f23f 89585 1ef426803a3 ISource 89532->89585 89830 1ef426a2630 54 API calls 89532->89830 89534 1ef426d4bd0 _Strcoll 4 API calls 89535 1ef42680aab 89534->89535 89536 1ef42661a80 52 API calls 89536->89550 89537 1ef4267f31f 89538 1ef426503b0 55 API calls 89537->89538 89543 1ef4267f99a 89538->89543 89539 1ef42660ac0 52 API calls 89539->89549 89540 1ef42661a80 52 API calls 89540->89549 89541 1ef426d4e90 52 API calls std::_Facet_Register 89541->89550 89542 1ef426d4e90 52 API calls std::_Facet_Register 89542->89549 89543->89585 89831 1ef426a18d0 89543->89831 89544 1ef42660ac0 52 API calls 89544->89550 89546 1ef42680a09 ISource 89546->89534 89548 1ef42662620 52 API calls 89548->89550 89549->89416 89549->89432 89549->89434 89549->89447 89549->89456 89549->89459 89549->89471 89549->89478 89549->89481 89549->89488 89549->89493 89549->89500 89549->89516 89549->89522 89549->89539 89549->89540 89549->89542 89549->89550 89761 1ef42684ad0 55 API calls 2 library calls 89549->89761 89762 1ef42656990 89549->89762 89775 1ef42660c60 52 API calls 89549->89775 89776 1ef42662620 89549->89776 89786 1ef42663510 89549->89786 89790 1ef4266b9d0 52 API calls 2 library calls 89549->89790 89791 1ef4267af00 61 API calls _Strcoll 89549->89791 89550->89427 89550->89441 89550->89453 89550->89460 89550->89463 89550->89475 89550->89483 89550->89484 89550->89491 89550->89499 89550->89501 89550->89509 89550->89513 89550->89517 89550->89521 89550->89536 89550->89541 89550->89544 89550->89548 89552 1ef42663510 4 API calls 89550->89552 89792 1ef42684ad0 55 API calls 2 library calls 89550->89792 89793 1ef42660c60 52 API calls 89550->89793 89794 1ef4266b9d0 52 API calls 2 library calls 89550->89794 89795 1ef4267af00 61 API calls _Strcoll 89550->89795 89551 1ef4267fb69 memcpy_s 89551->89585 89887 1ef42684cb0 89 API calls Concurrency::cancel_current_task 89551->89887 89552->89550 89557 1ef4267fba4 89580 1ef42680b33 89557->89580 89888 1ef426847b0 89557->89888 89558 1ef4264ea20 2 API calls 89563 1ef42680b4b 89558->89563 89561 1ef42668af0 52 API calls 89926 1ef4264e870 52 API calls 89563->89926 89565 1ef42680ba2 89568 1ef4264ea20 2 API calls 89565->89568 89567 1ef42680b8f 89569 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 89567->89569 89572 1ef42680ba8 89568->89572 89569->89565 89570 1ef42680ac6 89573 1ef4264fb70 53 API calls 89570->89573 89927 1ef4264eaf0 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 89572->89927 89573->89580 89580->89558 89585->89546 89585->89570 89586 1ef42680bbe 89585->89586 89589 1ef4264f040 89587->89589 89588 1ef42656990 52 API calls 89590 1ef4264f0ca 89588->89590 89589->89588 89591 1ef4264eeb0 89590->89591 89592 1ef4264eee0 89591->89592 89593 1ef426db798 __std_fs_code_page 50 API calls 89592->89593 89595 1ef4264eeec __std_fs_convert_wide_to_narrow 89593->89595 89594 1ef4264ef77 89594->89406 89595->89594 89596 1ef4264efc4 89595->89596 89928 1ef426618d0 89595->89928 89935 1ef4264eaf0 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 89596->89935 89600 1ef4264ef50 __std_fs_convert_wide_to_narrow 89600->89594 89934 1ef4264eaf0 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 89600->89934 89607 1ef42656c3e 89602->89607 89603 1ef42656d33 89951 1ef4264d450 52 API calls 89603->89951 89604 1ef42656c62 89604->89466 89606 1ef42656c8a 89609 1ef42656cd9 89606->89609 89612 1ef426d4e90 std::_Facet_Register 52 API calls 89606->89612 89607->89603 89607->89604 89607->89606 89607->89609 89611 1ef42656cef 89607->89611 89614 1ef42656ce1 ctype 89609->89614 89950 1ef4264d390 52 API calls 2 library calls 89609->89950 89613 1ef426d4e90 std::_Facet_Register 52 API calls 89611->89613 89611->89614 89612->89609 89613->89614 89614->89466 89616 1ef426503e1 89615->89616 89952 1ef426dbae8 89616->89952 89619 1ef426d4bd0 _Strcoll 4 API calls 89620 1ef42650482 89619->89620 89620->89466 89622 1ef426a18d0 124 API calls 89621->89622 89623 1ef426a2572 89622->89623 89625 1ef426a259a 89623->89625 89988 1ef426640b0 89623->89988 89626 1ef426d4bd0 _Strcoll 4 API calls 89625->89626 89627 1ef426a261d 89626->89627 89627->89466 89629 1ef42656c10 52 API calls 89628->89629 89630 1ef4264f342 89629->89630 89630->89411 89632 1ef42656c10 52 API calls 89631->89632 89633 1ef42663f3c 89632->89633 89993 1ef4264fc40 89633->89993 89637 1ef426d4e90 std::_Facet_Register 52 API calls 89639 1ef42663f9f 89637->89639 89638 1ef4266406e 89640 1ef426d4bd0 _Strcoll 4 API calls 89638->89640 90002 1ef426dba18 89639->90002 89641 1ef4266408a 89640->89641 89641->89422 89641->89524 89644 1ef426500a0 89642->89644 89643 1ef426db9f8 2 API calls 89643->89644 89644->89643 89645 1ef4265016e 89644->89645 89650 1ef426500db 89644->89650 90019 1ef4264fa60 52 API calls 2 library calls 89645->90019 89646 1ef426d4bd0 _Strcoll 4 API calls 89648 1ef42650159 89646->89648 89648->89524 89649 1ef4265017c 89650->89646 89652 1ef426a2d6e 89651->89652 89653 1ef426a2e54 89651->89653 90059 1ef426d4d80 EnterCriticalSection 89652->90059 89655 1ef426a2fe9 89653->89655 89656 1ef426d4d80 5 API calls 89653->89656 89657 1ef4264f320 52 API calls 89655->89657 89660 1ef426a2e8c 89656->89660 89659 1ef426a3058 ISource 89657->89659 89661 1ef426503b0 55 API calls 89659->89661 89668 1ef426a355e 89659->89668 89660->89655 90064 1ef426d51d4 10 API calls 89660->90064 89669 1ef426a30c9 memcpy_s 89661->89669 89666 1ef426a3622 90090 1ef4264fbe0 53 API calls Concurrency::cancel_current_task 89666->90090 89667 1ef426a2fdc 90065 1ef426d4d20 EnterCriticalSection LeaveCriticalSection 89667->90065 90087 1ef4264e870 52 API calls 89668->90087 89685 1ef426a3408 89669->89685 90020 1ef426b08e0 89669->90020 89673 1ef426d4bd0 _Strcoll 4 API calls 89676 1ef426a34e7 89673->89676 89676->89439 89678 1ef426a3151 90033 1ef426b0c90 89678->90033 89679 1ef426a33af 90086 1ef42673610 51 API calls 89679->90086 89680 1ef426a3593 89683 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 89680->89683 89686 1ef426a35a7 89683->89686 89685->89666 89685->89668 89720 1ef426a320c ISource 89685->89720 90088 1ef4264e870 52 API calls 89686->90088 89691 1ef426a35d0 89694 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 89691->89694 89700 1ef426a35e4 89694->89700 90089 1ef4264e870 52 API calls 89700->90089 89708 1ef426a360e 89710 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 89708->89710 89710->89666 89720->89673 89722 1ef426742f3 89721->89722 89723 1ef426d4e90 std::_Facet_Register 52 API calls 89722->89723 89724 1ef42674308 89723->89724 89725 1ef42661a80 52 API calls 89724->89725 89726 1ef42674325 89725->89726 89727 1ef426d4bd0 _Strcoll 4 API calls 89726->89727 89728 1ef4267433e 89727->89728 89728->89466 89729->89524 89731 1ef42660a00 89730->89731 89732 1ef426609fa 89730->89732 89734 1ef42662620 52 API calls 89731->89734 89733 1ef426609fe 89732->89733 89737 1ef42660a6b 89732->89737 89735 1ef42660a4d 89733->89735 89736 1ef42660a2c 89733->89736 89734->89733 89742 1ef4266bb3c 89735->89742 89745 1ef4266bb41 89735->89745 89748 1ef4266ba95 89735->89748 89749 1ef4266ba61 89735->89749 89738 1ef42663510 4 API calls 89736->89738 89741 1ef426663e0 52 API calls 89737->89741 89739 1ef42660a37 89738->89739 89739->89524 89744 1ef42660aa4 89741->89744 90648 1ef4264d390 52 API calls 2 library calls 89742->90648 89747 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 89744->89747 90649 1ef42660670 52 API calls ISource 89745->90649 89746 1ef4266bb47 89750 1ef42660ab5 89747->89750 89753 1ef426d4e90 std::_Facet_Register 52 API calls 89748->89753 89754 1ef4266ba76 89748->89754 89749->89742 89751 1ef4266ba6e 89749->89751 89752 1ef426d4e90 std::_Facet_Register 52 API calls 89751->89752 89752->89754 89753->89754 89754->89746 89755 1ef42663510 4 API calls 89754->89755 89756 1ef4266badc 89755->89756 89757 1ef4266baed 89756->89757 90646 1ef42667b50 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind _Strcoll 89756->90646 90647 1ef42667b50 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind _Strcoll 89757->90647 89760 1ef4266bb17 89760->89524 89761->89549 89763 1ef42656ab1 89762->89763 89767 1ef426569b6 89762->89767 90651 1ef4264d450 52 API calls 89763->90651 89765 1ef426569c9 ctype 89765->89549 89766 1ef42656a03 89768 1ef42656aac 89766->89768 89769 1ef42656a4a 89766->89769 89767->89765 89767->89766 89767->89768 89771 1ef42656a65 89767->89771 90650 1ef4264d390 52 API calls 2 library calls 89768->90650 89772 1ef426d4e90 std::_Facet_Register 52 API calls 89769->89772 89773 1ef426d4e90 std::_Facet_Register 52 API calls 89771->89773 89774 1ef42656a52 ctype 89771->89774 89772->89774 89773->89774 89774->89549 89775->89549 89777 1ef42662776 89776->89777 89778 1ef42662653 89776->89778 89777->89778 89779 1ef42662783 89777->89779 89780 1ef426d4bd0 _Strcoll 4 API calls 89778->89780 90652 1ef42666f90 52 API calls 3 library calls 89779->90652 89781 1ef42662682 89780->89781 89781->89549 89783 1ef426627a4 89784 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 89783->89784 89785 1ef426627b5 89784->89785 89787 1ef42663556 89786->89787 89788 1ef426d4bd0 _Strcoll 4 API calls 89787->89788 89789 1ef426636a4 89788->89789 89789->89549 89790->89549 89791->89549 89792->89550 89793->89550 89794->89550 89795->89550 89798 1ef4264fb89 89797->89798 90653 1ef4264f520 53 API calls ISource 89798->90653 89800 1ef4264fbc0 89801 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 89800->89801 89802 1ef4264fbd1 89801->89802 89804 1ef4264ea3d 89803->89804 89805 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 89804->89805 89806 1ef4264ea4e 89805->89806 89808->89459 89810 1ef42666437 89809->89810 89811 1ef426504b0 52 API calls 89810->89811 89812 1ef42666473 ISource 89811->89812 89813 1ef426d6b14 __std_exception_copy 50 API calls 89812->89813 89815 1ef42666642 89812->89815 89814 1ef426665c2 ISource 89813->89814 89814->89815 89816 1ef426d4bd0 _Strcoll 4 API calls 89814->89816 89817 1ef42666634 89816->89817 89817->89476 89819->89471 89821->89499 89823->89475 89825->89480 89826->89504 89827->89514 89828->89523 89829->89532 89830->89537 89832 1ef426503b0 55 API calls 89831->89832 89833 1ef426a1921 89832->89833 89834 1ef426a200e 89833->89834 89838 1ef426a195d memcpy_s 89833->89838 89835 1ef426a1fbe 89834->89835 89836 1ef426a204c 89834->89836 89839 1ef426d4bd0 _Strcoll 4 API calls 89835->89839 90712 1ef4264fbe0 53 API calls Concurrency::cancel_current_task 89836->90712 89838->89835 89840 1ef426b08e0 89 API calls 89838->89840 89841 1ef426a2030 89839->89841 89842 1ef426a1988 89840->89842 89841->89551 89843 1ef426a1e09 89842->89843 89844 1ef426a19c4 89842->89844 90681 1ef42676800 89843->90681 90654 1ef426acdc0 89844->90654 89850 1ef426a2062 89854 1ef426a19e7 89856 1ef426a1aea GetFileSize 89854->89856 89857 1ef426a19fa 89854->89857 89860 1ef426a1b2b 89856->89860 89865 1ef426a1b06 memcpy_s 89856->89865 89857->89850 89861 1ef426a1a41 ISource 89857->89861 89860->89865 89868 1ef426676b0 52 API calls 89860->89868 90678 1ef42673610 51 API calls 89861->90678 89864 1ef426a1b90 SetFilePointer 89865->89864 89868->89864 89887->89557 89889 1ef426847ef 89888->89889 89890 1ef42684804 89889->89890 89892 1ef42668af0 52 API calls 89889->89892 89891 1ef42684837 89890->89891 89901 1ef426613e0 52 API calls 89890->89901 89893 1ef426848e5 89891->89893 89894 1ef426848a3 89891->89894 89892->89890 90858 1ef4264e870 52 API calls 89893->90858 89895 1ef4267fd71 89894->89895 90857 1ef426695d0 52 API calls 2 library calls 89894->90857 89895->89561 89898 1ef42684927 89901->89891 89926->89567 89929 1ef426618e5 89928->89929 89930 1ef426618fb 89928->89930 89929->89600 89931 1ef42661915 memcpy_s 89930->89931 89936 1ef426676b0 89930->89936 89931->89600 89933 1ef42661961 89933->89600 89937 1ef42667842 89936->89937 89938 1ef426676de 89936->89938 89948 1ef4264d450 52 API calls 89937->89948 89941 1ef42667774 89938->89941 89942 1ef42667748 89938->89942 89940 1ef42667847 89949 1ef4264d390 52 API calls 2 library calls 89940->89949 89944 1ef426d4e90 std::_Facet_Register 52 API calls 89941->89944 89947 1ef4266775d ISource memcpy_s ctype 89941->89947 89942->89940 89943 1ef42667755 89942->89943 89946 1ef426d4e90 std::_Facet_Register 52 API calls 89943->89946 89944->89947 89946->89947 89947->89933 89949->89947 89950->89603 89955 1ef426dbb2a 89952->89955 89953 1ef426dbb33 __std_fs_get_current_path 89954 1ef426d4bd0 _Strcoll 4 API calls 89953->89954 89958 1ef426503fd 89954->89958 89955->89953 89956 1ef426dbc45 89955->89956 89957 1ef426dbb8b GetFileAttributesExW 89955->89957 89983 1ef426dbebc CreateFileW __std_fs_get_current_path 89956->89983 89960 1ef426dbbcd __std_fs_directory_iterator_open 89957->89960 89961 1ef426dbb9f __std_fs_get_current_path 89957->89961 89958->89619 89960->89953 89960->89956 89961->89953 89965 1ef426dbbae FindFirstFileW 89961->89965 89962 1ef426dbc68 89963 1ef426dbc9d GetFileInformationByHandleEx 89962->89963 89967 1ef426dbc6e ProcessCodePage 89962->89967 89969 1ef426dbd3b 89962->89969 89966 1ef426dbcdd 89963->89966 89971 1ef426dbcb7 __std_fs_get_current_path ProcessCodePage 89963->89971 89964 1ef426dbd56 GetFileInformationByHandleEx 89964->89967 89976 1ef426dbd6c __std_fs_get_current_path ProcessCodePage 89964->89976 89965->89953 89965->89960 89968 1ef426dbcfe GetFileInformationByHandleEx 89966->89968 89966->89969 89967->89953 89970 1ef426dbdfd 89967->89970 89973 1ef426dbc87 89967->89973 89968->89969 89977 1ef426dbd1a __std_fs_get_current_path ProcessCodePage 89968->89977 89969->89964 89969->89967 89984 1ef426c811c 49 API calls 4 library calls 89970->89984 89971->89973 89975 1ef426dbe0e 89971->89975 89973->89953 89974 1ef426dbe02 89985 1ef426c811c 49 API calls 4 library calls 89974->89985 89987 1ef426c811c 49 API calls 4 library calls 89975->89987 89976->89973 89980 1ef426dbe08 89976->89980 89977->89973 89977->89974 89986 1ef426c811c 49 API calls 4 library calls 89980->89986 89981 1ef426dbe14 89983->89962 89984->89974 89985->89980 89986->89975 89987->89981 89989 1ef426618d0 52 API calls 89988->89989 89990 1ef4266411a 89989->89990 89991 1ef426618d0 52 API calls 89990->89991 89992 1ef4266422d 89991->89992 89992->89625 89994 1ef4264fc63 89993->89994 89995 1ef4264fd8b 89994->89995 89996 1ef42656990 52 API calls 89994->89996 89995->89637 89995->89639 89997 1ef4264fcbf ISource 89996->89997 89999 1ef4264fdc6 89997->89999 90007 1ef426dba38 89997->90007 90001 1ef4264fd58 90001->89995 90014 1ef426db9f8 FindNextFileW 90001->90014 90003 1ef426dba2c 90002->90003 90004 1ef426dba22 __std_fs_directory_iterator_open 90002->90004 90003->89638 90004->90003 90018 1ef426c811c 49 API calls 4 library calls 90004->90018 90006 1ef426dba36 90008 1ef426dba63 FindFirstFileExW 90007->90008 90009 1ef426dba56 __std_fs_directory_iterator_open 90007->90009 90010 1ef426dba8a __std_fs_get_current_path 90008->90010 90009->90008 90011 1ef426dbaa4 90009->90011 90010->90001 90017 1ef426c811c 49 API calls 4 library calls 90011->90017 90013 1ef426dbaa9 90015 1ef426dba0d GetLastError 90014->90015 90016 1ef426dba06 90014->90016 90016->90001 90017->90013 90018->90006 90019->89649 90021 1ef426b0906 90020->90021 90091 1ef426636e0 90021->90091 90027 1ef426a3141 90027->89678 90027->89679 90028 1ef426b09ca 90028->90027 90118 1ef4264e870 52 API calls 90028->90118 90030 1ef426b0a68 90031 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 90030->90031 90032 1ef426b0a79 90031->90032 90034 1ef42662620 52 API calls 90033->90034 90035 1ef426b0cc6 90034->90035 90316 1ef426b3a00 90035->90316 90061 1ef426d4d96 90059->90061 90062 1ef426d4d9b LeaveCriticalSection 90061->90062 90643 1ef426d4e2c LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 90061->90643 90064->89667 90066 1ef426d4de8 SetEvent ResetEvent 90065->90066 90068 1ef426f8418 90066->90068 90086->89685 90087->89680 90088->89691 90089->89708 90092 1ef426d4e90 std::_Facet_Register 52 API calls 90091->90092 90093 1ef42663740 90092->90093 90119 1ef426dca40 90093->90119 90095 1ef42663750 90096 1ef42663bc0 76 API calls 90095->90096 90097 1ef42663785 90096->90097 90098 1ef426637e0 90097->90098 90101 1ef42663808 90097->90101 90099 1ef426637ed 90098->90099 90128 1ef426dcd0c EnterCriticalSection std::_Lockit::_Lockit 90098->90128 90106 1ef42674230 90099->90106 90129 1ef4264e870 52 API calls 90101->90129 90103 1ef42663848 90104 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 90103->90104 90105 1ef42663859 90104->90105 90132 1ef426632f0 90106->90132 90109 1ef42686460 90110 1ef42686514 90109->90110 90111 1ef42686485 90109->90111 90110->90028 90137 1ef426dcf7c 90111->90137 90115 1ef426864ab 90146 1ef42675750 75 API calls 4 library calls 90115->90146 90117 1ef426864d1 90117->90028 90118->90030 90120 1ef426dc41c std::_Lockit::_Lockit EnterCriticalSection 90119->90120 90121 1ef426dca62 90120->90121 90125 1ef426dcac4 Concurrency::cancel_current_task ctype 90121->90125 90130 1ef426dcc38 52 API calls std::_Facet_Register 90121->90130 90123 1ef426dca7a 90131 1ef426dcc68 50 API calls std::locale::_Setgloballocale 90123->90131 90125->90095 90126 1ef426dca85 __std_exception_destroy 90126->90125 90127 1ef426c0454 __std_exception_copy 9 API calls 90126->90127 90127->90125 90128->90099 90129->90103 90130->90123 90131->90126 90133 1ef426d4e90 std::_Facet_Register 52 API calls 90132->90133 90134 1ef42663311 90133->90134 90135 1ef426dca40 54 API calls 90134->90135 90136 1ef42663321 90135->90136 90136->90109 90139 1ef426dcfbe 90137->90139 90141 1ef42686495 90139->90141 90147 1ef426de978 90139->90147 90140 1ef426dcff1 90140->90141 90164 1ef426b8294 49 API calls ProcessCodePage 90140->90164 90141->90110 90145 1ef42673d70 49 API calls _Strcoll 90141->90145 90143 1ef426dd00b 90143->90141 90165 1ef426b7030 90143->90165 90145->90115 90146->90117 90148 1ef426de8a4 90147->90148 90149 1ef426de8ca 90148->90149 90152 1ef426de8fd 90148->90152 90185 1ef426bcb7c 8 API calls _set_errno_from_matherr 90149->90185 90151 1ef426de8cf 90186 1ef426b86b8 49 API calls _invalid_parameter_noinfo 90151->90186 90154 1ef426de903 90152->90154 90155 1ef426de910 90152->90155 90187 1ef426bcb7c 8 API calls _set_errno_from_matherr 90154->90187 90173 1ef426c40e4 90155->90173 90163 1ef426de8da 90163->90140 90164->90143 90166 1ef426b7060 90165->90166 90304 1ef426b6f10 90166->90304 90168 1ef426b7079 90170 1ef426b709e 90168->90170 90312 1ef426b6678 49 API calls 3 library calls 90168->90312 90171 1ef426b70b3 90170->90171 90313 1ef426b6678 49 API calls 3 library calls 90170->90313 90171->90141 90189 1ef426c2f5c EnterCriticalSection 90173->90189 90185->90151 90186->90163 90187->90163 90305 1ef426b6f59 90304->90305 90306 1ef426b6f2b 90304->90306 90311 1ef426b6f4b 90305->90311 90314 1ef426b73fc EnterCriticalSection 90305->90314 90315 1ef426b85e8 49 API calls 2 library calls 90306->90315 90311->90168 90312->90170 90313->90171 90315->90311 90319 1ef426b3a54 90316->90319 90371 1ef426bca74 90319->90371 90321 1ef426b3b5f 90394 1ef426a0990 90321->90394 90324 1ef426d4bd0 _Strcoll 4 API calls 90325 1ef426b0d29 90324->90325 90326 1ef426b1b00 90325->90326 90327 1ef426b1e1d 90326->90327 90330 1ef426b1b47 memcpy_s 90326->90330 90458 1ef426b5180 90327->90458 90514 1ef42685c60 52 API calls 90330->90514 90333 1ef426b1b97 90401 1ef426c0a8c 90371->90401 90376 1ef426b21a0 90377 1ef426b21c3 90376->90377 90381 1ef426b2210 90376->90381 90379 1ef426b3710 52 API calls 90377->90379 90378 1ef426b3710 52 API calls 90378->90381 90380 1ef426b21c8 90379->90380 90380->90381 90382 1ef426b3710 52 API calls 90380->90382 90381->90378 90392 1ef426b2263 90381->90392 90383 1ef426b21d7 90382->90383 90384 1ef426b21ed 90383->90384 90385 1ef426b3710 52 API calls 90383->90385 90386 1ef426d4bd0 _Strcoll 4 API calls 90384->90386 90387 1ef426b21e6 90385->90387 90388 1ef426b220a 90386->90388 90387->90381 90387->90384 90388->90321 90389 1ef426b2368 90390 1ef426d4bd0 _Strcoll 4 API calls 90389->90390 90391 1ef426b24bb 90390->90391 90391->90321 90392->90389 90393 1ef426b3710 52 API calls 90392->90393 90393->90392 90395 1ef426a09c7 90394->90395 90396 1ef426a099e 90394->90396 90395->90324 90396->90395 90457 1ef4264e870 52 API calls 90396->90457 90398 1ef426a09fe 90399 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 90398->90399 90400 1ef426a0a0f 90399->90400 90402 1ef426c0aa1 __std_fs_get_current_path 90401->90402 90403 1ef426c0acd FlsSetValue 90402->90403 90404 1ef426c0ab0 FlsGetValue 90402->90404 90406 1ef426c0adf 90403->90406 90411 1ef426c0abd ProcessCodePage 90403->90411 90405 1ef426c0ac7 90404->90405 90404->90411 90405->90403 90447 1ef426c446c 8 API calls 3 library calls 90406->90447 90408 1ef426c0aee 90409 1ef426c0b0c FlsSetValue 90408->90409 90410 1ef426c0afc FlsSetValue 90408->90410 90413 1ef426c0b18 FlsSetValue 90409->90413 90414 1ef426c0b2a 90409->90414 90412 1ef426c0b05 90410->90412 90415 1ef426bca7d 90411->90415 90454 1ef426c045c 49 API calls std::locale::_Setgloballocale 90411->90454 90448 1ef426c3e04 90412->90448 90413->90412 90453 1ef426c083c 8 API calls _set_errno_from_matherr 90414->90453 90443 1ef426c2d14 90415->90443 90421 1ef426c0b32 90424 1ef426c3e04 __free_lconv_num 8 API calls 90421->90424 90424->90411 90444 1ef426c2d29 90443->90444 90445 1ef426b3b3a 90443->90445 90444->90445 90456 1ef426cc10c 49 API calls 3 library calls 90444->90456 90445->90376 90447->90408 90449 1ef426c3e09 HeapFree 90448->90449 90450 1ef426c0b0a 90448->90450 90449->90450 90451 1ef426c3e24 __std_fs_get_current_path __free_lconv_num 90449->90451 90450->90411 90455 1ef426bcb7c 8 API calls _set_errno_from_matherr 90451->90455 90453->90421 90455->90450 90456->90445 90457->90398 90459 1ef426b51fe 90458->90459 90514->90333 90646->89757 90647->89760 90648->89745 90649->89746 90650->89763 90652->89783 90653->89800 90655 1ef426ace0f 90654->90655 90656 1ef426ace45 RmStartSession 90654->90656 90659 1ef426d4d80 5 API calls 90655->90659 90657 1ef426ace6a RmRegisterResources 90656->90657 90658 1ef426acf62 90656->90658 90660 1ef426acf59 RmEndSession 90657->90660 90661 1ef426ace93 RmGetList 90657->90661 90666 1ef426d4bd0 _Strcoll 4 API calls 90658->90666 90662 1ef426ace1b 90659->90662 90660->90658 90663 1ef426acecf 90661->90663 90664 1ef426acf9e __std_exception_destroy 90661->90664 90662->90656 90665 1ef426ace24 GetCurrentProcess GetProcessId 90662->90665 90663->90664 90670 1ef426c0454 __std_exception_copy 9 API calls 90663->90670 90668 1ef426acfa9 RmEndSession 90664->90668 90669 1ef426d4d20 4 API calls 90665->90669 90667 1ef426a19d6 90666->90667 90677 1ef426acfc0 70 API calls 8 library calls 90667->90677 90668->90658 90669->90656 90671 1ef426acef7 90670->90671 90671->90668 90672 1ef426acf06 RmGetList 90671->90672 90672->90664 90673 1ef426acf2a 90672->90673 90673->90664 90677->89854 90682 1ef4267685d 90681->90682 90684 1ef42676942 90681->90684 90715 1ef42677080 90682->90715 90763 1ef4264e870 52 API calls 90684->90763 90685 1ef42676882 90690 1ef426768b9 90685->90690 90753 1ef42672bf0 90685->90753 90687 1ef4267690f 90696 1ef42676720 90687->90696 90688 1ef42676984 90689 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 90688->90689 90689->90690 90690->90687 90764 1ef4264e870 52 API calls 90690->90764 90692 1ef426769dd 90693 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 90692->90693 90694 1ef426769f1 90693->90694 90697 1ef42676750 90696->90697 90698 1ef42677080 75 API calls 90697->90698 90716 1ef426770c0 90715->90716 90720 1ef4267709d 90715->90720 90718 1ef426770ce 90716->90718 90719 1ef42668af0 52 API calls 90716->90719 90717 1ef426770ba 90717->90685 90718->90685 90719->90718 90720->90717 90765 1ef4264e870 52 API calls 90720->90765 90722 1ef42677123 90723 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 90722->90723 90724 1ef42677134 ISource 90723->90724 90725 1ef42677295 90724->90725 90766 1ef426761f0 75 API calls 7 library calls 90724->90766 90725->90685 90730 1ef4267744a 90754 1ef42672c23 90753->90754 90762 1ef42672c7b 90754->90762 90777 1ef42673c80 90754->90777 90756 1ef426d4bd0 _Strcoll 4 API calls 90762->90756 90763->90688 90764->90692 90765->90722 90766->90730 90857->89895 90858->89898 90866 1ef42657671 90872 1ef4264f3f0 90866->90872 90868 1ef426576a4 FindNextFileW 90869 1ef426576c2 90868->90869 90870 1ef426d4bd0 _Strcoll 4 API calls 90869->90870 90871 1ef426576e9 90870->90871 90873 1ef4264f408 ISource 90872->90873 90873->90868 90874 1ef426633fd 90875 1ef42663409 90874->90875 90876 1ef42663474 90875->90876 90877 1ef42663448 90875->90877 90881 1ef426d4e90 std::_Facet_Register 52 API calls 90876->90881 90884 1ef4266345d ctype 90876->90884 90878 1ef426634f5 90877->90878 90880 1ef426d4e90 std::_Facet_Register 52 API calls 90877->90880 90887 1ef4264d390 52 API calls 2 library calls 90878->90887 90880->90884 90881->90884 90882 1ef426634fb 90883 1ef426634cb ISource 90884->90883 90886 1ef4264d450 52 API calls 90884->90886 90887->90882 90888 1ef426afd31 90889 1ef426afd5c 90888->90889 90902 1ef426afd47 90888->90902 90891 1ef426afd65 90889->90891 90897 1ef426aff2c 90889->90897 90890 1ef426aff99 90892 1ef426afa00 4 API calls 90890->90892 90896 1ef426676b0 52 API calls 90891->90896 90898 1ef426afdc6 memcpy_s 90891->90898 90892->90902 90893 1ef426d4bd0 _Strcoll 4 API calls 90895 1ef426b02eb 90893->90895 90894 1ef426afa00 4 API calls 90894->90897 90896->90898 90897->90890 90897->90894 90899 1ef426afebe 90898->90899 90903 1ef426afa00 90898->90903 90900 1ef426afa00 4 API calls 90899->90900 90900->90902 90902->90893 90904 1ef426afa2d 90903->90904 90905 1ef426d4bd0 _Strcoll 4 API calls 90904->90905 90906 1ef426b02eb 90905->90906 90906->90898 90907 1ef426a9d30 GetCurrentHwProfileW 90908 1ef426a9d78 90907->90908 90911 1ef426a9dd8 90907->90911 90915 1ef426913f0 90908->90915 90910 1ef426a9d87 90910->90911 90924 1ef426b6948 51 API calls 90910->90924 90912 1ef426d4bd0 _Strcoll 4 API calls 90911->90912 90913 1ef426a9e50 90912->90913 90916 1ef4269143e 90915->90916 90922 1ef4269141f ISource 90915->90922 90919 1ef42656990 52 API calls 90916->90919 90917 1ef426d4bd0 _Strcoll 4 API calls 90918 1ef426914de 90917->90918 90918->90910 90920 1ef42691467 90919->90920 90925 1ef42691500 52 API calls 2 library calls 90920->90925 90922->90917 90923 1ef426914ec 90922->90923 90924->90910 90925->90922 90926 7ff64abb00d0 90927 7ff64ac08b14 std::_Facet_Register 53 API calls 90926->90927 90938 7ff64abb0135 _Yarn 90927->90938 90928 7ff64abf5374 _invalid_parameter_noinfo_noreturn 51 API calls 90929 7ff64abb03c8 90928->90929 90967 7ff64aba9e70 53 API calls std::_Throw_Cpp_error 90929->90967 90931 7ff64abb03ce 90968 7ff64aba34c0 53 API calls 3 library calls 90931->90968 90932 7ff64abb0229 90954 7ff64abb1dd0 90932->90954 90937 7ff64abb03d4 90940 7ff64abf5374 _invalid_parameter_noinfo_noreturn 51 API calls 90937->90940 90938->90932 90953 7ff64abb03c2 90938->90953 90957 7ff64abaf5a0 8 API calls std::_Throw_Cpp_error 90938->90957 90939 7ff64abb02bc 90942 7ff64ac08b14 std::_Facet_Register 53 API calls 90939->90942 90943 7ff64abb03da 90940->90943 90947 7ff64abb02a2 _Yarn _Receive_impl 90942->90947 90948 7ff64abf5374 _invalid_parameter_noinfo_noreturn 51 API calls 90943->90948 90944 7ff64abb037e _Receive_impl 90958 7ff64ac08880 90944->90958 90945 7ff64abb0290 90945->90931 90950 7ff64ac08b14 std::_Facet_Register 53 API calls 90945->90950 90947->90937 90947->90943 90947->90944 90949 7ff64abb03bd 90947->90949 90951 7ff64abb03e0 90948->90951 90952 7ff64abf5374 _invalid_parameter_noinfo_noreturn 51 API calls 90949->90952 90950->90947 90952->90953 90953->90928 90969 7ff64abb03f0 90954->90969 90956 7ff64abb0238 90956->90929 90956->90939 90956->90945 90956->90947 90957->90938 90959 7ff64ac08889 90958->90959 90960 7ff64abb03a0 90959->90960 90961 7ff64ac08e7c IsProcessorFeaturePresent 90959->90961 90962 7ff64ac08e94 90961->90962 91018 7ff64ac09074 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 90962->91018 90964 7ff64ac08ea7 91019 7ff64ac08e48 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 90964->91019 90968->90937 90970 7ff64abb046d 90969->90970 90972 7ff64ac08b14 std::_Facet_Register 53 API calls 90970->90972 90977 7ff64abb0654 90970->90977 90987 7ff64abb0498 _Yarn memcpy_s 90972->90987 90973 7ff64abb0660 91013 7ff64ac0ab24 RtlPcToFileHeader RaiseException 90973->91013 90975 7ff64abb0670 91014 7ff64abaeeb0 53 API calls 3 library calls 90975->91014 90976 7ff64abf5374 _invalid_parameter_noinfo_noreturn 51 API calls 90976->90977 91012 7ff64abaeeb0 53 API calls 3 library calls 90977->91012 90979 7ff64abb067c 91015 7ff64ac0ab24 RtlPcToFileHeader RaiseException 90979->91015 90981 7ff64abb0632 91010 7ff64abaeeb0 53 API calls 3 library calls 90981->91010 90982 7ff64abb068c 91016 7ff64ac0a904 51 API calls 2 library calls 90982->91016 90985 7ff64abb063e 91011 7ff64ac0ab24 RtlPcToFileHeader RaiseException 90985->91011 90986 7ff64abb06bd 90986->90956 90987->90981 90990 7ff64abb064e 90987->90990 90991 7ff64abb05be 90987->90991 90995 7ff64aba8e90 90987->90995 90990->90976 90991->90975 90991->90990 90992 7ff64abb0600 _Receive_impl 90991->90992 90993 7ff64ac08880 std::_Throw_Cpp_error 8 API calls 90992->90993 90994 7ff64abb0620 90993->90994 90994->90956 90996 7ff64aba9006 90995->90996 90998 7ff64aba8ec8 90995->90998 90999 7ff64aba3580 std::_Throw_Cpp_error 53 API calls 90996->90999 90997 7ff64aba8f2d 91001 7ff64ac08b14 std::_Facet_Register 53 API calls 90997->91001 90998->90997 91002 7ff64aba8f20 90998->91002 91003 7ff64aba8f5c 90998->91003 91008 7ff64aba8f13 _Yarn 90998->91008 91000 7ff64aba900b 90999->91000 91017 7ff64aba34c0 53 API calls 3 library calls 91000->91017 91001->91008 91002->90997 91002->91000 91005 7ff64ac08b14 std::_Facet_Register 53 API calls 91003->91005 91005->91008 91006 7ff64abf5374 _invalid_parameter_noinfo_noreturn 51 API calls 91007 7ff64aba9017 91006->91007 91008->91006 91009 7ff64aba8fbc _Yarn _Receive_impl 91008->91009 91009->90987 91010->90985 91011->90990 91012->90973 91013->90975 91014->90979 91015->90982 91016->90986 91017->91008 91018->90964 91020 1ef426affc7 91021 1ef426affd1 91020->91021 91026 1ef426b0440 91021->91026 91023 1ef426affe0 91024 1ef426d4bd0 _Strcoll 4 API calls 91023->91024 91025 1ef426b02eb 91024->91025 91027 1ef426b047f 91026->91027 91032 1ef426b0683 91026->91032 91028 1ef426b06ff 91027->91028 91036 1ef426b067e 91027->91036 91041 1ef4267adc0 51 API calls 91027->91041 91042 1ef4267ae20 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind _Strcoll 91028->91042 91031 1ef426b0720 91033 1ef426663e0 52 API calls 91031->91033 91032->91023 91034 1ef426b0749 91033->91034 91035 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 91034->91035 91035->91036 91036->91032 91037 1ef426663e0 52 API calls 91036->91037 91038 1ef426b0794 91037->91038 91039 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 91038->91039 91040 1ef426b07a5 91039->91040 91040->91023 91041->91027 91042->91031 91043 7ff64abdab90 91072 7ff64ac10690 91043->91072 91046 7ff64abdae9d 91048 7ff64ac10928 std::_Throw_Cpp_error 53 API calls 91046->91048 91049 7ff64abdaeac 91048->91049 91088 7ff64ac10928 91049->91088 91053 7ff64ac106b0 91054 7ff64ac106a2 ReleaseSRWLockExclusive 91054->91053 91068 7ff64abdabd8 91068->91053 91068->91054 91073 7ff64ac106b8 GetCurrentThreadId 91072->91073 91074 7ff64ac106f7 91073->91074 91075 7ff64ac10711 91073->91075 91076 7ff64ac106fc AcquireSRWLockExclusive 91074->91076 91080 7ff64ac10709 91074->91080 91077 7ff64ac10716 91075->91077 91078 7ff64ac1072a 91075->91078 91076->91080 91079 7ff64ac1071e AcquireSRWLockExclusive 91077->91079 91077->91080 91081 7ff64ac1076f 91078->91081 91086 7ff64ac10738 91078->91086 91079->91080 91083 7ff64ac08880 std::_Throw_Cpp_error 8 API calls 91080->91083 91081->91080 91082 7ff64ac10777 TryAcquireSRWLockExclusive 91081->91082 91082->91080 91085 7ff64abdabbd 91083->91085 91085->91046 91085->91049 91085->91068 91086->91080 91087 7ff64ac1075f TryAcquireSRWLockExclusive 91086->91087 91094 7ff64ac10610 GetSystemTimeAsFileTime _Xtime_get_ticks 91086->91094 91087->91080 91087->91086 91089 7ff64ac10941 std::_Throw_Cpp_error 91088->91089 91095 7ff64ac10808 53 API calls 4 library calls 91089->91095 91091 7ff64ac1095d 91096 7ff64ac0ab24 RtlPcToFileHeader RaiseException 91091->91096 91093 7ff64ac1096e 91094->91086 91095->91091 91096->91093 91097 7ff64abd9510 91098 7ff64abd967b 91097->91098 91110 7ff64abd9545 91097->91110 91126 7ff64aba98e0 53 API calls 4 library calls 91098->91126 91100 7ff64abd9801 91129 7ff64aba98e0 53 API calls 4 library calls 91100->91129 91101 7ff64abd969c 91103 7ff64abd978c 91128 7ff64aba98e0 53 API calls 4 library calls 91103->91128 91108 7ff64abd9721 91127 7ff64aba98e0 53 API calls 4 library calls 91108->91127 91110->91098 91110->91100 91110->91101 91110->91103 91110->91108 91111 7ff64abcfd50 91110->91111 91115 7ff64abd6900 91110->91115 91125 7ff64aba98e0 53 API calls 4 library calls 91110->91125 91113 7ff64abcfd5a 91111->91113 91112 7ff64abcfdb7 91112->91110 91113->91112 91130 7ff64abc8b00 GetCurrentProcess ReadProcessMemory 91113->91130 91116 7ff64abd6972 91115->91116 91120 7ff64abd7220 _Receive_impl 91115->91120 91124 7ff64abc8b00 5 API calls 91116->91124 91117 7ff64ac08880 std::_Throw_Cpp_error 8 API calls 91118 7ff64abd723c 91117->91118 91118->91110 91119 7ff64abd69a1 91119->91120 91138 7ff64ac13040 8 API calls 2 library calls 91119->91138 91120->91117 91122 7ff64abd69df 91122->91120 91139 7ff64abd72b0 53 API calls 4 library calls 91122->91139 91124->91119 91125->91110 91126->91101 91127->91101 91128->91101 91129->91101 91131 7ff64abc8b60 GetLastError 91130->91131 91132 7ff64abc8b56 91130->91132 91133 7ff64abc8b6d VirtualQueryEx 91131->91133 91135 7ff64abc8b5c 91131->91135 91132->91131 91132->91135 91134 7ff64abc8b89 91133->91134 91133->91135 91134->91135 91136 7ff64abc8b9c ReadProcessMemory 91134->91136 91135->91112 91136->91135 91137 7ff64abc8bb7 91136->91137 91137->91135 91138->91122 91139->91120 91140 1ef42681a80 91141 1ef426503b0 55 API calls 91140->91141 91142 1ef42681ae0 91141->91142 91143 1ef426503b0 55 API calls 91142->91143 91144 1ef42682370 91143->91144 91145 1ef4264f020 52 API calls 91144->91145 91155 1ef4268278c ISource 91144->91155 91147 1ef426823a9 91145->91147 91146 1ef426d4bd0 _Strcoll 4 API calls 91148 1ef426827b7 91146->91148 91149 1ef4264eeb0 53 API calls 91147->91149 91150 1ef426823b6 91149->91150 91201 1ef42684a50 91150->91201 91153 1ef426a2540 124 API calls 91154 1ef42682483 91153->91154 91154->91155 91156 1ef426827d3 91154->91156 91155->91146 91157 1ef426663e0 52 API calls 91156->91157 91158 1ef42682811 91157->91158 91159 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 91158->91159 91160 1ef42682824 91159->91160 91161 1ef4264fb70 53 API calls 91160->91161 91162 1ef42682834 91161->91162 91163 1ef4264fb70 53 API calls 91162->91163 91164 1ef42682846 91163->91164 91165 1ef4264fb70 53 API calls 91164->91165 91166 1ef42682856 91165->91166 91167 1ef4264fb70 53 API calls 91166->91167 91168 1ef4268287e 91167->91168 91169 1ef4264ea20 2 API calls 91168->91169 91170 1ef42682890 91169->91170 91171 1ef4264fb70 53 API calls 91170->91171 91172 1ef426828a6 91171->91172 91173 1ef4264ea20 2 API calls 91172->91173 91174 1ef426828b8 91173->91174 91175 1ef4264f020 52 API calls 91174->91175 91176 1ef4268290a 91175->91176 91177 1ef4264eeb0 53 API calls 91176->91177 91178 1ef4268291b 91177->91178 91179 1ef4264f320 52 API calls 91178->91179 91180 1ef42682e15 91179->91180 91181 1ef42656c10 52 API calls 91180->91181 91182 1ef4268301e 91181->91182 91183 1ef426a18d0 124 API calls 91182->91183 91184 1ef42683050 91183->91184 91205 1ef42661d90 77 API calls 4 library calls 91184->91205 91186 1ef4268331d 91206 1ef42666070 52 API calls 3 library calls 91186->91206 91188 1ef42683359 91197 1ef42683d49 91188->91197 91207 1ef42650310 59 API calls _Strcoll 91188->91207 91190 1ef42683375 91191 1ef42683e66 91190->91191 91190->91197 91192 1ef4264ea20 2 API calls 91191->91192 91193 1ef42683e6b 91192->91193 91208 1ef4264fbe0 53 API calls Concurrency::cancel_current_task 91193->91208 91198 1ef426d4bd0 _Strcoll 4 API calls 91197->91198 91200 1ef42683e37 91198->91200 91202 1ef42684a76 91201->91202 91203 1ef426865c0 52 API calls 91202->91203 91204 1ef426823c9 91203->91204 91204->91153 91205->91186 91206->91188 91207->91190 91209 1ef426b5706 91210 1ef426b21a0 52 API calls 91209->91210 91211 1ef426b570e 91210->91211 91212 7ff64abafea0 GetCurrentProcess OpenProcessToken 91213 7ff64abaff48 91212->91213 91214 7ff64abaff0c GetTokenInformation 91212->91214 91215 7ff64abaff93 91213->91215 91216 7ff64abaff73 RtlEnterCriticalSection RtlLeaveCriticalSection 91213->91216 91214->91213 91237 7ff64aba26e0 91215->91237 91216->91215 91219 7ff64abaffad 91222 7ff64abaffbb 91219->91222 91252 7ff64aba3010 91219->91252 91269 7ff64abac500 91222->91269 91224 7ff64abaffc6 91234 7ff64abb0073 91224->91234 91285 7ff64abac900 91224->91285 91226 7ff64ac08880 std::_Throw_Cpp_error 8 API calls 91227 7ff64abb00a7 91226->91227 91229 7ff64abac900 9 API calls 91230 7ff64abb0012 91229->91230 91231 7ff64abac900 9 API calls 91230->91231 91230->91234 91232 7ff64abb0030 91231->91232 91233 7ff64abac900 9 API calls 91232->91233 91232->91234 91235 7ff64abb0055 91233->91235 91234->91226 91235->91234 91236 7ff64abac900 9 API calls 91235->91236 91236->91234 91310 7ff64abab640 91237->91310 91240 7ff64ac08880 std::_Throw_Cpp_error 8 API calls 91242 7ff64aba28f1 91240->91242 91241 7ff64abac900 9 API calls 91243 7ff64aba2736 91241->91243 91242->91219 91291 7ff64abab860 91242->91291 91244 7ff64abac900 9 API calls 91243->91244 91251 7ff64aba270c 91243->91251 91245 7ff64aba276c 91244->91245 91246 7ff64abac900 9 API calls 91245->91246 91245->91251 91247 7ff64aba2796 91246->91247 91248 7ff64abab860 9 API calls 91247->91248 91247->91251 91249 7ff64aba27b5 91248->91249 91250 7ff64abab640 9 API calls 91249->91250 91250->91251 91251->91240 91322 7ff64aba2d30 GetModuleHandleW 91252->91322 91255 7ff64aba303f 91258 7ff64ac08880 std::_Throw_Cpp_error 8 API calls 91255->91258 91256 7ff64aba3049 RtlGetNtVersionNumbers 91257 7ff64aba3089 91256->91257 91259 7ff64aba30b5 RtlGetNtVersionNumbers 91257->91259 91338 7ff64aba2c60 91257->91338 91260 7ff64aba322f 91258->91260 91266 7ff64aba30ef _Yarn 91259->91266 91260->91222 91263 7ff64aba3161 RtlImageDirectoryEntryToData 91264 7ff64aba3194 91263->91264 91265 7ff64aba31c6 RtlGetNtVersionNumbers 91264->91265 91267 7ff64aba2c60 10 API calls 91264->91267 91265->91255 91266->91263 91266->91264 91268 7ff64aba31c2 91267->91268 91268->91255 91268->91265 91270 7ff64abab860 9 API calls 91269->91270 91271 7ff64abac532 91270->91271 91347 7ff64abac260 54 API calls 91271->91347 91273 7ff64abac651 _Receive_impl 91275 7ff64ac08880 std::_Throw_Cpp_error 8 API calls 91273->91275 91274 7ff64abac569 91274->91273 91276 7ff64abac691 91274->91276 91277 7ff64abac678 91275->91277 91278 7ff64abf5374 _invalid_parameter_noinfo_noreturn 51 API calls 91276->91278 91277->91224 91280 7ff64abac696 91278->91280 91279 7ff64abac6da _Receive_impl 91279->91224 91280->91279 91281 7ff64abf5374 _invalid_parameter_noinfo_noreturn 51 API calls 91280->91281 91282 7ff64abac6fa 91281->91282 91283 7ff64abf5374 _invalid_parameter_noinfo_noreturn 51 API calls 91282->91283 91284 7ff64abac741 91283->91284 91286 7ff64abac924 91285->91286 91290 7ff64abac98f 91285->91290 91287 7ff64abac930 VirtualQuery 91286->91287 91286->91290 91287->91286 91287->91290 91288 7ff64ac08880 std::_Throw_Cpp_error 8 API calls 91289 7ff64abac99e 91288->91289 91289->91229 91289->91234 91290->91288 91292 7ff64abab964 91291->91292 91293 7ff64abab87b 91291->91293 91292->91219 91294 7ff64abac900 9 API calls 91293->91294 91295 7ff64abab885 91294->91295 91295->91292 91296 7ff64abac900 9 API calls 91295->91296 91297 7ff64abab8bb 91296->91297 91297->91292 91298 7ff64abac900 9 API calls 91297->91298 91302 7ff64abab8dc 91298->91302 91299 7ff64abab949 91349 7ff64abab430 9 API calls 91299->91349 91301 7ff64abab951 91301->91219 91302->91299 91303 7ff64abac900 9 API calls 91302->91303 91304 7ff64abab901 91303->91304 91304->91299 91305 7ff64abac900 9 API calls 91304->91305 91306 7ff64abab91f 91305->91306 91306->91299 91307 7ff64abab92e 91306->91307 91348 7ff64abab540 9 API calls 91307->91348 91309 7ff64abab936 91309->91219 91311 7ff64abab662 91310->91311 91312 7ff64aba2707 91310->91312 91313 7ff64abac900 9 API calls 91311->91313 91312->91241 91312->91251 91314 7ff64abab66c 91313->91314 91314->91312 91315 7ff64abac900 9 API calls 91314->91315 91316 7ff64abab6a2 91315->91316 91316->91312 91317 7ff64abac900 9 API calls 91316->91317 91318 7ff64abab6c4 91317->91318 91318->91312 91319 7ff64abac900 9 API calls 91318->91319 91320 7ff64abab6e9 91319->91320 91320->91312 91321 7ff64abac900 9 API calls 91320->91321 91321->91312 91323 7ff64aba2d8a RtlImageNtHeader RtlGetNtVersionNumbers 91322->91323 91326 7ff64aba2fd1 91322->91326 91324 7ff64aba2e07 RtlGetNtVersionNumbers 91323->91324 91325 7ff64aba2df6 91323->91325 91331 7ff64aba2e33 91324->91331 91325->91324 91329 7ff64aba2dfc 91325->91329 91327 7ff64ac08880 std::_Throw_Cpp_error 8 API calls 91326->91327 91328 7ff64aba2fdf 91327->91328 91328->91255 91328->91256 91329->91326 91345 7ff64aba2ae0 53 API calls 91329->91345 91330 7ff64aba2e8f RtlImageNtHeader 91330->91331 91331->91326 91331->91329 91331->91330 91333 7ff64aba2edb 91331->91333 91333->91326 91334 7ff64aba2ee8 RtlImageNtHeader 91333->91334 91334->91329 91335 7ff64aba2f60 RtlGetNtVersionNumbers 91336 7ff64aba2f4b 91335->91336 91336->91326 91336->91335 91346 7ff64aba2ae0 53 API calls 91336->91346 91339 7ff64aba2c86 NtQueryVirtualMemory 91338->91339 91340 7ff64aba2cbf NtProtectVirtualMemory 91338->91340 91339->91340 91341 7ff64aba2d0e 91339->91341 91340->91341 91343 7ff64ac08880 std::_Throw_Cpp_error 8 API calls 91341->91343 91344 7ff64aba2d1b 91343->91344 91344->91255 91344->91259 91345->91336 91346->91336 91347->91274 91348->91309 91349->91301 91350 1ef426afa58 91351 1ef426afa7e 91350->91351 91370 1ef426afa69 91350->91370 91352 1ef426afa87 91351->91352 91366 1ef426afc2b 91351->91366 91354 1ef426618d0 52 API calls 91352->91354 91367 1ef426afae1 91352->91367 91353 1ef426afcd7 91357 1ef426b0440 54 API calls 91353->91357 91354->91367 91355 1ef426d4bd0 _Strcoll 4 API calls 91356 1ef426b02eb 91355->91356 91359 1ef426afcf0 91357->91359 91358 1ef426b0440 54 API calls 91358->91366 91362 1ef426afa00 4 API calls 91359->91362 91360 1ef426afba0 91361 1ef426b0440 54 API calls 91360->91361 91363 1ef426afbd2 91361->91363 91362->91370 91368 1ef426afa00 4 API calls 91363->91368 91364 1ef426afa00 4 API calls 91364->91366 91365 1ef426b0440 54 API calls 91365->91367 91366->91353 91366->91358 91366->91364 91367->91360 91367->91365 91369 1ef426afa00 4 API calls 91367->91369 91368->91370 91369->91367 91370->91355 91371 1ef42662f11 91372 1ef42662f24 91371->91372 91380 1ef4266326d 91371->91380 91385 1ef42663960 91372->91385 91375 1ef42663278 91391 1ef42660670 52 API calls ISource 91380->91391 91387 1ef42663994 91385->91387 91389 1ef426639f1 91385->91389 91392 1ef42667b50 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind _Strcoll 91387->91392 91393 1ef4264d390 52 API calls 2 library calls 91389->91393 91390 1ef42663a17 91391->91375 91392->91389 91393->91390 91394 1ef426a9edb RegOpenKeyExA 91395 1ef426a9f05 RegQueryValueExA 91394->91395 91401 1ef426a9f44 ISource 91394->91401 91395->91401 91396 1ef426a9fda 91399 1ef426d4bd0 _Strcoll 4 API calls 91396->91399 91397 1ef426a9fd4 RegCloseKey 91397->91396 91400 1ef426a9fed 91399->91400 91401->91396 91401->91397 91402 1ef4267b750 91412 1ef426a3640 91402->91412 91405 1ef4267b7d6 ISource 91407 1ef426d4bd0 _Strcoll 4 API calls 91405->91407 91411 1ef4267b8cb 91405->91411 91408 1ef4267b8c2 91407->91408 91409 1ef4267b7a3 91487 1ef426916a0 CryptUnprotectData 91409->91487 91413 1ef426a369e 91412->91413 91414 1ef426a3784 91412->91414 91415 1ef426d4d80 5 API calls 91413->91415 91416 1ef426a3886 91414->91416 91417 1ef426d4d80 5 API calls 91414->91417 91418 1ef426a36aa 91415->91418 91419 1ef4264f320 52 API calls 91416->91419 91421 1ef426a37bc 91417->91421 91418->91414 91495 1ef426d51d4 10 API calls 91418->91495 91420 1ef426a38fe ISource 91419->91420 91422 1ef426503b0 55 API calls 91420->91422 91429 1ef426a3e0a 91420->91429 91421->91416 91496 1ef426d51d4 10 API calls 91421->91496 91430 1ef426a3975 memcpy_s 91422->91430 91424 1ef426a3777 91426 1ef426d4d20 4 API calls 91424->91426 91426->91414 91427 1ef426a3879 91431 1ef426d4d20 4 API calls 91427->91431 91428 1ef426a3ece 91505 1ef4264fbe0 53 API calls Concurrency::cancel_current_task 91428->91505 91502 1ef4264e870 52 API calls 91429->91502 91435 1ef426b08e0 89 API calls 91430->91435 91447 1ef426a3cb4 91430->91447 91431->91416 91434 1ef426d4bd0 _Strcoll 4 API calls 91437 1ef4267b785 91434->91437 91438 1ef426a39ed 91435->91438 91437->91405 91482 1ef426650b0 91437->91482 91440 1ef426a39fd 91438->91440 91441 1ef426a3c5b 91438->91441 91439 1ef426a3e3f 91442 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 91439->91442 91443 1ef426b0c90 54 API calls 91440->91443 91501 1ef42673610 51 API calls 91441->91501 91445 1ef426a3e53 91442->91445 91446 1ef426a3a2f 91443->91446 91503 1ef4264e870 52 API calls 91445->91503 91449 1ef426a3ace 91446->91449 91450 1ef426a3a4c 91446->91450 91447->91428 91447->91429 91481 1ef426a3ab8 ISource 91447->91481 91452 1ef426af540 52 API calls 91449->91452 91450->91429 91451 1ef426a3a7d 91450->91451 91454 1ef426af380 54 API calls 91451->91454 91455 1ef426a3ae2 91452->91455 91453 1ef426a3e7c 91456 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 91453->91456 91457 1ef426a3a8a 91454->91457 91458 1ef426a3af9 91455->91458 91459 1ef426a3b7b 91455->91459 91460 1ef426a3e90 91456->91460 91497 1ef426727f0 51 API calls 91457->91497 91458->91445 91463 1ef426a3b2a 91458->91463 91462 1ef426af540 52 API calls 91459->91462 91504 1ef4264e870 52 API calls 91460->91504 91466 1ef426a3b8f 91462->91466 91464 1ef426af380 54 API calls 91463->91464 91467 1ef426a3b37 91464->91467 91469 1ef426af540 52 API calls 91466->91469 91498 1ef426727f0 51 API calls 91467->91498 91468 1ef426a3eba 91470 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 91468->91470 91471 1ef426a3b9e 91469->91471 91470->91428 91499 1ef42685010 52 API calls Concurrency::cancel_current_task 91471->91499 91474 1ef426a3bae 91474->91460 91475 1ef426a3be0 91474->91475 91476 1ef426af380 54 API calls 91475->91476 91477 1ef426a3bed 91476->91477 91478 1ef42661a80 52 API calls 91477->91478 91479 1ef426a3bfd 91478->91479 91500 1ef426727f0 51 API calls 91479->91500 91481->91434 91483 1ef426618d0 52 API calls 91482->91483 91486 1ef42665108 ctype 91483->91486 91484 1ef426618d0 52 API calls 91485 1ef42665249 91484->91485 91485->91409 91486->91484 91488 1ef42691706 91487->91488 91489 1ef426917cc 91487->91489 91491 1ef4269172d memcpy_s ctype 91488->91491 91492 1ef426676b0 52 API calls 91488->91492 91490 1ef426d4bd0 _Strcoll 4 API calls 91489->91490 91493 1ef426917e6 91490->91493 91494 1ef42691786 LocalFree 91491->91494 91492->91491 91493->91405 91494->91489 91495->91424 91496->91427 91497->91481 91498->91481 91499->91474 91500->91481 91501->91447 91502->91439 91503->91453 91504->91468 91506 1ef426a9550 91522 1ef426a2670 91506->91522 91508 1ef426a9598 GetVolumeInformationW 91511 1ef426a95f4 ISource memcpy_s 91508->91511 91510 1ef426a9643 91512 1ef426d4bd0 _Strcoll 4 API calls 91510->91512 91511->91510 91513 1ef426a97be 91511->91513 91533 1ef42662230 91511->91533 91515 1ef426a97a5 91512->91515 91517 1ef426632f0 54 API calls 91518 1ef426a9713 91517->91518 91536 1ef4269d2b0 91518->91536 91554 1ef42661620 91522->91554 91525 1ef426a26cf 91528 1ef426a277b 91525->91528 91560 1ef426dbaac GetCurrentDirectoryW 91525->91560 91562 1ef42667380 52 API calls 4 library calls 91525->91562 91530 1ef42656990 52 API calls 91528->91530 91532 1ef426a27ef 91528->91532 91529 1ef426a289c 91530->91532 91531 1ef426a2858 ISource 91531->91508 91532->91531 91563 1ef4264fa60 52 API calls 2 library calls 91532->91563 91534 1ef426636e0 77 API calls 91533->91534 91535 1ef42662277 91534->91535 91535->91517 91537 1ef4269d2f3 91536->91537 91538 1ef42668af0 52 API calls 91537->91538 91539 1ef4269d308 91537->91539 91538->91539 91547 1ef4269d36c 91539->91547 91565 1ef4269bf50 75 API calls 4 library calls 91539->91565 91541 1ef4269d473 91567 1ef4264e870 52 API calls 91541->91567 91542 1ef4269d42e 91543 1ef4269d43f 91542->91543 91566 1ef426695d0 52 API calls 2 library calls 91542->91566 91550 1ef4265fee0 91543->91550 91546 1ef4269d4b5 91548 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 91546->91548 91547->91541 91547->91542 91549 1ef4269d4c6 91548->91549 91551 1ef4265ff28 91550->91551 91552 1ef4265ff99 91551->91552 91553 1ef426633a0 52 API calls 91551->91553 91552->91510 91553->91552 91555 1ef42661635 91554->91555 91556 1ef42661650 91554->91556 91555->91525 91557 1ef42661662 91556->91557 91564 1ef42667380 52 API calls 4 library calls 91556->91564 91557->91525 91559 1ef426616a3 91559->91525 91561 1ef426dbabe __std_fs_get_current_path 91560->91561 91561->91525 91562->91525 91563->91529 91564->91559 91565->91547 91566->91543 91567->91546 91568 1ef426a2950 91569 1ef426a2980 91568->91569 91570 1ef426dbae8 55 API calls 91569->91570 91571 1ef426a2999 91570->91571 91572 1ef426d4bd0 _Strcoll 4 API calls 91571->91572 91573 1ef426a29d6 91572->91573 91574 1ef42666d59 91577 1ef42666d77 91574->91577 91575 1ef42666db6 91578 1ef42666dc3 91575->91578 91579 1ef42666e6e 91575->91579 91576 1ef42666de2 91582 1ef426d4e90 std::_Facet_Register 52 API calls 91576->91582 91583 1ef42666dcb ISource ctype 91576->91583 91577->91575 91577->91576 91580 1ef426d4e90 std::_Facet_Register 52 API calls 91578->91580 91584 1ef4264d390 52 API calls 2 library calls 91579->91584 91580->91583 91582->91583 91584->91583 91585 1ef426c0650 91596 1ef426c04b4 91585->91596 91588 1ef426c06ad 91589 1ef426c0676 91588->91589 91591 1ef426c06ed 91588->91591 91614 1ef426c51a4 49 API calls 2 library calls 91588->91614 91602 1ef426c04dc 91591->91602 91594 1ef426c06e1 91594->91591 91615 1ef426c5880 8 API calls 2 library calls 91594->91615 91597 1ef426c04bd 91596->91597 91598 1ef426c04cd 91596->91598 91616 1ef426bcb7c 8 API calls _set_errno_from_matherr 91597->91616 91598->91588 91598->91589 91613 1ef426c05d4 49 API calls _fread_nolock 91598->91613 91600 1ef426c04c2 91617 1ef426b86b8 49 API calls _invalid_parameter_noinfo 91600->91617 91603 1ef426c04b4 _fread_nolock 49 API calls 91602->91603 91604 1ef426c0501 91603->91604 91605 1ef426c0510 91604->91605 91606 1ef426c05a1 91604->91606 91607 1ef426c052e 91605->91607 91611 1ef426c054c 91605->91611 91627 1ef426c39cc 49 API calls 3 library calls 91606->91627 91626 1ef426c39cc 49 API calls 3 library calls 91607->91626 91610 1ef426c053c 91610->91589 91611->91610 91618 1ef426c64d4 91611->91618 91613->91588 91614->91594 91615->91591 91616->91600 91617->91598 91619 1ef426c6504 91618->91619 91628 1ef426c6300 91619->91628 91621 1ef426c651d 91622 1ef426c6543 91621->91622 91637 1ef426b6678 49 API calls 3 library calls 91621->91637 91625 1ef426c6558 91622->91625 91638 1ef426b6678 49 API calls 3 library calls 91622->91638 91625->91610 91626->91610 91627->91610 91629 1ef426c632d 91628->91629 91630 1ef426c6349 91628->91630 91629->91621 91631 1ef426c63d7 91630->91631 91633 1ef426c6381 91630->91633 91646 1ef426b85e8 49 API calls 2 library calls 91631->91646 91639 1ef426cba54 EnterCriticalSection 91633->91639 91637->91622 91638->91625 91640 1ef426c6388 91639->91640 91640->91629 91641 1ef426c6428 91640->91641 91647 1ef426cbd60 91641->91647 91644 1ef426c6466 SetFilePointerEx 91645 1ef426c6455 __std_fs_get_current_path _fread_nolock 91644->91645 91645->91629 91646->91629 91648 1ef426cbd69 91647->91648 91650 1ef426cbd7e 91647->91650 91659 1ef426bcb5c 8 API calls _set_errno_from_matherr 91648->91659 91655 1ef426c644f 91650->91655 91661 1ef426bcb5c 8 API calls _set_errno_from_matherr 91650->91661 91652 1ef426cbd6e 91660 1ef426bcb7c 8 API calls _set_errno_from_matherr 91652->91660 91653 1ef426cbdb9 91662 1ef426bcb7c 8 API calls _set_errno_from_matherr 91653->91662 91655->91644 91655->91645 91657 1ef426cbdc1 91663 1ef426b86b8 49 API calls _invalid_parameter_noinfo 91657->91663 91659->91652 91660->91655 91661->91653 91662->91657 91663->91655 91664 7ff64abaaff0 91665 7ff64abab860 9 API calls 91664->91665 91666 7ff64abab01a 91665->91666 91667 7ff64abac900 9 API calls 91666->91667 91679 7ff64abab17c 91666->91679 91670 7ff64abab03a 91667->91670 91668 7ff64ac08880 std::_Throw_Cpp_error 8 API calls 91669 7ff64abab1c5 91668->91669 91671 7ff64abac900 9 API calls 91670->91671 91670->91679 91672 7ff64abab072 91671->91672 91673 7ff64abac900 9 API calls 91672->91673 91672->91679 91674 7ff64abab09c 91673->91674 91675 7ff64abac900 9 API calls 91674->91675 91674->91679 91678 7ff64abab0fc 91675->91678 91676 7ff64abab140 91677 7ff64abab640 9 API calls 91676->91677 91682 7ff64abab16f 91677->91682 91678->91676 91680 7ff64abac900 9 API calls 91678->91680 91679->91668 91681 7ff64abab122 91680->91681 91681->91676 91683 7ff64abac900 9 API calls 91681->91683 91682->91679 91685 7ff64abaac20 91682->91685 91683->91676 91686 7ff64abaac44 91685->91686 91693 7ff64abaac96 91685->91693 91687 7ff64abac900 9 API calls 91686->91687 91689 7ff64abaac4e 91687->91689 91688 7ff64abaafcc 91688->91679 91690 7ff64abac900 9 API calls 91689->91690 91689->91693 91691 7ff64abaac78 91690->91691 91692 7ff64abac900 9 API calls 91691->91692 91691->91693 91692->91693 91693->91688 91695 7ff64abaa830 91693->91695 91696 7ff64abac900 9 API calls 91695->91696 91698 7ff64abaa87a 91696->91698 91697 7ff64abac900 9 API calls 91699 7ff64abaa9eb 91697->91699 91700 7ff64aba8510 std::_Throw_Cpp_error 53 API calls 91698->91700 91701 7ff64abaa8b5 std::_Locinfo::_Locinfo_ctor _Receive_impl 91698->91701 91717 7ff64aba8510 91699->91717 91700->91701 91701->91697 91706 7ff64abaabac 91701->91706 91709 7ff64abaa9d5 _Receive_impl 91701->91709 91703 7ff64abaab0c LoadLibraryA 91704 7ff64abaab27 GetProcAddress 91703->91704 91705 7ff64abaab23 91703->91705 91704->91705 91705->91706 91705->91709 91708 7ff64abf5374 _invalid_parameter_noinfo_noreturn 51 API calls 91706->91708 91707 7ff64ac08880 std::_Throw_Cpp_error 8 API calls 91710 7ff64abaab91 91707->91710 91714 7ff64abaabb1 91708->91714 91709->91707 91710->91693 91711 7ff64abaaac9 91711->91703 91712 7ff64abaaa29 std::_Locinfo::_Locinfo_ctor 91712->91703 91712->91711 91732 7ff64aba6d00 53 API calls 6 library calls 91712->91732 91713 7ff64abaabff 91713->91693 91714->91713 91716 7ff64abaa830 54 API calls 91714->91716 91716->91713 91718 7ff64aba85f9 91717->91718 91722 7ff64aba8536 91717->91722 91719 7ff64aba3580 std::_Throw_Cpp_error 53 API calls 91718->91719 91721 7ff64aba85fe 91719->91721 91720 7ff64aba856c 91727 7ff64ac08b14 std::_Facet_Register 53 API calls 91720->91727 91733 7ff64aba34c0 53 API calls 3 library calls 91721->91733 91722->91720 91724 7ff64aba853c _Yarn 91722->91724 91725 7ff64aba85c5 91722->91725 91726 7ff64aba85ba 91722->91726 91724->91712 91729 7ff64ac08b14 std::_Facet_Register 53 API calls 91725->91729 91726->91720 91726->91721 91728 7ff64aba8582 91727->91728 91728->91724 91730 7ff64abf5374 _invalid_parameter_noinfo_noreturn 51 API calls 91728->91730 91729->91724 91731 7ff64aba860a 91730->91731 91732->91711 91733->91728 91734 7ff64ababa70 91773 7ff64abab370 91734->91773 91737 7ff64ac08880 std::_Throw_Cpp_error 8 API calls 91739 7ff64ababd57 91737->91739 91740 7ff64ababab8 91741 7ff64ababcec 91740->91741 91742 7ff64ababacc 91740->91742 91745 7ff64abab860 9 API calls 91741->91745 91743 7ff64abab640 9 API calls 91742->91743 91744 7ff64ababae3 91743->91744 91749 7ff64abac900 9 API calls 91744->91749 91762 7ff64ababc16 91744->91762 91746 7ff64ababcff 91745->91746 91747 7ff64ababd05 VirtualAlloc 91746->91747 91746->91762 91748 7ff64ababd24 _Yarn 91747->91748 91747->91762 91748->91762 91750 7ff64ababb13 91749->91750 91751 7ff64abac900 9 API calls 91750->91751 91750->91762 91752 7ff64ababb4b 91751->91752 91753 7ff64abac900 9 API calls 91752->91753 91752->91762 91754 7ff64ababb76 91753->91754 91755 7ff64ababbba 91754->91755 91759 7ff64abac900 9 API calls 91754->91759 91756 7ff64ababbc6 VirtualAlloc 91755->91756 91755->91762 91757 7ff64ababbe9 91756->91757 91756->91762 91790 7ff64ababd70 9 API calls _Yarn 91757->91790 91761 7ff64ababb9c 91759->91761 91760 7ff64ababbfa 91760->91762 91764 7ff64abac900 9 API calls 91760->91764 91761->91755 91763 7ff64abac900 9 API calls 91761->91763 91762->91737 91763->91755 91766 7ff64ababc3a 91764->91766 91768 7ff64abac900 9 API calls 91766->91768 91772 7ff64ababc7e 91766->91772 91767 7ff64ababcc2 91767->91762 91769 7ff64ababcca VirtualFree 91767->91769 91770 7ff64ababc60 91768->91770 91769->91762 91771 7ff64abac900 9 API calls 91770->91771 91770->91772 91771->91772 91791 7ff64ababfc0 9 API calls 91772->91791 91774 7ff64abab38a 91773->91774 91777 7ff64abab395 91773->91777 91775 7ff64abac900 9 API calls 91774->91775 91776 7ff64abab38f 91774->91776 91775->91776 91776->91777 91778 7ff64abac900 9 API calls 91776->91778 91777->91762 91779 7ff64abab980 91777->91779 91778->91777 91780 7ff64ababa51 91779->91780 91781 7ff64abab99e 91779->91781 91780->91740 91782 7ff64abab370 9 API calls 91781->91782 91783 7ff64abab9a3 91782->91783 91783->91780 91784 7ff64abac900 9 API calls 91783->91784 91786 7ff64abab9c1 91784->91786 91785 7ff64ababa09 91785->91740 91786->91785 91787 7ff64abac900 9 API calls 91786->91787 91788 7ff64abab9eb 91787->91788 91788->91785 91789 7ff64abac900 9 API calls 91788->91789 91789->91785 91790->91760 91791->91767 91792 1ef42697aea 91793 1ef42697aef 91792->91793 91833 1ef4265e5a0 CreateToolhelp32Snapshot 91793->91833 91809 1ef42697b17 92000 1ef4269ff00 91809->92000 91834 1ef4265e605 memcpy_s 91833->91834 92197 1ef4265ffc0 91834->92197 91837 1ef4265e834 91839 1ef4265fee0 52 API calls 91837->91839 91838 1ef4265e61c Process32FirstW 91858 1ef4265e630 ISource 91838->91858 91840 1ef4265e847 91839->91840 91842 1ef426640b0 52 API calls 91840->91842 91846 1ef4265ea22 ISource ProcessCodePage 91840->91846 91841 1ef426913f0 52 API calls 91841->91858 91843 1ef4265e885 91842->91843 92202 1ef42664380 91843->92202 91844 1ef4266ad00 52 API calls 91844->91858 91847 1ef426d4bd0 _Strcoll 4 API calls 91846->91847 91851 1ef4265eb34 91846->91851 91848 1ef4265eb13 91847->91848 91859 1ef4265ec50 91848->91859 91849 1ef4265e899 92208 1ef42660ac0 91849->92208 91852 1ef4265e96b 91855 1ef42660ac0 52 API calls 91852->91855 91853 1ef426652c0 76 API calls 91853->91858 91854 1ef42663a20 76 API calls 91854->91858 91855->91846 91856 1ef42668af0 52 API calls 91856->91858 91857 1ef4265e80f Process32NextW 91857->91858 91858->91837 91858->91841 91858->91844 91858->91851 91858->91853 91858->91854 91858->91856 91858->91857 91860 1ef4265eca4 memcpy_s 91859->91860 91861 1ef4265ffc0 77 API calls 91860->91861 91862 1ef4265ecb0 91861->91862 92234 1ef426aa1a0 91862->92234 91864 1ef4265f3e7 91865 1ef426aa1a0 55 API calls 91864->91865 91886 1ef4265f40d ISource 91865->91886 91866 1ef4265f5cc 91867 1ef4265fee0 52 API calls 91866->91867 91869 1ef4265f5eb 91867->91869 91868 1ef4266ad00 52 API calls 91868->91886 91871 1ef426640b0 52 API calls 91869->91871 91880 1ef4265f7a2 ISource 91869->91880 91870 1ef42663a20 76 API calls 91879 1ef4265f23a ISource 91870->91879 91873 1ef4265f629 91871->91873 91872 1ef4266ad00 52 API calls 91872->91879 91874 1ef42664380 52 API calls 91873->91874 91881 1ef4265f63f 91874->91881 91875 1ef42668af0 52 API calls 91875->91879 91876 1ef42663a20 76 API calls 91876->91886 91877 1ef426652c0 76 API calls 91877->91879 91878 1ef426652c0 76 API calls 91878->91886 91879->91864 91879->91870 91879->91872 91879->91875 91879->91877 91884 1ef4265fa19 91879->91884 91880->91884 91885 1ef426d4bd0 _Strcoll 4 API calls 91880->91885 91883 1ef42660ac0 52 API calls 91881->91883 91882 1ef42668af0 52 API calls 91882->91886 91888 1ef4265f6ec 91883->91888 91887 1ef4265f9f8 91885->91887 91886->91866 91886->91868 91886->91876 91886->91878 91886->91882 91886->91884 91890 1ef4265fa60 91887->91890 91889 1ef42660ac0 52 API calls 91888->91889 91889->91880 92252 1ef426ad530 91890->92252 91892 1ef4265fab6 memcpy_s 91893 1ef4265ffc0 77 API calls 91892->91893 91898 1ef4265fad1 ISource ctype 91893->91898 91894 1ef4265fbe2 91895 1ef4265fee0 52 API calls 91894->91895 91896 1ef4265fbef 91895->91896 91899 1ef426640b0 52 API calls 91896->91899 91903 1ef4265fdc2 ISource 91896->91903 91898->91894 91904 1ef42663a20 76 API calls 91898->91904 91908 1ef42668af0 52 API calls 91898->91908 91910 1ef4265fec6 91898->91910 92260 1ef42691500 52 API calls 2 library calls 91898->92260 92261 1ef4266ad00 91898->92261 91900 1ef4265fc1f 91899->91900 91902 1ef42664380 52 API calls 91900->91902 91905 1ef4265fc36 91902->91905 91906 1ef426d4bd0 _Strcoll 4 API calls 91903->91906 91903->91910 91904->91898 91909 1ef42660ac0 52 API calls 91905->91909 91907 1ef4265fea5 91906->91907 91913 1ef4265c9c0 CredEnumerateA 91907->91913 91908->91898 91911 1ef4265fd0b 91909->91911 91912 1ef42660ac0 52 API calls 91911->91912 91912->91903 91914 1ef4265d43a 91913->91914 91920 1ef4265ca30 ISource 91913->91920 91915 1ef426d4bd0 _Strcoll 4 API calls 91914->91915 91917 1ef4265d449 91915->91917 91916 1ef4265d42d CredFree 91916->91914 91932 1ef426814c0 91917->91932 91918 1ef426640b0 52 API calls 91918->91920 91919 1ef42664380 52 API calls 91919->91920 91920->91916 91920->91918 91920->91919 91921 1ef426655e0 52 API calls 91920->91921 91922 1ef42660ac0 52 API calls 91920->91922 91923 1ef426d4e90 52 API calls std::_Facet_Register 91920->91923 91925 1ef42662620 52 API calls 91920->91925 91926 1ef4265d4bb ISource 91920->91926 91928 1ef4265d46a 91920->91928 92277 1ef4267a460 52 API calls std::_Facet_Register 91920->92277 92278 1ef4266b840 52 API calls 2 library calls 91920->92278 91921->91920 91922->91920 91923->91920 91925->91920 91929 1ef426663e0 52 API calls 91928->91929 91930 1ef4265d4a8 91929->91930 91931 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 91930->91931 91931->91926 91933 1ef426817df 91932->91933 91941 1ef42681515 ISource 91932->91941 91934 1ef426d4bd0 _Strcoll 4 API calls 91933->91934 91935 1ef426817eb 91934->91935 91944 1ef426841a0 91935->91944 91936 1ef426503b0 55 API calls 91936->91941 91937 1ef42681820 92280 1ef4264fbe0 53 API calls Concurrency::cancel_current_task 91937->92280 91939 1ef4264f320 52 API calls 91939->91941 91940 1ef42681835 91941->91933 91941->91936 91941->91937 91941->91939 91941->91940 91942 1ef4268180c 91941->91942 92279 1ef4264fbe0 53 API calls Concurrency::cancel_current_task 91942->92279 91945 1ef426844bf 91944->91945 91948 1ef426841f5 ISource 91944->91948 91946 1ef426d4bd0 _Strcoll 4 API calls 91945->91946 91947 1ef426844cb 91946->91947 91956 1ef42652c20 91947->91956 91948->91945 91949 1ef426503b0 55 API calls 91948->91949 91950 1ef42684500 91948->91950 91952 1ef4264f320 52 API calls 91948->91952 91953 1ef42684515 91948->91953 91954 1ef426844ec 91948->91954 91949->91948 92282 1ef4264fbe0 53 API calls Concurrency::cancel_current_task 91950->92282 91952->91948 92281 1ef4264fbe0 53 API calls Concurrency::cancel_current_task 91954->92281 92283 1ef42650bd0 91956->92283 91959 1ef4264ea20 2 API calls 91960 1ef42652f2f 91959->91960 91964 1ef4264ea20 2 API calls 91960->91964 91961 1ef426d4bd0 _Strcoll 4 API calls 91963 1ef42652f0b 91961->91963 91962 1ef42652c53 ISource 91966 1ef42652f24 91962->91966 92288 1ef426512c0 91962->92288 91969 1ef4265ae00 91963->91969 91965 1ef42652f35 91964->91965 91966->91959 91967 1ef42652d7c 91967->91960 91967->91966 91968 1ef42652ed9 ISource 91967->91968 91968->91961 91970 1ef4265be28 91969->91970 91998 1ef4265ae5c ISource 91969->91998 91971 1ef426d4bd0 _Strcoll 4 API calls 91970->91971 91972 1ef4265be37 91971->91972 91972->91809 91973 1ef4264f320 52 API calls 91973->91998 91974 1ef426503b0 55 API calls 91974->91998 91975 1ef4265be6f 92294 1ef4264fbe0 53 API calls Concurrency::cancel_current_task 91975->92294 91977 1ef426a3640 106 API calls 91977->91998 91978 1ef4265becc 91979 1ef426650b0 52 API calls 91979->91998 91980 1ef42656c10 52 API calls 91980->91998 91981 1ef426916a0 54 API calls 91981->91998 91982 1ef42663ef0 55 API calls 91982->91998 91983 1ef4265be5d 91984 1ef4264fb70 53 API calls 91983->91984 91984->91975 91985 1ef42662620 52 API calls 91985->91998 91986 1ef4265be8a 91989 1ef4264ea20 2 API calls 91986->91989 91987 1ef426640b0 52 API calls 91987->91998 91988 1ef42664380 52 API calls 91988->91998 91989->91978 91990 1ef426a2540 124 API calls 91990->91998 91992 1ef42650070 54 API calls 91992->91998 91993 1ef42661a80 52 API calls 91993->91998 91994 1ef4264f020 52 API calls 91994->91998 91995 1ef4264eeb0 53 API calls 91995->91998 91996 1ef42660ac0 52 API calls 91996->91998 91997 1ef426742c0 52 API calls 91997->91998 91998->91970 91998->91973 91998->91974 91998->91975 91998->91977 91998->91978 91998->91979 91998->91980 91998->91981 91998->91982 91998->91983 91998->91985 91998->91986 91998->91987 91998->91988 91998->91990 91998->91992 91998->91993 91998->91994 91998->91995 91998->91996 91998->91997 91999 1ef426609e0 52 API calls 91998->91999 92293 1ef42662870 52 API calls 3 library calls 91998->92293 91999->91998 92001 1ef4269ff47 memcpy_s 92000->92001 92002 1ef4265ffc0 77 API calls 92001->92002 92003 1ef4269ff50 92002->92003 92005 1ef4269ff75 92003->92005 92295 1ef426a01b0 92003->92295 92006 1ef4265fee0 52 API calls 92005->92006 92007 1ef4269ff82 92006->92007 92198 1ef42662230 77 API calls 92197->92198 92199 1ef42660039 92198->92199 92200 1ef426632f0 54 API calls 92199->92200 92201 1ef4265e611 92200->92201 92201->91837 92201->91838 92203 1ef426643c4 92202->92203 92204 1ef426d4e90 std::_Facet_Register 52 API calls 92203->92204 92205 1ef426643d9 92204->92205 92206 1ef426d4bd0 _Strcoll 4 API calls 92205->92206 92207 1ef4266442d 92206->92207 92207->91849 92209 1ef42660aff 92208->92209 92210 1ef42660af7 92208->92210 92214 1ef42660b94 92209->92214 92222 1ef42666660 92209->92222 92232 1ef426667a0 52 API calls 2 library calls 92210->92232 92213 1ef42660b1d 92213->92214 92215 1ef42660b50 ISource 92213->92215 92217 1ef426663e0 52 API calls 92214->92217 92216 1ef426d4bd0 _Strcoll 4 API calls 92215->92216 92218 1ef42660b7f 92216->92218 92219 1ef42660bc9 92217->92219 92218->91852 92220 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 92219->92220 92221 1ef42660bda 92220->92221 92223 1ef42666686 92222->92223 92224 1ef42666791 92223->92224 92225 1ef426666cc 92223->92225 92230 1ef4266673d 92223->92230 92233 1ef4264d470 52 API calls 92224->92233 92227 1ef426d4e90 std::_Facet_Register 52 API calls 92225->92227 92228 1ef426666e8 92227->92228 92231 1ef42662620 52 API calls 92228->92231 92230->92213 92231->92230 92232->92209 92235 1ef426aa214 RegOpenKeyExA 92234->92235 92236 1ef426aa45b 92235->92236 92247 1ef426aa237 ISource 92235->92247 92238 1ef426aa46a 92236->92238 92239 1ef426aa464 RegCloseKey 92236->92239 92237 1ef426aa244 RegEnumKeyExA 92237->92247 92240 1ef426d4bd0 _Strcoll 4 API calls 92238->92240 92239->92238 92241 1ef426aa47c 92240->92241 92241->91879 92244 1ef42685890 52 API calls 92244->92247 92246 1ef426aa4a2 92247->92236 92247->92237 92247->92244 92247->92246 92248 1ef426aa497 92247->92248 92249 1ef42668e20 52 API calls 5 library calls 92247->92249 92250 1ef42671bc0 52 API calls 92247->92250 92251 1ef4264d450 52 API calls 92248->92251 92249->92247 92255 1ef426ad556 ISource wcsftime 92252->92255 92256 1ef426ad648 FreeEnvironmentStringsW 92255->92256 92257 1ef426ad675 92255->92257 92273 1ef426b0ed0 52 API calls 3 library calls 92255->92273 92274 1ef426b3bd0 52 API calls 3 library calls 92255->92274 92256->91892 92258 1ef426ad6e4 92257->92258 92259 1ef426ad6b3 RtlInitUnicodeString RtlInitUnicodeString 92257->92259 92258->91892 92259->91892 92260->91898 92262 1ef4266ad3d 92261->92262 92263 1ef42668af0 52 API calls 92262->92263 92265 1ef4266ad72 92262->92265 92263->92265 92264 1ef4266af5c 92276 1ef4264e870 52 API calls 92264->92276 92265->92264 92266 1ef4266af1d 92265->92266 92267 1ef4266af2e 92266->92267 92275 1ef426695d0 52 API calls 2 library calls 92266->92275 92267->91898 92270 1ef4266afa0 92271 1ef426d7db4 Concurrency::cancel_current_task 2 API calls 92270->92271 92272 1ef4266afb1 92271->92272 92273->92255 92274->92255 92275->92267 92276->92270 92277->91920 92278->91920 92284 1ef42650ee0 ISource 92283->92284 92285 1ef426d4bd0 _Strcoll 4 API calls 92284->92285 92287 1ef426511e9 92284->92287 92286 1ef426510b4 92285->92286 92286->91962 92287->91962 92292 1ef426515d0 ISource 92288->92292 92289 1ef426d4bd0 _Strcoll 4 API calls 92291 1ef426517a4 92289->92291 92290 1ef426518d9 92291->91967 92292->92289 92292->92290 92293->91998 92296 1ef426a01e7 RegOpenKeyExA 92295->92296 92297 1ef426a01e4 92295->92297 92298 1ef426a0213 RegCloseKey 92296->92298 92303 1ef426a0219 92296->92303 92297->92296 92298->92303 93152 7ff64abc94b0 93153 7ff64abc967e 93152->93153 93156 7ff64abc9529 93152->93156 93163 7ff64aba9e70 53 API calls std::_Throw_Cpp_error 93153->93163 93161 7ff64abcc520 53 API calls 2 library calls 93156->93161 93158 7ff64abc95b1 93162 7ff64abcde70 51 API calls 2 library calls 93158->93162 93160 7ff64abc966b 93161->93158 93162->93160 93164 1ef4266356d 93165 1ef426d4e90 std::_Facet_Register 52 API calls 93164->93165 93166 1ef42663580 93165->93166 93171 1ef4266c7c0 93166->93171 93168 1ef4266359d 93169 1ef426d4bd0 _Strcoll 4 API calls 93168->93169 93170 1ef426636a4 93169->93170 93172 1ef426d4e90 std::_Facet_Register 52 API calls 93171->93172 93173 1ef4266c7f8 93172->93173 93176 1ef42678080 93173->93176 93175 1ef4266c81e 93175->93168 93175->93175 93177 1ef426780b4 93176->93177 93178 1ef4267815a 93176->93178 93179 1ef426d4e90 std::_Facet_Register 52 API calls 93177->93179 93178->93175 93180 1ef426780cd 93179->93180 93181 1ef42661a80 52 API calls 93180->93181 93182 1ef426780ea 93181->93182 93183 1ef42663510 4 API calls 93182->93183 93184 1ef426780f8 93183->93184 93185 1ef42678080 52 API calls 93184->93185 93185->93178 93186 7ff64abf98ec 93187 7ff64abf9937 93186->93187 93191 7ff64abf98fb _Getctype 93186->93191 93193 7ff64abf8d50 10 API calls memcpy_s 93187->93193 93188 7ff64abf991e HeapAlloc 93190 7ff64abf9935 93188->93190 93188->93191 93191->93187 93191->93188 93192 7ff64ac0287c std::_Facet_Register 2 API calls 93191->93192 93192->93191 93193->93190 93194 1ef426635e9 93195 1ef426d4e90 std::_Facet_Register 52 API calls 93194->93195 93196 1ef426635fc 93195->93196 93197 1ef42661a80 52 API calls 93196->93197 93198 1ef42663619 93197->93198 93199 1ef426d4bd0 _Strcoll 4 API calls 93198->93199 93200 1ef426636a4 93199->93200 93201 1ef426aaae6 93202 1ef426aaaf8 ISource 93201->93202 93203 1ef4269d4d0 52 API calls 93202->93203 93206 1ef426ab0b0 93202->93206 93204 1ef426aac0a 93203->93204 93207 1ef426aac1a ISource 93204->93207 93210 1ef42667540 52 API calls 4 library calls 93204->93210 93207->93206 93208 1ef426d4bd0 _Strcoll 4 API calls 93207->93208 93209 1ef426ab094 93208->93209 93210->93207

                                                                                  Executed Functions

                                                                                  Function 000001EF426A8CC0 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 374windowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 0 1ef426a8cc0-1ef426a8e09 GetSystemMetrics * 4 GetDC GetDeviceCaps * 2 CreateCompatibleDC CreateCompatibleBitmap SelectObject BitBlt SHCreateMemStream 1 1ef426a8e0f-1ef426a8e61 SelectObject DeleteDC ReleaseDC DeleteObject 0->1 2 1ef426a8ed3-1ef426a8f5d call 1ef426a1320 EnterCriticalSection LeaveCriticalSection GetObjectW 0->2 3 1ef426a8ea0-1ef426a8ed2 call 1ef426d4bd0 1->3 4 1ef426a8e63-1ef426a8e74 1->4 13 1ef426a8fbf-1ef426a8fda 2->13 14 1ef426a8f5f-1ef426a8fa5 2->14 6 1ef426a8e8f-1ef426a8e9b call 1ef426d4bf0 4->6 7 1ef426a8e76-1ef426a8e89 4->7 6->3 7->6 10 1ef426a9273-1ef426a9278 call 1ef426b86d8 7->10 15 1ef426a8fde-1ef426a9029 call 1ef426a14b0 IStream_Size IStream_Reset 13->15 14->15 18 1ef426a8fa7-1ef426a8fbd 14->18 22 1ef426a902b-1ef426a9033 15->22 23 1ef426a9035 15->23 18->15 24 1ef426a906a-1ef426a9119 IStream_Read call 1ef426d75a0 call 1ef4265ffc0 call 1ef426847b0 SelectObject DeleteDC ReleaseDC DeleteObject 22->24 23->24 25 1ef426a9037-1ef426a9041 23->25 40 1ef426a9148-1ef426a914a 24->40 41 1ef426a911b-1ef426a9128 24->41 26 1ef426a9051-1ef426a9062 call 1ef426d75a0 25->26 27 1ef426a9043-1ef426a904a call 1ef426b3ff0 25->27 35 1ef426a9066 26->35 32 1ef426a904f 27->32 32->35 35->24 43 1ef426a9177-1ef426a917b 40->43 44 1ef426a914c-1ef426a9159 40->44 41->40 42 1ef426a912a-1ef426a9146 41->42 45 1ef426a9180-1ef426a9183 42->45 43->45 44->43 46 1ef426a915b-1ef426a9175 44->46 47 1ef426a918d-1ef426a91c8 call 1ef4265eb50 45->47 48 1ef426a9185-1ef426a9188 call 1ef426633a0 45->48 46->45 52 1ef426a91ca-1ef426a91e8 DeleteObject 47->52 53 1ef426a91ee-1ef426a9204 call 1ef426a1320 EnterCriticalSection 47->53 48->47 52->53 56 1ef426a922b-1ef426a923d LeaveCriticalSection 53->56 57 1ef426a9206-1ef426a9216 EnterCriticalSection 53->57 56->3 60 1ef426a9243-1ef426a9254 56->60 58 1ef426a9218 GdiplusShutdown 57->58 59 1ef426a921e-1ef426a9225 LeaveCriticalSection 57->59 58->59 59->56 60->6 61 1ef426a925a-1ef426a926d 60->61 61->6 61->10
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Object$CriticalSection$Delete$MetricsSystem$CreateEnterLeaveSelectStream_$CapsCompatibleDeviceRelease$BitmapGdiplusReadResetShutdownSizeStream
                                                                                  • String ID:
                                                                                  • API String ID: 4119826074-3916222277
                                                                                  • Opcode ID: 6016e5cde231670ab120f25f23840e756dcdc48949450077b95a35fafbcf6ff8
                                                                                  • Instruction ID: 485159cd815efd16fb30235a74a57a0df719a880a45efeb302ba8c19ea7e60a9
                                                                                  • Opcode Fuzzy Hash: 6016e5cde231670ab120f25f23840e756dcdc48949450077b95a35fafbcf6ff8
                                                                                  • Instruction Fuzzy Hash: 0102673A610BC48AEB10CF65E8447DE77A1F789B98F504239EE5947B98EF38C586C740
                                                                                  Function 000001EF426DBAE8 Relevance: 27.2, APIs: 18, Instructions: 229fileCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 62 1ef426dbae8-1ef426dbb28 63 1ef426dbb3d-1ef426dbb46 62->63 64 1ef426dbb2a-1ef426dbb31 62->64 66 1ef426dbb48-1ef426dbb4b 63->66 67 1ef426dbb62-1ef426dbb64 63->67 64->63 65 1ef426dbb33-1ef426dbb38 64->65 68 1ef426dbdbc-1ef426dbde2 call 1ef426d4bd0 65->68 66->67 69 1ef426dbb4d-1ef426dbb55 66->69 70 1ef426dbdba 67->70 71 1ef426dbb6a-1ef426dbb6e 67->71 73 1ef426dbb5b-1ef426dbb5e 69->73 74 1ef426dbb57-1ef426dbb59 69->74 70->68 75 1ef426dbb74-1ef426dbb77 71->75 76 1ef426dbc45-1ef426dbc6c call 1ef426dbebc 71->76 73->67 74->67 74->73 77 1ef426dbb8b-1ef426dbb9d GetFileAttributesExW 75->77 78 1ef426dbb79-1ef426dbb81 75->78 86 1ef426dbc8e-1ef426dbc97 76->86 87 1ef426dbc6e-1ef426dbc77 76->87 82 1ef426dbbf0-1ef426dbbff 77->82 83 1ef426dbb9f-1ef426dbba8 call 1ef426f8210 77->83 78->77 81 1ef426dbb83-1ef426dbb85 78->81 81->76 81->77 88 1ef426dbc03-1ef426dbc05 82->88 83->68 98 1ef426dbbae-1ef426dbbc0 FindFirstFileW 83->98 92 1ef426dbd4b-1ef426dbd54 86->92 93 1ef426dbc9d-1ef426dbcb5 GetFileInformationByHandleEx 86->93 90 1ef426dbc87-1ef426dbc89 87->90 91 1ef426dbc79-1ef426dbc81 call 1ef426f8108 87->91 94 1ef426dbc07-1ef426dbc0f 88->94 95 1ef426dbc11-1ef426dbc3f 88->95 90->68 91->90 117 1ef426dbdfd-1ef426dbe02 call 1ef426c811c 91->117 96 1ef426dbda3-1ef426dbda5 92->96 97 1ef426dbd56-1ef426dbd6a GetFileInformationByHandleEx 92->97 100 1ef426dbcdd-1ef426dbcf6 93->100 101 1ef426dbcb7-1ef426dbcc3 call 1ef426f8210 93->101 94->76 94->95 95->70 95->76 108 1ef426dbda7-1ef426dbdab 96->108 109 1ef426dbde3-1ef426dbde7 96->109 102 1ef426dbd6c-1ef426dbd78 call 1ef426f8210 97->102 103 1ef426dbd90-1ef426dbda0 97->103 105 1ef426dbbcd-1ef426dbbee call 1ef426f80d8 98->105 106 1ef426dbbc2-1ef426dbbc8 call 1ef426f8210 98->106 100->92 104 1ef426dbcf8-1ef426dbcfc 100->104 130 1ef426dbcd6-1ef426dbcd8 101->130 131 1ef426dbcc5-1ef426dbcd0 call 1ef426f8108 101->131 102->130 132 1ef426dbd7e-1ef426dbd89 call 1ef426f8108 102->132 103->96 114 1ef426dbcfe-1ef426dbd18 GetFileInformationByHandleEx 104->114 115 1ef426dbd44 104->115 105->88 106->68 108->70 119 1ef426dbdad-1ef426dbdb8 call 1ef426f8108 108->119 112 1ef426dbde9-1ef426dbdf4 call 1ef426f8108 109->112 113 1ef426dbdf6-1ef426dbdfb 109->113 112->113 112->117 113->68 123 1ef426dbd3b-1ef426dbd42 114->123 124 1ef426dbd1a-1ef426dbd26 call 1ef426f8210 114->124 129 1ef426dbd48 115->129 141 1ef426dbe03-1ef426dbe08 call 1ef426c811c 117->141 119->70 119->117 123->129 124->130 144 1ef426dbd28-1ef426dbd33 call 1ef426f8108 124->144 129->92 130->68 131->130 142 1ef426dbe0f-1ef426dbe17 call 1ef426c811c 131->142 147 1ef426dbd8b 132->147 148 1ef426dbe09-1ef426dbe0e call 1ef426c811c 132->148 141->148 144->141 154 1ef426dbd39 144->154 147->130 148->142 154->130
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
                                                                                  • String ID:
                                                                                  • API String ID: 2398595512-0
                                                                                  • Opcode ID: b0954c19c2ec1b49376cfeb0a7b9e933d87c955ad15e2e4042eb139bd7e8b443
                                                                                  • Instruction ID: 5275fc02eeeae2bf96d39cf1bfb9d7ec0b725eda2ff09bb970a347c0c0ef8aa0
                                                                                  • Opcode Fuzzy Hash: b0954c19c2ec1b49376cfeb0a7b9e933d87c955ad15e2e4042eb139bd7e8b443
                                                                                  • Instruction Fuzzy Hash: 7491B539314A8946FAB48B25E8547DF63A4A795FB0F1807389D7A477D8EF38C9438740
                                                                                  Function 000001EF426AB410 Relevance: 22.4, APIs: 3, Strings: 9, Instructions: 1387COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 356 1ef426ab410-1ef426ab8d9 call 1ef426a98a0 call 1ef426a97d0 call 1ef426a9960 call 1ef426a9410 call 1ef426a94b0 call 1ef426ab100 call 1ef426a9280 call 1ef426742c0 call 1ef42651d20 call 1ef42660ac0 call 1ef42651d20 call 1ef42660ac0 call 1ef42662e00 call 1ef426742c0 call 1ef42651d20 call 1ef42660ac0 call 1ef42651d20 call 1ef42660ac0 call 1ef42662e00 call 1ef426742c0 call 1ef42651d20 call 1ef42660ac0 call 1ef42651d20 call 1ef42660ac0 call 1ef42662e00 call 1ef426742c0 call 1ef42651d20 call 1ef42660ac0 call 1ef42651d20 call 1ef42660ac0 call 1ef42662e00 GlobalMemoryStatusEx 419 1ef426ab8db-1ef426ab8e0 356->419 420 1ef426ab8e2-1ef426ab8f3 356->420 421 1ef426ab8f7-1ef426abc2d call 1ef42662e00 call 1ef42651d20 call 1ef42660ac0 call 1ef42651d20 call 1ef42660ac0 call 1ef42662e00 call 1ef426742c0 call 1ef42651d20 call 1ef42660ac0 call 1ef42651d20 call 1ef42660ac0 call 1ef42662e00 call 1ef426742c0 call 1ef42651d20 call 1ef42660ac0 419->421 420->421 452 1ef426abc30-1ef426abc38 421->452 452->452 453 1ef426abc3a-1ef426abca6 call 1ef42651d20 call 1ef42660ac0 call 1ef42662e00 call 1ef426a8cc0 452->453 462 1ef426abca8 453->462 463 1ef426abcab-1ef426abdbf call 1ef426640b0 call 1ef42664380 call 1ef42651d20 call 1ef42660ac0 453->463 462->463 472 1ef426abdc0-1ef426abdc8 463->472 472->472 473 1ef426abdca-1ef426abe23 call 1ef42651d20 call 1ef42660ac0 call 1ef42662e00 472->473 480 1ef426abe59-1ef426abe7b 473->480 481 1ef426abe25-1ef426abe39 473->481 482 1ef426abe7d-1ef426abe91 480->482 483 1ef426abeb1-1ef426ac049 call 1ef426a8af0 call 1ef42664380 call 1ef42651d20 call 1ef42660ac0 480->483 484 1ef426abe3b-1ef426abe4e 481->484 485 1ef426abe54 call 1ef426d4bf0 481->485 488 1ef426abeac call 1ef426d4bf0 482->488 489 1ef426abe93-1ef426abea6 482->489 508 1ef426ac050-1ef426ac058 483->508 484->485 486 1ef426acd63-1ef426acd68 call 1ef426b86d8 484->486 485->480 491 1ef426acd69-1ef426acd6e call 1ef426b86d8 486->491 488->483 489->488 489->491 500 1ef426acd6f-1ef426acd74 call 1ef426b86d8 491->500 506 1ef426acd75-1ef426acd7a call 1ef426b86d8 500->506 513 1ef426acd7b-1ef426acd80 call 1ef426b86d8 506->513 508->508 510 1ef426ac05a-1ef426ac0ad call 1ef42651d20 call 1ef42660ac0 call 1ef42662e00 508->510 524 1ef426ac0af-1ef426ac0c3 510->524 525 1ef426ac0e3-1ef426ac160 call 1ef426bf02c call 1ef426c002c call 1ef426c0438 510->525 519 1ef426acd81-1ef426acd86 call 1ef426b86d8 513->519 526 1ef426acd87-1ef426acd8c call 1ef426b86d8 519->526 527 1ef426ac0de call 1ef426d4bf0 524->527 528 1ef426ac0c5-1ef426ac0d8 524->528 542 1ef426ac163-1ef426ac16b 525->542 535 1ef426acd8d-1ef426acd92 call 1ef426b86d8 526->535 527->525 528->500 528->527 541 1ef426acd93-1ef426acd98 call 1ef426b86d8 535->541 547 1ef426acd99-1ef426acd9e call 1ef426b86d8 541->547 542->542 544 1ef426ac16d-1ef426ac285 call 1ef42651d20 call 1ef42664380 call 1ef42651d20 call 1ef42660ac0 call 1ef42651d20 call 1ef42660ac0 call 1ef42662e00 542->544 574 1ef426ac287-1ef426ac29b 544->574 575 1ef426ac2bb-1ef426ac31d call 1ef426d75a0 GetModuleFileNameA 544->575 553 1ef426acd9f-1ef426acda4 call 1ef426b86d8 547->553 559 1ef426acda5-1ef426acdaa call 1ef426b86d8 553->559 565 1ef426acdab-1ef426acdb0 call 1ef426b86d8 559->565 571 1ef426acdb1-1ef426acdb6 call 1ef426b86d8 565->571 579 1ef426acdb7-1ef426acdbf call 1ef426b86d8 571->579 577 1ef426ac29d-1ef426ac2b0 574->577 578 1ef426ac2b6 call 1ef426d4bf0 574->578 585 1ef426ac320-1ef426ac328 575->585 577->506 577->578 578->575 585->585 586 1ef426ac32a-1ef426ac469 call 1ef42651d20 call 1ef426640b0 call 1ef42664380 call 1ef42651d20 call 1ef42660ac0 585->586 597 1ef426ac470-1ef426ac478 586->597 597->597 598 1ef426ac47a-1ef426ac4db call 1ef42651d20 call 1ef42660ac0 call 1ef42662e00 597->598 605 1ef426ac4dd-1ef426ac4f1 598->605 606 1ef426ac511-1ef426ac539 598->606 609 1ef426ac50c call 1ef426d4bf0 605->609 610 1ef426ac4f3-1ef426ac506 605->610 607 1ef426ac56c-1ef426ac59f call 1ef426aa760 606->607 608 1ef426ac53b-1ef426ac54c 606->608 617 1ef426ac5a1 607->617 618 1ef426ac5a4-1ef426ac6ac call 1ef426640b0 call 1ef42664380 call 1ef42651d20 call 1ef42660ac0 call 1ef42651d20 call 1ef42660ac0 call 1ef42662e00 607->618 612 1ef426ac567 call 1ef426d4bf0 608->612 613 1ef426ac54e-1ef426ac561 608->613 609->606 610->513 610->609 612->607 613->519 613->612 617->618 633 1ef426ac6ae-1ef426ac6bf 618->633 634 1ef426ac6df-1ef426ac6fb 618->634 635 1ef426ac6da call 1ef426d4bf0 633->635 636 1ef426ac6c1-1ef426ac6d4 633->636 637 1ef426ac6fd-1ef426ac711 634->637 638 1ef426ac731-1ef426ac86e call 1ef426640b0 call 1ef42664380 call 1ef42651d20 call 1ef42660ac0 634->638 635->634 636->526 636->635 639 1ef426ac72c call 1ef426d4bf0 637->639 640 1ef426ac713-1ef426ac726 637->640 651 1ef426ac870-1ef426ac877 638->651 639->638 640->535 640->639 651->651 652 1ef426ac879-1ef426ac8ce call 1ef42651d20 call 1ef42660ac0 call 1ef42662e00 651->652 659 1ef426ac901-1ef426ac924 652->659 660 1ef426ac8d0-1ef426ac8e1 652->660 663 1ef426ac92a-1ef426ac9f3 call 1ef426742c0 call 1ef42651d20 call 1ef42660ac0 call 1ef42651d20 call 1ef42660ac0 659->663 664 1ef426ac9f8-1ef426acaad call 1ef42662620 call 1ef42651d20 call 1ef42660ac0 call 1ef42651d20 call 1ef42660ac0 659->664 661 1ef426ac8fc call 1ef426d4bf0 660->661 662 1ef426ac8e3-1ef426ac8f6 660->662 661->659 662->541 662->661 686 1ef426acab2-1ef426acacd call 1ef42662e00 663->686 664->686 689 1ef426acacf-1ef426acae3 686->689 690 1ef426acb03-1ef426acb27 686->690 691 1ef426acafe call 1ef426d4bf0 689->691 692 1ef426acae5-1ef426acaf8 689->692 693 1ef426acb29-1ef426acb3d 690->693 694 1ef426acb5d-1ef426acb7f 690->694 691->690 692->547 692->691 696 1ef426acb58 call 1ef426d4bf0 693->696 697 1ef426acb3f-1ef426acb52 693->697 698 1ef426acb81-1ef426acb95 694->698 699 1ef426acbb5-1ef426acbd7 694->699 696->694 697->553 697->696 703 1ef426acb97-1ef426acbaa 698->703 704 1ef426acbb0 call 1ef426d4bf0 698->704 700 1ef426acbd9-1ef426acbed 699->700 701 1ef426acc0d-1ef426acc2f 699->701 705 1ef426acc08 call 1ef426d4bf0 700->705 706 1ef426acbef-1ef426acc02 700->706 707 1ef426acc31-1ef426acc45 701->707 708 1ef426acc65-1ef426acc87 701->708 703->559 703->704 704->699 705->701 706->565 706->705 711 1ef426acc47-1ef426acc5a 707->711 712 1ef426acc60 call 1ef426d4bf0 707->712 713 1ef426acc89-1ef426acc9d 708->713 714 1ef426accbd-1ef426accdf 708->714 711->571 711->712 712->708 718 1ef426accb8 call 1ef426d4bf0 713->718 719 1ef426acc9f-1ef426accb2 713->719 715 1ef426acd11-1ef426acd5c call 1ef426d4bd0 714->715 716 1ef426acce1-1ef426accf5 714->716 720 1ef426accf7-1ef426acd0a 716->720 721 1ef426acd0c call 1ef426d4bf0 716->721 718->714 719->579 719->718 720->721 724 1ef426acd5d-1ef426acd62 call 1ef426b86d8 720->724 721->715 724->486
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Name$ComputerDevicesDisplayEnumFileGlobalMemoryModuleStatusUserValuewcsftime
                                                                                  • String ID: %d-%m-%Y, %H:%M:%S$computer_name$cpu$gpu$ram$system$time$timezone$user_name
                                                                                  • API String ID: 2156669781-1182675529
                                                                                  • Opcode ID: b46901fea55b4b2ad244d64202a9089f04cba4112d9a5d8ab0bc026efc890228
                                                                                  • Instruction ID: c1b894e8abf2307a50ebccf5ed841f1b1a616feb9eba86674c0fa76cc4bcdd74
                                                                                  • Opcode Fuzzy Hash: b46901fea55b4b2ad244d64202a9089f04cba4112d9a5d8ab0bc026efc890228
                                                                                  • Instruction Fuzzy Hash: 73E25C76615BC489EB208F34D8803DE37A5F795B88F50922AEE9D47B99EF34C285C740
                                                                                  Function 000001EF426971A0 Relevance: 21.6, APIs: 8, Strings: 4, Instructions: 596COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 729 1ef426971a0-1ef426971d3 730 1ef42697205-1ef4269722a call 1ef426d4bf0 729->730 731 1ef426971d5 729->731 737 1ef4269722c 730->737 738 1ef42697255-1ef42697279 call 1ef426d4bf0 730->738 732 1ef426971e0-1ef42697203 call 1ef4269d080 call 1ef426d4bf0 731->732 732->730 740 1ef42697230-1ef42697253 call 1ef4269d080 call 1ef426d4bf0 737->740 745 1ef4269727b 738->745 746 1ef42697295-1ef426972b2 call 1ef426d4bf0 738->746 740->738 748 1ef42697280-1ef42697293 call 1ef426d4bf0 745->748 755 1ef426972e8-1ef42697318 746->755 756 1ef426972b4-1ef426972c5 746->756 748->746 759 1ef4269731a 755->759 760 1ef42697345-1ef42697378 call 1ef426d4bf0 call 1ef42698440 * 2 755->760 757 1ef426972c7-1ef426972da 756->757 758 1ef426972e3 call 1ef426d4bf0 756->758 762 1ef426972e0 757->762 763 1ef42697564-1ef42697569 call 1ef426b86d8 757->763 758->755 765 1ef42697320-1ef42697343 call 1ef4269d080 call 1ef426d4bf0 759->765 780 1ef4269737a-1ef4269738b 760->780 781 1ef426973ae-1ef426973d2 760->781 762->758 774 1ef4269756a-1ef4269756f call 1ef426b86d8 763->774 765->760 782 1ef42697570-1ef42697575 call 1ef426b86d8 774->782 785 1ef426973a9 call 1ef426d4bf0 780->785 786 1ef4269738d-1ef426973a0 780->786 783 1ef42697408-1ef42697429 781->783 784 1ef426973d4-1ef426973e5 781->784 801 1ef42697576-1ef4269757b call 1ef426b86d8 782->801 790 1ef4269745c-1ef42697474 783->790 791 1ef4269742b-1ef42697439 783->791 788 1ef426973e7-1ef426973fa 784->788 789 1ef42697403 call 1ef426d4bf0 784->789 785->781 786->774 792 1ef426973a6 786->792 788->782 795 1ef42697400 788->795 789->783 799 1ef426974a7-1ef426974bf 790->799 800 1ef42697476-1ef42697484 790->800 797 1ef42697457 call 1ef426d4bf0 791->797 798 1ef4269743b-1ef4269744e 791->798 792->785 795->789 797->790 798->801 804 1ef42697454 798->804 802 1ef426974ee-1ef42697506 799->802 803 1ef426974c1-1ef426974cf 799->803 806 1ef426974a2 call 1ef426d4bf0 800->806 807 1ef42697486-1ef42697499 800->807 815 1ef4269757c-1ef426975c3 call 1ef426b86d8 call 1ef426a2470 801->815 813 1ef42697508-1ef42697515 802->813 814 1ef42697534-1ef42697557 802->814 811 1ef426974e9 call 1ef426d4bf0 803->811 812 1ef426974d1-1ef426974e4 803->812 804->797 806->799 807->815 816 1ef4269749f 807->816 811->802 818 1ef42697558-1ef4269755d call 1ef426b86d8 812->818 819 1ef426974e6 812->819 821 1ef42697517-1ef4269752a 813->821 822 1ef4269752f call 1ef426d4bf0 813->822 833 1ef426975f5-1ef426976fc call 1ef426d75a0 call 1ef42651d20 815->833 834 1ef426975c5-1ef426975f4 call 1ef426a28a0 call 1ef426ada50 call 1ef42661740 ExitProcess 815->834 816->806 826 1ef4269755e-1ef42697563 call 1ef426b86d8 818->826 819->811 825 1ef4269752c 821->825 821->826 822->814 825->822 826->763 843 1ef42697700-1ef42697708 833->843 834->833 843->843 845 1ef4269770a-1ef4269778a call 1ef42651d20 call 1ef426948a0 call 1ef4269b7f0 call 1ef4269a960 843->845 855 1ef4269778c-1ef4269779e 845->855 856 1ef426977be-1ef42697893 call 1ef4269b7f0 call 1ef4269b9e0 call 1ef4269ba60 call 1ef426bfad0 call 1ef426bfac8 call 1ef42694f80 call 1ef42662590 call 1ef4269bb70 845->856 858 1ef426977b9 call 1ef426d4bf0 855->858 859 1ef426977a0-1ef426977b3 855->859 886 1ef42697899-1ef426978e2 call 1ef42661bd0 call 1ef4269bc60 call 1ef426618c0 856->886 887 1ef4269797e-1ef42697a0e call 1ef426ab100 call 1ef42684e60 856->887 858->856 859->858 861 1ef42697bff-1ef42697c04 call 1ef426b86d8 859->861 867 1ef42697c05-1ef42697c0a call 1ef426b86d8 861->867 873 1ef42697c0b-1ef42697c10 call 1ef426b86d8 867->873 905 1ef426978e8-1ef42697910 call 1ef4268f820 call 1ef42661320 886->905 906 1ef42697975-1ef4269797d ExitProcess 886->906 896 1ef42697a10-1ef42697a25 887->896 897 1ef42697a45-1ef42697a88 OpenMutexA 887->897 899 1ef42697a27-1ef42697a3a 896->899 900 1ef42697a40 call 1ef426d4bf0 896->900 901 1ef42697a8a-1ef42697a95 ExitProcess 897->901 902 1ef42697a96-1ef42697ace CreateMutexA call 1ef42690970 call 1ef426a29e0 897->902 899->867 899->900 900->897 901->902 915 1ef42697adc-1ef42697b36 call 1ef426ab410 call 1ef4265d510 call 1ef4265e5a0 call 1ef4265ec50 call 1ef4265fa60 call 1ef4265c9c0 call 1ef426814c0 call 1ef426841a0 call 1ef42652c20 call 1ef4265ae00 call 1ef42659820 call 1ef4269ff00 call 1ef4265bee0 call 1ef42657810 call 1ef42654ad0 call 1ef42657b00 call 1ef426a7bc0 902->915 916 1ef42697ad0-1ef42697adb ExitProcess 902->916 917 1ef42697968-1ef42697970 call 1ef42652b10 905->917 918 1ef42697912-1ef42697967 call 1ef426652c0 call 1ef42661300 call 1ef42691800 call 1ef426652a0 call 1ef42661290 call 1ef42661990 905->918 906->887 966 1ef42697b3b-1ef42697b4b call 1ef42692540 915->966 916->915 917->906 918->917 970 1ef42697b4d-1ef42697b59 ReleaseMutex call 1ef426f8108 966->970 971 1ef42697b5f-1ef42697b66 966->971 970->971 973 1ef42697b68-1ef42697b6d call 1ef42697c20 971->973 974 1ef42697b6e-1ef42697b7a 971->974 973->974 976 1ef42697b7c-1ef42697b91 974->976 977 1ef42697bad-1ef42697bfe call 1ef426971a0 call 1ef426d4bd0 974->977 980 1ef42697ba8 call 1ef426d4bf0 976->980 981 1ef42697b93-1ef42697ba6 976->981 980->977 981->873 981->980
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: --key$--type$1.0$APPB:
                                                                                  • API String ID: 0-155154914
                                                                                  • Opcode ID: f990a64e6ff3af871978a7eca08b8cd7602b2c7df706f7012e6a654f9eb70e86
                                                                                  • Instruction ID: d21630dd02288920fa42266732019cd0129078d430d1ff6c82dc50a1fcd8f3e0
                                                                                  • Opcode Fuzzy Hash: f990a64e6ff3af871978a7eca08b8cd7602b2c7df706f7012e6a654f9eb70e86
                                                                                  • Instruction Fuzzy Hash: 0242877A215AC492FA25AB25E4553EFA361F785F80F805139EE8D03BDADF38C596C700
                                                                                  Function 000001EF4267E4E0 Relevance: 20.2, APIs: 2, Strings: 9, Instructions: 954COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 986 1ef4267e4e0-1ef4267e59b call 1ef426a2d10 call 1ef426d75a0 GetModuleFileNameW 992 1ef4267e5a0-1ef4267e5a9 986->992 992->992 993 1ef4267e5ab-1ef4267e7a7 call 1ef42656990 992->993 996 1ef4267e7b0-1ef4267e7b9 993->996 996->996 997 1ef4267e7bb-1ef4267ea52 call 1ef42656990 call 1ef42656c10 call 1ef42664980 996->997 1007 1ef4267ea55-1ef4267ea5e 997->1007 1007->1007 1008 1ef4267ea60-1ef4267eced call 1ef42656990 call 1ef42656c10 call 1ef42664980 1007->1008 1018 1ef4267ecf0-1ef4267ecf9 1008->1018 1018->1018 1019 1ef4267ecfb-1ef4267f1f2 call 1ef42656990 call 1ef4264efe0 call 1ef42664980 1018->1019 1033 1ef4267f1f5-1ef4267f1fe 1019->1033 1033->1033 1034 1ef4267f200-1ef4267f308 call 1ef42656990 call 1ef42656c10 call 1ef42664980 1033->1034 1043 1ef42680a28-1ef42680a3e 1034->1043 1044 1ef4267f30e-1ef4267f8e9 call 1ef426a2630 1034->1044 1046 1ef42680a40-1ef42680a59 1043->1046 1047 1ef42680a75-1ef42680a85 1043->1047 1061 1ef4267f8f0-1ef4267f8f7 1044->1061 1048 1ef42680a5b-1ef42680a6e 1046->1048 1049 1ef42680a70 call 1ef426d4bf0 1046->1049 1050 1ef42680a8d-1ef42680ac5 call 1ef42652bb0 call 1ef426d4bd0 1047->1050 1048->1049 1052 1ef42680ac6-1ef42680b45 call 1ef426b86d8 * 15 call 1ef4264fb70 call 1ef426b86d8 * 3 1048->1052 1049->1047 1131 1ef42680b46-1ef42680b4f call 1ef4264ea20 1052->1131 1061->1061 1062 1ef4267f8f9-1ef4267fb50 call 1ef4266de60 call 1ef4264ec60 call 1ef426503b0 call 1ef4266de60 call 1ef4264ec60 1061->1062 1095 1ef4268095f-1ef42680975 1062->1095 1096 1ef4267fb56-1ef4267fb71 call 1ef426a18d0 1062->1096 1099 1ef42680977-1ef42680990 1095->1099 1100 1ef426809b0-1ef426809d3 1095->1100 1108 1ef4267fb77-1ef4267fd41 call 1ef426d75a0 call 1ef42684cb0 1096->1108 1109 1ef42680953-1ef4268095a call 1ef42652bb0 1096->1109 1103 1ef426809ab call 1ef426d4bf0 1099->1103 1104 1ef42680992-1ef426809a5 1099->1104 1105 1ef42680a0e-1ef42680a26 1100->1105 1106 1ef426809d5-1ef426809ee 1100->1106 1103->1100 1104->1103 1110 1ef42680c19-1ef42680c1f call 1ef426b86d8 1104->1110 1105->1050 1112 1ef42680a09 call 1ef426d4bf0 1106->1112 1113 1ef426809f0-1ef42680a03 1106->1113 1130 1ef4267fd47-1ef4267fdd6 call 1ef426847b0 call 1ef42668af0 call 1ef42673e70 1108->1130 1108->1131 1109->1095 1112->1105 1113->1052 1113->1112 1154 1ef4267fddc-1ef4267fde7 1130->1154 1155 1ef42680ba3-1ef42680c18 call 1ef4264ea20 call 1ef4264dc70 call 1ef4264eaf0 * 2 call 1ef426b86d8 * 7 call 1ef42663380 call 1ef426b86d8 * 7 1130->1155 1143 1ef42680b5a-1ef42680b6b 1131->1143 1144 1ef42680b51-1ef42680b58 1131->1144 1145 1ef42680b6f-1ef42680ba2 call 1ef4264d660 call 1ef4264e870 call 1ef426d7db4 1143->1145 1144->1145 1145->1155 1158 1ef4267fdf0-1ef4267fe14 1154->1158 1155->1110 1158->1158 1162 1ef4267fe16-1ef4268083a call 1ef4266dd60 call 1ef426db798 call 1ef426865c0 call 1ef42662c10 call 1ef42685890 call 1ef42662c10 * 2 call 1ef42663d10 call 1ef426a2100 call 1ef426dbf14 1158->1162 1162->1109
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FileModuleName
                                                                                  • String ID: $ --key "$" --type $File.exe$cmd /c ""$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$status
                                                                                  • API String ID: 514040917-2526376952
                                                                                  • Opcode ID: f8b1236de03079af79b81a087eb188df9dc77e1876ee9d035298f6647cef9b78
                                                                                  • Instruction ID: cdc9ee0cd8a98587c7c1ae656f52497a987e04e1a500e9de97dbad909fa4a239
                                                                                  • Opcode Fuzzy Hash: f8b1236de03079af79b81a087eb188df9dc77e1876ee9d035298f6647cef9b78
                                                                                  • Instruction Fuzzy Hash: B2B2AF36925BC489E7608F38E8813DE73A0F795748F506629EE8D17B9AEF34C285C700
                                                                                  Function 000001EF4265D510 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 864libraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1261 1ef4265d510-1ef4265d600 LoadLibraryA 1262 1ef4265d606-1ef4265d9bf call 1ef426f8118 * 6 1261->1262 1263 1ef4265e4b7-1ef4265e4c1 1261->1263 1262->1263 1284 1ef4265d9c5-1ef4265d9c8 1262->1284 1265 1ef4265e4c3-1ef4265e4c5 1263->1265 1266 1ef4265e4d0-1ef4265e4d3 1263->1266 1265->1266 1267 1ef4265e4d5-1ef4265e4d8 call 1ef426f8128 1266->1267 1268 1ef4265e4de-1ef4265e50d call 1ef426d4bd0 1266->1268 1267->1268 1284->1263 1285 1ef4265d9ce-1ef4265d9d1 1284->1285 1285->1263 1286 1ef4265d9d7-1ef4265d9da 1285->1286 1286->1263 1287 1ef4265d9e0-1ef4265d9e3 1286->1287 1287->1263 1288 1ef4265d9e9-1ef4265d9ec 1287->1288 1288->1263 1289 1ef4265d9f2-1ef4265da00 1288->1289 1290 1ef4265da04-1ef4265da06 1289->1290 1290->1263 1291 1ef4265da0c-1ef4265da18 1290->1291 1291->1263 1292 1ef4265da1e 1291->1292 1293 1ef4265da23-1ef4265da3e 1292->1293 1295 1ef4265da44-1ef4265da62 1293->1295 1296 1ef4265e49e-1ef4265e4aa 1293->1296 1295->1296 1299 1ef4265da68-1ef4265da7a 1295->1299 1296->1293 1297 1ef4265e4b0 1296->1297 1297->1263 1300 1ef4265e485-1ef4265e497 1299->1300 1301 1ef4265da80 1299->1301 1300->1296 1302 1ef4265da84-1ef4265dad5 call 1ef426d4e90 1301->1302 1307 1ef4265dd54 1302->1307 1308 1ef4265dadb-1ef4265dae2 1302->1308 1310 1ef4265dd56-1ef4265dd5d 1307->1310 1308->1307 1309 1ef4265dae8-1ef4265dbdb call 1ef426913f0 call 1ef426640b0 call 1ef42664380 1308->1309 1335 1ef4265dbe2-1ef4265dbea 1309->1335 1312 1ef4265dd63-1ef4265dd6a 1310->1312 1313 1ef4265dfd4-1ef4265e010 1310->1313 1312->1313 1315 1ef4265dd70-1ef4265de5e call 1ef426913f0 call 1ef426640b0 call 1ef42664380 1312->1315 1321 1ef4265e016-1ef4265e024 1313->1321 1322 1ef4265e2a7-1ef4265e2a9 1313->1322 1347 1ef4265de65-1ef4265de6d 1315->1347 1325 1ef4265e2a0-1ef4265e2a3 1321->1325 1326 1ef4265e02a-1ef4265e031 1321->1326 1327 1ef4265e2af-1ef4265e3d4 call 1ef42651d20 call 1ef42660ac0 call 1ef42651d20 call 1ef42660ac0 call 1ef42662e00 call 1ef426d4e90 call 1ef4267a460 1322->1327 1328 1ef4265e457-1ef4265e46d call 1ef42660120 1322->1328 1325->1322 1331 1ef4265e2a5 1325->1331 1326->1325 1333 1ef4265e037-1ef4265e12c call 1ef426913f0 call 1ef426640b0 call 1ef42664380 1326->1333 1420 1ef4265e3d6-1ef4265e3d8 1327->1420 1421 1ef4265e3e0-1ef4265e3f9 call 1ef42662620 1327->1421 1342 1ef4265e473-1ef4265e47e 1328->1342 1343 1ef4265da82 1328->1343 1331->1322 1364 1ef4265e130-1ef4265e137 1333->1364 1335->1335 1340 1ef4265dbec-1ef4265dc46 call 1ef42651d20 call 1ef426655e0 call 1ef42662e00 1335->1340 1371 1ef4265dc79-1ef4265dca3 1340->1371 1372 1ef4265dc48-1ef4265dc59 1340->1372 1342->1300 1343->1302 1347->1347 1351 1ef4265de6f-1ef4265dec8 call 1ef42651d20 call 1ef426655e0 call 1ef42662e00 1347->1351 1389 1ef4265defb-1ef4265df25 1351->1389 1390 1ef4265deca-1ef4265dedb 1351->1390 1364->1364 1368 1ef4265e139-1ef4265e192 call 1ef42651d20 call 1ef426655e0 call 1ef42662e00 1364->1368 1428 1ef4265e1c5-1ef4265e1ee 1368->1428 1429 1ef4265e194-1ef4265e1a5 1368->1429 1375 1ef4265dca5-1ef4265dcb9 1371->1375 1376 1ef4265dcdb-1ef4265dd01 1371->1376 1378 1ef4265dc74 call 1ef426d4bf0 1372->1378 1379 1ef4265dc5b-1ef4265dc6e 1372->1379 1382 1ef4265dcd4-1ef4265dcd9 call 1ef426d4bf0 1375->1382 1383 1ef4265dcbb-1ef4265dcce 1375->1383 1385 1ef4265dd03-1ef4265dd17 1376->1385 1386 1ef4265dd39-1ef4265dd52 1376->1386 1378->1371 1379->1378 1387 1ef4265e56c-1ef4265e571 call 1ef426b86d8 1379->1387 1382->1376 1383->1382 1393 1ef4265e572-1ef4265e577 call 1ef426b86d8 1383->1393 1398 1ef4265dd32-1ef4265dd37 call 1ef426d4bf0 1385->1398 1399 1ef4265dd19-1ef4265dd2c 1385->1399 1386->1310 1387->1393 1396 1ef4265df5d-1ef4265df83 1389->1396 1397 1ef4265df27-1ef4265df3b 1389->1397 1401 1ef4265def6 call 1ef426d4bf0 1390->1401 1402 1ef4265dedd-1ef4265def0 1390->1402 1410 1ef4265e578-1ef4265e57d call 1ef426b86d8 1393->1410 1412 1ef4265df85-1ef4265df99 1396->1412 1413 1ef4265dfbb-1ef4265dfcd 1396->1413 1408 1ef4265df56-1ef4265df5b call 1ef426d4bf0 1397->1408 1409 1ef4265df3d-1ef4265df50 1397->1409 1398->1386 1399->1398 1399->1410 1401->1389 1402->1401 1403 1ef4265e57e-1ef4265e583 call 1ef426b86d8 1402->1403 1422 1ef4265e584-1ef4265e589 call 1ef426b86d8 1403->1422 1408->1396 1409->1408 1409->1422 1410->1403 1424 1ef4265dfb4-1ef4265dfb9 call 1ef426d4bf0 1412->1424 1425 1ef4265df9b-1ef4265dfae 1412->1425 1413->1313 1431 1ef4265e514-1ef4265e565 call 1ef426627e0 call 1ef42666310 call 1ef426663e0 call 1ef426d7db4 1420->1431 1432 1ef4265e3de 1420->1432 1442 1ef4265e3fd-1ef4265e409 1421->1442 1435 1ef4265e58a-1ef4265e58f call 1ef426b86d8 1422->1435 1424->1413 1425->1424 1425->1435 1443 1ef4265e224-1ef4265e24a 1428->1443 1444 1ef4265e1f0-1ef4265e204 1428->1444 1438 1ef4265e1c0 call 1ef426d4bf0 1429->1438 1439 1ef4265e1a7-1ef4265e1ba 1429->1439 1472 1ef4265e566-1ef4265e56b call 1ef426b86d8 1431->1472 1432->1442 1448 1ef4265e590-1ef4265e595 call 1ef426b86d8 1435->1448 1438->1428 1439->1438 1439->1448 1453 1ef4265e430-1ef4265e43a call 1ef4266b840 1442->1453 1454 1ef4265e40b-1ef4265e42e 1442->1454 1456 1ef4265e280-1ef4265e299 1443->1456 1457 1ef4265e24c-1ef4265e260 1443->1457 1451 1ef4265e206-1ef4265e219 1444->1451 1452 1ef4265e21f call 1ef426d4bf0 1444->1452 1451->1452 1459 1ef4265e50e-1ef4265e513 call 1ef426b86d8 1451->1459 1452->1443 1461 1ef4265e43f-1ef4265e450 call 1ef42662e00 1453->1461 1454->1461 1456->1325 1464 1ef4265e262-1ef4265e275 1457->1464 1465 1ef4265e27b call 1ef426d4bf0 1457->1465 1459->1431 1461->1328 1464->1465 1464->1472 1465->1456 1472->1387
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AddressProc$Library$FreeLoad
                                                                                  • String ID: cannot use push_back() with $system$vault
                                                                                  • API String ID: 2449869053-1741236777
                                                                                  • Opcode ID: 39a6e07d2d23a1b6063e3bbec4e2a81180c0863cee2736fd5349db6d4d99b6a1
                                                                                  • Instruction ID: 5e8e998ddce7be114939f07e54ebced34076882f2601ed2859bd259677d8ec0a
                                                                                  • Opcode Fuzzy Hash: 39a6e07d2d23a1b6063e3bbec4e2a81180c0863cee2736fd5349db6d4d99b6a1
                                                                                  • Instruction Fuzzy Hash: 93924B76205BC48AEB618F29E8403DE73A4F749B98F104229EE9C57B99EF35C695C700
                                                                                  Function 000001EF4267B5BD Relevance: 19.9, APIs: 2, Strings: 8, Instructions: 2437COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: cannot use push_back() with $content$directory_iterator::directory_iterator$exists$filename$recursive_directory_iterator::operator++$recursive_directory_iterator::recursive_directory_iterator$status
                                                                                  • API String ID: 0-4250644884
                                                                                  • Opcode ID: 1755e3af28544f6a4f005d8614fe6a43fc1aa9559c97ccdd1cd6c6af4023ff84
                                                                                  • Instruction ID: 3bb2c7b65474dac16db9768a1580991264d9a4e6d95b161c4a558031d1f3f3ed
                                                                                  • Opcode Fuzzy Hash: 1755e3af28544f6a4f005d8614fe6a43fc1aa9559c97ccdd1cd6c6af4023ff84
                                                                                  • Instruction Fuzzy Hash: 60433876219BC481EA309B24E4903DFA361F7C5B94F50563ADE9D43ADAEF38C586CB40
                                                                                  Function 000001EF426C96B8 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335timeCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1706 1ef426c96b8-1ef426c96f3 call 1ef426c8d58 call 1ef426c8d60 call 1ef426c8dc8 1713 1ef426c991d-1ef426c9969 call 1ef426b8708 call 1ef426c8d58 call 1ef426c8d60 call 1ef426c8dc8 1706->1713 1714 1ef426c96f9-1ef426c9704 call 1ef426c8d68 1706->1714 1740 1ef426c9aa7-1ef426c9b15 call 1ef426b8708 call 1ef426d1e20 1713->1740 1741 1ef426c996f-1ef426c997a call 1ef426c8d68 1713->1741 1714->1713 1720 1ef426c970a-1ef426c9714 1714->1720 1722 1ef426c9736-1ef426c973a 1720->1722 1723 1ef426c9716-1ef426c9719 1720->1723 1724 1ef426c973d-1ef426c9745 1722->1724 1726 1ef426c971c-1ef426c9727 1723->1726 1724->1724 1727 1ef426c9747-1ef426c975a call 1ef426c67a4 1724->1727 1729 1ef426c9729-1ef426c9730 1726->1729 1730 1ef426c9732-1ef426c9734 1726->1730 1736 1ef426c975c-1ef426c975e call 1ef426c3e04 1727->1736 1737 1ef426c9772-1ef426c977e call 1ef426c3e04 1727->1737 1729->1726 1729->1730 1730->1722 1731 1ef426c9763-1ef426c9771 1730->1731 1736->1731 1747 1ef426c9785-1ef426c978d 1737->1747 1759 1ef426c9b17-1ef426c9b1e 1740->1759 1760 1ef426c9b23-1ef426c9b26 1740->1760 1741->1740 1749 1ef426c9980-1ef426c998b call 1ef426c8d98 1741->1749 1747->1747 1750 1ef426c978f-1ef426c97a0 call 1ef426ce4f0 1747->1750 1749->1740 1761 1ef426c9991-1ef426c99b4 call 1ef426c3e04 GetTimeZoneInformation 1749->1761 1750->1713 1758 1ef426c97a6-1ef426c97fc call 1ef426d75a0 * 4 call 1ef426c95d4 1750->1758 1818 1ef426c97fe-1ef426c9802 1758->1818 1763 1ef426c9bb3-1ef426c9bb6 1759->1763 1764 1ef426c9b5d-1ef426c9b70 call 1ef426c67a4 1760->1764 1765 1ef426c9b28 1760->1765 1773 1ef426c9a7c-1ef426c9aa6 call 1ef426c8d50 call 1ef426c8d40 call 1ef426c8d48 1761->1773 1774 1ef426c99ba-1ef426c99db 1761->1774 1769 1ef426c9b2b 1763->1769 1770 1ef426c9bbc-1ef426c9bc4 call 1ef426c96b8 1763->1770 1779 1ef426c9b7b-1ef426c9b96 call 1ef426d1e20 1764->1779 1780 1ef426c9b72 1764->1780 1765->1769 1776 1ef426c9b30-1ef426c9b5c call 1ef426c3e04 call 1ef426d4bd0 1769->1776 1777 1ef426c9b2b call 1ef426c9934 1769->1777 1770->1776 1781 1ef426c99dd-1ef426c99e3 1774->1781 1782 1ef426c99e6-1ef426c99ed 1774->1782 1777->1776 1805 1ef426c9b9d-1ef426c9baf call 1ef426c3e04 1779->1805 1806 1ef426c9b98-1ef426c9b9b 1779->1806 1787 1ef426c9b74-1ef426c9b79 call 1ef426c3e04 1780->1787 1781->1782 1788 1ef426c99ef-1ef426c99f7 1782->1788 1789 1ef426c9a01 1782->1789 1787->1765 1788->1789 1795 1ef426c99f9-1ef426c99ff 1788->1795 1798 1ef426c9a03-1ef426c9a77 call 1ef426d75a0 * 4 call 1ef426cce9c call 1ef426c9bcc * 2 1789->1798 1795->1798 1798->1773 1805->1763 1806->1787 1820 1ef426c9808-1ef426c980c 1818->1820 1821 1ef426c9804 1818->1821 1820->1818 1823 1ef426c980e-1ef426c9833 call 1ef426bc9c0 1820->1823 1821->1820 1829 1ef426c9836-1ef426c983a 1823->1829 1831 1ef426c983c-1ef426c9847 1829->1831 1832 1ef426c9849-1ef426c984d 1829->1832 1831->1832 1834 1ef426c984f-1ef426c9853 1831->1834 1832->1829 1837 1ef426c98d4-1ef426c98d8 1834->1837 1838 1ef426c9855-1ef426c987d call 1ef426bc9c0 1834->1838 1839 1ef426c98da-1ef426c98dc 1837->1839 1840 1ef426c98df-1ef426c98ec 1837->1840 1846 1ef426c989b-1ef426c989f 1838->1846 1847 1ef426c987f 1838->1847 1839->1840 1842 1ef426c98ee-1ef426c9904 call 1ef426c95d4 1840->1842 1843 1ef426c9907-1ef426c9916 call 1ef426c8d50 call 1ef426c8d40 1840->1843 1842->1843 1843->1713 1846->1837 1852 1ef426c98a1-1ef426c98bf call 1ef426bc9c0 1846->1852 1850 1ef426c9882-1ef426c9889 1847->1850 1850->1846 1853 1ef426c988b-1ef426c9899 1850->1853 1858 1ef426c98cb-1ef426c98d2 1852->1858 1853->1846 1853->1850 1858->1837 1859 1ef426c98c1-1ef426c98c5 1858->1859 1859->1837 1860 1ef426c98c7 1859->1860 1860->1858
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                  • API String ID: 355007559-239921721
                                                                                  • Opcode ID: 609cd5c29350d2d3e78b88e11d30510763bd4abb1a3ad7102f6c9217ea61b909
                                                                                  • Instruction ID: 79613d9e715ad21a64161617d25dc4452fcf4be08a21012119a61f0f1d4f0617
                                                                                  • Opcode Fuzzy Hash: 609cd5c29350d2d3e78b88e11d30510763bd4abb1a3ad7102f6c9217ea61b909
                                                                                  • Instruction Fuzzy Hash: 77D1AE3A6112D086FB20BF2AD8517EF77A1EB94F84F84453AEE4947AC5EB38C442C744
                                                                                  Function 000001EF426A8400 Relevance: 13.9, APIs: 9, Instructions: 377networkfileCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1861 1ef426a8400-1ef426a845c 1862 1ef426a8462-1ef426a8475 call 1ef426d4d80 1861->1862 1863 1ef426a8620-1ef426a8642 InternetOpenA 1861->1863 1862->1863 1873 1ef426a847b-1ef426a85eb 1862->1873 1864 1ef426a8667-1ef426a8680 1863->1864 1865 1ef426a8644-1ef426a8662 1863->1865 1868 1ef426a8682 1864->1868 1869 1ef426a8685-1ef426a86b2 InternetOpenUrlA 1864->1869 1867 1ef426a89f1-1ef426a8a1a call 1ef426d4bd0 1865->1867 1868->1869 1871 1ef426a86da-1ef426a8705 HttpQueryInfoW 1869->1871 1872 1ef426a86b4-1ef426a86d5 1869->1872 1876 1ef426a8737-1ef426a878b HttpQueryInfoW 1871->1876 1877 1ef426a8707-1ef426a8732 1871->1877 1875 1ef426a89e8 1872->1875 1878 1ef426a85f0-1ef426a85f8 1873->1878 1875->1867 1881 1ef426a878d-1ef426a87a1 call 1ef426bc9c0 1876->1881 1882 1ef426a87b4-1ef426a87c9 InternetQueryDataAvailable 1876->1882 1877->1875 1878->1878 1880 1ef426a85fa-1ef426a861b call 1ef42651d20 call 1ef426d51d4 call 1ef426d4d20 1878->1880 1880->1863 1881->1882 1893 1ef426a87a3-1ef426a87b0 call 1ef42666d30 1881->1893 1883 1ef426a899e-1ef426a89e4 InternetCloseHandle 1882->1883 1884 1ef426a87cf 1882->1884 1883->1875 1888 1ef426a87d4-1ef426a87d9 1884->1888 1888->1883 1891 1ef426a87df-1ef426a87f9 1888->1891 1894 1ef426a87fb-1ef426a8801 1891->1894 1895 1ef426a886c-1ef426a8883 InternetReadFile 1891->1895 1893->1882 1900 1ef426a882f-1ef426a8832 call 1ef426d4e90 1894->1900 1901 1ef426a8803-1ef426a880a 1894->1901 1898 1ef426a8889-1ef426a888e 1895->1898 1899 1ef426a8958-1ef426a895f 1895->1899 1898->1899 1904 1ef426a8894-1ef426a889f 1898->1904 1899->1883 1905 1ef426a8961-1ef426a8972 1899->1905 1915 1ef426a8837-1ef426a8867 call 1ef426d75a0 1900->1915 1906 1ef426a8a21-1ef426a8a26 call 1ef4264d390 1901->1906 1907 1ef426a8810-1ef426a881b call 1ef426d4e90 1901->1907 1910 1ef426a88ce-1ef426a88e7 call 1ef42667860 1904->1910 1911 1ef426a88a1-1ef426a88cc call 1ef426d6ef0 1904->1911 1912 1ef426a898d-1ef426a899a call 1ef426d4bf0 1905->1912 1913 1ef426a8974-1ef426a8987 1905->1913 1918 1ef426a8a1b-1ef426a8a20 call 1ef426b86d8 1907->1918 1926 1ef426a8821-1ef426a882d 1907->1926 1929 1ef426a88e8-1ef426a88ef 1910->1929 1911->1929 1912->1883 1913->1912 1913->1918 1915->1895 1918->1906 1926->1915 1931 1ef426a88f1-1ef426a8902 1929->1931 1932 1ef426a8932 1929->1932 1933 1ef426a891d-1ef426a8930 call 1ef426d4bf0 1931->1933 1934 1ef426a8904-1ef426a8917 1931->1934 1935 1ef426a8934-1ef426a8949 InternetQueryDataAvailable 1932->1935 1933->1935 1934->1918 1934->1933 1935->1883 1936 1ef426a894b-1ef426a8953 1935->1936 1936->1888
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Internet$Query$AvailableDataHttpInfoOpen$CloseConcurrency::cancel_current_taskCriticalEnterFileHandleReadSection
                                                                                  • String ID:
                                                                                  • API String ID: 2604747929-0
                                                                                  • Opcode ID: fc949e963c715c86a0271e1d00848540d7925f451aecd845b44620503928b94d
                                                                                  • Instruction ID: c6d80336cbc9802cafc64306390dc79962d76bd4481c5f282343031921651da8
                                                                                  • Opcode Fuzzy Hash: fc949e963c715c86a0271e1d00848540d7925f451aecd845b44620503928b94d
                                                                                  • Instruction Fuzzy Hash: BD029E36A24B9489FB40CB65E84039E77B5F795B98F101239EE8D57B99EF38C182C740
                                                                                  Function 000001EF426A18D0 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 452fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$PointerReadSize
                                                                                  • String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                  • API String ID: 404940565-15404121
                                                                                  • Opcode ID: cef45a48f7878a3e5fa5529296e44061d008e29dbbd771ba8ffc6168d7640e7b
                                                                                  • Instruction ID: 59dac73c4e78040a0299662656a534e0e5dd7000e1255e5efb8d0d55522b1418
                                                                                  • Opcode Fuzzy Hash: cef45a48f7878a3e5fa5529296e44061d008e29dbbd771ba8ffc6168d7640e7b
                                                                                  • Instruction Fuzzy Hash: 3832E436610BC489EB20DF29D8907DE37A1F785B48F44863ADE8D57A99EF74C686C700
                                                                                  Function 000001EF426C5EB4 Relevance: 10.8, APIs: 7, Instructions: 286COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: 9ee587dfff83579d0b9a43f58f55dddc981fcf35f929c9061162775006bc08a8
                                                                                  • Instruction ID: c7110ab8530eba2e82570ff4be3426223f2d0ca05368d485ba797ad6a6a614f9
                                                                                  • Opcode Fuzzy Hash: 9ee587dfff83579d0b9a43f58f55dddc981fcf35f929c9061162775006bc08a8
                                                                                  • Instruction Fuzzy Hash: 99C1FE7A2046C499FB61AB2AD4483EF7BA0F785F80F444139EE9A077DACB79C456C704
                                                                                  Function 000001EF426C9934 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                  • API String ID: 3458911817-239921721
                                                                                  • Opcode ID: fdae8f1dfa777fce5a3e66d579c9e7bc87631294a273493ab54ac6bcce4f220c
                                                                                  • Instruction ID: a2246570cc3a8c5be50dab367b9d284380f47b56a3d9b9b8af2c0842e7b46cf9
                                                                                  • Opcode Fuzzy Hash: fdae8f1dfa777fce5a3e66d579c9e7bc87631294a273493ab54ac6bcce4f220c
                                                                                  • Instruction Fuzzy Hash: 17514C3A6106C086F720EF2AE8916DF77A0F798F84F84513DEE4943AD5DB38D5428B94
                                                                                  Function 000001EF426B1B00 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 421COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: __std_exception_destroy
                                                                                  • String ID: value
                                                                                  • API String ID: 2453523683-494360628
                                                                                  • Opcode ID: 2b244e27728f2584efe1108659c4b86547b200678eb8a970704ff1d82b4043d2
                                                                                  • Instruction ID: 6a4a5efe5b1f067dbc01db9bf93fdb5e792538b5d614ef438b27ba4ed6556ec3
                                                                                  • Opcode Fuzzy Hash: 2b244e27728f2584efe1108659c4b86547b200678eb8a970704ff1d82b4043d2
                                                                                  • Instruction Fuzzy Hash: 0B129E36625BC485FB00CB78E4843EE6B61E795BA4F505239FE9D43ADADF68C186C700
                                                                                  Function 000001EF4265E5A0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 324processCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                  • String ID: [PID:
                                                                                  • API String ID: 420147892-2210602247
                                                                                  • Opcode ID: a26ee468e19f021f08034df1c9a05ea792373fa16e59ac33925991e896167ccd
                                                                                  • Instruction ID: a5c3bbfb5c245944a770762b2dfdc3d527e120059c881e6f54eec697919f1cd9
                                                                                  • Opcode Fuzzy Hash: a26ee468e19f021f08034df1c9a05ea792373fa16e59ac33925991e896167ccd
                                                                                  • Instruction Fuzzy Hash: EAE16A76214BC086FB258F25E8943DE67A5F385BA8F504229EE9D07BD9DF78C281C700
                                                                                  Function 00007FF64ABDAB90 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 431COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2259434632.00007FF64ABA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF64ABA0000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2259410289.00007FF64ABA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259489107.00007FF64AC24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259621780.00007FF64AD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259662159.00007FF64AD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff64aba0000_bv2DbIiZeK.jbxd
                                                                                  Similarity
                                                                                  • API ID: Cpp_errorExclusiveLockThrow_std::_$AcquireCurrentReleaseThread
                                                                                  • String ID: PLH
                                                                                  • API String ID: 3715443949-3073785353
                                                                                  • Opcode ID: 3fb75c1586c35fb31c76f8ed2ec01c275833c96b0a8b23f2fd5c08da0dabd3ff
                                                                                  • Instruction ID: ae6e68a1dfc5965ccd7d76dd9b776b037b70b5e292a3931cf37b97745ffa585a
                                                                                  • Opcode Fuzzy Hash: 3fb75c1586c35fb31c76f8ed2ec01c275833c96b0a8b23f2fd5c08da0dabd3ff
                                                                                  • Instruction Fuzzy Hash: 4302EE72A0DB8192EB64EF25D450139B7A4FB89B90FA88075DB9D87B94DF3CD891C700
                                                                                  Function 000001EF42681A80 Relevance: 6.8, Strings: 5, Instructions: 571COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: cannot use push_back() with $directory_iterator::directory_iterator$exists$prefs.js$status
                                                                                  • API String ID: 0-2713369562
                                                                                  • Opcode ID: 17eb7d0e8086073e77331b5d85a0d51c697534cf5b90661359c783595879bb63
                                                                                  • Instruction ID: 3c2ba7fb0cde5853da86411a19af2aa0bc76409135358874e9286e0ae5bc883c
                                                                                  • Opcode Fuzzy Hash: 17eb7d0e8086073e77331b5d85a0d51c697534cf5b90661359c783595879bb63
                                                                                  • Instruction Fuzzy Hash: 2B524636619BC485E6719B29E8813DFB3A4F789B84F505229DECC43B99EF78C185CB40
                                                                                  Function 000001EF426A7BC0 Relevance: 6.4, APIs: 4, Instructions: 431networkCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: recv$Cleanupclosesocket
                                                                                  • String ID:
                                                                                  • API String ID: 146070474-0
                                                                                  • Opcode ID: 9b6de6ef4d1276c4406894e8f0fcad5e3e47ad72a796665445ebe788dfe55c1f
                                                                                  • Instruction ID: 36248a96cbdf1ff7d8ee873d9817a05e8c606b4995def3c65bfad6701965156f
                                                                                  • Opcode Fuzzy Hash: 9b6de6ef4d1276c4406894e8f0fcad5e3e47ad72a796665445ebe788dfe55c1f
                                                                                  • Instruction Fuzzy Hash: 0412B476614BC481FA21CB18E4543DFA761F799B90F504639EEAC43ADADF78C582CB00
                                                                                  Function 000001EF4265C9C0 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 668COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Cred$EnumerateFree
                                                                                  • String ID: cannot use push_back() with
                                                                                  • API String ID: 3403564193-4122110429
                                                                                  • Opcode ID: b99e392b310656b040ca23111d08bd72b96c4835794341a3d4c67a601aa4ff15
                                                                                  • Instruction ID: 8a3d2efce3d6d47994e593a4e4b646f1b83bdd01d4df1104c914a6bb4e589afe
                                                                                  • Opcode Fuzzy Hash: b99e392b310656b040ca23111d08bd72b96c4835794341a3d4c67a601aa4ff15
                                                                                  • Instruction Fuzzy Hash: 2F625B76614BC489EB208F24E8803DE7761F789B98F505329EEAC57BD9DB78C285C700
                                                                                  Function 00007FF64ABB03F0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2259434632.00007FF64ABA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF64ABA0000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2259410289.00007FF64ABA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259489107.00007FF64AC24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259621780.00007FF64AD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259662159.00007FF64AD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff64aba0000_bv2DbIiZeK.jbxd
                                                                                  Similarity
                                                                                  • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturn
                                                                                  • String ID: 1.3.1.zlib-ng
                                                                                  • API String ID: 1109970293-992988628
                                                                                  • Opcode ID: cef2e707c8c157b1bcf6bf32851de45a32f9dcf762f5a237605fead0d0c85985
                                                                                  • Instruction ID: 041f5f764afc846acf8c316dd5f22b8a9b43652848e8aba31a4afc49cf49fea8
                                                                                  • Opcode Fuzzy Hash: cef2e707c8c157b1bcf6bf32851de45a32f9dcf762f5a237605fead0d0c85985
                                                                                  • Instruction Fuzzy Hash: D381A262F18B81A5EB00EF74D4902BD33A1EB95748F609232EE4D97F95EE38E590C340
                                                                                  Function 00007FF64ABA2C60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2259434632.00007FF64ABA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF64ABA0000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2259410289.00007FF64ABA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259489107.00007FF64AC24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259621780.00007FF64AD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259662159.00007FF64AD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff64aba0000_bv2DbIiZeK.jbxd
                                                                                  Similarity
                                                                                  • API ID: MemoryVirtual$ProtectQuery
                                                                                  • String ID: 0
                                                                                  • API String ID: 1355999870-4108050209
                                                                                  • Opcode ID: cf04bd947f7070a94b62a6b5bcccf2b71133d9e9c5bc2d6e3d512b8803c010d6
                                                                                  • Instruction ID: ce18df0eb1e661ac5bbe6b37153c811a81b69ff958d3725911b3878de8d64c39
                                                                                  • Opcode Fuzzy Hash: cf04bd947f7070a94b62a6b5bcccf2b71133d9e9c5bc2d6e3d512b8803c010d6
                                                                                  • Instruction Fuzzy Hash: 95112E22A1DB8192E650EF24F45036677A0FB897B4F201376EAAD46BE4DF3CD1948B40
                                                                                  Function 000001EF426AA760 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 171timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: InformationTimeZone
                                                                                  • String ID: [UTC
                                                                                  • API String ID: 565725191-1715286942
                                                                                  • Opcode ID: 73b2d6551cd68c03bc10944c980a103c9ecd6a6435edc3f6c52f5e9528d7fcf7
                                                                                  • Instruction ID: 31ff8a854221ce294fb74feb3735dc636f5db33fe8f5e6a3f835647177dadd16
                                                                                  • Opcode Fuzzy Hash: 73b2d6551cd68c03bc10944c980a103c9ecd6a6435edc3f6c52f5e9528d7fcf7
                                                                                  • Instruction Fuzzy Hash: 3191F536615FC889E7718F29E84129EB7A4F39D788F105329EECD57B59EB38C2548B00
                                                                                  Function 000001EF426916A0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CryptDataFreeLocalUnprotect
                                                                                  • String ID:
                                                                                  • API String ID: 1561624719-0
                                                                                  • Opcode ID: 4e58c951b7c5e6adfc0a1d9a22f9c6bd733eaecc205548daf511c016fcdcf1dd
                                                                                  • Instruction ID: 2232371e56ec4363ac19619ede7aafeb9551eac3011eb25f55137ff6d6d78f61
                                                                                  • Opcode Fuzzy Hash: 4e58c951b7c5e6adfc0a1d9a22f9c6bd733eaecc205548daf511c016fcdcf1dd
                                                                                  • Instruction Fuzzy Hash: AE413F36614A80CAF7208F74E4403EE37A4F759B8CF444279EE8807E8ADB79C6A58754
                                                                                  Function 000001EF426A2D10 Relevance: 2.9, Strings: 2, Instructions: 428COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalEnterSection
                                                                                  • String ID: exists$ios_base::badbit set
                                                                                  • API String ID: 1904992153-2074760687
                                                                                  • Opcode ID: d353e85737c4dc16f6951876094991e5f875e5a0f67309b72c572c6927fd98f1
                                                                                  • Instruction ID: b842743abb1c31b6e297f6fdc383c70b2f274e89f970c7b88bd350f9f5f65fd6
                                                                                  • Opcode Fuzzy Hash: d353e85737c4dc16f6951876094991e5f875e5a0f67309b72c572c6927fd98f1
                                                                                  • Instruction Fuzzy Hash: 4C324F36215BC496EA21DB18E4903DFA764F795B40F504239EE9D43AD9EF78C546CB00
                                                                                  Function 000001EF426AA4B0 Relevance: 1.7, APIs: 1, Instructions: 160COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: DriveLogicalStrings
                                                                                  • String ID:
                                                                                  • API String ID: 2022863570-0
                                                                                  • Opcode ID: 7bc890d83d3b4a0e63cf1542b5475e21a6824dbc5121659db7d348b1b6621ac6
                                                                                  • Instruction ID: 7d8934da9ebfef205c9814bd606b49ed7a70d0e455b00a246375ce9f09d767e3
                                                                                  • Opcode Fuzzy Hash: 7bc890d83d3b4a0e63cf1542b5475e21a6824dbc5121659db7d348b1b6621ac6
                                                                                  • Instruction Fuzzy Hash: DC717F36A18BC482F710CF24E48439E7771F795B98F205229EE9813AA9DB78D5D1DB40
                                                                                  Function 000001EF426A9410 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: NameUser
                                                                                  • String ID:
                                                                                  • API String ID: 2645101109-0
                                                                                  • Opcode ID: adc87d1fa371ba8ec33ef8919547b2750fc0b2bbce7d02902e7188b025d9366e
                                                                                  • Instruction ID: 6b8160d2aedd0c5204ebd1563304b544c61ab01280d397d53dbde290b2987579
                                                                                  • Opcode Fuzzy Hash: adc87d1fa371ba8ec33ef8919547b2750fc0b2bbce7d02902e7188b025d9366e
                                                                                  • Instruction Fuzzy Hash: 0B0161362187C482EB20CF25F4513DEB3A4F798B88F540135EE8D42A99DFBCC1958B44
                                                                                  Function 000001EF426A9960 Relevance: 1.5, Strings: 1, Instructions: 250COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: cores
                                                                                  • API String ID: 0-2370456839
                                                                                  • Opcode ID: 4722d089a90c732ce43d4776dc92d5206f360e061225a942db370daae173fd3a
                                                                                  • Instruction ID: 79f3e9ba2e60e11820e3df36272f1599881e52294ae3a4b2c7fed6c7c28308ea
                                                                                  • Opcode Fuzzy Hash: 4722d089a90c732ce43d4776dc92d5206f360e061225a942db370daae173fd3a
                                                                                  • Instruction Fuzzy Hash: 7DB1AE76F10BC48AF700CFB8C4413DD3762A799B98F605329EE5923ADADB748196C384
                                                                                  Function 000001EF426B0440 Relevance: 1.5, Strings: 1, Instructions: 215COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: \u%04x
                                                                                  • API String ID: 0-2916071157
                                                                                  • Opcode ID: 4c5848268c85a42d971ed2b89f6bcaaa9c05278fdbdd3cc0fcef5c8ba17ae349
                                                                                  • Instruction ID: 7b1d238f8e4004d097bbb0fc28245ad62a3fb96854c29adb876fa60209aea48b
                                                                                  • Opcode Fuzzy Hash: 4c5848268c85a42d971ed2b89f6bcaaa9c05278fdbdd3cc0fcef5c8ba17ae349
                                                                                  • Instruction Fuzzy Hash: 3681BF3A2046E496FA54CB25D5907EE6F61F785F80F94943ADF4A43BE2EB38C616C300
                                                                                  Function 000001EF426AFA58 Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: ":
                                                                                  • API String ID: 0-3662656813
                                                                                  • Opcode ID: 5c7663efe092e97a5bfc1b10979cce433aae873457d53606f951c5d4b0992113
                                                                                  • Instruction ID: 559c77e1b3a470eb6d54a13f69b7788b1988e752b92239e4d7fe68f5bb98ffc9
                                                                                  • Opcode Fuzzy Hash: 5c7663efe092e97a5bfc1b10979cce433aae873457d53606f951c5d4b0992113
                                                                                  • Instruction Fuzzy Hash: CF91147A204A85C1EB20DF26E09469E7761F789FC8F45902ACF5E47BA4CF7AC159C701
                                                                                  Function 000001EF426640B0 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 000001EF42664139
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                                                                                  • API String ID: 0-1713319389
                                                                                  • Opcode ID: 437ae662eb117c41f44ff7f9c77615c2854eafd9d66bebc79b763ab490802efe
                                                                                  • Instruction ID: c60d1af4b2b70336282ba6a53b480edd4f3af63a6939e26ac8add1ba7f9d059f
                                                                                  • Opcode Fuzzy Hash: 437ae662eb117c41f44ff7f9c77615c2854eafd9d66bebc79b763ab490802efe
                                                                                  • Instruction Fuzzy Hash: D941A0776196E04AE702CB3984113BD7FB2E366F88F1C8166DBD487786DA2DC216CB11
                                                                                  Function 000001EF4265EC50 Relevance: .7, Instructions: 716COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2eed650f1dd5ed8a2c84de12954ff222856c8e4a51a8d95637fb2b28ee48ffdf
                                                                                  • Instruction ID: d1825195a87c50039623ac6dbd25801914d305b8826532f36fae09609866413c
                                                                                  • Opcode Fuzzy Hash: 2eed650f1dd5ed8a2c84de12954ff222856c8e4a51a8d95637fb2b28ee48ffdf
                                                                                  • Instruction Fuzzy Hash: A3725D76615BC489EB308F29E8413DE73A5F389B98F504229EE9C57B99DF78C285C700
                                                                                  Function 000001EF42650BD0 Relevance: .3, Instructions: 336COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7b1ef235b21b11ac8251876c724bae84282ef74ca4d17a748efc12a0c8d6ac15
                                                                                  • Instruction ID: c75f2db53bbd7ab8eabb1c06f78e6db2a6889e27e080167821a4500f649ca381
                                                                                  • Opcode Fuzzy Hash: 7b1ef235b21b11ac8251876c724bae84282ef74ca4d17a748efc12a0c8d6ac15
                                                                                  • Instruction Fuzzy Hash: A3F15236615FC889EB208B69E44139E77B1F78DB98F105329EEDC57B99DB78C1818B00
                                                                                  Function 000001EF426512C0 Relevance: .3, Instructions: 328COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8849b0289721132f3e5f40ffc6e27eeb38d1e34faac3596688eeda63eba861be
                                                                                  • Instruction ID: 1d37636a9adaddc0ca71962dd62f2249ce390e3b07b268266ea6805379cab9f0
                                                                                  • Opcode Fuzzy Hash: 8849b0289721132f3e5f40ffc6e27eeb38d1e34faac3596688eeda63eba861be
                                                                                  • Instruction Fuzzy Hash: 68F14236615FC889EB208B69E44139E77B1F78DB98F105325EEDC57B99EB38C1918B00
                                                                                  Function 00007FF64ABACE40 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 371COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 156 7ff64abace40-7ff64abace67 157 7ff64abace82-7ff64abace92 156->157 158 7ff64abace69-7ff64abace81 156->158 159 7ff64abacf64-7ff64abacfce call 7ff64aba3580 157->159 160 7ff64abace98-7ff64abace9c 157->160 181 7ff64abacfd0-7ff64abacfdf 159->181 182 7ff64abad014-7ff64abad01e 159->182 162 7ff64abace9e-7ff64abacec3 call 7ff64ac1f7c0 160->162 163 7ff64abacec4-7ff64abacece 160->163 166 7ff64abaced0-7ff64abaceda 163->166 167 7ff64abacef9-7ff64abacf0f 163->167 172 7ff64abacede-7ff64abacee9 call 7ff64ac08b14 166->172 168 7ff64abacf11-7ff64abacf18 167->168 169 7ff64abacf2d-7ff64abacf57 call 7ff64ac1f7c0 167->169 173 7ff64abacf25-7ff64abacf2a call 7ff64ac08b14 168->173 174 7ff64abacf1a-7ff64abacf21 168->174 189 7ff64abacf58-7ff64abacf5d call 7ff64abf5374 172->189 190 7ff64abaceeb-7ff64abacef7 172->190 173->169 178 7ff64abacf5e-7ff64abacf63 call 7ff64aba34c0 174->178 179 7ff64abacf23 174->179 178->159 179->172 181->182 186 7ff64abacfe1-7ff64abacff6 181->186 187 7ff64abad022-7ff64abad02d call 7ff64ac08b14 182->187 191 7ff64abacff8-7ff64abacffa 186->191 192 7ff64abacffc-7ff64abad003 186->192 206 7ff64abad033-7ff64abad03f 187->206 207 7ff64abad12a-7ff64abad1aa call 7ff64abf5374 call 7ff64ac1fe60 call 7ff64abcc6d0 call 7ff64abcff30 call 7ff64abf18a8 187->207 189->178 190->169 196 7ff64abad049-7ff64abad06e 191->196 197 7ff64abad041-7ff64abad046 call 7ff64ac08b14 192->197 198 7ff64abad005-7ff64abad00c 192->198 202 7ff64abad070-7ff64abad0ab call 7ff64ac1f7c0 * 3 196->202 203 7ff64abad0cf-7ff64abad0f2 call 7ff64ac1f7c0 * 3 196->203 197->196 204 7ff64abad124-7ff64abad129 call 7ff64aba34c0 198->204 205 7ff64abad012 198->205 230 7ff64abad0c5-7ff64abad0cd call 7ff64ac08ae0 202->230 231 7ff64abad0ad-7ff64abad0c0 202->231 226 7ff64abad0f7-7ff64abad11d 203->226 204->207 205->187 206->196 237 7ff64abad1af-7ff64abad24d call 7ff64abd4f70 call 7ff64abbbcb0 GetModuleHandleW GetProcAddress call 7ff64aba80e0 call 7ff64abaa160 call 7ff64aba7e80 call 7ff64abbb2e0 call 7ff64aba7a30 207->237 230->226 231->207 233 7ff64abad0c2 231->233 233->230 252 7ff64abad24f-7ff64abad289 call 7ff64aba80e0 call 7ff64aba7e80 call 7ff64abbb2e0 call 7ff64aba7a30 237->252 253 7ff64abad28b-7ff64abad2e5 call 7ff64ac1fe60 call 7ff64abcc6d0 call 7ff64abcff30 call 7ff64abf54e0 call 7ff64abf18b0 call 7ff64abd4f70 call 7ff64abccea0 237->253 271 7ff64abad2ea-7ff64abad344 GetModuleHandleW GetProcAddress call 7ff64ac1fe60 call 7ff64abcc6d0 call 7ff64abcff30 252->271 253->271 282 7ff64abad382-7ff64abad391 call 7ff64abbbf00 call 7ff64abd4f70 271->282 283 7ff64abad346-7ff64abad380 call 7ff64aba80e0 call 7ff64aba7e80 call 7ff64abbb2e0 call 7ff64aba7a30 271->283 293 7ff64abad392-7ff64abad3d0 call 7ff64abccea0 * 2 call 7ff64ac08880 282->293 283->293
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2259434632.00007FF64ABA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF64ABA0000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2259410289.00007FF64ABA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259489107.00007FF64AC24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259621780.00007FF64AD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259662159.00007FF64AD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff64aba0000_bv2DbIiZeK.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Failed to get address of HeapAlloc.$Failed to hook VirtualAlloc in trash code.$HeapAlloc$HeapAlloc offset (relative to kernel32.dll): 0x$VirtualAlloc$c3 $kernel32.dll
                                                                                  • API String ID: 0-3441928642
                                                                                  • Opcode ID: e24098b7a3418c233ea65c7986e3453cf49db42afa70e862ec10a2c4dd23eef7
                                                                                  • Instruction ID: 2896b2ed8df9e29cdc5fbf42d6a62f6c7926b6b2685cd8476b1f2b2417a4553a
                                                                                  • Opcode Fuzzy Hash: e24098b7a3418c233ea65c7986e3453cf49db42afa70e862ec10a2c4dd23eef7
                                                                                  • Instruction Fuzzy Hash: ABE1E362B1DA42A1EA10FF11E4503F96362EF86B84F644172EA5DC7BE6DE3CE546C340
                                                                                  Function 000001EF426A14B0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 192windowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 303 1ef426a14b0-1ef426a14eb call 1ef426a1320 306 1ef426a14ed-1ef426a14fc EnterCriticalSection 303->306 307 1ef426a152c 303->307 308 1ef426a14fe-1ef426a1520 GdiplusStartup 306->308 309 1ef426a1550-1ef426a156a LeaveCriticalSection GdipGetImageEncodersSize 306->309 310 1ef426a1531-1ef426a154f call 1ef426d4bd0 307->310 308->309 311 1ef426a1522-1ef426a1526 LeaveCriticalSection 308->311 309->307 313 1ef426a156c-1ef426a157f 309->313 311->307 315 1ef426a15bb-1ef426a15c9 call 1ef426c0454 313->315 316 1ef426a1581-1ef426a158a call 1ef426a10b0 313->316 321 1ef426a15cb-1ef426a15ce 315->321 322 1ef426a15d0-1ef426a15da 315->322 323 1ef426a15b8 316->323 324 1ef426a158c-1ef426a1596 316->324 325 1ef426a15de-1ef426a15e1 321->325 322->325 323->315 326 1ef426a1598 324->326 327 1ef426a15a2-1ef426a15b6 call 1ef426d5a10 324->327 328 1ef426a15ed-1ef426a15fe GdipGetImageEncoders 325->328 329 1ef426a15e3-1ef426a15e8 325->329 326->327 327->325 333 1ef426a1743-1ef426a1748 328->333 334 1ef426a1604-1ef426a160d 328->334 332 1ef426a1758-1ef426a175b 329->332 337 1ef426a175d 332->337 338 1ef426a1774-1ef426a1776 332->338 333->332 335 1ef426a163f 334->335 336 1ef426a160f-1ef426a161d 334->336 339 1ef426a1646-1ef426a1656 335->339 340 1ef426a1620-1ef426a162b 336->340 341 1ef426a1760-1ef426a1772 call 1ef426b7ac0 337->341 338->310 342 1ef426a1669-1ef426a1685 339->342 343 1ef426a1658-1ef426a1663 339->343 344 1ef426a1638-1ef426a163d 340->344 345 1ef426a162d-1ef426a1632 340->345 341->338 348 1ef426a1687-1ef426a16e0 GdipCreateBitmapFromScan0 GdipSaveImageToStream 342->348 349 1ef426a16f2-1ef426a1731 GdipCreateBitmapFromHBITMAP GdipSaveImageToStream 342->349 343->333 343->342 344->335 344->340 345->344 350 1ef426a16e7-1ef426a16eb 345->350 351 1ef426a16e2-1ef426a16e5 348->351 352 1ef426a16f0 348->352 353 1ef426a174a-1ef426a1757 GdipDisposeImage 349->353 354 1ef426a1733 349->354 350->339 355 1ef426a1736-1ef426a173d GdipDisposeImage 351->355 352->353 353->332 354->355 355->333
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream
                                                                                  • String ID: &
                                                                                  • API String ID: 1703174404-3042966939
                                                                                  • Opcode ID: 7b341c53486f43070d1c6ed6aee1070c3fc9f73d796a39bf4224e0cad6e524bc
                                                                                  • Instruction ID: 5e4a8c66020ea7c5f8afe8ccf4e39dcc79df1385a7e11eab70df326b77b09c5e
                                                                                  • Opcode Fuzzy Hash: 7b341c53486f43070d1c6ed6aee1070c3fc9f73d796a39bf4224e0cad6e524bc
                                                                                  • Instruction Fuzzy Hash: 3991293A200B848AFB20CF25E8407DE37A4F759F98F559279EE4A47BD4DB34C6568740
                                                                                  Function 000001EF4269783A Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 192synchronizationCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1540 1ef4269783a-1ef42697893 call 1ef4269bb70 1544 1ef42697899-1ef426978e2 call 1ef42661bd0 call 1ef4269bc60 call 1ef426618c0 1540->1544 1545 1ef4269797e-1ef42697a0e call 1ef426ab100 call 1ef42684e60 1540->1545 1564 1ef426978e8-1ef42697910 call 1ef4268f820 call 1ef42661320 1544->1564 1565 1ef42697975-1ef4269797d ExitProcess 1544->1565 1554 1ef42697a10-1ef42697a25 1545->1554 1555 1ef42697a45-1ef42697a88 OpenMutexA 1545->1555 1557 1ef42697a27-1ef42697a3a 1554->1557 1558 1ef42697a40 call 1ef426d4bf0 1554->1558 1559 1ef42697a8a-1ef42697a95 ExitProcess 1555->1559 1560 1ef42697a96-1ef42697ace CreateMutexA call 1ef42690970 call 1ef426a29e0 1555->1560 1557->1558 1562 1ef42697c05-1ef42697c0a call 1ef426b86d8 1557->1562 1558->1555 1559->1560 1577 1ef42697adc-1ef42697b36 call 1ef426ab410 call 1ef4265d510 call 1ef4265e5a0 call 1ef4265ec50 call 1ef4265fa60 call 1ef4265c9c0 call 1ef426814c0 call 1ef426841a0 call 1ef42652c20 call 1ef4265ae00 call 1ef42659820 call 1ef4269ff00 call 1ef4265bee0 call 1ef42657810 call 1ef42654ad0 call 1ef42657b00 call 1ef426a7bc0 1560->1577 1578 1ef42697ad0-1ef42697adb ExitProcess 1560->1578 1575 1ef42697c0b-1ef42697c10 call 1ef426b86d8 1562->1575 1580 1ef42697968-1ef42697970 call 1ef42652b10 1564->1580 1581 1ef42697912-1ef42697967 call 1ef426652c0 call 1ef42661300 call 1ef42691800 call 1ef426652a0 call 1ef42661290 call 1ef42661990 1564->1581 1565->1545 1630 1ef42697b3b-1ef42697b4b call 1ef42692540 1577->1630 1578->1577 1580->1565 1581->1580 1634 1ef42697b4d-1ef42697b59 ReleaseMutex call 1ef426f8108 1630->1634 1635 1ef42697b5f-1ef42697b66 1630->1635 1634->1635 1637 1ef42697b68-1ef42697b6d call 1ef42697c20 1635->1637 1638 1ef42697b6e-1ef42697b7a 1635->1638 1637->1638 1640 1ef42697b7c-1ef42697b91 1638->1640 1641 1ef42697bad-1ef42697bfe call 1ef426971a0 call 1ef426d4bd0 1638->1641 1644 1ef42697ba8 call 1ef426d4bf0 1640->1644 1645 1ef42697b93-1ef42697ba6 1640->1645 1644->1641 1645->1575 1645->1644
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExitMutexProcess$CloseCreateHandleInitializeOpenRelease
                                                                                  • String ID: --key$--type$APPB:
                                                                                  • API String ID: 2480080097-2541764812
                                                                                  • Opcode ID: 242afc60a1b9a7c5911455471c9d6bc6f32910ce8b20bd2a007793628d0bd071
                                                                                  • Instruction ID: 932c383a6f31247a3944359211d8f22db2d17a76d70282a92d4391efb9dd9d8c
                                                                                  • Opcode Fuzzy Hash: 242afc60a1b9a7c5911455471c9d6bc6f32910ce8b20bd2a007793628d0bd071
                                                                                  • Instruction Fuzzy Hash: DA91A179215AC581FA61EB64E4553EFA360FBC5B80F401579EE8D43ADAEF38C586CB00
                                                                                  Function 000001EF426A29E0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 193networkCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
                                                                                  • String ID: geo$system
                                                                                  • API String ID: 213021568-2364779556
                                                                                  • Opcode ID: 4ac7e58d4ce2cc2a61abb52f43d454f3727fcf7897087ca566c48be208fdc2a9
                                                                                  • Instruction ID: 7ad6f27893270bca84cb2f7506d10db1aa4ab0b6fdf83ff8ad9563ab6f89d986
                                                                                  • Opcode Fuzzy Hash: 4ac7e58d4ce2cc2a61abb52f43d454f3727fcf7897087ca566c48be208fdc2a9
                                                                                  • Instruction Fuzzy Hash: 55917E7A751A8189FB00CF74E8903DE2361E745B98F90563ADE59536E9EF38C64AC340
                                                                                  Function 000001EF426E3C08 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1939 1ef426e3c08-1ef426e3c7b call 1ef426e37e8 1942 1ef426e3c7d-1ef426e3c86 call 1ef426bcb5c 1939->1942 1943 1ef426e3c95-1ef426e3c9f call 1ef426cbb64 1939->1943 1948 1ef426e3c89-1ef426e3c90 call 1ef426bcb7c 1942->1948 1949 1ef426e3cba-1ef426e3d23 CreateFileW 1943->1949 1950 1ef426e3ca1-1ef426e3cb8 call 1ef426bcb5c call 1ef426bcb7c 1943->1950 1966 1ef426e3fd7-1ef426e3ff7 1948->1966 1952 1ef426e3d25-1ef426e3d2b 1949->1952 1953 1ef426e3da0-1ef426e3dab GetFileType 1949->1953 1950->1948 1956 1ef426e3d6d-1ef426e3d9b call 1ef426f8210 call 1ef426bcaf0 1952->1956 1957 1ef426e3d2d-1ef426e3d31 1952->1957 1959 1ef426e3dad-1ef426e3de8 call 1ef426f8210 call 1ef426bcaf0 call 1ef426f8108 1953->1959 1960 1ef426e3dfe-1ef426e3e05 1953->1960 1956->1948 1957->1956 1962 1ef426e3d33-1ef426e3d6b CreateFileW 1957->1962 1959->1948 1986 1ef426e3dee-1ef426e3df9 call 1ef426bcb7c 1959->1986 1964 1ef426e3e0d-1ef426e3e10 1960->1964 1965 1ef426e3e07-1ef426e3e0b 1960->1965 1962->1953 1962->1956 1971 1ef426e3e16-1ef426e3e6b call 1ef426cba7c 1964->1971 1972 1ef426e3e12 1964->1972 1965->1971 1980 1ef426e3e6d-1ef426e3e79 call 1ef426e39f4 1971->1980 1981 1ef426e3e8a-1ef426e3ebb call 1ef426e3570 1971->1981 1972->1971 1980->1981 1988 1ef426e3e7b 1980->1988 1990 1ef426e3ebd-1ef426e3ebf 1981->1990 1991 1ef426e3ec1-1ef426e3f04 1981->1991 1986->1948 1992 1ef426e3e7d-1ef426e3e85 call 1ef426c3f7c 1988->1992 1990->1992 1994 1ef426e3f26-1ef426e3f31 1991->1994 1995 1ef426e3f06-1ef426e3f0a 1991->1995 1992->1966 1998 1ef426e3f37-1ef426e3f3b 1994->1998 1999 1ef426e3fd5 1994->1999 1995->1994 1997 1ef426e3f0c-1ef426e3f21 1995->1997 1997->1994 1998->1999 2001 1ef426e3f41-1ef426e3f86 call 1ef426f8108 CreateFileW 1998->2001 1999->1966 2004 1ef426e3fbb-1ef426e3fd0 2001->2004 2005 1ef426e3f88-1ef426e3fb6 call 1ef426f8210 call 1ef426bcaf0 call 1ef426cbca4 2001->2005 2004->1999 2005->2004
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                                                  • String ID:
                                                                                  • API String ID: 1330151763-0
                                                                                  • Opcode ID: 6285118774f749e8d84d89f3fc9727a5f198784a2c206228c38fa5836f6e4f91
                                                                                  • Instruction ID: e535e9ad1e15fe7159149ac070f60a65c4b575c9b5e9ff34c15cccfa6301006f
                                                                                  • Opcode Fuzzy Hash: 6285118774f749e8d84d89f3fc9727a5f198784a2c206228c38fa5836f6e4f91
                                                                                  • Instruction Fuzzy Hash: E2C1BE3A720A8489FB10CFA9C4906EE7761F349FA8F015229DE2E9B7D5DB34C566C340
                                                                                  Function 000001EF426ACDC0 Relevance: 13.6, APIs: 9, Instructions: 127COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Session$CriticalSection$EnterListProcess$CurrentLeaveRegisterResourcesStart
                                                                                  • String ID:
                                                                                  • API String ID: 3440422588-0
                                                                                  • Opcode ID: d7a364759b3dbcf11fb9cdf69c51cca138d24a74673e17ad1cdbcdcc327df430
                                                                                  • Instruction ID: 9377347f7dbe3417b411c47dd933b917e2b30af254b8dc4772dda4d9061606fd
                                                                                  • Opcode Fuzzy Hash: d7a364759b3dbcf11fb9cdf69c51cca138d24a74673e17ad1cdbcdcc327df430
                                                                                  • Instruction Fuzzy Hash: B8510A3A7006848AFB50CFA5E8547DE73A5BB88B54F414539DE0E93AD4DF38CA06C740
                                                                                  Function 00007FF64ABD5180 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 53librarymemoryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2259434632.00007FF64ABA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF64ABA0000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2259410289.00007FF64ABA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259489107.00007FF64AC24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259621780.00007FF64AD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259662159.00007FF64AD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff64aba0000_bv2DbIiZeK.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressAlloc2CurrentInfoLibraryLoadProcProcessSystemVirtual
                                                                                  • String ID: VirtualAlloc2$kernelbase.dll
                                                                                  • API String ID: 3240720159-1188699709
                                                                                  • Opcode ID: 0e0abdd12b88005321260c04ab8a94d4e8af7926ab9791165807831670d0e7fa
                                                                                  • Instruction ID: 39f2b7d9aba2ca68bbd629c5d2f9c2c9c0d949dc01e4e7140e6b202095eec44b
                                                                                  • Opcode Fuzzy Hash: 0e0abdd12b88005321260c04ab8a94d4e8af7926ab9791165807831670d0e7fa
                                                                                  • Instruction Fuzzy Hash: 48212636A09B8192EB10DF11F4443A9B7B4FB99B84F645229EB8D43B64EF7CD195CB00
                                                                                  Function 00007FF64ABB00D0 Relevance: 7.7, APIs: 5, Instructions: 205COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2259434632.00007FF64ABA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF64ABA0000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2259410289.00007FF64ABA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259489107.00007FF64AC24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259621780.00007FF64AD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259662159.00007FF64AD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff64aba0000_bv2DbIiZeK.jbxd
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                                                                  • String ID:
                                                                                  • API String ID: 3936042273-0
                                                                                  • Opcode ID: 219f4f4f41df4a763007e0c5554b64e668db321e0b2afe851a5c400cab673880
                                                                                  • Instruction ID: cd11dfcfede6c0598744176ad88cee5c0dc2bb72db81fbbfe2ce461f9b5663ae
                                                                                  • Opcode Fuzzy Hash: 219f4f4f41df4a763007e0c5554b64e668db321e0b2afe851a5c400cab673880
                                                                                  • Instruction Fuzzy Hash: 2E819072A1CF8196EA10EF64E48426A73A5FB49794F205735EA9C42FD9DF7CE180C700
                                                                                  Function 00007FF64ABAFEA0 Relevance: 7.6, APIs: 5, Instructions: 147COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2259434632.00007FF64ABA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF64ABA0000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2259410289.00007FF64ABA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259489107.00007FF64AC24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259621780.00007FF64AD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259662159.00007FF64AD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff64aba0000_bv2DbIiZeK.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalProcessSectionToken$CurrentEnterInformationLeaveOpen
                                                                                  • String ID:
                                                                                  • API String ID: 2440646923-0
                                                                                  • Opcode ID: 9ab9300c0f4551c81633224fb06f0f89bab90709a367cb91cc1a670632937391
                                                                                  • Instruction ID: abe737827ec60ce0f3e6adb80e97453f4b93dbe417aeb69a11d9e969188d4e41
                                                                                  • Opcode Fuzzy Hash: 9ab9300c0f4551c81633224fb06f0f89bab90709a367cb91cc1a670632937391
                                                                                  • Instruction Fuzzy Hash: 16516621B0CA0662FAA0FF25A5903BA6361FF86B80F645171EE4E87F95DF3DE4418740
                                                                                  Function 00007FF64ABC8B00 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2259434632.00007FF64ABA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF64ABA0000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2259410289.00007FF64ABA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259489107.00007FF64AC24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259621780.00007FF64AD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259662159.00007FF64AD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff64aba0000_bv2DbIiZeK.jbxd
                                                                                  Similarity
                                                                                  • API ID: Process$MemoryRead$CurrentErrorLastQueryVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 2584129402-0
                                                                                  • Opcode ID: dc075e0e2fa7d39a4b06bb62cacae32b3ddb62e8aafcae57b1d9cb5024b06f87
                                                                                  • Instruction ID: 5d410de9dc3af56cea7408cea3aec9096f3265423871b1b5a23e28aabe82c1e4
                                                                                  • Opcode Fuzzy Hash: dc075e0e2fa7d39a4b06bb62cacae32b3ddb62e8aafcae57b1d9cb5024b06f87
                                                                                  • Instruction Fuzzy Hash: DB217C72A0CB4592EA60AF52E900BA973A8FB55FC0F2840B6DE9C83B55CF3ED5518704
                                                                                  Function 000001EF426A97D0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Value
                                                                                  • String ID: --type$ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                  • API String ID: 3702945584-3762788641
                                                                                  • Opcode ID: 4129fc85b9082b641b48e58c8b8c6e2472d04c9c51b6127818adc047f838f3e9
                                                                                  • Instruction ID: 89901d92dbfab5cb20e7503f6997f940b9d907013945c1099f7966bfcc7fd61c
                                                                                  • Opcode Fuzzy Hash: 4129fc85b9082b641b48e58c8b8c6e2472d04c9c51b6127818adc047f838f3e9
                                                                                  • Instruction Fuzzy Hash: 4F112E36208BC582E7208F21F44139EB3A4F799B88F911229EE9946B98DF78D255CB40
                                                                                  Function 00007FF64ABA3010 Relevance: 6.2, APIs: 4, Instructions: 156COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2259434632.00007FF64ABA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF64ABA0000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2259410289.00007FF64ABA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259489107.00007FF64AC24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259621780.00007FF64AD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259662159.00007FF64AD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff64aba0000_bv2DbIiZeK.jbxd
                                                                                  Similarity
                                                                                  • API ID: NumbersVersion$Image$DataDirectoryEntryHandleHeaderModule
                                                                                  • String ID:
                                                                                  • API String ID: 1637451276-0
                                                                                  • Opcode ID: 712474940e18f77ab57ca1f1dd19ab4846e11f5ffb392c7771a0b5f644fe9222
                                                                                  • Instruction ID: c7c522c1f2d372ff2b49471695227de1d33e2a1d7c5cfb5c6b7d547a1e792fdb
                                                                                  • Opcode Fuzzy Hash: 712474940e18f77ab57ca1f1dd19ab4846e11f5ffb392c7771a0b5f644fe9222
                                                                                  • Instruction Fuzzy Hash: 4B61AC36B18B02AAEB50EF64D5402ED37B2FB49708F640176CA0DA7A58DF38E955C700
                                                                                  Function 00007FF64ABD6580 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2259434632.00007FF64ABA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF64ABA0000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2259410289.00007FF64ABA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259489107.00007FF64AC24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259621780.00007FF64AD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259662159.00007FF64AD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff64aba0000_bv2DbIiZeK.jbxd
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                  • String ID: nop
                                                                                  • API String ID: 73155330-258488684
                                                                                  • Opcode ID: 389c02a4f68a42f52438d16875c9a2168016208ccb590f182ea7b7427c83fc84
                                                                                  • Instruction ID: caa0dbb89d6560f3b7b5d52f0192ba9f6ccba671245c39cebed3a8875c838192
                                                                                  • Opcode Fuzzy Hash: 389c02a4f68a42f52438d16875c9a2168016208ccb590f182ea7b7427c83fc84
                                                                                  • Instruction Fuzzy Hash: 6831BC62B2DB41A0EE10FF09E0542B96265EB49BE0F644671DAAD87FD9DF2CE491C300
                                                                                  Function 000001EF426A9D30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CurrentProfile
                                                                                  • String ID: --type$Unknown
                                                                                  • API String ID: 2104809126-2669863112
                                                                                  • Opcode ID: 760e4e3f67c90bb7446da2159c480b59186af3a8e3a154873368319c074eb2c9
                                                                                  • Instruction ID: 201e331092ee5e476337f34e4e529a5c81b5f0a4125b4ce28e42f66bfb46ab69
                                                                                  • Opcode Fuzzy Hash: 760e4e3f67c90bb7446da2159c480b59186af3a8e3a154873368319c074eb2c9
                                                                                  • Instruction Fuzzy Hash: 82317E36628BC482F6208F25F55039FB760F799B84F545229EFC902A9ADB7DD685CB00
                                                                                  Function 000001EF426A01B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseOpen
                                                                                  • String ID: --type
                                                                                  • API String ID: 47109696-2654721227
                                                                                  • Opcode ID: 7014c8b6109ec6826950106e7f7fa36bc9ff855a9ac06537b893ea57d2061009
                                                                                  • Instruction ID: 794b0b925a8a75ee8aa3ac7227399401ec8358e6aee299861c6fcc4f3b149ead
                                                                                  • Opcode Fuzzy Hash: 7014c8b6109ec6826950106e7f7fa36bc9ff855a9ac06537b893ea57d2061009
                                                                                  • Instruction Fuzzy Hash: B0218039710AC445FE509B21E8907EFA360EB9AFD4F485139EE4D03BD5DF28C5828700
                                                                                  Function 00007FF64ABAA830 Relevance: 4.8, APIs: 3, Instructions: 298libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2259434632.00007FF64ABA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF64ABA0000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2259410289.00007FF64ABA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259489107.00007FF64AC24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259621780.00007FF64AD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259662159.00007FF64AD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff64aba0000_bv2DbIiZeK.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressLibraryLoadProcQueryVirtual_invalid_parameter_noinfo_noreturn
                                                                                  • String ID:
                                                                                  • API String ID: 3513549592-0
                                                                                  • Opcode ID: d2e8c7aaed6e6c64566d84ba3d96d17ea8af480c2609a8a52e003b5272578578
                                                                                  • Instruction ID: 6004b70187c82614b013837d0ebbbc256740e50ab206df86689cc134af3b1f3e
                                                                                  • Opcode Fuzzy Hash: d2e8c7aaed6e6c64566d84ba3d96d17ea8af480c2609a8a52e003b5272578578
                                                                                  • Instruction Fuzzy Hash: 32C1B163F0CA91A5FB10BF61D4403AC27A2FB0AB98FA5417ACE1D97A85DF39D485C350
                                                                                  Function 000001EF426A7F4E Relevance: 4.7, APIs: 3, Instructions: 186networkCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Cleanupclosesocketrecv
                                                                                  • String ID:
                                                                                  • API String ID: 3447645871-0
                                                                                  • Opcode ID: a02013ff56e0863db6598a7053ec74867d0982dbe617a38d302520dafb74340e
                                                                                  • Instruction ID: 910b21d992f6e8c5c59ed2da70dd4b52eee8f6547acbdcc18ab9f91451b46e36
                                                                                  • Opcode Fuzzy Hash: a02013ff56e0863db6598a7053ec74867d0982dbe617a38d302520dafb74340e
                                                                                  • Instruction Fuzzy Hash: 38918176614BC481FA208B19E4553DF6761F79ABA0F505339EEAC03AEADF78C582C740
                                                                                  Function 000001EF426AA211 Relevance: 4.7, APIs: 3, Instructions: 163registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseEnumOpen
                                                                                  • String ID:
                                                                                  • API String ID: 1332880857-0
                                                                                  • Opcode ID: e4d17b863811ac805bb3cfb8191430d72f76d945f5bb8ef6f2a71ab4a8ce5029
                                                                                  • Instruction ID: 4bb19bd7bd4fa1860e2dc912a28d1ceecdbeb0e9cdfa46c6cb6044ee139b87f8
                                                                                  • Opcode Fuzzy Hash: e4d17b863811ac805bb3cfb8191430d72f76d945f5bb8ef6f2a71ab4a8ce5029
                                                                                  • Instruction Fuzzy Hash: DE717D76614BC486FB10CB69E44479E6771F785BA8F60023AEEAD13AD9DB78C4C2C700
                                                                                  Function 000001EF426AA1A0 Relevance: 4.6, APIs: 3, Instructions: 96registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: EnumOpen
                                                                                  • String ID:
                                                                                  • API String ID: 3231578192-0
                                                                                  • Opcode ID: 69012de8002506ae3a43370800cbb35ce774bed31c35727b5f468cc9562c4237
                                                                                  • Instruction ID: 43120f48337d2065e11b028da82d64550e5ebfa8a19087336368c7a5573a926c
                                                                                  • Opcode Fuzzy Hash: 69012de8002506ae3a43370800cbb35ce774bed31c35727b5f468cc9562c4237
                                                                                  • Instruction Fuzzy Hash: 8E317C36700BC486FB20CFA5E854B9E7774F785B98F60023AEE9917A94DB78C592C700
                                                                                  Function 000001EF426B7114 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo$_local_unwind
                                                                                  • String ID:
                                                                                  • API String ID: 1677304287-0
                                                                                  • Opcode ID: 3b153441c32461bfb0eb759f9cc7ec2d93a122d6959f07e27f40eb8d54cdee1f
                                                                                  • Instruction ID: c34653b9e5aac5157aa9b4f7193c67d3e552d4928495709edce7837b95ce1fb1
                                                                                  • Opcode Fuzzy Hash: 3b153441c32461bfb0eb759f9cc7ec2d93a122d6959f07e27f40eb8d54cdee1f
                                                                                  • Instruction Fuzzy Hash: 1E21B13A6106D481FA56DB14E8513EF3B61E795F84F98013AEE1A473E6DB38C206C720
                                                                                  Function 000001EF426A9EDB Relevance: 4.6, APIs: 3, Instructions: 68registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseOpenQueryValue
                                                                                  • String ID:
                                                                                  • API String ID: 3677997916-0
                                                                                  • Opcode ID: aeb71fd352264c1b9eee5993f9eaac2461e1c68eb05d08c908a1cd922f3faec3
                                                                                  • Instruction ID: 2f09acba76af190a82f6f7fa3910971b90545ec136677eb12d42872183ff8aa7
                                                                                  • Opcode Fuzzy Hash: aeb71fd352264c1b9eee5993f9eaac2461e1c68eb05d08c908a1cd922f3faec3
                                                                                  • Instruction Fuzzy Hash: 6521913A715BC481FA108F25E48039FA361E7D6BD4F50523AEE8D42AD9EE28C185CB04
                                                                                  Function 000001EF426A8A30 Relevance: 4.6, APIs: 3, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Info$User
                                                                                  • String ID:
                                                                                  • API String ID: 2017065092-0
                                                                                  • Opcode ID: abc5036c296a8e57beceb74fdc647dcfa0ac5a3609073149a4a7ea06c52c9197
                                                                                  • Instruction ID: e7dbf0f9ab4931cca63da14e103f3ac14a7d0a7d3ce3cc30fc052fd9f73d17f4
                                                                                  • Opcode Fuzzy Hash: abc5036c296a8e57beceb74fdc647dcfa0ac5a3609073149a4a7ea06c52c9197
                                                                                  • Instruction Fuzzy Hash: 9F118B36A24B8486EB109F61E45478EB361F794F88F045239EF8903B99EF7CD5518B84
                                                                                  Function 000001EF426A2470 Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ProcessToken$CurrentInformationOpen
                                                                                  • String ID:
                                                                                  • API String ID: 2743777493-0
                                                                                  • Opcode ID: 843c4e881ea1c955be678229682ad12d7f62d781caae3c893c8b4e9352b10c93
                                                                                  • Instruction ID: bbf83adbdbcdfc1de0b937957d4a47eddf5cfee78b4b41b50d6ca83c5e6937bd
                                                                                  • Opcode Fuzzy Hash: 843c4e881ea1c955be678229682ad12d7f62d781caae3c893c8b4e9352b10c93
                                                                                  • Instruction Fuzzy Hash: 9E112936218B8186EB508F11F85078FB3A0F788B84F455139EE8947BA8DF3CC556CB40
                                                                                  Function 00007FF64ABABA70 Relevance: 3.9, APIs: 3, Instructions: 195memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2259434632.00007FF64ABA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF64ABA0000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2259410289.00007FF64ABA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259489107.00007FF64AC24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259621780.00007FF64AD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259662159.00007FF64AD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff64aba0000_bv2DbIiZeK.jbxd
                                                                                  Similarity
                                                                                  • API ID: Virtual$Alloc$FreeQuery
                                                                                  • String ID:
                                                                                  • API String ID: 609462816-0
                                                                                  • Opcode ID: 07120e4ad77d0ed78d8cc2a36b75502f8507cddbf4e8b4e482180b5fccf2e1e8
                                                                                  • Instruction ID: 979f1365139ac2230b85d3818dc82d1c03dfd6c3db4ae64b010a2412fa4406a8
                                                                                  • Opcode Fuzzy Hash: 07120e4ad77d0ed78d8cc2a36b75502f8507cddbf4e8b4e482180b5fccf2e1e8
                                                                                  • Instruction Fuzzy Hash: 21719421B0C64661FB64BF1195502BA6392AF67BC0F6440B4DE6D97F86EF3DEC568300
                                                                                  Function 000001EF42667540 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                  • String ID: cannot use operator[] with a numeric argument with
                                                                                  • API String ID: 118556049-485864652
                                                                                  • Opcode ID: 84078dc48dd260d6a6d7404a2f1f2bea2e41f1ccc26d56d4f36e002bba0bb3c3
                                                                                  • Instruction ID: 46b45d1b458114dabb6f692c3779f0708064a936eb094ad08ca3aaad3e98d682
                                                                                  • Opcode Fuzzy Hash: 84078dc48dd260d6a6d7404a2f1f2bea2e41f1ccc26d56d4f36e002bba0bb3c3
                                                                                  • Instruction Fuzzy Hash: 7631AC7A3057C495FE159B2AE5043DEA252F704FE4F680B389EAD4BBD6DE78C0928700
                                                                                  Function 00007FF64ABA8E90 Relevance: 3.1, APIs: 2, Instructions: 118COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2259434632.00007FF64ABA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF64ABA0000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2259410289.00007FF64ABA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259489107.00007FF64AC24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259621780.00007FF64AD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259662159.00007FF64AD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff64aba0000_bv2DbIiZeK.jbxd
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                  • String ID:
                                                                                  • API String ID: 73155330-0
                                                                                  • Opcode ID: 62c6a462bddb442d9bb1d36239809d0b0a4dca485d0c64cc10a4dc477bd56375
                                                                                  • Instruction ID: 45a0140f65b80fe11cf680e4f611808dfac4e0b2a36e2d526cac83eb8cd03f98
                                                                                  • Opcode Fuzzy Hash: 62c6a462bddb442d9bb1d36239809d0b0a4dca485d0c64cc10a4dc477bd56375
                                                                                  • Instruction Fuzzy Hash: CB41D261B0C742A5EE20BF56A4042B9A253BB06FD4F644A72DEAD8BFC5DE3DD0419340
                                                                                  Function 000001EF426A1780 Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FolderFreeKnownPathTask
                                                                                  • String ID:
                                                                                  • API String ID: 969438705-0
                                                                                  • Opcode ID: 0ada433c28abcb86cdef0f69cf612539cd7a0534f812acdf0e11966572c42b97
                                                                                  • Instruction ID: 5af4d9d9b430adac48f2ae4599f6e83d7d27916e4170dcf7cb6c223d53721e9d
                                                                                  • Opcode Fuzzy Hash: 0ada433c28abcb86cdef0f69cf612539cd7a0534f812acdf0e11966572c42b97
                                                                                  • Instruction Fuzzy Hash: B1314276A14BC481E6108B29E44035FB761F799BE4F605329FEAC037D5DB7CC1818B40
                                                                                  Function 000001EF42697AEA Relevance: 3.1, APIs: 2, Instructions: 61synchronizationCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
                                                                                  • String ID:
                                                                                  • API String ID: 420082584-0
                                                                                  • Opcode ID: 156d097af29c4f5ea8f6df1dcfbc1a883085688cc5cf8c260fc458ec5aa08c2a
                                                                                  • Instruction ID: a07edbf9c52926bcd68b73b9e337769fecda26d2908e4caa11bd7a4ccc9d9b15
                                                                                  • Opcode Fuzzy Hash: 156d097af29c4f5ea8f6df1dcfbc1a883085688cc5cf8c260fc458ec5aa08c2a
                                                                                  • Instruction Fuzzy Hash: BB21F0BD6156C480FA22BB74F4063DF5341AB89FA0F4415BDFDA9022CB9E28C583C621
                                                                                  Function 000001EF426C6428 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorFileLastPointer
                                                                                  • String ID:
                                                                                  • API String ID: 2976181284-0
                                                                                  • Opcode ID: 0b289e67f3315a15b91e6abf967764529b2485836cde0f12dbfa8971809dfebb
                                                                                  • Instruction ID: 4864ffc764e01cc15ddd20a84483fcd2c0869ae00aad3fcb0f9d3f036d4d2448
                                                                                  • Opcode Fuzzy Hash: 0b289e67f3315a15b91e6abf967764529b2485836cde0f12dbfa8971809dfebb
                                                                                  • Instruction Fuzzy Hash: 1011BF76304A8081EA209B2AE54429E7361E784FF4F548339EE79477E9DE38C1568744
                                                                                  Function 00007FF64AC08B14 Relevance: 3.0, APIs: 2, Instructions: 22COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2259434632.00007FF64ABA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF64ABA0000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2259410289.00007FF64ABA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259489107.00007FF64AC24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259621780.00007FF64AD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259662159.00007FF64AD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff64aba0000_bv2DbIiZeK.jbxd
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                  • String ID:
                                                                                  • API String ID: 1173176844-0
                                                                                  • Opcode ID: 3b4601a600e6d8583585d6b890b82c0c7b93104b81c23db0e6f95a0016b351e7
                                                                                  • Instruction ID: 8075e871521d8bc19761c0212f060996b991007e2b70f01c07a8540729bbbd79
                                                                                  • Opcode Fuzzy Hash: 3b4601a600e6d8583585d6b890b82c0c7b93104b81c23db0e6f95a0016b351e7
                                                                                  • Instruction Fuzzy Hash: 94E0ECC4E5D10762FDA8BEE218161B550A44F4B7B0E7C6BB0EBBDC9BC7AD1CE4918210
                                                                                  Function 000001EF426D4E90 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                  • String ID:
                                                                                  • API String ID: 1173176844-0
                                                                                  • Opcode ID: 9b26ece190ddfef467b4df6d1441cacb056fd69bbf8aa7748d5518b3e61eb427
                                                                                  • Instruction ID: 8743c440a6279c21e65d1a1f3f1103f20b7ead7f2d580efde3b02b3c9a927a8d
                                                                                  • Opcode Fuzzy Hash: 9b26ece190ddfef467b4df6d1441cacb056fd69bbf8aa7748d5518b3e61eb427
                                                                                  • Instruction Fuzzy Hash: C2E0173C63128EAAFE2936B2981A3FF01800F59F74F2C1B3C6D35092C3AD2488978190
                                                                                  Function 00007FF64ABF8C40 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlFreeHeap.NTDLL(?,?,44F642F9048B4AC0,00007FF64ABFE056,?,?,?,00007FF64ABFE3D3,?,?,00000000,00007FF64ABFED39,?,?,00007FF64AC05FDA,00007FF64ABFEC6B), ref: 00007FF64ABF8C56
                                                                                  • GetLastError.KERNEL32(?,?,44F642F9048B4AC0,00007FF64ABFE056,?,?,?,00007FF64ABFE3D3,?,?,00000000,00007FF64ABFED39,?,?,00007FF64AC05FDA,00007FF64ABFEC6B), ref: 00007FF64ABF8C60
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2259434632.00007FF64ABA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF64ABA0000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2259410289.00007FF64ABA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259489107.00007FF64AC24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259621780.00007FF64AD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259662159.00007FF64AD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff64aba0000_bv2DbIiZeK.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorFreeHeapLast
                                                                                  • String ID:
                                                                                  • API String ID: 485612231-0
                                                                                  • Opcode ID: 4beb02ae198b01a3e73c7be97fef6af71b976333c9762f1a71bbb7bbb81d7103
                                                                                  • Instruction ID: 70fc3497fe7c2ff57f638e32f73b99f323bfab6fea2864f5c74289004cd45460
                                                                                  • Opcode Fuzzy Hash: 4beb02ae198b01a3e73c7be97fef6af71b976333c9762f1a71bbb7bbb81d7103
                                                                                  • Instruction Fuzzy Hash: D3E0CD5AF0E20363FF047FF154440782192DF55740F2854B8D94DC7651DE2C68954700
                                                                                  Function 000001EF426C3E04 Relevance: 2.5, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorFreeHeapLast
                                                                                  • String ID:
                                                                                  • API String ID: 485612231-0
                                                                                  • Opcode ID: b876a730213cecfd686e206b510f5b7d457d852c74abe91743a1d3f1a15d8d1b
                                                                                  • Instruction ID: 92eff0046c294de4a4dc02aa2276355827ec301d5e91fcdb8628c1698390d9ec
                                                                                  • Opcode Fuzzy Hash: b876a730213cecfd686e206b510f5b7d457d852c74abe91743a1d3f1a15d8d1b
                                                                                  • Instruction Fuzzy Hash: 73E08CB87016C442FF18ABB6D8842EF22509F89F40F44003C8D19432E1EA284A934360
                                                                                  Function 000001EF426B60D0 Relevance: 1.7, APIs: 1, Instructions: 183COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                  • String ID:
                                                                                  • API String ID: 118556049-0
                                                                                  • Opcode ID: f680b58de8bf2d06c7c47c85c978ff829cfdda138cf43f3d0274ded4a4af5dbf
                                                                                  • Instruction ID: ca5fbd927337ea3ffd466b73f34739cd5c0daecd7f9f45f48e81ddf43a2bc7dc
                                                                                  • Opcode Fuzzy Hash: f680b58de8bf2d06c7c47c85c978ff829cfdda138cf43f3d0274ded4a4af5dbf
                                                                                  • Instruction Fuzzy Hash: 06619F3AB016E485FE24CE5AD0543AE6B61E705F94F588639CF6E0B7D2DE39C482C300
                                                                                  Function 000001EF42661020 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                  • String ID:
                                                                                  • API String ID: 118556049-0
                                                                                  • Opcode ID: 59d2347b98472a44a1f0cb87164641e2161bc0e68de9603546f43f70f04d2dfa
                                                                                  • Instruction ID: 84b6cf4d1104134bcb6fc453faa488502e3209886d8586820754e9cbdaaed9d9
                                                                                  • Opcode Fuzzy Hash: 59d2347b98472a44a1f0cb87164641e2161bc0e68de9603546f43f70f04d2dfa
                                                                                  • Instruction Fuzzy Hash: B251693A204B8489EB158F2AD45439E77A5F389FA4F94457ACE1D473E5DE39C482CB40
                                                                                  Function 000001EF426A9550 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: InformationVolume__std_fs_get_current_path
                                                                                  • String ID:
                                                                                  • API String ID: 155845060-0
                                                                                  • Opcode ID: b4c8a1029c2b9b60bc67bfd5abbf64dcf4c4f06ae66df3cd6cbce50130d53ab4
                                                                                  • Instruction ID: 6a4f152d6563e437e587668899901b395132284b95caac77bd105eb776b8060b
                                                                                  • Opcode Fuzzy Hash: b4c8a1029c2b9b60bc67bfd5abbf64dcf4c4f06ae66df3cd6cbce50130d53ab4
                                                                                  • Instruction Fuzzy Hash: 99711936A14B9089FB10CF64E8803DE37B4F785B58F60522AEE8D53A99EF74C685C740
                                                                                  Function 000001EF426676B0 Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                  • String ID:
                                                                                  • API String ID: 118556049-0
                                                                                  • Opcode ID: 9bc6c6429cabcd1affeb2a27c9e1711bc252cbf5df559db7cd8085457a9f1b29
                                                                                  • Instruction ID: 96e2bf7dee8c3ce46d43e6071410976c21000b48edf4310c3eb60a7822feb097
                                                                                  • Opcode Fuzzy Hash: 9bc6c6429cabcd1affeb2a27c9e1711bc252cbf5df559db7cd8085457a9f1b29
                                                                                  • Instruction Fuzzy Hash: ED417A3A315AC481FA219B26E50439FA755F744FE4F984639DFAD07BCADE78C4428704
                                                                                  Function 000001EF4268BC80 Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                  • String ID:
                                                                                  • API String ID: 118556049-0
                                                                                  • Opcode ID: 07665e7a6b2e0f5531ac46c31e8bdd455e72424a19a62ead2351c6404ccb227c
                                                                                  • Instruction ID: bd171c5ddda9084fa670e7bf47d0ed09e03e9888b00f1dea48040efab5464a3d
                                                                                  • Opcode Fuzzy Hash: 07665e7a6b2e0f5531ac46c31e8bdd455e72424a19a62ead2351c6404ccb227c
                                                                                  • Instruction Fuzzy Hash: 43417A7A216AC491EA24DF66E4443AFA7A5B348FD0F6446399FAD83BD5DE38C0528340
                                                                                  Function 000001EF4264FC40 Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: __std_fs_directory_iterator_open
                                                                                  • String ID:
                                                                                  • API String ID: 4007087469-0
                                                                                  • Opcode ID: d5d61070a347b3db4bc21c26a85ede8feeb59c9fd738753003be38a1dc5db9ce
                                                                                  • Instruction ID: 1b17e0339daa232935af8bac0f9b2e4ac01a14f1aa31c1cd9acb43378bd352f8
                                                                                  • Opcode Fuzzy Hash: d5d61070a347b3db4bc21c26a85ede8feeb59c9fd738753003be38a1dc5db9ce
                                                                                  • Instruction Fuzzy Hash: A941DE7760068082FA209B19E9443EE6361E785BB4F14433DEEA8477E5EB78D6C28708
                                                                                  Function 000001EF426C4300 Relevance: 1.6, APIs: 1, Instructions: 105COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: af97434640a838a5f551ed2e2dfffd87e7f6ff24c5d315330158e50efae3ec73
                                                                                  • Instruction ID: ca6f230574e66c6e24df51c9de5dc311778cfe5eae719a62a20de01f5e04a527
                                                                                  • Opcode Fuzzy Hash: af97434640a838a5f551ed2e2dfffd87e7f6ff24c5d315330158e50efae3ec73
                                                                                  • Instruction Fuzzy Hash: 58417C3A60168087FA34EA1EE5403AF77A0E795F94F244239DE9A87BD9CB38D503C751
                                                                                  Function 000001EF42666D59 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c2f98ced947e42f5ca7f06e5c8da96ec71bcd600a08ec97d6e49f61e9ee54e5b
                                                                                  • Instruction ID: 72fb8ed6312884901302d17f478ec92f3c938f05d702a93426898d1c60d3295a
                                                                                  • Opcode Fuzzy Hash: c2f98ced947e42f5ca7f06e5c8da96ec71bcd600a08ec97d6e49f61e9ee54e5b
                                                                                  • Instruction Fuzzy Hash: 1731AE7A3056C085FE249B26F6043DEA252F748FE4F4806399E6D0BBD6DE3CC4828780
                                                                                  Function 000001EF426B3FF0 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                  • String ID:
                                                                                  • API String ID: 118556049-0
                                                                                  • Opcode ID: 0d49fec7d81e77aab1e78e694a4cd9ae16ab0192faee7a75efb097ea789b1b05
                                                                                  • Instruction ID: dd04148db7c87de296f116cd60259fcf5f87731ccdfe95fb644c94469cd3a3d7
                                                                                  • Opcode Fuzzy Hash: 0d49fec7d81e77aab1e78e694a4cd9ae16ab0192faee7a75efb097ea789b1b05
                                                                                  • Instruction Fuzzy Hash: 85317C7A311AD482FA24DF29E5543AFA7A1E748FD0F6046399FAD13BD9DE38C0428300
                                                                                  Function 000001EF42661A80 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                  • String ID:
                                                                                  • API String ID: 118556049-0
                                                                                  • Opcode ID: 3025b46c24a93013e538fddb28da000c2905704beb0d1b49e7d7ff912568d3be
                                                                                  • Instruction ID: 0293f403ad74749298d0ea19cb9f87ca546ae79536a70c2652e30972653f6dd0
                                                                                  • Opcode Fuzzy Hash: 3025b46c24a93013e538fddb28da000c2905704beb0d1b49e7d7ff912568d3be
                                                                                  • Instruction Fuzzy Hash: 5E21AC36601A8545FE19AB29E6103AE6251AB44FB4F2487399E7903BD6EE78C4D38780
                                                                                  Function 000001EF42677F50 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                  • String ID:
                                                                                  • API String ID: 118556049-0
                                                                                  • Opcode ID: 33d1243b47e31fda1100824291fa2a9e0f2f0b5e4c43bb09c7e53d13836181fa
                                                                                  • Instruction ID: 933a7bac0b0d5deedd9e2f7045573a29dacb2d8551deeaec4dcb4c60dee9c35d
                                                                                  • Opcode Fuzzy Hash: 33d1243b47e31fda1100824291fa2a9e0f2f0b5e4c43bb09c7e53d13836181fa
                                                                                  • Instruction Fuzzy Hash: 3B412876504B8086EB14CF25E45026E77B0F388F94F158629DE8D43395DF34C8A1C794
                                                                                  Function 000001EF426633FD Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                  • String ID:
                                                                                  • API String ID: 118556049-0
                                                                                  • Opcode ID: 6ffc1f0567cdfbdf7053bafaed729564ab40ea6a83b07c352937b0f8d08f14ca
                                                                                  • Instruction ID: 2d01dbc378d022722a2c92da8937f8f2f57b4e6df6c66c55291b3b2f023bc83f
                                                                                  • Opcode Fuzzy Hash: 6ffc1f0567cdfbdf7053bafaed729564ab40ea6a83b07c352937b0f8d08f14ca
                                                                                  • Instruction Fuzzy Hash: D721B23A3026C455FE1ADB29D5143EF9251AB00FE4F540A399E6E07FD6DE78C4938344
                                                                                  Function 000001EF426C5D98 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: 6f786347a37d4684b13f6cf6e78b2ce699f61a5fd7bf47ee94c93a2a041324e2
                                                                                  • Instruction ID: 26da4afc343df49d93f549bb4e3b24cea164bb9687361f72536051d50ba64740
                                                                                  • Opcode Fuzzy Hash: 6f786347a37d4684b13f6cf6e78b2ce699f61a5fd7bf47ee94c93a2a041324e2
                                                                                  • Instruction Fuzzy Hash: D331B47A2006808AF7116B5AD8813EE3A52AB8CFE1F55023DEE29073E2CB7885478751
                                                                                  Function 000001EF426E34AC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: 4f9b2f8469ee7c7c2fa910a4f0b010034c9d4173bbd88a1f33b49acec34b0f12
                                                                                  • Instruction ID: f8c3417f8f37ed14477742724cdeac445cc3bcba9f71ab1d4d3946517bf85bad
                                                                                  • Opcode Fuzzy Hash: 4f9b2f8469ee7c7c2fa910a4f0b010034c9d4173bbd88a1f33b49acec34b0f12
                                                                                  • Instruction Fuzzy Hash: 44216F36214AC087FB619F1DE4407BEB6A0E785F94F684238EE5E476D9DB39C8128B00
                                                                                  Function 000001EF426DE978 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: 071eab0d2ddb6d97d7b7232e2de0088f1d155ba52ad6f2216ba9fc5c62e5c193
                                                                                  • Instruction ID: 78b7e0f841e5b6a756a43ab6efc83d3b88a43eaf72ef980dcf4a727ada82329f
                                                                                  • Opcode Fuzzy Hash: 071eab0d2ddb6d97d7b7232e2de0088f1d155ba52ad6f2216ba9fc5c62e5c193
                                                                                  • Instruction Fuzzy Hash: DD11BE3A624AD481FA60AF51D4003EFA7A4BB85F80F54403AEE8947BD6DF7CC9038700
                                                                                  Function 00007FF64ABE9210 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2259434632.00007FF64ABA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF64ABA0000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2259410289.00007FF64ABA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259489107.00007FF64AC24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259621780.00007FF64AD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259662159.00007FF64AD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff64aba0000_bv2DbIiZeK.jbxd
                                                                                  Similarity
                                                                                  • API ID: InfoSystem
                                                                                  • String ID:
                                                                                  • API String ID: 31276548-0
                                                                                  • Opcode ID: 76df20d3830129ebccc759a6376518e9b168c08c4084b8211cca368eb6aac460
                                                                                  • Instruction ID: 667c524cfe2d269df8929288fe70108bc697775716f76a7461c0e58b12630aa1
                                                                                  • Opcode Fuzzy Hash: 76df20d3830129ebccc759a6376518e9b168c08c4084b8211cca368eb6aac460
                                                                                  • Instruction Fuzzy Hash: 44311D16E1CA81AAF312EFB894012F86371FF7530DF146365DEC962825EF7562D58350
                                                                                  Function 000001EF426A3EF0 Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: send
                                                                                  • String ID:
                                                                                  • API String ID: 2809346765-0
                                                                                  • Opcode ID: 4e306829149e169d4783c267f1d2206ea130793025a9a04d510cabbcf64490f0
                                                                                  • Instruction ID: 5484adf2d80c346d74816cfa999e7be73b5189fd5dbcd7ac42450607b7efae09
                                                                                  • Opcode Fuzzy Hash: 4e306829149e169d4783c267f1d2206ea130793025a9a04d510cabbcf64490f0
                                                                                  • Instruction Fuzzy Hash: 6501D635714AC482EB508F1AF94025AE3A0F789FD4F586174EF5D03B88EB28C8528700
                                                                                  Function 00007FF64ABE9550 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2259434632.00007FF64ABA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF64ABA0000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2259410289.00007FF64ABA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259489107.00007FF64AC24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259621780.00007FF64AD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259662159.00007FF64AD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff64aba0000_bv2DbIiZeK.jbxd
                                                                                  Similarity
                                                                                  • API ID: InfoSystem
                                                                                  • String ID:
                                                                                  • API String ID: 31276548-0
                                                                                  • Opcode ID: 83258455bf70b88076b5dafb5707af98eb42bdecddf7b753287fc6cf9babc9f9
                                                                                  • Instruction ID: c61b74da206d05b0efa4ace5726ee80834d837a2c8ab09ed33cbbd717cc4b860
                                                                                  • Opcode Fuzzy Hash: 83258455bf70b88076b5dafb5707af98eb42bdecddf7b753287fc6cf9babc9f9
                                                                                  • Instruction Fuzzy Hash: 36F04F35B1C6069BE748EF1EA80122977E2F798700F504279E98ED37A4DE7CE811CB40
                                                                                  Function 000001EF42657671 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FileFindNext
                                                                                  • String ID:
                                                                                  • API String ID: 2029273394-0
                                                                                  • Opcode ID: d66c6789144ba1e35efb442882a242fd38313b147d2b64ebd79fbcf9248c3a46
                                                                                  • Instruction ID: ab9252ad39f6d284e572942a13ff6078a5da86c6e0c268741a702af0f7b87a15
                                                                                  • Opcode Fuzzy Hash: d66c6789144ba1e35efb442882a242fd38313b147d2b64ebd79fbcf9248c3a46
                                                                                  • Instruction Fuzzy Hash: CB01FF3A218AC581EA71CB56F85439F6364F788B94F544076DE8D43B99DE38C987CB00
                                                                                  Function 000001EF426B7814 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: e3199247b15e626e1ff80a5878ee6ff274038b46c14856a595a092b0a0f0e46b
                                                                                  • Instruction ID: 88638e988d5993ece2c3e87f5fc03337d8be98c443cf3fd9e1ae955c1368c90f
                                                                                  • Opcode Fuzzy Hash: e3199247b15e626e1ff80a5878ee6ff274038b46c14856a595a092b0a0f0e46b
                                                                                  • Instruction Fuzzy Hash: CEE0223620168089FF222B78E1812AE65509B04FF0F204339BE38022C2DA2484918610
                                                                                  Function 000001EF426DB9F8 Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FileFindNext
                                                                                  • String ID:
                                                                                  • API String ID: 2029273394-0
                                                                                  • Opcode ID: 021893cd2ed339d1065ce6c5a318dc70dc0859a0caadd9e5077c2889b17622f9
                                                                                  • Instruction ID: 6f8953f3c453979ea19d2f6272dc55102e8160cf48ad8274a3bf2fe9c3d23e1e
                                                                                  • Opcode Fuzzy Hash: 021893cd2ed339d1065ce6c5a318dc70dc0859a0caadd9e5077c2889b17622f9
                                                                                  • Instruction Fuzzy Hash: 36C04C29F519C5C1FE5417639C8638B1194A744B40F9585788D1880194ED1C86A74611
                                                                                  Function 000001EF426DD520 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: InfoNativeSystem
                                                                                  • String ID:
                                                                                  • API String ID: 1721193555-0
                                                                                  • Opcode ID: 7625abf66e5e969e873e9ca9c619bb3736778813dbd6fa0c580d282ca7e19459
                                                                                  • Instruction ID: 3db699fcec3aa4c1acedf304e0d50d92a3651423ccf748e7217f4c56297688bd
                                                                                  • Opcode Fuzzy Hash: 7625abf66e5e969e873e9ca9c619bb3736778813dbd6fa0c580d282ca7e19459
                                                                                  • Instruction Fuzzy Hash: F3B0923AB288C0C3DA11EB04E84204A7331F794B08FD00060EA8D426A4EF2CCA2A8E00
                                                                                  Function 00007FF64ABE9F10 Relevance: 1.4, APIs: 1, Instructions: 100COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00007FF64ABE9550: GetSystemInfo.KERNEL32(?,?,?,?,?,?,00007FF64ABE9F34), ref: 00007FF64ABE9564
                                                                                  • InitializeCriticalSection.KERNEL32 ref: 00007FF64ABE9FE0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2259434632.00007FF64ABA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF64ABA0000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2259410289.00007FF64ABA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259489107.00007FF64AC24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259621780.00007FF64AD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259662159.00007FF64AD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff64aba0000_bv2DbIiZeK.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalInfoInitializeSectionSystem
                                                                                  • String ID:
                                                                                  • API String ID: 3396500325-0
                                                                                  • Opcode ID: 3c4ce3373927c8d3b37df18586ce10027d6ae3d6562ee6245d43f4ff5daa866a
                                                                                  • Instruction ID: 3a0470fa61d66f8849046ccd59bc3f88aeea286710cad559e6c435280059a910
                                                                                  • Opcode Fuzzy Hash: 3c4ce3373927c8d3b37df18586ce10027d6ae3d6562ee6245d43f4ff5daa866a
                                                                                  • Instruction Fuzzy Hash: A541E132A08B889AD710EF12E84065EBBF8FB68B90F558075DF9983B50DF38E590C740
                                                                                  Function 000001EF426C67A4 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocHeap
                                                                                  • String ID:
                                                                                  • API String ID: 4292702814-0
                                                                                  • Opcode ID: 63dca5d6534b0d653004b60d89eca86bfc1e356748a4aa90e791ce6c2ec14080
                                                                                  • Instruction ID: 81c5c8884b848cb751f39e15fb94781a0d1ee017ec1d7ae117e3618605bbf84e
                                                                                  • Opcode Fuzzy Hash: 63dca5d6534b0d653004b60d89eca86bfc1e356748a4aa90e791ce6c2ec14080
                                                                                  • Instruction Fuzzy Hash: 2DF01C3C31528549FF557BA7E9597EF61905B88FB0F180A3C9D2A856C1EE2CC4868278
                                                                                  Function 00007FF64ABF98EC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF64AC015B5,?,?,00000000,00007FF64AC07CC3,?,?,?,00007FF64AC05D03,?,?,?,00007FF64AC05BF9), ref: 00007FF64ABF992A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2259434632.00007FF64ABA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF64ABA0000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2259410289.00007FF64ABA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259489107.00007FF64AC24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259621780.00007FF64AD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2259662159.00007FF64AD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7ff64aba0000_bv2DbIiZeK.jbxd
                                                                                  Similarity
                                                                                  • API ID: AllocHeap
                                                                                  • String ID:
                                                                                  • API String ID: 4292702814-0
                                                                                  • Opcode ID: 52841ac695254bd62c098478f830f14578a06dba53232b58a06de83c9125a133
                                                                                  • Instruction ID: 382bbcc5266439a783b7291b84e87d32bbc7f29febd90384eb6e41ae6e027513
                                                                                  • Opcode Fuzzy Hash: 52841ac695254bd62c098478f830f14578a06dba53232b58a06de83c9125a133
                                                                                  • Instruction Fuzzy Hash: 8CF08229F0D24761FE547FB1580167612D14FC6764F2D87B8ED2EC5AC1DD2CE4918510

                                                                                  Non-executed Functions

                                                                                  Function 000001EF4266FDF9 Relevance: 33.0, APIs: 3, Strings: 15, Instructions: 1494COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                  • String ID: "$#base$#include$*$/$No closed word$Unexpected eof$conditional not closed$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
                                                                                  • API String ID: 118556049-2258937249
                                                                                  • Opcode ID: 58a3558c2c3b379805bf7133b7470032faa49e9206985f15e4bb9f31b590badb
                                                                                  • Instruction ID: 738b3fb95e6bf059345d7f35aa15bd94189eddf80032d137073366f7c8861e67
                                                                                  • Opcode Fuzzy Hash: 58a3558c2c3b379805bf7133b7470032faa49e9206985f15e4bb9f31b590badb
                                                                                  • Instruction Fuzzy Hash: F6E27C7A211BC485FB618F64E8A03EE2761F784B98F54513ADE4D0BADADF74C686C310
                                                                                  Function 000001EF4266E419 Relevance: 33.0, APIs: 3, Strings: 15, Instructions: 1482COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 000001EF4266FA01
                                                                                    • Part of subcall function 000001EF4264D510: __std_exception_copy.LIBVCRUNTIME ref: 000001EF4264D553
                                                                                    • Part of subcall function 000001EF426D7DB4: RtlPcToFileHeader.KERNEL32 ref: 000001EF426D7DF8
                                                                                    • Part of subcall function 000001EF426D7DB4: RaiseException.KERNEL32 ref: 000001EF426D7E3E
                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 000001EF4266FAC2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task$ExceptionFileHeaderRaise__std_exception_copy
                                                                                  • String ID: "$#base$#include$*$/$No closed word$Unexpected eof$conditional not closed$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
                                                                                  • API String ID: 145623376-2258937249
                                                                                  • Opcode ID: f6064e601807928457050d91c793c3153c63724479d8175912c5726d00273771
                                                                                  • Instruction ID: da53e30491a15d51631e76d3a1f5194074d04282e907f43e97cb043083e77d14
                                                                                  • Opcode Fuzzy Hash: f6064e601807928457050d91c793c3153c63724479d8175912c5726d00273771
                                                                                  • Instruction Fuzzy Hash: 68E27A7A211AC485FB618F24D8943EE2761F744B98F54913ADE4E0BBDADF78C686C700
                                                                                  Function 000001EF42626480 Relevance: 30.2, Strings: 24, Instructions: 244COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                  • String ID: BOOTNXT$autorun.inf$boot.ini$boot.sdi$bootfont.bin$bootmgfw.efi$bootmgr$bootsect.bak$bootstat.dat$d3d9caps.dat$desktop.ini$gdipfontcachev1.dat$iconcache.db$indexervolumeguid$mib.bin$ntldr$ntuser.dat$ntuser.dat.log$ntuser.ini$reagent.xml$thumbs.db$winre.wim$winsipolicy.p7b$wpsettings.dat
                                                                                  • API String ID: 118556049-850610325
                                                                                  • Opcode ID: a96eecc44e3043773db0e883680fe3aa9f097c62710d358845abfe4b3a443794
                                                                                  • Instruction ID: 3191b0f1805921011860bd1ec0124b6e9fbd6e35e38b8909a883aa6a370b45f7
                                                                                  • Opcode Fuzzy Hash: a96eecc44e3043773db0e883680fe3aa9f097c62710d358845abfe4b3a443794
                                                                                  • Instruction Fuzzy Hash: 3DC15962D60FC984F711DB35D8813EA5361F7EA788F60732A7D4865896EFA4A3C5C340
                                                                                  Function 000001EF426AD700 Relevance: 28.0, APIs: 18, Instructions: 1017stringmemorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: lstrcpy$lstrcat$AllocateInitLockMemoryObjectStringUnicodeVirtual$AcquireEnumerateFolderFreeInitializeKnownLoadedModulesPathReleaseTaskUninitialize
                                                                                  • String ID:
                                                                                  • API String ID: 1424456515-0
                                                                                  • Opcode ID: ea73c30954d403e34ac70ea67aa3b4d3b5d5fb510e36861fe33fa665d0e938bd
                                                                                  • Instruction ID: ca196d390cec9c391a177fa4e3f3ba2e3589585d71455dce661bf4383be5b0c7
                                                                                  • Opcode Fuzzy Hash: ea73c30954d403e34ac70ea67aa3b4d3b5d5fb510e36861fe33fa665d0e938bd
                                                                                  • Instruction Fuzzy Hash: C2D28736626FC48AD7918F69E88169EB3B5F788B88F105225EECD57B18EF38C154C740
                                                                                  Function 000001EF4268F820 Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 307memorycomCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: String$Free$Byte$AllocInitialize$BlanketCreateInstanceProxySecurity
                                                                                  • String ID: @
                                                                                  • API String ID: 2330523681-2766056989
                                                                                  • Opcode ID: 1db70e437ea9ee0464da4793389cb47279f1e71db4886dc3a598569a752e6ed2
                                                                                  • Instruction ID: ee0ecd0326dd1326cb94b2ecd9a30d4d258ce3eb56794c5c534622299a73bbac
                                                                                  • Opcode Fuzzy Hash: 1db70e437ea9ee0464da4793389cb47279f1e71db4886dc3a598569a752e6ed2
                                                                                  • Instruction Fuzzy Hash: 3ED1BE36B05BC4CAFB10CB78D4543EE3361E788B98F505639DE8956AD9EF78C2868344
                                                                                  Function 000001EF426ACFC0 Relevance: 24.9, APIs: 11, Strings: 3, Instructions: 362nativelibraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Handle$CriticalQuerySection$CloseEnterInformationObjectProcessSystem$AddressCurrentDuplicateFinalLeaveModuleNameOpenPathProc
                                                                                  • String ID: File$NtDuplicateObject$ntdll.dll
                                                                                  • API String ID: 3804586167-3955674919
                                                                                  • Opcode ID: f61ad2c00416eed5c60c93bd95c0dce48377e2600a33d0f22673fd06890ece10
                                                                                  • Instruction ID: 13b66339187fbbbafa8fe67fe8289bae7c1062076b5b09dd89f6e48e425ff8cc
                                                                                  • Opcode Fuzzy Hash: f61ad2c00416eed5c60c93bd95c0dce48377e2600a33d0f22673fd06890ece10
                                                                                  • Instruction Fuzzy Hash: 5EE1A97A700AC49AFB009FA5D4543EE27A2E746F98F408639DE0967BD9DF78C646C340
                                                                                  Function 000001EF426D0824 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1203COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                  • API String ID: 808467561-2761157908
                                                                                  • Opcode ID: bca501f0276f1f21e044aa22766a38d9c99c6cb97f7169fb83df60f8e3093b38
                                                                                  • Instruction ID: 4abf4450d1b8542eba7b936586ee1d572ee1c17addf78bed1a8ebb5108cb0622
                                                                                  • Opcode Fuzzy Hash: bca501f0276f1f21e044aa22766a38d9c99c6cb97f7169fb83df60f8e3093b38
                                                                                  • Instruction Fuzzy Hash: E2B2D07A6242C88BF7648F64E540BEE36A1F354B88F545239DE0667AC8DF759A02CF40
                                                                                  Function 000001EF426A3F80 Relevance: 15.1, APIs: 3, Strings: 4, Instructions: 2816COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                  • String ID: cannot compare iterators of different containers$cannot use push_back() with $type must be string, but is $value
                                                                                  • API String ID: 118556049-2711811579
                                                                                  • Opcode ID: 22963e1c6cf2544b8d36aa68d2758a64090c939b73b6c3e1ad298cf801232d9c
                                                                                  • Instruction ID: 54e2f6e289ec44ce8bd63eafb801f93cb7734bbe77568764970507f466747163
                                                                                  • Opcode Fuzzy Hash: 22963e1c6cf2544b8d36aa68d2758a64090c939b73b6c3e1ad298cf801232d9c
                                                                                  • Instruction Fuzzy Hash: 3E632536611BC489EB309F24D8503DE23A5F786B98F505239DE9D4BADAEF74C286C740
                                                                                  Function 000001EF4267FD8E Relevance: 14.8, APIs: 3, Strings: 5, Instructions: 751COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ByteCharMultiWide$ErrorLast__std_fs_convert_wide_to_narrow$ApisFile__std_fs_code_page
                                                                                  • String ID: --key "$" --type $APPB:$cmd /c ""$ios_base::badbit set
                                                                                  • API String ID: 287866882-2970029062
                                                                                  • Opcode ID: 0e185fdc0ca352c8544cd7e25cf47172860859828b33a723c2968b85eab0fd5c
                                                                                  • Instruction ID: 49d83f513d6a5a632ea402a5faa5e9a957a7720bb8daa0d7e868666e7a9c97f9
                                                                                  • Opcode Fuzzy Hash: 0e185fdc0ca352c8544cd7e25cf47172860859828b33a723c2968b85eab0fd5c
                                                                                  • Instruction Fuzzy Hash: 31829D76611BC489FB218F38D8853EE2761F795B98F505739DE9C06AEAEF748285C300
                                                                                  Function 000001EF426ADA50 Relevance: 12.8, APIs: 8, Instructions: 839stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: lstrcatlstrcpy$Object$AcquireAllocateInitializeLockMemoryUninitializeVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 3636535045-0
                                                                                  • Opcode ID: fcf151b66219aa466957ea95fe0a176f0c178864ee902ae7033e3034f4373440
                                                                                  • Instruction ID: 7e1284a3da535791edd2d0f36d835724941af4a46b751ce22add3072c9bfbada
                                                                                  • Opcode Fuzzy Hash: fcf151b66219aa466957ea95fe0a176f0c178864ee902ae7033e3034f4373440
                                                                                  • Instruction Fuzzy Hash: 29B2683662AFC48AD7A18F69E88169AB3A4F789784F106215FFCD57B18EF38C154C740
                                                                                  Function 000001EF42651D4E Relevance: 11.3, APIs: 1, Strings: 5, Instructions: 804COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: content$directory_iterator::directory_iterator$exists$filename$status
                                                                                  • API String ID: 0-3429737954
                                                                                  • Opcode ID: efe2b1850f0c2f317920522a4dc391dcc26c069b87216b79c50daa9fcbef6238
                                                                                  • Instruction ID: e0421111fc334a9fb18b6ff775e529fb15be7d0c23482c1cf2dd966216201fb9
                                                                                  • Opcode Fuzzy Hash: efe2b1850f0c2f317920522a4dc391dcc26c069b87216b79c50daa9fcbef6238
                                                                                  • Instruction Fuzzy Hash: A0825936611BC489FB208F25E8943DE2361F785B98F545239EE8D47BE9EF24C686C740
                                                                                  Function 000001EF426CFB7C Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                  • String ID:
                                                                                  • API String ID: 2591520935-0
                                                                                  • Opcode ID: 4295e4083413dad5808854ef18516a2368b6283cff0b42a770a4a29eef910232
                                                                                  • Instruction ID: eaf7492a414a433003a7dd0c39a1301c88997b6f66e698716f48fd5bda2a2448
                                                                                  • Opcode Fuzzy Hash: 4295e4083413dad5808854ef18516a2368b6283cff0b42a770a4a29eef910232
                                                                                  • Instruction Fuzzy Hash: C6715B3A7006948AFF50AF6AD8507EE33B4BB48F84F44403E8E1A576D5EBB8D946C750
                                                                                  Function 000001EF42685220 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 408COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: __std_exception_destroy
                                                                                  • String ID: value
                                                                                  • API String ID: 2453523683-494360628
                                                                                  • Opcode ID: 277beaf352b31b4d0d3d828c02e60a3fce9f26938f758eb894fda72d55532b21
                                                                                  • Instruction ID: 25690cfc0e1e9b1459842f8527cb6759df45a58a7bfd93215fa89f3966da152f
                                                                                  • Opcode Fuzzy Hash: 277beaf352b31b4d0d3d828c02e60a3fce9f26938f758eb894fda72d55532b21
                                                                                  • Instruction Fuzzy Hash: E9028F36625BC485FB00CB78D4403DE6761F795BA4F50523AFE9D52AEADF68C186C700
                                                                                  Function 000001EF4265AE00 Relevance: 8.4, Strings: 6, Instructions: 913COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: content$directory_iterator::directory_iterator$exists$filename$files$key
                                                                                  • API String ID: 0-2980817763
                                                                                  • Opcode ID: 41a8fa66e4abc17a954fa07cc38f8ac1cafb1bb88dcdb28945a4642fabc61d7a
                                                                                  • Instruction ID: f70f1ec79b5b882a89f95c9c2fd6cb962f96d453dcb6bbe2a0aef482f8b0dbff
                                                                                  • Opcode Fuzzy Hash: 41a8fa66e4abc17a954fa07cc38f8ac1cafb1bb88dcdb28945a4642fabc61d7a
                                                                                  • Instruction Fuzzy Hash: 75A26E76615BC489EB218F24E8803DE73A5F789BA8F505229EE9C07BD9DF74C285C740
                                                                                  Function 000001EF426BB7B0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: memcpy_s
                                                                                  • String ID:
                                                                                  • API String ID: 1502251526-3916222277
                                                                                  • Opcode ID: 1b748593274e8ddd9ac1e908b2a22b3d8043b10f383cd2471e7c6bd1e5b959b4
                                                                                  • Instruction ID: 9d5adaa54e2690338b274642db5e87e49e2c2e6c581e7171550ae7f1825bc8b3
                                                                                  • Opcode Fuzzy Hash: 1b748593274e8ddd9ac1e908b2a22b3d8043b10f383cd2471e7c6bd1e5b959b4
                                                                                  • Instruction Fuzzy Hash: 79C1B3766156D587EB64CF19E088BAEBB95F388B84F449139DF4643B84DB38D906CB00
                                                                                  Function 000001EF42659A59 Relevance: 7.3, Strings: 5, Instructions: 1060COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: __std_fs_convert_wide_to_narrow$__std_fs_code_page
                                                                                  • String ID: !$content$filename$status$users
                                                                                  • API String ID: 3645842244-3795777748
                                                                                  • Opcode ID: 043453ad068da4fa2b6b7bc3aa422420dcdff17dc65a30ae333cf116283caa64
                                                                                  • Instruction ID: 77d7d47e3fd171608feeafa7bf67c8c2ef687e5325844ccc1cc5747a29444d99
                                                                                  • Opcode Fuzzy Hash: 043453ad068da4fa2b6b7bc3aa422420dcdff17dc65a30ae333cf116283caa64
                                                                                  • Instruction Fuzzy Hash: E5B26976211BC489FB219F24E8903DE2365F785B88F405239EE9D4BADAEF64C685C740
                                                                                  Function 000001EF426DDC60 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 000001EF426DDCE3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                  • API String ID: 389471666-631824599
                                                                                  • Opcode ID: 5c7395dc388ac93676d6db0d40de6010577d7fa9f7f31d3abeba2b9718ad71c6
                                                                                  • Instruction ID: c480994263f888f0cc7e5f42e0b4626db8933505b99453af4362b3522ab44438
                                                                                  • Opcode Fuzzy Hash: 5c7395dc388ac93676d6db0d40de6010577d7fa9f7f31d3abeba2b9718ad71c6
                                                                                  • Instruction Fuzzy Hash: 9A114C3A310B8496FB049B22E6543EE32A4FB08B44F804139CE4982AD1EF78D5B6C750
                                                                                  Function 000001EF42693670 Relevance: 6.9, Strings: 5, Instructions: 630COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: or more] $[default: $[nargs: $[nargs=$[required]
                                                                                  • API String ID: 0-2670406794
                                                                                  • Opcode ID: f5dea1e844c0fb500a72ac8b4ec5dd80bf6984e65d7b1b4015866c2c26992c97
                                                                                  • Instruction ID: a796325baa0d9b2e01a803368ddcaa52838951afe96a761154994c9f446fec9a
                                                                                  • Opcode Fuzzy Hash: f5dea1e844c0fb500a72ac8b4ec5dd80bf6984e65d7b1b4015866c2c26992c97
                                                                                  • Instruction Fuzzy Hash: FF526C7A610BC081FB14CB69E4843DEA761E785BA4F50423AEE9D07BE9DF38C596C740
                                                                                  Function 000001EF426BFBD0 Relevance: 6.1, APIs: 4, Instructions: 81memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Virtual$AllocInfoProtectQuerySystem
                                                                                  • String ID:
                                                                                  • API String ID: 3562403962-0
                                                                                  • Opcode ID: d8d05873cc0ad23a6227d848cec7d083f47c87653e05dd80255be0592c12f254
                                                                                  • Instruction ID: 31b5080de495ec02d928fa02d3e47256cb744f1378929ab4ab8496612fe80c9e
                                                                                  • Opcode Fuzzy Hash: d8d05873cc0ad23a6227d848cec7d083f47c87653e05dd80255be0592c12f254
                                                                                  • Instruction Fuzzy Hash: A9315A36310A948AEB10DF35D8807DE37A5F748B88F44403AAE0E8BB98DF78D646C740
                                                                                  Function 000001EF426D5CD8 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                  • String ID:
                                                                                  • API String ID: 2933794660-0
                                                                                  • Opcode ID: 2ac89b5fea08dda77e100734bc6dd1b2318c7a5e5bcdef592d09e1a64040e310
                                                                                  • Instruction ID: 5e12c1a1dbd245aadc26c5b8e55ae9c35f535de36d2e4e8f3e0fdec95f08af00
                                                                                  • Opcode Fuzzy Hash: 2ac89b5fea08dda77e100734bc6dd1b2318c7a5e5bcdef592d09e1a64040e310
                                                                                  • Instruction Fuzzy Hash: 2B11183A710F458AFF00CB60E8553AD33A4F359B58F451A39EE6D467A4EB78C6958380
                                                                                  Function 000001EF42697C20 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 416COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExecuteFileModuleNameShell
                                                                                  • String ID: --type
                                                                                  • API String ID: 1703432166-2654721227
                                                                                  • Opcode ID: 7c7f5049880875eb2292e0007a315c7042f1ae5c29f078fb8ba1c90f8d69b7af
                                                                                  • Instruction ID: 786e1c99e0c15b67cb62131c2574035f5e8f410140d499bf61d25d0629c73ad0
                                                                                  • Opcode Fuzzy Hash: 7c7f5049880875eb2292e0007a315c7042f1ae5c29f078fb8ba1c90f8d69b7af
                                                                                  • Instruction Fuzzy Hash: 88223D36625FC48AEB408F29E88169EB3A4F388B94F505229FEDD57B58EF38C155C740
                                                                                  Function 000001EF42689600 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 363COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: __std_exception_copy
                                                                                  • String ID: parse_error$value
                                                                                  • API String ID: 592178966-1739288027
                                                                                  • Opcode ID: de7e5360d9ace201dbf201bebf4f21a68ae465562baf7a623104fd948dd83d75
                                                                                  • Instruction ID: 10b332079b37501c84c63a6fddb6d50c4dfd995c738a45f66e24952301bf2df0
                                                                                  • Opcode Fuzzy Hash: de7e5360d9ace201dbf201bebf4f21a68ae465562baf7a623104fd948dd83d75
                                                                                  • Instruction Fuzzy Hash: E3F1BC36B11AC495FB00DB74E4513EE2321E795B98F80563AEE5D57ADAEF38C286C340
                                                                                  Function 000001EF4265BEE0 Relevance: 5.6, Strings: 4, Instructions: 608COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: content$directory_iterator::directory_iterator$exists$filename
                                                                                  • API String ID: 0-1400943384
                                                                                  • Opcode ID: 54189642c5f67997f9ac76bf0833c963489e2676de0e34a0e0da73980b7821e8
                                                                                  • Instruction ID: 07c162680ae1c431208b1106e7dd9c13513bbeeffca36472eaa684ece930382a
                                                                                  • Opcode Fuzzy Hash: 54189642c5f67997f9ac76bf0833c963489e2676de0e34a0e0da73980b7821e8
                                                                                  • Instruction Fuzzy Hash: 15524A76615BC489FB208F28E8803DE73A1F789B98F505229DE9D07BA9DF74C685C740
                                                                                  Function 000001EF426C9EBC Relevance: 5.5, APIs: 3, Instructions: 1005COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 1286766494-0
                                                                                  • Opcode ID: 20148c59f3cedddde97dec1afec30bde424f88cecf64a6ad21c9f4eb1ed6792b
                                                                                  • Instruction ID: b9e8c9038110d7e514031bf7d5d3d48dbbc06fc4d8f0ba3f30ad1a4271a3a3db
                                                                                  • Opcode Fuzzy Hash: 20148c59f3cedddde97dec1afec30bde424f88cecf64a6ad21c9f4eb1ed6792b
                                                                                  • Instruction Fuzzy Hash: 66928C3A2046D086FB24AF2AD5542AF37A5F755B98F148139EE8A07BD9DB39CD02C740
                                                                                  Function 000001EF426948A0 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                  • String ID: --help$--version$prints version information and exits$shows help message and exits
                                                                                  • API String ID: 118556049-1172229024
                                                                                  • Opcode ID: 84151ff836e306b6faffd43eb2c63fa74719e0d000bf09be06ef8349b6f5a6ae
                                                                                  • Instruction ID: ace840316ce424498421efe193656d3e6c65641e22c3198c7aa4433db18151a5
                                                                                  • Opcode Fuzzy Hash: 84151ff836e306b6faffd43eb2c63fa74719e0d000bf09be06ef8349b6f5a6ae
                                                                                  • Instruction Fuzzy Hash: F9226736614BC085E710CF24E8907DE77A4F798B48F549229DE8C137A9EF78C69AC740
                                                                                  Function 000001EF426DB634 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FormatInfoLocaleMessage
                                                                                  • String ID: !x-sys-default-locale
                                                                                  • API String ID: 4235545615-2729719199
                                                                                  • Opcode ID: 524e3a65a531c01bd4bfd41e549e365538079e1841d07b699c799e17f4840897
                                                                                  • Instruction ID: af752e0fff58825949c2b14aefb29e0a247199d952dcdf8c2ce20be6c264edff
                                                                                  • Opcode Fuzzy Hash: 524e3a65a531c01bd4bfd41e549e365538079e1841d07b699c799e17f4840897
                                                                                  • Instruction Fuzzy Hash: 62015E7A7147C482FB608B11F4447AEB7A6F389B94F944139EE5942BD8CB3CC546C700
                                                                                  Function 000001EF42690616 Relevance: 4.1, Strings: 3, Instructions: 329COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: TCnS9XVWWhc=$port$zMut1x64mp6RhEXWERGBS8enkn7eRQxOHwdmjOSv4uo=
                                                                                  • API String ID: 0-365269082
                                                                                  • Opcode ID: e29de248f7c1958537b5f32c851dcc3b5171874ead154d5cc5a2e110e1360e03
                                                                                  • Instruction ID: 5203488531c5f0d54688d4c1a39113389d8553a5bc940b30f3e288e2a93489b3
                                                                                  • Opcode Fuzzy Hash: e29de248f7c1958537b5f32c851dcc3b5171874ead154d5cc5a2e110e1360e03
                                                                                  • Instruction Fuzzy Hash: 62E1AF76614BC481FB10CB68E4403DEA361F795B94F505239EE9D13AEAEF78C286CB40
                                                                                  Function 000001EF42657ED0 Relevance: 3.9, Strings: 2, Instructions: 1358COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Software$exists
                                                                                  • API String ID: 0-2364128853
                                                                                  • Opcode ID: 77dd246d953cc4255eb42fbb08d6393ffa51a5468697cc410eb9a39d7fbeed09
                                                                                  • Instruction ID: c1f82d5e04139b820afaac5add5d03f114647661c2a0ec556069a624cf2fd210
                                                                                  • Opcode Fuzzy Hash: 77dd246d953cc4255eb42fbb08d6393ffa51a5468697cc410eb9a39d7fbeed09
                                                                                  • Instruction Fuzzy Hash: ABE26976611BC48AFB208F29E8843DE6360F799B98F105629EE9C57BD9DF74C681C340
                                                                                  Function 000001EF426C4A5C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: InfoLocale
                                                                                  • String ID: GetLocaleInfoEx
                                                                                  • API String ID: 2299586839-2904428671
                                                                                  • Opcode ID: 48c8ba2ab909c589d8f3a54eaaeee6d023891dddf4428f91815a6c587b1413cc
                                                                                  • Instruction ID: 3d8e8d72e257eefa9e045d502c3a4e5ff10e03197b8f30dbde9b34639370bfb8
                                                                                  • Opcode Fuzzy Hash: 48c8ba2ab909c589d8f3a54eaaeee6d023891dddf4428f91815a6c587b1413cc
                                                                                  • Instruction Fuzzy Hash: FC018F79704AC485FB449B96F4002CFA661F788FC0F594039AE1907BE9DE38CA428380
                                                                                  Function 000001EF4266C4E0 Relevance: 3.3, APIs: 2, Instructions: 257COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3815ae4b980ca2ca5b80eda8ab2ad6c9c07865e2a1e5498f8d55100df03d905e
                                                                                  • Instruction ID: 086b0deee200ed683ff4ae2d9442677db9aadc4656b7fc2ad75799c13bbac4be
                                                                                  • Opcode Fuzzy Hash: 3815ae4b980ca2ca5b80eda8ab2ad6c9c07865e2a1e5498f8d55100df03d905e
                                                                                  • Instruction Fuzzy Hash: CD917DBA211BC882EE14CB15E9542AE67A5F798FC0F54803AEE8D477A5EF38C552C700
                                                                                  Function 000001EF426C85DC Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExceptionRaise_clrfp
                                                                                  • String ID:
                                                                                  • API String ID: 15204871-0
                                                                                  • Opcode ID: d3f8887b7b8b3517747a6c22ca831dda960a01a1d0f15fe4b7d9d18be4f800f7
                                                                                  • Instruction ID: 5918954476e7445be677b134f43162eb0f2390a5b638a484911cad50ff31543a
                                                                                  • Opcode Fuzzy Hash: d3f8887b7b8b3517747a6c22ca831dda960a01a1d0f15fe4b7d9d18be4f800f7
                                                                                  • Instruction Fuzzy Hash: 13B1E57B611B848AFB669F2EC88639D77A0F344F88F158925DE5D87BA4CB39C452C700
                                                                                  Function 000001EF42657C80 Relevance: 3.1, APIs: 2, Instructions: 145encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CryptDataFreeLocalUnprotect
                                                                                  • String ID:
                                                                                  • API String ID: 1561624719-0
                                                                                  • Opcode ID: bf70f901019ba12ee939ceb6f6214486e9ba4c8e66f2e252ede663adaf65882e
                                                                                  • Instruction ID: 33ebf2a561503d7ac9d67cea6d497681caf971fff57284edbcf2fa410f8024d3
                                                                                  • Opcode Fuzzy Hash: bf70f901019ba12ee939ceb6f6214486e9ba4c8e66f2e252ede663adaf65882e
                                                                                  • Instruction Fuzzy Hash: 3B616B36B14B809AFB10DF74E4543DE73A1E759B8CF008239EE8916ECADB78C5A58344
                                                                                  Function 000001EF426518F0 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalEnterSection
                                                                                  • String ID: dumps$emoji
                                                                                  • API String ID: 1904992153-2873254224
                                                                                  • Opcode ID: af5e00edc683e798e95ca524ca1326853961cc7b661e75e6756fbd160508775d
                                                                                  • Instruction ID: 61b6d09c2b521d55ec73820e483e6df37dbf9bd3fad9ee57f138d2beb869e837
                                                                                  • Opcode Fuzzy Hash: af5e00edc683e798e95ca524ca1326853961cc7b661e75e6756fbd160508775d
                                                                                  • Instruction Fuzzy Hash: 7EC13C3AA01B84C9F700CF75E9812DE37B1E759B88F415269EE5C27B99EB34D1A2C344
                                                                                  Function 000001EF426C6FDC Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: e+000$gfff
                                                                                  • API String ID: 0-3030954782
                                                                                  • Opcode ID: 16b9f135646a10dd93220f541999e2ea7f0cca35493ca8ef993a0cfef2357b1c
                                                                                  • Instruction ID: 28e857bce2f1c0981dc8c928d697e72796d3a4d0a251c4830da131afd0d04f42
                                                                                  • Opcode Fuzzy Hash: 16b9f135646a10dd93220f541999e2ea7f0cca35493ca8ef993a0cfef2357b1c
                                                                                  • Instruction Fuzzy Hash: 1A51577A7142D486F7259E3AD80079E7B95E345FA4F08C279CFA487BC5CB39C0468700
                                                                                  Function 000001EF42676F70 Relevance: 2.0, APIs: 1, Instructions: 460COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                  • String ID:
                                                                                  • API String ID: 118556049-0
                                                                                  • Opcode ID: 2858a2d810c5d16a038b0b23ead3b7fce177ee4bf59ab96235eb13276e614d25
                                                                                  • Instruction ID: 7cbf8df01cbdc74d6aacd2c9f84d1dcd15205f98fb43d5d3043d6e4864e0d999
                                                                                  • Opcode Fuzzy Hash: 2858a2d810c5d16a038b0b23ead3b7fce177ee4bf59ab96235eb13276e614d25
                                                                                  • Instruction Fuzzy Hash: AA02887A711BC485FB11CB65E4603DE63A1E788B98F14823ADEAD177D9DE34C492C380
                                                                                  Function 000001EF42696720 Relevance: 1.8, Strings: 1, Instructions: 506COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: -
                                                                                  • API String ID: 0-2547889144
                                                                                  • Opcode ID: bd11874fdc59d20925f1fc9654754cb7ab8c786ee38e3396a588a28a7654fc18
                                                                                  • Instruction ID: e0db24f6bfd91460b5ba1f45cc3d27ee55b94d1f24c55aab115cd0dd67814647
                                                                                  • Opcode Fuzzy Hash: bd11874fdc59d20925f1fc9654754cb7ab8c786ee38e3396a588a28a7654fc18
                                                                                  • Instruction Fuzzy Hash: 9522333A614BD086EB10CF29E8403DE67A5F749B98F54462AEE9D17BD9EF34C592C300
                                                                                  Function 000001EF42698980 Relevance: 1.7, Strings: 1, Instructions: 499COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: %
                                                                                  • API String ID: 0-2567322570
                                                                                  • Opcode ID: d55b036532c891ca09a3deb474e2cf5785d2ffa3857ba137405e233f12dac90c
                                                                                  • Instruction ID: a5304ed6728025b1339184c72df0c21e43a538d8e060cacc567780541a94eef3
                                                                                  • Opcode Fuzzy Hash: d55b036532c891ca09a3deb474e2cf5785d2ffa3857ba137405e233f12dac90c
                                                                                  • Instruction Fuzzy Hash: D412F036714AC48AFB258B69D4503EE77A1EB54B88F44413AEE4D27BC9DF38C546C740
                                                                                  Function 000001EF4268DBD0 Relevance: 1.7, APIs: 1, Instructions: 231COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                  • String ID:
                                                                                  • API String ID: 118556049-0
                                                                                  • Opcode ID: ce6420c4d04a0fe96625aeb9a715c5e061a1ef034888a1cb16f3a0d50e60645b
                                                                                  • Instruction ID: 52cb44c2e823b25cad25fba093b572c0b10fe04d09b45f8a0c9273d982aec06a
                                                                                  • Opcode Fuzzy Hash: ce6420c4d04a0fe96625aeb9a715c5e061a1ef034888a1cb16f3a0d50e60645b
                                                                                  • Instruction Fuzzy Hash: 35A15836616B9889FB00CBB9D4843ED3770F359B48F54852ADF8997B99DB38C192C390
                                                                                  Function 000001EF4268D590 Relevance: 1.7, APIs: 1, Instructions: 221COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                  • String ID:
                                                                                  • API String ID: 118556049-0
                                                                                  • Opcode ID: befd39ce9c16a882e63783290c6ed6883a33189ba1b74a57d8bcd32ab303fc76
                                                                                  • Instruction ID: af04f2e68f383d90f91b5902eb4432b1ca8493997e6d519f1c21fb617785f614
                                                                                  • Opcode Fuzzy Hash: befd39ce9c16a882e63783290c6ed6883a33189ba1b74a57d8bcd32ab303fc76
                                                                                  • Instruction Fuzzy Hash: C1A15676616B9889FB00CBB9D4803ED27B0F359B48F54852ADF8D97B99DB38C092C350
                                                                                  Function 000001EF4268D8B0 Relevance: 1.7, APIs: 1, Instructions: 221COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                  • String ID:
                                                                                  • API String ID: 118556049-0
                                                                                  • Opcode ID: 3385634120feb312b940f20433d6ccba510a8324adb36212ce1dd2450b4516d7
                                                                                  • Instruction ID: e917815de94af7f288bce2673ebc32123005003aa8546c44e646e0f469390c74
                                                                                  • Opcode Fuzzy Hash: 3385634120feb312b940f20433d6ccba510a8324adb36212ce1dd2450b4516d7
                                                                                  • Instruction Fuzzy Hash: 0EA15576616B9889FB00CBB9D4803ED77B0F359B48F54852ACF8997B99DB38C192C350
                                                                                  Function 000001EF4268D260 Relevance: 1.7, APIs: 1, Instructions: 220COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                  • String ID:
                                                                                  • API String ID: 118556049-0
                                                                                  • Opcode ID: 6984bc12ee70109b5625062afeaa56f6819c6c30e71561ed82d7f8c24550cf89
                                                                                  • Instruction ID: 738b6ab616f543cab96a454ebd441503f296860fdee699bb2899fb673dab2a3f
                                                                                  • Opcode Fuzzy Hash: 6984bc12ee70109b5625062afeaa56f6819c6c30e71561ed82d7f8c24550cf89
                                                                                  • Instruction Fuzzy Hash: 5EA18836616B9889FB00CBB9E4803ED27B1F359B48F54812ADF8D97B95DB38D092C350
                                                                                  Function 000001EF4268CF60 Relevance: 1.7, APIs: 1, Instructions: 214COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                  • String ID:
                                                                                  • API String ID: 118556049-0
                                                                                  • Opcode ID: 4b656beb08595d991fb0336bbc2fb804b8bf5e509da0a7c9515e73fa1bbb1177
                                                                                  • Instruction ID: c7f625eb270a9f4182573a9639856fa532c599cbfcb28a0e1b55ed7c54ee89ee
                                                                                  • Opcode Fuzzy Hash: 4b656beb08595d991fb0336bbc2fb804b8bf5e509da0a7c9515e73fa1bbb1177
                                                                                  • Instruction Fuzzy Hash: D8A18776702B9889FB01CBB9D4903ED27B0F759B48F54842ACF8997B99DB38C096C350
                                                                                  Function 000001EF4268DF00 Relevance: 1.7, APIs: 1, Instructions: 210COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                  • String ID:
                                                                                  • API String ID: 118556049-0
                                                                                  • Opcode ID: c063662b0a8d01b3703fcb861c1a03b3a9c58fa20304269b4e77c702f5f25076
                                                                                  • Instruction ID: 59a8fd134826e0d3701660957c45974f1d5fb96ec96156c9b2fbef8d00d97b28
                                                                                  • Opcode Fuzzy Hash: c063662b0a8d01b3703fcb861c1a03b3a9c58fa20304269b4e77c702f5f25076
                                                                                  • Instruction Fuzzy Hash: 77A15776702B9889FB04CBA9D4803EE67B0F355B48F54842ADF8D57B99DB38C096C350
                                                                                  Function 000001EF426E3570 Relevance: 1.7, APIs: 1, Instructions: 182COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _get_daylight_invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 474895018-0
                                                                                  • Opcode ID: 0f622ff60f30d3780f80892d390401e18fc4cc141069fbff87909c5ebbf4c4d7
                                                                                  • Instruction ID: 007c39e860244c1956198adae84068033f55524d6c8b99a83a349c506ef19214
                                                                                  • Opcode Fuzzy Hash: 0f622ff60f30d3780f80892d390401e18fc4cc141069fbff87909c5ebbf4c4d7
                                                                                  • Instruction Fuzzy Hash: F36103BA7042D046FB609A2DC8457FFF691AB90F60F65023DDE2D8BBC5E675C8528B04
                                                                                  Function 000001EF426CF494 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                  • String ID:
                                                                                  • API String ID: 3029459697-0
                                                                                  • Opcode ID: cc2bc9e5fcae19234eddfb96daa48b4922628108c99e4c85fcc2e58e09fc0afd
                                                                                  • Instruction ID: 5d801944cfd7f6ae175b092d06629a94c3d14cbb4bfa04d5d8529dd423aed171
                                                                                  • Opcode Fuzzy Hash: cc2bc9e5fcae19234eddfb96daa48b4922628108c99e4c85fcc2e58e09fc0afd
                                                                                  • Instruction Fuzzy Hash: 6A11907B6046848AFB259F6AE4407EE77A1F390FA0F54813ACE6A433D1DA74C6D2C740
                                                                                  Function 000001EF4267AF00 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: .
                                                                                  • API String ID: 0-248832578
                                                                                  • Opcode ID: 85136bda89da37cc26caece32c6c21c2887fcd92db932eb8f0fc37ace65eb707
                                                                                  • Instruction ID: 046357c072cf449e56694bec38addcd4f789ae9f95ac7516aaa28ef800756531
                                                                                  • Opcode Fuzzy Hash: 85136bda89da37cc26caece32c6c21c2887fcd92db932eb8f0fc37ace65eb707
                                                                                  • Instruction Fuzzy Hash: 4BC1943A200BC486FB608B26E4A43EF63A5F799F94F554239EE99437C4DB78C842C740
                                                                                  Function 000001EF426CF564 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                  • String ID:
                                                                                  • API String ID: 3029459697-0
                                                                                  • Opcode ID: 2d81400be64530b408a616b22bdcfe61cbf2ce0941f0ce553624850de7d5f966
                                                                                  • Instruction ID: 05583cc258f2595ef41c84b3165e52520015d764b42c3ded6fdb770e55067e4b
                                                                                  • Opcode Fuzzy Hash: 2d81400be64530b408a616b22bdcfe61cbf2ce0941f0ce553624850de7d5f966
                                                                                  • Instruction Fuzzy Hash: 3101B17A7042C08AFB246F1AE4407EE76E1E754FA4F85823FDF66472C4DBB588828700
                                                                                  Function 000001EF426C4518 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: EnumLocalesSystem
                                                                                  • String ID:
                                                                                  • API String ID: 2099609381-0
                                                                                  • Opcode ID: 01640a15c2b896cce9415d7a2c1ad7323f2ceef46adc31f8481a253780bbeb1f
                                                                                  • Instruction ID: dcef55af1a7e8efc6594cc796384e7eb621036a718c5704fe4f4e08fdbeb2057
                                                                                  • Opcode Fuzzy Hash: 01640a15c2b896cce9415d7a2c1ad7323f2ceef46adc31f8481a253780bbeb1f
                                                                                  • Instruction Fuzzy Hash: 0EF0197A300B8486F704DB1AF8A02DA7365E798B80F548139EE59833A9DF3CC5528744
                                                                                  Function 000001EF426C6B2C Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: gfffffff
                                                                                  • API String ID: 0-1523873471
                                                                                  • Opcode ID: 47307880288f6578f87132817073c4c2bb16437997dd627ef4aa9327bb89f433
                                                                                  • Instruction ID: 4cf311156e45e6ea15e0da4039cfcafb4c1d09d1989621a92fc7e849b4bb8d7b
                                                                                  • Opcode Fuzzy Hash: 47307880288f6578f87132817073c4c2bb16437997dd627ef4aa9327bb89f433
                                                                                  • Instruction Fuzzy Hash: E3A120B67086C486FB21DB2BE4147EE7BA1E794B84F04813ADE8A477C5DA3DD506C701
                                                                                  Function 000001EF426BDABC Relevance: 1.5, Strings: 1, Instructions: 250COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID: 0-3916222277
                                                                                  • Opcode ID: 3fac53d13e13ef411f149e61d5ad2ea6a8a0273fbc02724b4dee553905c8a803
                                                                                  • Instruction ID: 5070f39fac3ff87026f8490ee193fe1173375783c13bca8e3f730b7b150a4f1e
                                                                                  • Opcode Fuzzy Hash: 3fac53d13e13ef411f149e61d5ad2ea6a8a0273fbc02724b4dee553905c8a803
                                                                                  • Instruction Fuzzy Hash: 45B15C7A2057A486F7658F29C0543AE3FA4E34AF48F28113DCE8A8B3D5CB75C452D745
                                                                                  Function 000001EF42646770 Relevance: .8, Instructions: 804COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 18da238b07a0ebc974b164faf5863a0583fbf0d292bd4026ef9776cb3d9bdbc8
                                                                                  • Instruction ID: e65f3d16e217d1e8079468945ea700cd468ab84d687dda86827d7f011d42fa5b
                                                                                  • Opcode Fuzzy Hash: 18da238b07a0ebc974b164faf5863a0583fbf0d292bd4026ef9776cb3d9bdbc8
                                                                                  • Instruction Fuzzy Hash: 93A2E676915FC88AE7718F25E8412DEB7A4F799788F105325EECC16B59EB38C290CB04
                                                                                  Function 000001EF42649760 Relevance: .8, Instructions: 792COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4b80ee918309789f27c25cf6667dc3834edfa87cdd98f09b5f7e8a02fcdc8cc6
                                                                                  • Instruction ID: 40debc8afc121689d8b84a58511e48587e18b972ec4fb8f2552cbf9cd2c4e570
                                                                                  • Opcode Fuzzy Hash: 4b80ee918309789f27c25cf6667dc3834edfa87cdd98f09b5f7e8a02fcdc8cc6
                                                                                  • Instruction Fuzzy Hash: D6B24C36505FC88AD7768F29EC813DA73A8F359B8CF105229EB8C5AB1DEB7483549344
                                                                                  Function 000001EF426DE980 Relevance: .6, Instructions: 634COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c4ab6b828ca45922997960b2700f7132280dcbffacc02f99c9a46b6be60a2307
                                                                                  • Instruction ID: ba6eb10e6fc05dfc52548820011b25d9b152fe726b2c183dcc8cce1df07894a0
                                                                                  • Opcode Fuzzy Hash: c4ab6b828ca45922997960b2700f7132280dcbffacc02f99c9a46b6be60a2307
                                                                                  • Instruction Fuzzy Hash: 89629539561ED485F6538F75F8217DF2364BB52BC4F81933BEC0AA76D2DB6886478200
                                                                                  Function 000001EF42626900 Relevance: .3, Instructions: 346COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5ec697646bdb82ce0403ce05b3763589ae77f0ad4dbd104229c740a268aa344e
                                                                                  • Instruction ID: b8a52801dcf3c4f333b9f16decf08bf4edb253f2134aa309e86f11c5fb06441f
                                                                                  • Opcode Fuzzy Hash: 5ec697646bdb82ce0403ce05b3763589ae77f0ad4dbd104229c740a268aa344e
                                                                                  • Instruction Fuzzy Hash: 5F12D736515FC88AE7618F29E84129EB3A4F39D788F505329EECC57B59EB38C251CB04
                                                                                  Function 000001EF426477B0 Relevance: .3, Instructions: 309COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e82b60d2afc0accdeaa57018255e3df9322a0691b3dde4f10bd752856509a6d9
                                                                                  • Instruction ID: 75a13f3a3800a197ab3137c7ac68f4d418b5037e1dd9147471b0017dd7e4c272
                                                                                  • Opcode Fuzzy Hash: e82b60d2afc0accdeaa57018255e3df9322a0691b3dde4f10bd752856509a6d9
                                                                                  • Instruction Fuzzy Hash: 1202C036915BC88DE7228F79EC513D977A4F799788F105229EF9C2AB59EB308291C340
                                                                                  Function 000001EF426C14C4 Relevance: .3, Instructions: 309COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 4023145424-0
                                                                                  • Opcode ID: c66ea7107ae49125be2e0e859b5531f8e6a5d4408c1d7c3fffd7cbe2f594ebe3
                                                                                  • Instruction ID: b336458bcaa2c7582deb9a6149b2549fd472b6744f4f496c558a26e32ca48869
                                                                                  • Opcode Fuzzy Hash: c66ea7107ae49125be2e0e859b5531f8e6a5d4408c1d7c3fffd7cbe2f594ebe3
                                                                                  • Instruction Fuzzy Hash: B5C1717A6046C085FB64AB6BD4107EF67A0F794F88F54407ADF8A87AD9DB38C546CB00
                                                                                  Function 000001EF426BDE4C Relevance: .2, Instructions: 244COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: abe90b98dee0fbd136a3e0445fcca9a6cf415a7f82714603e19f90025ae666bb
                                                                                  • Instruction ID: 02cddba2f47493b944ab390cecd7e4c631136179683e8cfd2743c12bcabeea96
                                                                                  • Opcode Fuzzy Hash: abe90b98dee0fbd136a3e0445fcca9a6cf415a7f82714603e19f90025ae666bb
                                                                                  • Instruction Fuzzy Hash: 39B1697A218BE486F7698F29C4546AE3FA4E31AF48F68413DCE4A4B3D5CB35C452C744
                                                                                  Function 000001EF4269EFD0 Relevance: .2, Instructions: 242COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4b9e994aed22eaa20e0b7beffa745376c50195056a54465cab9adc9d408399e5
                                                                                  • Instruction ID: 4620c2af9aa6db16bda975d9382b6f3be7af282a8928090f8346b1bb7a0ee227
                                                                                  • Opcode Fuzzy Hash: 4b9e994aed22eaa20e0b7beffa745376c50195056a54465cab9adc9d408399e5
                                                                                  • Instruction Fuzzy Hash: 44A1BF3A614BC482FB04CB15E1583AE67A1F395B84F468139EF8D06AD6EFB8D0D28740
                                                                                  Function 000001EF4268FE50 Relevance: .2, Instructions: 225COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b94abd17858a29da6604f084abc8ede15cb37ad89f40817780fbb3ade52cfd43
                                                                                  • Instruction ID: 18665d141066e4becd30eae3fb6a8e25bb9e0a18719d31e35f7ad566e1282d0a
                                                                                  • Opcode Fuzzy Hash: b94abd17858a29da6604f084abc8ede15cb37ad89f40817780fbb3ade52cfd43
                                                                                  • Instruction Fuzzy Hash: 279192B76246809FD354CF19E440A8ABBA4F3D8B48F51E615EF8593B14E739DA06CF40
                                                                                  Function 000001EF426DE500 Relevance: .2, Instructions: 207COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID:
                                                                                  • API String ID: 3215553584-0
                                                                                  • Opcode ID: d8b6e9948bf886046abce2ca807a3885450278668685c356ff6ac48f71ed769f
                                                                                  • Instruction ID: 3414908f039a36131e0d9ea24919a496a61aa2fe0db715e5db3e39a9fcceaf5a
                                                                                  • Opcode Fuzzy Hash: d8b6e9948bf886046abce2ca807a3885450278668685c356ff6ac48f71ed769f
                                                                                  • Instruction Fuzzy Hash: CA819D7A210A9486FB64DE29C4813EE27A0F788F98F14463AEE1E877C5DF34C452C740
                                                                                  Function 000001EF426C765C Relevance: .2, Instructions: 198COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 832f80e29b9e7b1fab9976971e49bf3aecb105820688ae36005b75dbd0afb97c
                                                                                  • Instruction ID: a20469049e7b909a87b19813d367d9e6f153796bec4df2c15253d7b62c12ae2c
                                                                                  • Opcode Fuzzy Hash: 832f80e29b9e7b1fab9976971e49bf3aecb105820688ae36005b75dbd0afb97c
                                                                                  • Instruction Fuzzy Hash: D881B17A2087C446FB65EB2ED4403AF6A95F38AB94F544279EE8943BD9DA39C5018B00
                                                                                  Function 000001EF4266CB90 Relevance: .2, Instructions: 190COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5ec938e2278b14a04dbb626e947d484f460c30e86730ef98d8f8e7ce8a528cec
                                                                                  • Instruction ID: f9b8e8c1065e58090f9cd4b3fb158b265d657794b2f6f67e3f510ad8476461bd
                                                                                  • Opcode Fuzzy Hash: 5ec938e2278b14a04dbb626e947d484f460c30e86730ef98d8f8e7ce8a528cec
                                                                                  • Instruction Fuzzy Hash: 1761E0B6711EC882FE208F69D0496EE6361FB58B94F458239DF5E477D4EA38D182CB00
                                                                                  Function 000001EF426A0CA0 Relevance: .2, Instructions: 156COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d5476a5d4dfa7c17c5a822486a56d63c0ddaf429a2d9320a3bc2b5e34af6aecf
                                                                                  • Instruction ID: 28e03d96b9c1577171363d530e427ef576276680d0fc83b210de248b5c0c1864
                                                                                  • Opcode Fuzzy Hash: d5476a5d4dfa7c17c5a822486a56d63c0ddaf429a2d9320a3bc2b5e34af6aecf
                                                                                  • Instruction Fuzzy Hash: 4E51E6B3B056C443DB248B49F842796F7A5FB987C5F00A12AEE8D57B59EB3CD5818700
                                                                                  Function 000001EF426BD474 Relevance: .1, Instructions: 137COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 65988544bd8c51d46c1f2ecd44d2c2020be5c6c9d2ff497e3ff94f9df2993759
                                                                                  • Instruction ID: 57e8005d213dc1c36d2aa36d9c5d3d1bedcc2d97eed7383f977d0eb9ddf63b17
                                                                                  • Opcode Fuzzy Hash: 65988544bd8c51d46c1f2ecd44d2c2020be5c6c9d2ff497e3ff94f9df2993759
                                                                                  • Instruction Fuzzy Hash: 2751567B6046A082F72C8F28C1543AE2BA1E755F58F254139DF4A9B7D9CB21EC82C780
                                                                                  Function 000001EF426BD28C Relevance: .1, Instructions: 137COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 09a4a0272fcb28be4f4c2347f47eb615663c13edcd1074745415d1c72bb9a049
                                                                                  • Instruction ID: f283b974de0f84a19f96528b8da9ec347a2441229b5f4f95398ddc0f1079d054
                                                                                  • Opcode Fuzzy Hash: 09a4a0272fcb28be4f4c2347f47eb615663c13edcd1074745415d1c72bb9a049
                                                                                  • Instruction Fuzzy Hash: 04516C7AA146E086F76C8F28C0943AE2BA0E755F58F154139CF499B7D9CB35DC82C780
                                                                                  Function 000001EF426C7D88 Relevance: .1, Instructions: 126COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorFreeHeapLast
                                                                                  • String ID:
                                                                                  • API String ID: 485612231-0
                                                                                  • Opcode ID: 5b78d8d41b5d0f6e4f08b9d114e760a48ea03ae90982f10338adbf08b6b3b369
                                                                                  • Instruction ID: ebe782fd9aaa52a3aa18c8b63c61254cf28e5363f2eb6a6292d4625c340e79a1
                                                                                  • Opcode Fuzzy Hash: 5b78d8d41b5d0f6e4f08b9d114e760a48ea03ae90982f10338adbf08b6b3b369
                                                                                  • Instruction Fuzzy Hash: 2B41A47A310A9442FF44CF2AD96429EB395B758FD4F49903AEE0D97BA8DB3CC5428740
                                                                                  Function 000001EF426F86B0 Relevance: .1, Instructions: 91COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0fcce673cd0a5fe32b887e6096d7c87d3475f82e3d1c1d883b21b78ca9552aee
                                                                                  • Instruction ID: 1c7aca147cf2cf1a31c837e5f3a58b000dab152a03c68341e60d10681b59d833
                                                                                  • Opcode Fuzzy Hash: 0fcce673cd0a5fe32b887e6096d7c87d3475f82e3d1c1d883b21b78ca9552aee
                                                                                  • Instruction Fuzzy Hash: 5431D86B65E7C50FE7535E75886518D3FB1A392E60B9B80ABCB90C32C3E54D0D4A8722
                                                                                  Function 000001EF426F86D8 Relevance: .1, Instructions: 74COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b3d55f541aef7e377e73f53204a08f3786d46aea4defc0619dd5cb7b2e9a8d50
                                                                                  • Instruction ID: c828a4054535c82f210c04a89ee1046c32317209d91b2fdf55b0c7a939b1ef43
                                                                                  • Opcode Fuzzy Hash: b3d55f541aef7e377e73f53204a08f3786d46aea4defc0619dd5cb7b2e9a8d50
                                                                                  • Instruction Fuzzy Hash: BA31C56B65E3C60FE7535F75886518D3FB1A392E6079B80ABC780C32C3E58D0D5A8722
                                                                                  Function 000001EF426F86B8 Relevance: .0, Instructions: 44COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 802a02f397435f7a2983d68343294454bc351265127295eb8017025d374bf0fa
                                                                                  • Instruction ID: 3fa8b755852ecd939852fbd8be88f905bb1568a3c9008cffb4e5a33634bf9e22
                                                                                  • Opcode Fuzzy Hash: 802a02f397435f7a2983d68343294454bc351265127295eb8017025d374bf0fa
                                                                                  • Instruction Fuzzy Hash: A301966F60E6C80BFB524A25886968E2F60A756F00F5F80FEDF94872C3E54909164716
                                                                                  Function 000001EF426F86A8 Relevance: .0, Instructions: 9COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b47b12ad1dd9cb6d4a9d9e2362430c60ebee91eeab1b6ea40ce17222472a3128
                                                                                  • Instruction ID: 55ed9d1c91be1ae06d0bfe43e5daa911adfb33d6bacd42cf801c5c2d0780270d
                                                                                  • Opcode Fuzzy Hash: b47b12ad1dd9cb6d4a9d9e2362430c60ebee91eeab1b6ea40ce17222472a3128
                                                                                  • Instruction Fuzzy Hash: DCC08C9F60A4C803F571420848192CC1B909722E10A5904ADCEA442182A00004030A13
                                                                                  Function 000001EF426C0A8C Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Value$ErrorLast$Heap$AllocFree
                                                                                  • String ID:
                                                                                  • API String ID: 570795689-0
                                                                                  • Opcode ID: dfcad310d852e31f33dd7f73df7f72617e44ec87b78e0b9db9e9057294b51c51
                                                                                  • Instruction ID: 53b3ec7c44b846db634156934cd5269f2c9cabf767d7ad96e87a362229dbf071
                                                                                  • Opcode Fuzzy Hash: dfcad310d852e31f33dd7f73df7f72617e44ec87b78e0b9db9e9057294b51c51
                                                                                  • Instruction Fuzzy Hash: 75415C3C3452D046F969F36FDA623EF62425B98FB4F14473D9C3A076D6EE2A98038601
                                                                                  Function 000001EF4266FD10 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 213COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: No closed word$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
                                                                                  • API String ID: 0-2700065129
                                                                                  • Opcode ID: b203209c9a410fa3c9e7ebc25e85301b2d3c69517f250810da7f4034c69ff5f7
                                                                                  • Instruction ID: 279ba9ef9793e599b21417be98efd64ecb43b521e8a4d335e9be4a8b4aa5accf
                                                                                  • Opcode Fuzzy Hash: b203209c9a410fa3c9e7ebc25e85301b2d3c69517f250810da7f4034c69ff5f7
                                                                                  • Instruction Fuzzy Hash: 44A1FC39610AC5A4FA50DF24E8803DF3764FB90788F905539AE49479EAEF78C79AC700
                                                                                  Function 000001EF4269C530 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 173COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                  • String ID: bad locale name$false$true
                                                                                  • API String ID: 164343898-1062449267
                                                                                  • Opcode ID: 11e8d511a48e08ce90acd3636057277e2d5df9c77179402747f8573727488067
                                                                                  • Instruction ID: ba07c83639619a45e642351be4dee059de4fdcd6a61bf8adc45b8a27eab2048b
                                                                                  • Opcode Fuzzy Hash: 11e8d511a48e08ce90acd3636057277e2d5df9c77179402747f8573727488067
                                                                                  • Instruction Fuzzy Hash: EE71483A601B808AFB15DF70E8503EE37A5AB88B48F140539AE4967AEADF34D516D344
                                                                                  Function 000001EF426BBD74 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                  • String ID: 0$f$p$p
                                                                                  • API String ID: 3215553584-1202675169
                                                                                  • Opcode ID: 20a17dcc54312a4719634567cfff119de1b0c98f105182ac0e8ea3c8a1e1f82e
                                                                                  • Instruction ID: 1283b3b1e6263e913399a819a79b61735602b988cf5340dd3ef0b798124f2b7a
                                                                                  • Opcode Fuzzy Hash: 20a17dcc54312a4719634567cfff119de1b0c98f105182ac0e8ea3c8a1e1f82e
                                                                                  • Instruction Fuzzy Hash: E312E23AA042E28AFB245E14D0547FF7A95FB90F54FC4413AEEA2476C4D738C7928B54
                                                                                  Function 000001EF4267BAF0 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 251COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: __std_fs_convert_wide_to_narrow$__std_fs_code_page
                                                                                  • String ID: cannot use push_back() with $exists$recursive_directory_iterator::operator++$recursive_directory_iterator::recursive_directory_iterator$status
                                                                                  • API String ID: 3645842244-2518929327
                                                                                  • Opcode ID: 6d40cf0fafc68378ddb55865f0b434e7a9f2ec20f6690fe2a727b709993f393c
                                                                                  • Instruction ID: bfb81222150722de00d5a065a0f59fcb021676ec0b750d4abba2365ba604d332
                                                                                  • Opcode Fuzzy Hash: 6d40cf0fafc68378ddb55865f0b434e7a9f2ec20f6690fe2a727b709993f393c
                                                                                  • Instruction Fuzzy Hash: 79B16076155BC591F620AB24E4513DFA360F7C5B40F501939AECC43AEAEF38C646CB44
                                                                                  Function 000001EF426C4594 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AddressFreeLibraryProc
                                                                                  • String ID: api-ms-$ext-ms-
                                                                                  • API String ID: 3013587201-537541572
                                                                                  • Opcode ID: fe487ba48e8b98e8da8f078ca9b00621851933d19320e8d2a4f77f7db0a80c87
                                                                                  • Instruction ID: f5cdcd081e94650451bd5d4cf10e48755a7e2daab80bc5672967ce575c29828e
                                                                                  • Opcode Fuzzy Hash: fe487ba48e8b98e8da8f078ca9b00621851933d19320e8d2a4f77f7db0a80c87
                                                                                  • Instruction Fuzzy Hash: C941AC7A311A8081FE16EB1BE8147DF23A6BB55FE0F59413D9D1A8B7D8EA3CC4468350
                                                                                  Function 000001EF42691BD0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81networkfileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Internet$CloseFileHandleOpenRead
                                                                                  • String ID: File Downloader
                                                                                  • API String ID: 4038090926-3631955488
                                                                                  • Opcode ID: b944f4b1975896e8d6ea4effe49ac60efb5815a951b87509e772666f8471c573
                                                                                  • Instruction ID: c3320be0569a26dc619c0b9fa65e3df33f04391aa6839a17c5060afd3dc607af
                                                                                  • Opcode Fuzzy Hash: b944f4b1975896e8d6ea4effe49ac60efb5815a951b87509e772666f8471c573
                                                                                  • Instruction Fuzzy Hash: AF31383A214BC486FB208F25E45079EB365F789FC4F544039EE8947B98EF78C6968B00
                                                                                  Function 000001EF426D2814 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                  • String ID: CONOUT$
                                                                                  • API String ID: 3230265001-3130406586
                                                                                  • Opcode ID: 48b56def838186f0977933ffc9ee02d4886a42ddb0d3b73b1937c479b359ff6f
                                                                                  • Instruction ID: 0c85944f9da6b1902b3d6839d26ddc58f6b69b7b9e7db780625767da6ac8be77
                                                                                  • Opcode Fuzzy Hash: 48b56def838186f0977933ffc9ee02d4886a42ddb0d3b73b1937c479b359ff6f
                                                                                  • Instruction Fuzzy Hash: 26118139310A8486F7508B56E85435E62A0F398FE4F010238EE1D877E4DF38C5058744
                                                                                  Function 000001EF426DD894 Relevance: 9.2, APIs: 6, Instructions: 240COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ByteCharMultiWide$CompareInfoString
                                                                                  • String ID:
                                                                                  • API String ID: 2984826149-0
                                                                                  • Opcode ID: 3955fb30bc94266dc4cd1d3543ea9ea2f756c7d7753af11a763aa4490015b2c4
                                                                                  • Instruction ID: 6dd7a8979cc3c92e6c9298bf384574d24a86acbe2bbd05f52b4a7bb84958ed84
                                                                                  • Opcode Fuzzy Hash: 3955fb30bc94266dc4cd1d3543ea9ea2f756c7d7753af11a763aa4490015b2c4
                                                                                  • Instruction Fuzzy Hash: 6DA1DD7B3246C846FB30AB65C4407EF6691E744FE8F4942399E698BBC9DF79C9068300
                                                                                  Function 000001EF426DD538 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ByteCharMultiStringWide
                                                                                  • String ID:
                                                                                  • API String ID: 2829165498-0
                                                                                  • Opcode ID: e4fa22a710c47188b55bda09a09fdc9265209128699d57c18ff63feec2b297ff
                                                                                  • Instruction ID: 392eea6862e3bb8a27fe746d07f98b2c2049153d761083197b8d1c9cfed05e7b
                                                                                  • Opcode Fuzzy Hash: e4fa22a710c47188b55bda09a09fdc9265209128699d57c18ff63feec2b297ff
                                                                                  • Instruction Fuzzy Hash: B2815D3B2217C486FB609F25E4407AF66A5F784BA8F144639EE5997BD4DF38C4468700
                                                                                  Function 000001EF426C0C04 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLastError.KERNEL32 ref: 000001EF426C0C13
                                                                                  • FlsSetValue.KERNEL32(?,?,8000000000000000,000001EF426BCB85,?,?,?,?,000001EF426C67F4,?,?,?,000001EF426D6B53), ref: 000001EF426C0C49
                                                                                  • FlsSetValue.KERNEL32(?,?,8000000000000000,000001EF426BCB85,?,?,?,?,000001EF426C67F4,?,?,?,000001EF426D6B53), ref: 000001EF426C0C76
                                                                                  • FlsSetValue.KERNEL32(?,?,8000000000000000,000001EF426BCB85,?,?,?,?,000001EF426C67F4,?,?,?,000001EF426D6B53), ref: 000001EF426C0C87
                                                                                  • FlsSetValue.KERNEL32(?,?,8000000000000000,000001EF426BCB85,?,?,?,?,000001EF426C67F4,?,?,?,000001EF426D6B53), ref: 000001EF426C0C98
                                                                                  • SetLastError.KERNEL32 ref: 000001EF426C0CB3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Value$ErrorLast
                                                                                  • String ID:
                                                                                  • API String ID: 2506987500-0
                                                                                  • Opcode ID: 8826d2629091de77db15be1ae3b0f3568e5c0d82c15fea4c05d72b80d9df665a
                                                                                  • Instruction ID: 9b680fd7122b0c2615a2594c61bc7b3e6dd71f6c01508da156d39bed290a00fb
                                                                                  • Opcode Fuzzy Hash: 8826d2629091de77db15be1ae3b0f3568e5c0d82c15fea4c05d72b80d9df665a
                                                                                  • Instruction Fuzzy Hash: ED112C3C3056D081FA69B32BDA513EF62926B98FB0F54473C9D7A077DADE3988478640
                                                                                  Function 000001EF4264F690 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 279COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ApisFile__std_exception_destroy__std_fs_code_page
                                                                                  • String ID: ", "$: "
                                                                                  • API String ID: 376971205-747220369
                                                                                  • Opcode ID: e49b0ff812a51a131bf6e7ec927ea696224be31f76157b7d022b3a4b77e14190
                                                                                  • Instruction ID: 64ebd11e34b71cc1038385c79c03abdae577a54187f8feff891f078dd02de1f6
                                                                                  • Opcode Fuzzy Hash: e49b0ff812a51a131bf6e7ec927ea696224be31f76157b7d022b3a4b77e14190
                                                                                  • Instruction Fuzzy Hash: D0A1787A210A8099FB00DF69E4543EE2362E744F88F508539EE9C0BBDADF79C496C344
                                                                                  Function 000001EF426D3B64 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _set_statfp
                                                                                  • String ID:
                                                                                  • API String ID: 1156100317-0
                                                                                  • Opcode ID: 025d23688907853b564ca8c27b0d165eda471880a57ba5485be5edd5abf68226
                                                                                  • Instruction ID: 6394fb57c76166ddfd280d5ec4db56dc96e88628421d601ca14143039b06e33d
                                                                                  • Opcode Fuzzy Hash: 025d23688907853b564ca8c27b0d165eda471880a57ba5485be5edd5abf68226
                                                                                  • Instruction Fuzzy Hash: 2A11063EA25BDD45F764322DD4863EFA040AB74B74F440A3CED7A562D68E7C88538900
                                                                                  Function 000001EF426C0CCC Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FlsGetValue.KERNEL32(?,?,?,000001EF426B8377,?,?,00000000,000001EF426B8612,?,?,?,?,8000000000000000,000001EF426B859E), ref: 000001EF426C0CEB
                                                                                  • FlsSetValue.KERNEL32(?,?,?,000001EF426B8377,?,?,00000000,000001EF426B8612,?,?,?,?,8000000000000000,000001EF426B859E), ref: 000001EF426C0D0A
                                                                                  • FlsSetValue.KERNEL32(?,?,?,000001EF426B8377,?,?,00000000,000001EF426B8612,?,?,?,?,8000000000000000,000001EF426B859E), ref: 000001EF426C0D32
                                                                                  • FlsSetValue.KERNEL32(?,?,?,000001EF426B8377,?,?,00000000,000001EF426B8612,?,?,?,?,8000000000000000,000001EF426B859E), ref: 000001EF426C0D43
                                                                                  • FlsSetValue.KERNEL32(?,?,?,000001EF426B8377,?,?,00000000,000001EF426B8612,?,?,?,?,8000000000000000,000001EF426B859E), ref: 000001EF426C0D54
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Value
                                                                                  • String ID:
                                                                                  • API String ID: 3702945584-0
                                                                                  • Opcode ID: 8f85cace48c52951f1dcc08f57255da1073724a629f29329f6a2f3b6055e36a1
                                                                                  • Instruction ID: f5f2f637ea0eb8b17d581cc8a480e5aac900c444e70aca85f7708714aab250db
                                                                                  • Opcode Fuzzy Hash: 8f85cace48c52951f1dcc08f57255da1073724a629f29329f6a2f3b6055e36a1
                                                                                  • Instruction Fuzzy Hash: 341182383086D041FA68B72FEA523FF62415B94FB0F44473DAC39467DADE2AE9038600
                                                                                  Function 000001EF4264E510 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 127COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: std::_$GetctypeLocinfo::_Locinfo_ctorLockitLockit::_
                                                                                  • String ID: bad locale name
                                                                                  • API String ID: 1612978173-1405518554
                                                                                  • Opcode ID: 11107d12fc0cbe8dbda57febae9b03af86836eda871c970791bd1f04446f032a
                                                                                  • Instruction ID: afb5cc0c207d351d0454f17257c575dba8bdb185109086950359997b1e9f124e
                                                                                  • Opcode Fuzzy Hash: 11107d12fc0cbe8dbda57febae9b03af86836eda871c970791bd1f04446f032a
                                                                                  • Instruction Fuzzy Hash: 30515A3A701B809AFB05DF70D9903EE33A5AB44B48F5844399E8926AD6DF34C566C348
                                                                                  Function 000001EF426AA000 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Open
                                                                                  • String ID: ?
                                                                                  • API String ID: 71445658-1684325040
                                                                                  • Opcode ID: 3280a03fed16e4f21889a2867479104cb7301a0e7e290c7520675327bce34fcf
                                                                                  • Instruction ID: ff3c984d15d321d67794b897ccfafdd626068825b985b99495f96322a8dd7ffe
                                                                                  • Opcode Fuzzy Hash: 3280a03fed16e4f21889a2867479104cb7301a0e7e290c7520675327bce34fcf
                                                                                  • Instruction Fuzzy Hash: 2B419C36618BC482FB108B25F4843AFA360F799B94F50523AFE9D42BD9DF78C5958B40
                                                                                  Function 000001EF426DB748 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AddressHandleModuleProc
                                                                                  • String ID: GetTempPath2W$kernel32.dll
                                                                                  • API String ID: 1646373207-1846531799
                                                                                  • Opcode ID: c3f39c1016d9644655c5748e6247c669a6b28aee860c03fb307b0288e1ef9cb8
                                                                                  • Instruction ID: 2b9b7153f752e55ffb6af7ba1bdf03acbca312c44c6ad3595f4a86706a885983
                                                                                  • Opcode Fuzzy Hash: c3f39c1016d9644655c5748e6247c669a6b28aee860c03fb307b0288e1ef9cb8
                                                                                  • Instruction Fuzzy Hash: 06E0ED7A314A8581FE058B05E98529E2261E748FC0F495039DE0D473B4EE38CA468700
                                                                                  Function 000001EF426C3AF4 Relevance: 6.2, APIs: 4, Instructions: 218COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ConsoleErrorLastMode
                                                                                  • String ID:
                                                                                  • API String ID: 953036326-0
                                                                                  • Opcode ID: a5824d7a27ccc4b9e07a47654372d492b8262273bd0045a7ecfe35f5860d5740
                                                                                  • Instruction ID: 53c591f3f1ee710faeb4f5ebde5cf13347f31404c6de13bca51f62adc4a244de
                                                                                  • Opcode Fuzzy Hash: a5824d7a27ccc4b9e07a47654372d492b8262273bd0045a7ecfe35f5860d5740
                                                                                  • Instruction Fuzzy Hash: 1A91B276610A9485FB60EB6ED4807EEBBA0B745F88F44413AEE0A576D5DB34C493C710
                                                                                  Function 000001EF426E37E8 Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _invalid_parameter_noinfo$_get_daylight
                                                                                  • String ID:
                                                                                  • API String ID: 72036449-0
                                                                                  • Opcode ID: cf49e0592d0c650ec1e2f0b893b1cf8e88f8ffad24bae71d226c790b617eba14
                                                                                  • Instruction ID: 36c3a52a07dc6035a1d1b7a7572f0ffa3d4ab8db1727420669f8f1235db8273c
                                                                                  • Opcode Fuzzy Hash: cf49e0592d0c650ec1e2f0b893b1cf8e88f8ffad24bae71d226c790b617eba14
                                                                                  • Instruction Fuzzy Hash: B551023E6046D086F7685A2CE5053FFEA80E360F14F59803EDE5E4B2D6E378C8628742
                                                                                  Function 000001EF4266DD8E Relevance: 6.1, APIs: 4, Instructions: 148COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 10242012109e4a86be69ed677377350650b74420802c6f08f205f6a982363824
                                                                                  • Instruction ID: 8616b2bc60522e4513cd8ffc341302959945b38fc2c45bb72e4aa4fb44483a33
                                                                                  • Opcode Fuzzy Hash: 10242012109e4a86be69ed677377350650b74420802c6f08f205f6a982363824
                                                                                  • Instruction Fuzzy Hash: 0E4125367107C446FA249F66E5403DFA295BB91FA4F080A38AF9947BD6DF38C0938740
                                                                                  Function 000001EF426AD530 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: EnvironmentInitStringStringsUnicode$Free
                                                                                  • String ID:
                                                                                  • API String ID: 2488768755-0
                                                                                  • Opcode ID: b4ef9784d45fc8e6b89b3098b2c10cc5929096e8aef1ce82f37efd62700d8fa1
                                                                                  • Instruction ID: a17a93f7dddbc0f6b28361edfae2f3e3bd1b018315e7409e403f60f77bda17cc
                                                                                  • Opcode Fuzzy Hash: b4ef9784d45fc8e6b89b3098b2c10cc5929096e8aef1ce82f37efd62700d8fa1
                                                                                  • Instruction Fuzzy Hash: CB515A36A14BC482EB108F19E44039E7760F795F98F549229EF9D03B95DFB8D5E28704
                                                                                  Function 000001EF42661D90 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocalestd::locale::_
                                                                                  • String ID:
                                                                                  • API String ID: 3698853521-0
                                                                                  • Opcode ID: 00cab222c791a3c13cb5de85ece3b48c5de49e60c55163303306dd4995681967
                                                                                  • Instruction ID: c3fd9c414e33669fab9fca28ea626ed8d5f75848df80f2e32249064c4129d932
                                                                                  • Opcode Fuzzy Hash: 00cab222c791a3c13cb5de85ece3b48c5de49e60c55163303306dd4995681967
                                                                                  • Instruction Fuzzy Hash: E441353A210B8481FA10DB11E85139F77A4F758F90F98163AEE9D437E6DF38C5568B40
                                                                                  Function 000001EF42675750 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Locinfo::_Locinfo_ctorRegister
                                                                                  • String ID:
                                                                                  • API String ID: 4181401918-0
                                                                                  • Opcode ID: 0ef2616fcc5399cb645ad342650983371f86b31a6cf8c916be02572b1d7a6817
                                                                                  • Instruction ID: 71bbd855c7d9c41fcfe8a33ca84de4dcd23b274b521434a8aff435f1470c2384
                                                                                  • Opcode Fuzzy Hash: 0ef2616fcc5399cb645ad342650983371f86b31a6cf8c916be02572b1d7a6817
                                                                                  • Instruction Fuzzy Hash: 9241593A210B8481FA20DB15E8603EF67A1F798FE4F581639EE99076E9DF38D5438700
                                                                                  Function 000001EF42663BC0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                                                  • String ID:
                                                                                  • API String ID: 1168246061-0
                                                                                  • Opcode ID: d73785c31b51268aaaa81e722761cd05a3bd9e846c840b8156701ed2f3cb5d06
                                                                                  • Instruction ID: 55e015bd58483d51d4e47b1efc856211b02c0b19a446f9c1f27503ae59b8ae0e
                                                                                  • Opcode Fuzzy Hash: d73785c31b51268aaaa81e722761cd05a3bd9e846c840b8156701ed2f3cb5d06
                                                                                  • Instruction Fuzzy Hash: 2441493A214A8480FA149B19E49039FA7A1F788F94F481639EE89077E5DF38D5938710
                                                                                  Function 000001EF4269BF50 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                                                  • String ID:
                                                                                  • API String ID: 1168246061-0
                                                                                  • Opcode ID: 868a9b32fd753d78733ea2833454119bc0e391c7d390d353236399543fd0b28d
                                                                                  • Instruction ID: b3377161edb6ee31f057365869f4e5c950e235b780234055ee30e34fb32a6d5b
                                                                                  • Opcode Fuzzy Hash: 868a9b32fd753d78733ea2833454119bc0e391c7d390d353236399543fd0b28d
                                                                                  • Instruction Fuzzy Hash: 57415B3A214AC481FA24DB15E5503EF6760FB98FA4F481639EE8D476E5DF38D5438710
                                                                                  Function 000001EF426DB92C Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ByteCharErrorLastMultiWide
                                                                                  • String ID:
                                                                                  • API String ID: 203985260-0
                                                                                  • Opcode ID: 9a4dc4f044481010f46556346e16a03dcc3346a8b305f7bba19c8a1af1585fcb
                                                                                  • Instruction ID: 8d2611fc24a71fd02f87db9a725c5273fa1130a667d7c877ce3e5de0c85bf047
                                                                                  • Opcode Fuzzy Hash: 9a4dc4f044481010f46556346e16a03dcc3346a8b305f7bba19c8a1af1585fcb
                                                                                  • Instruction Fuzzy Hash: C7213E7A624B8487F7508F12E44435FB6B4F789F94F240139DF8957B98DB39C5128B40
                                                                                  Function 000001EF426DBE18 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Handle$AddressAttributesCloseErrorFileLastModuleProc__std_fs_open_handle
                                                                                  • String ID:
                                                                                  • API String ID: 3095436882-0
                                                                                  • Opcode ID: b892b94bb0f9948f35957b13800629a7d60fe04165c7a3af998c2c5d416c0c70
                                                                                  • Instruction ID: 590aec95c5d76c56e7439cbb6462fc4999bf3894b995b47c7bfa8e3e6d5dbd84
                                                                                  • Opcode Fuzzy Hash: b892b94bb0f9948f35957b13800629a7d60fe04165c7a3af998c2c5d416c0c70
                                                                                  • Instruction Fuzzy Hash: 09114F3922868845FBE05736E4843AFA669D784FF0F101638FF7647AE9DE38C4468B40
                                                                                  Function 000001EF426504B0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 207COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: [json.exception.
                                                                                  • API String ID: 0-791563284
                                                                                  • Opcode ID: bd876ea6d1e42bbe0a1f5ca26025b82a8b71e9070b20895373b2cb38fbf8e9d1
                                                                                  • Instruction ID: ff9f7a2032a9a65b254311a9e0ef647f7230481289f1957f7794a7c446b5948e
                                                                                  • Opcode Fuzzy Hash: bd876ea6d1e42bbe0a1f5ca26025b82a8b71e9070b20895373b2cb38fbf8e9d1
                                                                                  • Instruction Fuzzy Hash: 3F71CD7AB10BD085FB00CF69E8513DE27A1E799B94F604239EE5917BDADB78C1928340
                                                                                  Function 000001EF426A2670 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 156COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __std_fs_get_current_path.LIBCPMT ref: 000001EF426A26E8
                                                                                    • Part of subcall function 000001EF426DBAAC: GetCurrentDirectoryW.KERNEL32 ref: 000001EF426DBAB4
                                                                                    • Part of subcall function 000001EF4264FA60: __std_exception_copy.LIBVCRUNTIME ref: 000001EF4264FAED
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CurrentDirectory__std_exception_copy__std_fs_get_current_path
                                                                                  • String ID: --type$current_path()
                                                                                  • API String ID: 754703233-584980331
                                                                                  • Opcode ID: 3e99e5e2f62bcead0021fbcf32d1687a8c25d9aa33b4f481b9a15244544d2971
                                                                                  • Instruction ID: f4e99b414fd96e876630be754262e41e088f165d942e1cff2ef0e3b794e50fcf
                                                                                  • Opcode Fuzzy Hash: 3e99e5e2f62bcead0021fbcf32d1687a8c25d9aa33b4f481b9a15244544d2971
                                                                                  • Instruction Fuzzy Hash: F5518F76B20B9089FB10CBB5D8407DD37B1F749B98F60423AEE5967B98DB389582C310
                                                                                  Function 000001EF4269C7A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                  • String ID: bad locale name
                                                                                  • API String ID: 3988782225-1405518554
                                                                                  • Opcode ID: ddb86738149835a0c2b36053b231cb08c5497e5d546fef63a7f7fbd4a990c4ba
                                                                                  • Instruction ID: 425f1ef9ce96c9dc07cec31fd9ad27f204dfba2952804fa12bbeefb98105b013
                                                                                  • Opcode Fuzzy Hash: ddb86738149835a0c2b36053b231cb08c5497e5d546fef63a7f7fbd4a990c4ba
                                                                                  • Instruction Fuzzy Hash: D7514B7A302A809AFB55DF70E8903EE37A4EF48B48F080439EE4A67AD5DE34C556D344
                                                                                  Function 000001EF426C95D4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                  • String ID: ?
                                                                                  • API String ID: 1286766494-1684325040
                                                                                  • Opcode ID: f7c1b1b25115e9b3c7ae2db4b32114d52d42d17202fbd29d9737d5dcaa57baad
                                                                                  • Instruction ID: 7624f3cb8bc8f4369f44d07858708027491cc1e2e40e7cbf2f82c0b12e9a5269
                                                                                  • Opcode Fuzzy Hash: f7c1b1b25115e9b3c7ae2db4b32114d52d42d17202fbd29d9737d5dcaa57baad
                                                                                  • Instruction Fuzzy Hash: C741053A2056C046FB25BF2BD5017FF66A4E791FA4F244239EE5847AD5DB38C482CB04
                                                                                  Function 000001EF426C37C4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorFileLastWrite
                                                                                  • String ID: U
                                                                                  • API String ID: 442123175-4171548499
                                                                                  • Opcode ID: 3efb29d34a756b785a65299427448dbee74b57ff388e52a10932dd82dc16598c
                                                                                  • Instruction ID: bf158f2bedbe3889507b8ca582f4cd299425ac86c00f49f9369640facd83e2a1
                                                                                  • Opcode Fuzzy Hash: 3efb29d34a756b785a65299427448dbee74b57ff388e52a10932dd82dc16598c
                                                                                  • Instruction Fuzzy Hash: B341C336719A8481EB20DF2AE4443EEB7A0F798B94F854039EE4D87798DB3CC556C750
                                                                                  Function 000001EF426C8948 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _set_errno_from_matherr
                                                                                  • String ID: exp
                                                                                  • API String ID: 1187470696-113136155
                                                                                  • Opcode ID: 49f0d078269b54412d4ab26495e5ae6b104b468a2a1f1e9b5f5a5d1d2e07f27f
                                                                                  • Instruction ID: dd4fd4b1ef4c51f5820f8807f15999e8feef3fa2a97d3ac5d00e4d3d32403029
                                                                                  • Opcode Fuzzy Hash: 49f0d078269b54412d4ab26495e5ae6b104b468a2a1f1e9b5f5a5d1d2e07f27f
                                                                                  • Instruction Fuzzy Hash: 7A21153AA10A548EF761DF79D4406EE33B4F748B48F401539EE0E92B8ADA38D5428B40
                                                                                  Function 000001EF426D7DB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2258637729.000001EF42620000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF42620000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_1ef42620000_bv2DbIiZeK.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                  • String ID: csm
                                                                                  • API String ID: 2573137834-1018135373
                                                                                  • Opcode ID: 848e313ef3a32520056cfaa423b1a70fa28512a6fbe932c015b17c9c41edf620
                                                                                  • Instruction ID: fbf675e2a2ea1877aaf6ec687939a9cb05184469645611217680323d6a275ee4
                                                                                  • Opcode Fuzzy Hash: 848e313ef3a32520056cfaa423b1a70fa28512a6fbe932c015b17c9c41edf620
                                                                                  • Instruction Fuzzy Hash: 0A111C36214B8482EB618F25E44039EB7A5F788F94F584675DF8D07BA8EF38C952CB40