Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
chelentano.exe

Overview

General Information

Sample name:chelentano.exe
Analysis ID:1556973
MD5:21506ae1a222c3862c04d187b07ed714
SHA1:c70d79f32b962bf2e7e7901034aaedd8f2e71e35
SHA256:267e274b75ba1c49847eb93d95be90b6382768926e9c3674d115c21c3cc6f2c4
Tags:exeuser-aachum
Infos:

Detection

CredGrabber, Meduza Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (creates a PE file in dynamic memory)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected CredGrabber
Yara detected Meduza Stealer
AI detected suspicious sample
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Suricata IDS alerts with low severity for network traffic
Terminates after testing mutex exists (may check infected machine status)
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • chelentano.exe (PID: 7588 cmdline: "C:\Users\user\Desktop\chelentano.exe" MD5: 21506AE1A222C3862C04D187B07ED714)
  • cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "45.130.145.152", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite", "build_name": "Work", "links": "", "port": 15666}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1767201437.000001A6BCCB9000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
    00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
      Process Memory Space: chelentano.exe PID: 7588JoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
        Process Memory Space: chelentano.exe PID: 7588JoeSecurity_CredGrabberYara detected CredGrabberJoe Security
          Process Memory Space: chelentano.exe PID: 7588JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.chelentano.exe.140000000.0.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
              0.2.chelentano.exe.140000000.0.raw.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-16T22:03:04.996790+010020494411A Network Trojan was detected192.168.2.44973045.130.145.15215666TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-16T22:03:04.996790+010020508061A Network Trojan was detected192.168.2.44973045.130.145.15215666TCP
                2024-11-16T22:03:05.003123+010020508061A Network Trojan was detected192.168.2.44973045.130.145.15215666TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-16T22:03:04.996790+010020508071A Network Trojan was detected192.168.2.44973045.130.145.15215666TCP
                2024-11-16T22:03:05.003123+010020508071A Network Trojan was detected192.168.2.44973045.130.145.15215666TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 0.2.chelentano.exe.140000000.0.unpackMalware Configuration Extractor: Meduza Stealer {"C2 url": "45.130.145.152", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite", "build_name": "Work", "links": "", "port": 15666}
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_0000000140071EA0 CryptUnprotectData,LocalFree,0_2_0000000140071EA0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400D2090 CryptUnprotectData,0_2_00000001400D2090
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400721C0 CryptProtectData,LocalFree,0_2_00000001400721C0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_0000000140035EE0 CryptUnprotectData,LocalFree,0_2_0000000140035EE0

                Compliance

                barindex
                Detected unpacking (creates a PE file in dynamic memory)
                Source: C:\Users\user\Desktop\chelentano.exeUnpacked PE file: 0.2.chelentano.exe.140000000.0.unpack
                Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:49731 version: TLS 1.2
                Source: chelentano.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400B9810 FindClose,FindFirstFileExW,GetLastError,0_2_00000001400B9810
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400B98C0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_00000001400B98C0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F72D02C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF73F72D02C
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400813B0 GetLogicalDriveStringsW,0_2_00000001400813B0
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: D:\sources\migration\Jump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: D:\sources\migration\wtr\Jump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.4:49730 -> 45.130.145.152:15666
                Source: Network trafficSuricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.4:49730 -> 45.130.145.152:15666
                Source: global trafficTCP traffic: 192.168.2.4:49730 -> 45.130.145.152:15666
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 45.130.145.152 45.130.145.152
                Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                Source: Joe Sandbox ViewASN Name: ASBAXETNRU ASBAXETNRU
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownDNS query: name: api.ipify.org
                Source: unknownDNS query: name: api.ipify.org
                Source: Network trafficSuricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.4:49730 -> 45.130.145.152:15666
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014007F200 InternetOpenA,InternetOpenUrlA,HttpQueryInfoW,HttpQueryInfoW,InternetQueryDataAvailable,InternetReadFile,InternetQueryDataAvailable,InternetCloseHandle,Concurrency::cancel_current_task,0_2_000000014007F200
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
                Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                Source: chelentano.exe, 00000000.00000003.1765988193.000001A6BEBF0000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1700062906.000001A6BEBE1000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1766214084.000001A6BEBF5000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1766062591.000001A6BEBF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.a.0/sTy
                Source: chelentano.exe, 00000000.00000003.1765988193.000001A6BEBF0000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1700062906.000001A6BEBE1000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1766214084.000001A6BEBF5000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1766062591.000001A6BEBF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.hotosh
                Source: chelentano.exe, 00000000.00000003.1701875456.000001A6BF93C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: chelentano.exe, 00000000.00000002.1767201437.000001A6BCCB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                Source: chelentano.exe, 00000000.00000002.1767201437.000001A6BCCB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/D
                Source: chelentano.exe, 00000000.00000002.1767201437.000001A6BCCB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/dP=z
                Source: chelentano.exe, 00000000.00000002.1767201437.000001A6BCCB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orges
                Source: chelentano.exe, 00000000.00000003.1714091742.000001A6BEBD7000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1712870971.000001A6BEBD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                Source: chelentano.exe, 00000000.00000003.1712870971.000001A6BEBD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                Source: chelentano.exe, 00000000.00000003.1701875456.000001A6BF93C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: chelentano.exe, 00000000.00000003.1701875456.000001A6BF93C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: chelentano.exe, 00000000.00000003.1701875456.000001A6BF93C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: chelentano.exe, 00000000.00000003.1714091742.000001A6BEBD7000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1712870971.000001A6BEBD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                Source: chelentano.exe, 00000000.00000003.1712870971.000001A6BEBD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: chelentano.exe, 00000000.00000003.1701875456.000001A6BF93C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: chelentano.exe, 00000000.00000003.1701875456.000001A6BF93C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: chelentano.exe, 00000000.00000003.1701875456.000001A6BF93C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: chelentano.exe, 00000000.00000003.1712870971.000001A6BEBD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                Source: chelentano.exe, 00000000.00000002.1767292716.000001A6BCD4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mic
                Source: chelentano.exe, 00000000.00000003.1708245175.000001A6BF640000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709743082.000001A6BF950000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1706601756.000001A6BED78000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1706601756.000001A6BEDEF000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709405167.000001A6BFA6A000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709743082.000001A6BF958000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709593125.000001A6BFA11000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1710222554.000001A6BF9AD000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1706601756.000001A6BED70000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709593125.000001A6BFA19000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1706601756.000001A6BEDF7000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709405167.000001A6BFA72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
                Source: chelentano.exe, 00000000.00000003.1706601756.000001A6BED7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: chelentano.exe, 00000000.00000003.1706601756.000001A6BED7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                Source: chelentano.exe, 00000000.00000003.1702530023.000001A6BCD4E000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1702442637.000001A6BF998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                Source: chelentano.exe, 00000000.00000003.1701875456.000001A6BF94E000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1701875456.000001A6BF974000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1702184525.000001A6BF8EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                Source: chelentano.exe, 00000000.00000003.1702530023.000001A6BCD4E000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1702442637.000001A6BF998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                Source: chelentano.exe, 00000000.00000003.1701875456.000001A6BF94E000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1701875456.000001A6BF974000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1702184525.000001A6BF8EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                Source: chelentano.exe, 00000000.00000003.1712870971.000001A6BEBD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                Source: chelentano.exe, 00000000.00000003.1701875456.000001A6BF93C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: chelentano.exe, 00000000.00000003.1712870971.000001A6BEBD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                Source: chelentano.exe, 00000000.00000003.1701875456.000001A6BF93C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: chelentano.exe, 00000000.00000003.1708245175.000001A6BF640000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709743082.000001A6BF950000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1706601756.000001A6BED78000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1706601756.000001A6BEDEF000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709405167.000001A6BFA6A000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709743082.000001A6BF958000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709593125.000001A6BFA11000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1710222554.000001A6BF9AD000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1706601756.000001A6BED70000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709593125.000001A6BFA19000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1706601756.000001A6BEDF7000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709405167.000001A6BFA72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                Source: chelentano.exe, 00000000.00000003.1706601756.000001A6BED7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                Source: chelentano.exe, 00000000.00000003.1706601756.000001A6BED7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                Source: chelentano.exe, 00000000.00000003.1708829023.000001A6BFAFF000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1706601756.000001A6BEDFE000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709593125.000001A6BFA21000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709405167.000001A6BFA7A000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1706601756.000001A6BED7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: chelentano.exe, 00000000.00000003.1706601756.000001A6BED7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: chelentano.exe, 00000000.00000003.1708829023.000001A6BFAFF000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1706601756.000001A6BEDFE000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709593125.000001A6BFA21000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709405167.000001A6BFA7A000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1706601756.000001A6BED7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:49731 version: TLS 1.2
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014007FB30 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,0_2_000000014007FB30
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400843F0 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,0_2_00000001400843F0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400D26E0 NtAllocateVirtualMemory,0_2_00000001400D26E0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_0000000140083CF0 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,0_2_0000000140083CF0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6D4AC0 NtMakeTemporaryObject,0_2_00007FF73F6D4AC0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6D358C NtQuerySystemInformation,NtQuerySystemInformation,GetUserNameA,GetModuleFileNameA,GetDiskFreeSpaceExA,SleepEx,GetSystemInfo,GlobalMemoryStatusEx,_invalid_parameter_noinfo_noreturn,0_2_00007FF73F6D358C
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_0000000140081FF00_2_0000000140081FF0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400A114C0_2_00000001400A114C
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014007F2000_2_000000014007F200
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400816600_2_0000000140081660
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014003B8200_2_000000014003B820
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400B98C00_2_00000001400B98C0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014003C8C00_2_000000014003C8C0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400BE9680_2_00000001400BE968
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014007FB300_2_000000014007FB30
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014003ACC00_2_000000014003ACC0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400950440_2_0000000140095044
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400970600_2_0000000140097060
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400390900_2_0000000140039090
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014004E1300_2_000000014004E130
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400361300_2_0000000140036130
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400061800_2_0000000140006180
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014002F1C00_2_000000014002F1C0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400751E00_2_00000001400751E0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400701F00_2_00000001400701F0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014003A1F00_2_000000014003A1F0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400782300_2_0000000140078230
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400882400_2_0000000140088240
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014006D2A00_2_000000014006D2A0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400BE2CC0_2_00000001400BE2CC
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400422D00_2_00000001400422D0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400302E00_2_00000001400302E0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014006C3000_2_000000014006C300
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014004E3200_2_000000014004E320
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400613400_2_0000000140061340
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400283D00_2_00000001400283D0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400A13C80_2_00000001400A13C8
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400843F00_2_00000001400843F0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400805000_2_0000000140080500
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400265100_2_0000000140026510
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400255200_2_0000000140025520
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400555B00_2_00000001400555B0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014006C6000_2_000000014006C600
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400945F80_2_00000001400945F8
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400066100_2_0000000140006610
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400566A00_2_00000001400566A0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400706A60_2_00000001400706A6
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400486D00_2_00000001400486D0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400647100_2_0000000140064710
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400847400_2_0000000140084740
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400767600_2_0000000140076760
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400947FC0_2_00000001400947FC
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014009F7F40_2_000000014009F7F4
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400808200_2_0000000140080820
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014004C8200_2_000000014004C820
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014002F8B00_2_000000014002F8B0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400728C00_2_00000001400728C0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400958D00_2_00000001400958D0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014006C9300_2_000000014006C930
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400689500_2_0000000140068950
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400A19B80_2_00000001400A19B8
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_0000000140094A000_2_0000000140094A00
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400A29F40_2_00000001400A29F4
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_0000000140059A100_2_0000000140059A10
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_0000000140088B700_2_0000000140088B70
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_0000000140037B8D0_2_0000000140037B8D
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_0000000140098C340_2_0000000140098C34
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014006CC500_2_000000014006CC50
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_0000000140006D200_2_0000000140006D20
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014006FDB00_2_000000014006FDB0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_0000000140005DB00_2_0000000140005DB0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014007AE500_2_000000014007AE50
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400A9EA00_2_00000001400A9EA0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014002FEE00_2_000000014002FEE0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_0000000140078F600_2_0000000140078F60
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014003CF600_2_000000014003CF60
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014006CF700_2_000000014006CF70
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6E1F900_2_00007FF73F6E1F90
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F71FFBC0_2_00007FF73F71FFBC
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6E38100_2_00007FF73F6E3810
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6E97000_2_00007FF73F6E9700
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6D358C0_2_00007FF73F6D358C
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6D45540_2_00007FF73F6D4554
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6D80700_2_00007FF73F6D8070
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F50660_2_00007FF73F6F5066
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F7181080_2_00007FF73F718108
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F7290280_2_00007FF73F729028
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F72D02C0_2_00007FF73F72D02C
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F50F70_2_00007FF73F6F50F7
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F7270480_2_00007FF73F727048
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6EE0D00_2_00007FF73F6EE0D0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F4F7E0_2_00007FF73F6F4F7E
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F703F700_2_00007FF73F703F70
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6FDF400_2_00007FF73F6FDF40
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F718FF00_2_00007FF73F718FF0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F4FEB0_2_00007FF73F6F4FEB
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F737F600_2_00007FF73F737F60
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F736F700_2_00007FF73F736F70
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F3E560_2_00007FF73F6F3E56
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F1E4F0_2_00007FF73F6F1E4F
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F71AEE00_2_00007FF73F71AEE0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F717EFC0_2_00007FF73F717EFC
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6D3F080_2_00007FF73F6D3F08
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F721E400_2_00007FF73F721E40
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F4ECD0_2_00007FF73F6F4ECD
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F4E980_2_00007FF73F6F4E98
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F4D910_2_00007FF73F6F4D91
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6FCD700_2_00007FF73F6FCD70
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F3D650_2_00007FF73F6F3D65
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6E0DF00_2_00007FF73F6E0DF0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F4DE30_2_00007FF73F6F4DE3
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F72FCA00_2_00007FF73F72FCA0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F4C800_2_00007FF73F6F4C80
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F717CF80_2_00007FF73F717CF8
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6FAD000_2_00007FF73F6FAD00
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F4CE90_2_00007FF73F6F4CE9
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F5CD80_2_00007FF73F6F5CD8
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F735C600_2_00007FF73F735C60
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F4CB80_2_00007FF73F6F4CB8
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F4B940_2_00007FF73F6F4B94
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6DFB900_2_00007FF73F6DFB90
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6FFB800_2_00007FF73F6FFB80
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F722BEC0_2_00007FF73F722BEC
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F4BED0_2_00007FF73F6F4BED
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F727B5C0_2_00007FF73F727B5C
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F5A740_2_00007FF73F6F5A74
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F71AADC0_2_00007FF73F71AADC
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F717AEC0_2_00007FF73F717AEC
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F4B130_2_00007FF73F6F4B13
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F4B040_2_00007FF73F6F4B04
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F4AD40_2_00007FF73F6F4AD4
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F9AC00_2_00007FF73F6F9AC0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6EB9900_2_00007FF73F6EB990
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F69750_2_00007FF73F6F6975
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F59490_2_00007FF73F6F5949
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F723A040_2_00007FF73F723A04
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F59A10_2_00007FF73F6F59A1
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6EA8800_2_00007FF73F6EA880
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F7178E80_2_00007FF73F7178E8
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F7038340_2_00007FF73F703834
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F99100_2_00007FF73F6F9910
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F590A0_2_00007FF73F6F590A
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F58A30_2_00007FF73F6F58A3
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F72E8880_2_00007FF73F72E888
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F07800_2_00007FF73F6F0780
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6D27700_2_00007FF73F6D2770
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F87700_2_00007FF73F6F8770
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F574A0_2_00007FF73F6F574A
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F57200_2_00007FF73F6F5720
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F57F40_2_00007FF73F6F57F4
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F57B40_2_00007FF73F6F57B4
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F71A6A40_2_00007FF73F71A6A4
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F168A0_2_00007FF73F6F168A
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F563F0_2_00007FF73F6F563F
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F71970C0_2_00007FF73F71970C
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F7346400_2_00007FF73F734640
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F56D90_2_00007FF73F6F56D9
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F36C70_2_00007FF73F6F36C7
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6E85900_2_00007FF73F6E8590
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F55450_2_00007FF73F6F5545
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6FF5400_2_00007FF73F6FF540
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F46070_2_00007FF73F6F4607
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F55C30_2_00007FF73F6F55C3
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F54770_2_00007FF73F6F5477
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6FA4700_2_00007FF73F6FA470
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F7204CC0_2_00007FF73F7204CC
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F7274DC0_2_00007FF73F7274DC
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F544D0_2_00007FF73F6F544D
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F7314480_2_00007FF73F731448
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6E64D00_2_00007FF73F6E64D0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6E34B00_2_00007FF73F6E34B0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F71B3A40_2_00007FF73F71B3A4
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F532E0_2_00007FF73F6F532E
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F71D36C0_2_00007FF73F71D36C
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F33BC0_2_00007FF73F6F33BC
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F7193880_2_00007FF73F719388
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F7022800_2_00007FF73F702280
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F42340_2_00007FF73F6F4234
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F71830C0_2_00007FF73F71830C
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F52B80_2_00007FF73F6F52B8
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6ED1500_2_00007FF73F6ED150
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F72B2000_2_00007FF73F72B200
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F511A0_2_00007FF73F6F511A
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F7012100_2_00007FF73F701210
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F51F50_2_00007FF73F6F51F5
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F71E1700_2_00007FF73F71E170
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6F51970_2_00007FF73F6F5197
                Source: C:\Users\user\Desktop\chelentano.exeCode function: String function: 000000014002B930 appears 32 times
                Source: C:\Users\user\Desktop\chelentano.exeCode function: String function: 0000000140045330 appears 58 times
                Source: C:\Users\user\Desktop\chelentano.exeCode function: String function: 0000000140034C00 appears 41 times
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@1/2
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_0000000140085970 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,0_2_0000000140085970
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400D2008 AdjustTokenPrivileges,CredEnumerateA,0_2_00000001400D2008
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6D358C NtQuerySystemInformation,NtQuerySystemInformation,GetUserNameA,GetModuleFileNameA,GetDiskFreeSpaceExA,SleepEx,GetSystemInfo,GlobalMemoryStatusEx,_invalid_parameter_noinfo_noreturn,0_2_00007FF73F6D358C
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014003C8C0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_000000014003C8C0
                Source: C:\Users\user\Desktop\chelentano.exeMutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E6963B1E203F8
                Source: chelentano.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\chelentano.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: chelentano.exe, 00000000.00000003.1703212922.000001A6BF8FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: chelentano.exeStatic PE information: Image base 0x140000000 > 0x60000000
                Source: chelentano.exeStatic file information: File size 2314240 > 1048576
                Source: chelentano.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x1c2400
                Source: chelentano.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: chelentano.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

                Data Obfuscation

                barindex
                Detected unpacking (creates a PE file in dynamic memory)
                Source: C:\Users\user\Desktop\chelentano.exeUnpacked PE file: 0.2.chelentano.exe.140000000.0.unpack
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014003B820 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,0_2_000000014003B820
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014006F341 push rbp; iretd 0_2_000000014006F342
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6D4AC0 push qword ptr [00007FF73F8FE004h]; ret 0_2_00007FF73F6D4B2F
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_0000000140076480 ExitProcess,OpenMutexA,ExitProcess,CreateMutexA,CreateMutexExA,ExitProcess,ReleaseMutex,CloseHandle,0_2_0000000140076480
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6D49D6 rdtsc 0_2_00007FF73F6D49D6
                Source: C:\Users\user\Desktop\chelentano.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-99363
                Source: C:\Users\user\Desktop\chelentano.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-99855
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400B9810 FindClose,FindFirstFileExW,GetLastError,0_2_00000001400B9810
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400B98C0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_00000001400B98C0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F72D02C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF73F72D02C
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400813B0 GetLogicalDriveStringsW,0_2_00000001400813B0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_0000000140097348 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,0_2_0000000140097348
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: D:\sources\migration\Jump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: D:\sources\migration\wtr\Jump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior
                Source: chelentano.exe, 00000000.00000002.1767201437.000001A6BCCB9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0`
                Source: chelentano.exe, 00000000.00000003.1700856129.000001A6BCD32000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000002.1767201437.000001A6BCD1D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: chelentano.exe, 00000000.00000003.1700856129.000001A6BCD32000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000002.1767201437.000001A6BCD1D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWHq
                Source: C:\Users\user\Desktop\chelentano.exeAPI call chain: ExitProcess graph end nodegraph_0-99807
                Source: C:\Users\user\Desktop\chelentano.exeAPI call chain: ExitProcess graph end nodegraph_0-99803
                Source: C:\Users\user\Desktop\chelentano.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F6D49D6 rdtsc 0_2_00007FF73F6D49D6
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400843F0 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,0_2_00000001400843F0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400D22C8 IsDebuggerPresent,0_2_00000001400D22C8
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400BBB14 GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_00000001400BBB14
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014003B820 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,0_2_000000014003B820
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F72E23C GetProcessHeap,0_2_00007FF73F72E23C
                Source: C:\Users\user\Desktop\chelentano.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400D22D8 SetUnhandledExceptionFilter,0_2_00000001400D22D8
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_000000014008F920 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_000000014008F920
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F70FC48 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF73F70FC48
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F70FA60 SetUnhandledExceptionFilter,0_2_00007FF73F70FA60
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F70F880 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF73F70F880
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F7161D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF73F7161D8
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400751E0 ShellExecuteW,0_2_00000001400751E0
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00007FF73F729920 cpuid 0_2_00007FF73F729920
                Source: C:\Users\user\Desktop\chelentano.exeCode function: GetLocaleInfoW,0_2_000000014009C1A8
                Source: C:\Users\user\Desktop\chelentano.exeCode function: EnumSystemLocalesW,0_2_00000001400A7270
                Source: C:\Users\user\Desktop\chelentano.exeCode function: EnumSystemLocalesW,0_2_00000001400A7340
                Source: C:\Users\user\Desktop\chelentano.exeCode function: GetLocaleInfoW,0_2_00000001400D2398
                Source: C:\Users\user\Desktop\chelentano.exeCode function: GetLocaleInfoEx,FormatMessageA,0_2_00000001400B9480
                Source: C:\Users\user\Desktop\chelentano.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00000001400A7778
                Source: C:\Users\user\Desktop\chelentano.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00000001400A795C
                Source: C:\Users\user\Desktop\chelentano.exeCode function: EnumSystemLocalesW,0_2_000000014009BC68
                Source: C:\Users\user\Desktop\chelentano.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00000001400A6F14
                Source: C:\Users\user\Desktop\chelentano.exeCode function: EnumSystemLocalesW,0_2_00007FF73F726090
                Source: C:\Users\user\Desktop\chelentano.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF73F730C78
                Source: C:\Users\user\Desktop\chelentano.exeCode function: GetLocaleInfoW,0_2_00007FF73F730B44
                Source: C:\Users\user\Desktop\chelentano.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00007FF73F730A94
                Source: C:\Users\user\Desktop\chelentano.exeCode function: GetLocaleInfoW,0_2_00007FF73F73093C
                Source: C:\Users\user\Desktop\chelentano.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF73F7306F4
                Source: C:\Users\user\Desktop\chelentano.exeCode function: EnumSystemLocalesW,0_2_00007FF73F73065C
                Source: C:\Users\user\Desktop\chelentano.exeCode function: EnumSystemLocalesW,0_2_00007FF73F73058C
                Source: C:\Users\user\Desktop\chelentano.exeCode function: GetLocaleInfoW,0_2_00007FF73F726490
                Source: C:\Users\user\Desktop\chelentano.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00007FF73F730230
                Source: C:\Users\user\Desktop\chelentano.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyNameJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_0000000140096718 GetSystemTimeAsFileTime,0_2_0000000140096718
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_0000000140080110 GetUserNameW,0_2_0000000140080110
                Source: C:\Users\user\Desktop\chelentano.exeCode function: 0_2_00000001400A114C _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00000001400A114C

                Stealing of Sensitive Information

                barindex
                Yara detected CredGrabber
                Source: Yara matchFile source: Process Memory Space: chelentano.exe PID: 7588, type: MEMORYSTR
                Yara detected Meduza Stealer
                Source: Yara matchFile source: 0.2.chelentano.exe.140000000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.chelentano.exe.140000000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.1767201437.000001A6BCCB9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: chelentano.exe PID: 7588, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: chelentano.exe, 00000000.00000002.1767201437.000001A6BCCB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Electrum-LTC\wallets
                Source: chelentano.exe, 00000000.00000002.1767201437.000001A6BCCB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectronCash\config
                Source: chelentano.exe, 00000000.00000002.1767201437.000001A6BCCB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
                Source: chelentano.exe, 00000000.00000002.1767201437.000001A6BCCB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Exodus\exodus.wallet
                Source: chelentano.exe, 00000000.00000002.1767201437.000001A6BCCB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
                Source: chelentano.exe, 00000000.00000002.1767201437.000001A6BCCB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
                Tries to harvest and steal Bitcoin Wallet information
                Source: C:\Users\user\Desktop\chelentano.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCKJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\chelentano.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Users\user\Desktop\chelentano.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: Yara matchFile source: Process Memory Space: chelentano.exe PID: 7588, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected CredGrabber
                Source: Yara matchFile source: Process Memory Space: chelentano.exe PID: 7588, type: MEMORYSTR
                Yara detected Meduza Stealer
                Source: Yara matchFile source: 0.2.chelentano.exe.140000000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.chelentano.exe.140000000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.1767201437.000001A6BCCB9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: chelentano.exe PID: 7588, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
                Native API                		1
                DLL Side-Loading                		1
                Exploitation for Privilege Escalation                		1
                Access Token Manipulation                		1
                OS Credential Dumping                		12
                System Time Discovery                		Remote Services1
                Screen Capture                		21
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Access Token Manipulation                		1
                Deobfuscate/Decode Files or Information                		LSASS Memory41
                Security Software Discovery                		Remote Desktop Protocol1
                Email Collection                		1
                Non-Standard Port                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		2
                Obfuscated Files or Information                		Security Account Manager2
                Process Discovery                		SMB/Windows Admin Shares1
                Archive Collected Data                		2
                Ingress Tool Transfer                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                Software Packing                		NTDS1
                Account Discovery                		Distributed Component Object Model2
                Data from Local System                		2
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA Secrets1
                System Owner/User Discovery                		SSHKeylogging3
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
                System Network Configuration Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync3
                File and Directory Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem36
                System Information Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                No Antivirus matches

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://support.mic0%Avira URL Cloudsafe
                https://api.ipify.orges0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                api.ipify.org
                		172.67.74.152
                		truefalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://api.ipify.org/false
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://ns.adobe.hotoshchelentano.exe, 00000000.00000003.1765988193.000001A6BEBF0000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1700062906.000001A6BEBE1000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1766214084.000001A6BEBF5000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1766062591.000001A6BEBF4000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://duckduckgo.com/chrome_newtabchelentano.exe, 00000000.00000003.1701875456.000001A6BF93C000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFchelentano.exe, 00000000.00000003.1706601756.000001A6BED7F000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://duckduckgo.com/ac/?q=chelentano.exe, 00000000.00000003.1701875456.000001A6BF93C000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgchelentano.exe, 00000000.00000003.1714091742.000001A6BEBD7000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1712870971.000001A6BEBD3000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://www.google.com/images/branding/product/ico/googleg_lodp.icochelentano.exe, 00000000.00000003.1701875456.000001A6BF93C000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://ns.a.0/sTychelentano.exe, 00000000.00000003.1765988193.000001A6BEBF0000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1700062906.000001A6BEBE1000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1766214084.000001A6BEBF5000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1766062591.000001A6BEBF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://api.ipify.org/Dchelentano.exe, 00000000.00000002.1767201437.000001A6BCCB9000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://api.ipify.orgeschelentano.exe, 00000000.00000002.1767201437.000001A6BCCB9000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.chelentano.exe, 00000000.00000003.1714091742.000001A6BEBD7000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1712870971.000001A6BEBD3000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=chelentano.exe, 00000000.00000003.1701875456.000001A6BF93C000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctachelentano.exe, 00000000.00000003.1712870971.000001A6BEBD3000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=chelentano.exe, 00000000.00000003.1701875456.000001A6BF93C000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016chelentano.exe, 00000000.00000003.1702530023.000001A6BCD4E000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1702442637.000001A6BF998000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chelentano.exe, 00000000.00000003.1702530023.000001A6BCD4E000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1702442637.000001A6BF998000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://support.micchelentano.exe, 00000000.00000002.1767292716.000001A6BCD4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.ecosia.org/newtab/chelentano.exe, 00000000.00000003.1701875456.000001A6BF93C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brchelentano.exe, 00000000.00000003.1706601756.000001A6BED7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://ac.ecosia.org/autocomplete?q=chelentano.exe, 00000000.00000003.1701875456.000001A6BF93C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgchelentano.exe, 00000000.00000003.1712870971.000001A6BEBD3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYichelentano.exe, 00000000.00000003.1712870971.000001A6BEBD3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Installchelentano.exe, 00000000.00000003.1701875456.000001A6BF94E000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1701875456.000001A6BF974000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1702184525.000001A6BF8EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchchelentano.exe, 00000000.00000003.1701875456.000001A6BF93C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://api.ipify.org/dP=zchelentano.exe, 00000000.00000002.1767201437.000001A6BCCB9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://support.mozilla.orgchelentano.exe, 00000000.00000003.1708245175.000001A6BF640000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709743082.000001A6BF950000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1706601756.000001A6BED78000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1706601756.000001A6BEDEF000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709405167.000001A6BFA6A000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709743082.000001A6BF958000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709593125.000001A6BFA11000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1710222554.000001A6BF9AD000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1706601756.000001A6BED70000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709593125.000001A6BFA19000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1706601756.000001A6BEDF7000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1709405167.000001A6BFA72000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Exampleschelentano.exe, 00000000.00000003.1701875456.000001A6BF94E000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1701875456.000001A6BF974000.00000004.00000020.00020000.00000000.sdmp, chelentano.exe, 00000000.00000003.1702184525.000001A6BF8EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=chelentano.exe, 00000000.00000003.1701875456.000001A6BF93C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94chelentano.exe, 00000000.00000003.1712870971.000001A6BEBD3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high

                                                                        World Map of Contacted IPs

                                                                        • No. of IPs < 25%
                                                                        • 25% < No. of IPs < 50%
                                                                        • 50% < No. of IPs < 75%
                                                                        • 75% < No. of IPs

                                                                        Public IPs

                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                        45.130.145.152
                                                                        		unknownRussian Federation
                                                                        		49392ASBAXETNRUtrue
                                                                        172.67.74.152
                                                                        		api.ipify.orgUnited States
                                                                        		13335CLOUDFLARENETUSfalse

                                                                        General Information

                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                        Analysis ID:1556973
                                                                        Start date and time:2024-11-16 22:02:06 +01:00
                                                                        Joe Sandbox product:CloudBasic
                                                                        Overall analysis duration:0h 3m 53s
                                                                        Hypervisor based Inspection enabled:false
                                                                        Report type:full
                                                                        Cookbook file name:default.jbs
                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                        Number of analysed new started processes analysed:1
                                                                        Number of new started drivers analysed:0
                                                                        Number of existing processes analysed:0
                                                                        Number of existing drivers analysed:0
                                                                        Number of injected processes analysed:0
                                                                        Technologies:
                                                                        • HCA enabled
                                                                        • EGA enabled
                                                                        • AMSI enabled
                                                                        Analysis Mode:default
                                                                        Analysis stop reason:Timeout
                                                                        Sample name:chelentano.exe
                                                                        Detection:MAL
                                                                        Classification:mal100.troj.spyw.evad.winEXE@1/0@1/2
                                                                        EGA Information:
                                                                        • Successful, ratio: 100%
                                                                        HCA Information:
                                                                        • Successful, ratio: 98%
                                                                        • Number of executed functions: 63
                                                                        • Number of non-executed functions: 128
                                                                        Cookbook Comments:
                                                                        • Found application associated with file extension: .exe
                                                                        • Stop behavior analysis, all processes terminated

                                                                        Warnings

                                                                        • Excluded IPs from analysis (whitelisted): 20.109.210.53
                                                                        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, sls.update.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                        • Report size exceeded maximum capacity and may have missing network information.
                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                        • VT rate limit hit for: chelentano.exe

                                                                        Simulations

                                                                        Behavior and APIs

                                                                        No simulations

                                                                        Joe Sandbox View / Context

                                                                        IPs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        45.130.145.1529RM52QaURq.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                          HZ1BUCfTne.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                            9RM52QaURq.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                              bv2DbIiZeK.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                brozer.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                  YU7jHNMJjG.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                    6Ev0Nd7z2t.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                      6HWYiong4s.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                        btoRtc7o3v.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                          HZ1BUCfTne.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            172.67.74.1522b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                                                            • api.ipify.org/
                                                                                            Zc9eO57fgF.elfGet hashmaliciousUnknownBrowse
                                                                                            • api.ipify.org/
                                                                                            67065b4c84713_Javiles.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                            • api.ipify.org/
                                                                                            Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                                                            • api.ipify.org/
                                                                                            4F08j2Rmd9.binGet hashmaliciousXmrigBrowse
                                                                                            • api.ipify.org/
                                                                                            y8tCHz7CwC.binGet hashmaliciousXmrigBrowse
                                                                                            • api.ipify.org/
                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                            • api.ipify.org/
                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                            • api.ipify.org/
                                                                                            file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                            • api.ipify.org/
                                                                                            file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                            • api.ipify.org/

                                                                                            Domains

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            api.ipify.orgXa04iTOvv5.exeGet hashmaliciousUnknownBrowse
                                                                                            • 104.26.13.205
                                                                                            Iamgold-PYMPATA Policy_Enrollment2024739441.rtfGet hashmaliciousUnknownBrowse
                                                                                            • 104.26.12.205
                                                                                            https://brand.page/N0www1904Get hashmaliciousUnknownBrowse
                                                                                            • 104.26.13.205
                                                                                            9RM52QaURq.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 172.67.74.152
                                                                                            HZ1BUCfTne.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 172.67.74.152
                                                                                            9RM52QaURq.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 172.67.74.152
                                                                                            bv2DbIiZeK.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 104.26.13.205
                                                                                            brozer.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 104.26.13.205
                                                                                            YU7jHNMJjG.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 172.67.74.152
                                                                                            6Ev0Nd7z2t.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 104.26.12.205

                                                                                            ASNs

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            ASBAXETNRUm2.exeGet hashmaliciousXmrigBrowse
                                                                                            • 194.87.31.45
                                                                                            9RM52QaURq.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 45.130.145.152
                                                                                            HZ1BUCfTne.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 45.130.145.152
                                                                                            9RM52QaURq.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 45.130.145.152
                                                                                            bv2DbIiZeK.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 45.130.145.152
                                                                                            brozer.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 45.130.145.152
                                                                                            YU7jHNMJjG.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 45.130.145.152
                                                                                            6Ev0Nd7z2t.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 45.130.145.152
                                                                                            6HWYiong4s.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 45.130.145.152
                                                                                            btoRtc7o3v.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 45.130.145.152
                                                                                            CLOUDFLARENETUSfile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                            • 172.64.41.3
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 188.114.97.3
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 188.114.96.3
                                                                                            https://bit.ly/3UPULW4?LmB=chMAG137nzGet hashmaliciousUnknownBrowse
                                                                                            • 104.22.1.232
                                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                            • 188.114.96.3
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 188.114.96.3
                                                                                            4c9ebxnhQk.exeGet hashmaliciousUnknownBrowse
                                                                                            • 104.26.9.44
                                                                                            o4QEzeCniw.exeGet hashmaliciousUnknownBrowse
                                                                                            • 104.26.9.44
                                                                                            XzCRLowRXn.exeGet hashmaliciousUnknownBrowse
                                                                                            • 104.16.123.96
                                                                                            4c9ebxnhQk.exeGet hashmaliciousUnknownBrowse
                                                                                            • 172.67.69.226

                                                                                            JA3 Fingerprints

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            37f463bf4616ecd445d4a1937da06e19Stake-Bot.exeGet hashmaliciousUnknownBrowse
                                                                                            • 172.67.74.152
                                                                                            v.dllGet hashmaliciousDridex DropperBrowse
                                                                                            • 172.67.74.152
                                                                                            gusetup.exeGet hashmaliciousUnknownBrowse
                                                                                            • 172.67.74.152
                                                                                            Dzsb.Qyd.Install.exeGet hashmaliciousXRedBrowse
                                                                                            • 172.67.74.152
                                                                                            9RM52QaURq.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 172.67.74.152
                                                                                            HZ1BUCfTne.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 172.67.74.152
                                                                                            9RM52QaURq.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 172.67.74.152
                                                                                            bv2DbIiZeK.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 172.67.74.152
                                                                                            brozer.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 172.67.74.152
                                                                                            YU7jHNMJjG.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                            • 172.67.74.152

                                                                                            Dropped Files

                                                                                            No context

                                                                                            Created / dropped Files

                                                                                            No created / dropped files found

                                                                                            Static File Info

                                                                                            General

                                                                                            File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                            Entropy (8bit):7.3799693372463935
                                                                                            TrID:
                                                                                            • Win64 Executable GUI (202006/5) 92.65%
                                                                                            • Win64 Executable (generic) (12005/4) 5.51%
                                                                                            • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                            • DOS Executable Generic (2002/1) 0.92%
                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                            File name:chelentano.exe
                                                                                            File size:2'314'240 bytes
                                                                                            MD5:21506ae1a222c3862c04d187b07ed714
                                                                                            SHA1:c70d79f32b962bf2e7e7901034aaedd8f2e71e35
                                                                                            SHA256:267e274b75ba1c49847eb93d95be90b6382768926e9c3674d115c21c3cc6f2c4
                                                                                            SHA512:351b4739f56820e271887d953ce1fdf68e19c11e84db9325e6f03866c0fc0ec1f6072db03a4013aa914f21990367fc207bfa0f9c41452553d5960881046a034f
                                                                                            SSDEEP:49152:NY4nch8Bu3BR8XlV10RyTXNFMnBOim8MspczpfEUL:G8VBuRR8X3iRg8kzJ
                                                                                            TLSH:79B5D077F94434FBEC3050348DA70757A67FB4828362879B2698262A5E57BD42F3AF40
                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=..T\.FT\.FT\.F.$.G]\.F.$.G.\.F.$.GF\.FD..G^\.FD..GE\.FD..G.\.Fl..GX\.Fl..Gz\.F.$.GQ\.FT\.F.\.F...GS\.Fb..GQ\.F...GU\.FRichT\.

                                                                                            File Icon

                                                                                            Icon Hash:90cececece8e8eb0

                                                                                            Static PE Info

                                                                                            General

                                                                                            Entrypoint:0x14003f330
                                                                                            Entrypoint Section:.text
                                                                                            Digitally signed:false
                                                                                            Imagebase:0x140000000
                                                                                            Subsystem:windows gui
                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                            Time Stamp:0x67386CAC [Sat Nov 16 09:58:04 2024 UTC]
                                                                                            TLS Callbacks:
                                                                                            CLR (.Net) Version:
                                                                                            OS Version Major:6
                                                                                            OS Version Minor:0
                                                                                            File Version Major:6
                                                                                            File Version Minor:0
                                                                                            Subsystem Version Major:6
                                                                                            Subsystem Version Minor:0
                                                                                            Import Hash:7d70777be1a5623273856e6a9d2b3b2f

                                                                                            Entrypoint Preview

                                                                                            Instruction
                                                                                            dec eax
                                                                                            sub esp, 28h
                                                                                            call 00007FE0F0C375C8h
                                                                                            dec eax
                                                                                            add esp, 28h
                                                                                            jmp 00007FE0F0C36CAFh
                                                                                            int3
                                                                                            int3
                                                                                            dec eax
                                                                                            mov eax, esp
                                                                                            dec esp
                                                                                            mov dword ptr [eax+20h], ecx
                                                                                            dec esp
                                                                                            mov dword ptr [eax+18h], eax
                                                                                            dec eax
                                                                                            mov dword ptr [eax+10h], edx
                                                                                            push ebx
                                                                                            push esi
                                                                                            push edi
                                                                                            inc ecx
                                                                                            push esi
                                                                                            dec eax
                                                                                            sub esp, 38h
                                                                                            dec ebp
                                                                                            mov esi, ecx
                                                                                            dec ecx
                                                                                            mov ebx, eax
                                                                                            dec eax
                                                                                            mov esi, edx
                                                                                            mov byte ptr [eax-38h], 00000000h
                                                                                            dec eax
                                                                                            mov edi, edx
                                                                                            dec ecx
                                                                                            imul edi, eax
                                                                                            dec eax
                                                                                            add edi, ecx
                                                                                            dec eax
                                                                                            mov dword ptr [eax+08h], edi
                                                                                            dec eax
                                                                                            mov eax, ebx
                                                                                            dec eax
                                                                                            dec ebx
                                                                                            dec eax
                                                                                            mov dword ptr [esp+70h], ebx
                                                                                            dec eax
                                                                                            test eax, eax
                                                                                            je 00007FE0F0C36E4Bh
                                                                                            dec eax
                                                                                            sub edi, esi
                                                                                            dec eax
                                                                                            mov dword ptr [esp+60h], edi
                                                                                            dec eax
                                                                                            mov ecx, edi
                                                                                            dec ecx
                                                                                            mov eax, esi
                                                                                            dec eax
                                                                                            mov edx, dword ptr [0002BFECh]
                                                                                            call edx
                                                                                            jmp 00007FE0F0C36E09h
                                                                                            mov byte ptr [esp+20h], 00000001h
                                                                                            dec eax
                                                                                            add esp, 38h
                                                                                            inc ecx
                                                                                            pop esi
                                                                                            pop edi
                                                                                            pop esi
                                                                                            pop ebx
                                                                                            ret
                                                                                            int3
                                                                                            dec eax
                                                                                            mov dword ptr [esp+10h], ebx
                                                                                            dec eax
                                                                                            mov dword ptr [esp+18h], esi
                                                                                            dec eax
                                                                                            mov dword ptr [esp+08h], ecx
                                                                                            push edi
                                                                                            inc ecx
                                                                                            push esi
                                                                                            inc ecx
                                                                                            push edi
                                                                                            dec eax
                                                                                            sub esp, 50h
                                                                                            dec ebp
                                                                                            mov esi, ecx
                                                                                            dec ecx
                                                                                            mov esi, eax
                                                                                            dec esp
                                                                                            mov edi, edx
                                                                                            dec eax
                                                                                            mov edi, ecx
                                                                                            xor ebx, ebx
                                                                                            dec eax
                                                                                            mov dword ptr [esp+38h], ebx
                                                                                            dec eax
                                                                                            cmp ebx, esi
                                                                                            je 00007FE0F0C36E4Bh
                                                                                            dec ecx
                                                                                            sub edi, edi
                                                                                            dec eax
                                                                                            mov dword ptr [esp+70h], edi
                                                                                            dec eax
                                                                                            mov ecx, edi
                                                                                            dec ecx
                                                                                            mov eax, esi
                                                                                            call dword ptr [0002BF94h]
                                                                                            dec eax
                                                                                            inc ebx

                                                                                            Data Directories

                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x22c7440x3c.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x2330000x468c.pdata
                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x2380000x1de8.reloc
                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x223aa00x38.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x223c800x28.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2239600x140.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x6b0000x378.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                            Sections

                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                            .text0x10000x695a00x696009a2b1fa3d4d578da3d12f49291801967False0.5213152431791221data6.483309236629047IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                            .rdata0x6b0000x1c23180x1c2400d61c239920732c38a8fce8e695ec637fFalse0.7939496503678511data7.4458712378603815IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .data0x22e0000x44bc0x2c00b78b3be2a53d1be3f920dc0961c10337False0.11123934659090909data2.4644233737167798IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .pdata0x2330000x468c0x4800237495896b73c9e21b14ccac8c962a82False0.4833984375PEX Binary Archive5.671388566881184IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .reloc0x2380000x1de80x1e00238b82fb20333b97d53cdf22490ae418False0.6766927083333333data6.5188501449965255IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                            Imports

                                                                                            DLLImport
                                                                                            ADVAPI32.dllGetUserNameA
                                                                                            KERNEL32.dllGetModuleFileNameA, Sleep, GetSystemInfo, GlobalMemoryStatusEx, GetDiskFreeSpaceExA, SetWaitableTimer, ResumeThread, LoadLibraryA, CreateWaitableTimerA, WideCharToMultiByte, GetLastError, GetCurrentProcess, VirtualProtect, VirtualQueryEx, ReadProcessMemory, WriteProcessMemory, VirtualAlloc, VirtualFree, VirtualQuery, GetProcAddress, CloseHandle, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, TryAcquireSRWLockExclusive, GetCurrentThreadId, InitializeCriticalSectionEx, QueryPerformanceCounter, EncodePointer, DecodePointer, MultiByteToWideChar, LCMapStringEx, GetSystemTimeAsFileTime, GetModuleHandleW, GetStringTypeW, GetCPInfo, WakeAllConditionVariable, SleepConditionVariableSRW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetCurrentProcessId, InitializeSListHead, TerminateProcess, CreateFileW, RtlUnwindEx, RtlPcToFileHeader, RaiseException, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetStdHandle, GetFileType, GetModuleFileNameW, WriteConsoleW, WriteFile, HeapAlloc, HeapFree, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, OutputDebugStringW, HeapReAlloc, GetConsoleOutputCP, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, FlushFileBuffers, ReadFile, ReadConsoleW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, SetStdHandle, HeapSize, RtlUnwind

                                                                                            Network Behavior

                                                                                            Suricata IDS Alerts

                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                            2024-11-16T22:03:04.996790+01002049441ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt1192.168.2.44973045.130.145.15215666TCP
                                                                                            2024-11-16T22:03:04.996790+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.44973045.130.145.15215666TCP
                                                                                            2024-11-16T22:03:04.996790+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.44973045.130.145.15215666TCP
                                                                                            2024-11-16T22:03:05.003123+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.44973045.130.145.15215666TCP
                                                                                            2024-11-16T22:03:05.003123+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.44973045.130.145.15215666TCP

                                                                                            Network Port Distribution

                                                                                            TCP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Nov 16, 2024 22:03:00.298561096 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:00.304086924 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:00.304517031 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:00.366708040 CET49731443192.168.2.4172.67.74.152
                                                                                            Nov 16, 2024 22:03:00.366751909 CET44349731172.67.74.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:00.366985083 CET49731443192.168.2.4172.67.74.152
                                                                                            Nov 16, 2024 22:03:00.376570940 CET49731443192.168.2.4172.67.74.152
                                                                                            Nov 16, 2024 22:03:00.376612902 CET44349731172.67.74.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:01.003415108 CET44349731172.67.74.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:01.003890038 CET49731443192.168.2.4172.67.74.152
                                                                                            Nov 16, 2024 22:03:01.194170952 CET49731443192.168.2.4172.67.74.152
                                                                                            Nov 16, 2024 22:03:01.194250107 CET44349731172.67.74.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:01.195245028 CET44349731172.67.74.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:01.195378065 CET49731443192.168.2.4172.67.74.152
                                                                                            Nov 16, 2024 22:03:01.235171080 CET49731443192.168.2.4172.67.74.152
                                                                                            Nov 16, 2024 22:03:01.275366068 CET44349731172.67.74.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:01.417721033 CET44349731172.67.74.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:01.417870998 CET44349731172.67.74.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:01.418181896 CET49731443192.168.2.4172.67.74.152
                                                                                            Nov 16, 2024 22:03:01.418183088 CET49731443192.168.2.4172.67.74.152
                                                                                            Nov 16, 2024 22:03:01.418556929 CET49731443192.168.2.4172.67.74.152
                                                                                            Nov 16, 2024 22:03:01.418618917 CET44349731172.67.74.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:04.996789932 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.002924919 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.002944946 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.002959013 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.002973080 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.002985001 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.003123045 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.003303051 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.003336906 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.003350019 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.003362894 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.003375053 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.003496885 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.008729935 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.008749962 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.008760929 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.008773088 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.008785009 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.008790016 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.008923054 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.009361029 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.009612083 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.014153957 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.014229059 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.014467955 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.014687061 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.014699936 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.014781952 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.014806032 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.014888048 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.014940977 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.014954090 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.014967918 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.014980078 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.014985085 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.014996052 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.015005112 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.015017986 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.015029907 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.015042067 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.015045881 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.015053988 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.015069008 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.015095949 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.015116930 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.021253109 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021265984 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021322966 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.021537066 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021555901 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021568060 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021579027 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021591902 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021596909 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021606922 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021619081 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021624088 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021635056 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021658897 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021672010 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021682978 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021694899 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021699905 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021703959 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021714926 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021724939 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021737099 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021749020 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021759987 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021775961 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021786928 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021799088 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021811962 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.021821022 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021832943 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021838903 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021848917 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021872044 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021883965 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021895885 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021900892 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021934986 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021950960 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.021997929 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022010088 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022027969 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.022072077 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022084951 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022095919 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022110939 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.022142887 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022166014 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022166014 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.022178888 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022198915 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.022202015 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022213936 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022224903 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022237062 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022243023 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022253990 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.022273064 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022285938 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022305965 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022314072 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.022352934 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022365093 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022372007 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.022376060 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022387981 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022408962 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022413969 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.022420883 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022435904 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022449970 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.022468090 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022481918 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022520065 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.022726059 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.022790909 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.028341055 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.028379917 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.028491020 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.028517008 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.028541088 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.028543949 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.028564930 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.028590918 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.028615952 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.028662920 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.028697968 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.028724909 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.028768063 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.028774977 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.028791904 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.028805017 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.028816938 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.028834105 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.028841019 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.028867960 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.028888941 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.028896093 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.028913975 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.028939009 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.028963089 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.028975964 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.028986931 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029004097 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029011965 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029030085 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029057026 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029064894 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029084921 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029109955 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029115915 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029131889 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029155970 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029170990 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029180050 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029202938 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029216051 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029247046 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029258966 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029270887 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029294968 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029303074 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029318094 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029329062 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029330969 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029352903 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029376030 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029378891 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029419899 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029429913 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029444933 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029469967 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029493093 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029496908 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029515982 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029527903 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029540062 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029550076 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029575109 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029582977 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029603958 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029608965 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029633999 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029658079 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029659986 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029689074 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029712915 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029735088 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029778004 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029800892 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029819965 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029834032 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029845953 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029886007 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029891968 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029917002 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029917955 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029963970 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.029978991 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.029989004 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030014038 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030029058 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030040026 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030065060 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030073881 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030100107 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030107975 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030124903 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030133963 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030158997 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030174017 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030183077 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030205965 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030214071 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030230045 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030273914 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030298948 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030323982 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030333042 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030348063 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030370951 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030375004 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030404091 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030415058 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030436039 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030440092 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030464888 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030469894 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030488968 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030503035 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030514956 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030538082 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030539036 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030564070 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030565977 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030586958 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030630112 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030632973 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030678034 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030685902 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030703068 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030715942 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030728102 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030744076 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030752897 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030787945 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030796051 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030817032 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030821085 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030846119 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030864954 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030869961 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030893087 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030894995 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030920029 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030934095 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030946016 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030960083 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.030988932 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.030993938 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031013966 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031038046 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031054974 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031064034 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031088114 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031089067 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031112909 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031119108 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031151056 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031155109 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031172991 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031179905 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031204939 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031215906 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031220913 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031259060 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031275988 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031284094 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031306982 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031333923 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031354904 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031367064 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031382084 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031407118 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031449080 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031461954 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031474113 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031497955 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031498909 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031522989 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031536102 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031548977 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031563044 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031573057 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031598091 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031601906 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031620979 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031631947 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031645060 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031666994 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031688929 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031694889 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031713963 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031737089 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031755924 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031760931 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031785011 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031789064 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031809092 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031821966 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031832933 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031845093 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031857014 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031879902 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031884909 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031913996 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031924009 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031939983 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.031950951 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031975985 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.031986952 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.032000065 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.032025099 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.032053947 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.034591913 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.034666061 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.037094116 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037112951 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037195921 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037210941 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.037226915 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037240982 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037262917 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037277937 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037301064 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.037314892 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037337065 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037336111 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.037349939 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037369013 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.037412882 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.037415981 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037427902 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037465096 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037492037 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037514925 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.037535906 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037554979 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.037580013 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.037611008 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037626028 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037669897 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.037682056 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037698030 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037702084 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.037750006 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037755966 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.037761927 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037782907 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037821054 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.037832022 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037844896 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037851095 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.037890911 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037904024 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037910938 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.037925005 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037938118 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037940025 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.037976980 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.037983894 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.037990093 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038008928 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.038012981 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038024902 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038043976 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.038044930 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038058043 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038069963 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038074017 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.038105011 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.038139105 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.038175106 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038187981 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038198948 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038209915 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038222075 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038225889 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.038227081 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038239002 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038253069 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038264990 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038269997 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038275003 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038284063 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.038295984 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038309097 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038321972 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038351059 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038352013 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.038418055 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.038490057 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038501978 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038513899 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038518906 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038541079 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038548946 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.038553953 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038558960 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038569927 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038583040 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.038589954 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038624048 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.038639069 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038657904 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038671970 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038696051 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038707972 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038712978 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.038721085 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038734913 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038777113 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.038866997 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038880110 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038891077 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038904905 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038916111 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038928986 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038939953 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038949013 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.038952112 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038964987 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038975954 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038996935 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.038999081 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.039009094 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039020061 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039041042 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.039078951 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.039110899 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.039457083 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039469957 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039480925 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039496899 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039508104 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039520979 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039525986 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039535046 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.039537907 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039550066 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039561987 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039566994 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.039566994 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039577961 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039591074 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039602041 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039613962 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039624929 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039633036 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.039637089 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039648056 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039659977 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039671898 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039683104 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039688110 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039699078 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039706945 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.039710999 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039722919 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039729118 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039733887 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039751053 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039767027 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039772034 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.039778948 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039791107 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039803028 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039815903 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039827108 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039838076 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.039839029 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039850950 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039861917 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039874077 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039885998 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039906025 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.039906979 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039920092 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039932013 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039937973 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039947987 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.039948940 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039972067 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039983988 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.039997101 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040009975 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.040013075 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040028095 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040035963 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040052891 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.040057898 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040111065 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040122986 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040132046 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.040144920 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040157080 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040170908 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.040191889 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040205956 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.040214062 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040232897 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.040235996 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040247917 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040260077 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.040301085 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.040319920 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040333033 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040400028 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.040426970 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040440083 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040479898 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.040508032 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.040685892 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040699959 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040710926 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040724993 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040735960 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.040781021 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.083461046 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.083992958 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.084214926 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.084355116 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.084480047 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.084594011 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.084767103 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.084892035 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.085041046 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.085139990 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.085258961 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.085356951 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.085470915 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.085532904 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.119308949 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.119741917 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.119863987 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.119930029 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.120011091 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.120042086 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.125257969 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.125781059 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.125893116 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.125936031 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.167537928 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.167845964 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.215380907 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.218290091 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.246946096 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.247452021 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.247571945 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.247642994 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.247716904 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.247777939 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.247833014 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.247890949 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.247980118 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.248104095 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.248209953 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.248311996 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.248411894 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.248477936 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.252943993 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.253124952 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.295494080 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.295711040 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.296169996 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.296236038 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.296312094 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.296369076 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.296416044 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.296471119 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.296524048 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.296576977 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.296623945 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.296674013 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.296706915 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.307425976 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.307445049 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.307964087 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.308171034 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.308279037 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.308394909 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.313210964 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.313556910 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.313669920 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.313723087 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.355427980 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.355755091 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.403438091 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.403856993 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.414007902 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.414048910 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.414645910 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.414745092 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.414805889 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.414884090 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.414942026 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.415011883 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.415071011 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.415168047 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.415210009 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.420005083 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.420325994 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.463335037 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.463546038 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.499476910 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.499526978 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.499800920 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.499907970 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.499969006 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.500036001 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.500106096 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.500262022 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.500356913 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.500480890 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.500530958 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.504978895 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.505315065 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.505424976 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.505487919 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.505569935 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.505603075 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.547446012 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.547760010 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.569298983 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.569339037 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.569487095 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.569979906 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.570085049 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.570132971 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.570188999 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.570240974 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.570293903 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.570337057 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.570390940 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.570440054 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.570497990 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.570542097 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.570601940 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.570664883 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.570774078 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.570827961 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.575136900 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.575347900 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.620455027 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.620718956 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.620831966 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.620899916 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.620971918 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.621023893 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.644928932 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.645209074 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.645406961 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.645509005 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.645629883 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.645724058 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.645848036 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.645941019 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.646097898 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.646189928 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.646302938 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.646380901 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.646486044 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.646573067 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.646697998 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.646780014 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.651010036 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.651185036 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.651375055 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.651406050 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.651595116 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.652425051 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.652452946 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.652481079 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.652489901 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.652508974 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.652535915 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.652538061 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.652565002 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.652600050 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.652601957 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.652631044 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.652657986 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.652658939 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.652684927 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.652684927 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.652709961 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.652713060 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.652735949 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.652740955 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.652766943 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.652766943 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.652792931 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.652793884 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.652820110 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.652847052 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.652847052 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.652873039 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.652879953 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.652899027 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.652906895 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.652925968 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.652931929 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.652952909 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.652956009 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.652977943 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.652980089 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653004885 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653006077 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653031111 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653038025 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653058052 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653081894 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653109074 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653111935 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653140068 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653167009 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653172016 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653193951 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653198957 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653219938 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653224945 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653247118 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653253078 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653274059 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653279066 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653301001 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653310061 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653327942 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653335094 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653354883 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653359890 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653382063 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653386116 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653408051 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653409958 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653435946 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653462887 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653465986 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653490067 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653493881 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653517008 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653543949 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653549910 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653570890 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653578043 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653599024 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653600931 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653625965 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653626919 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653651953 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653652906 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653680086 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653681993 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653706074 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653726101 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653733015 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653757095 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653780937 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653799057 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653841019 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653845072 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653868914 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653897047 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653903008 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653923035 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653928995 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653950930 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.653954983 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653976917 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.653976917 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654001951 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654006004 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654032946 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654035091 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654062986 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654066086 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654094934 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654100895 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654122114 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654129982 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654149055 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654154062 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654175997 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654176950 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654202938 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654215097 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654230118 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654247999 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654257059 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654284000 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654285908 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654305935 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654310942 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654336929 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654340982 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654365063 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654366970 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654391050 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654392004 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654417038 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654418945 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654443026 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654448032 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654474974 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654479980 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654506922 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654522896 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654531002 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654544115 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654556990 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654568911 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654577971 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654580116 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654592037 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654603958 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654604912 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654616117 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654628038 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654634953 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654639959 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654652119 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654664040 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654675961 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654687881 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654689074 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654699087 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654710054 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654721975 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654732943 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654736996 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654743910 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654756069 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654767990 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654773951 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654779911 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654791117 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654803038 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654814005 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654814959 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654836893 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654853106 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654865026 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654866934 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654876947 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654890060 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654901981 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654911041 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654913902 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654925108 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654937029 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654939890 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.654947996 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654959917 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654972076 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654983044 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654988050 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654993057 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.654998064 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655003071 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655002117 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655013084 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655018091 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655030012 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655040979 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655052900 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655064106 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655075073 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655086994 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655100107 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655117989 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655122995 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655129910 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655141115 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655153990 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655165911 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655179024 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655190945 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655200005 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655201912 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655215979 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655227900 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655240059 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655242920 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655251026 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655261993 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655273914 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655284882 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655288935 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655289888 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655296087 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655307055 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655323029 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655328035 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655339956 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655352116 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655363083 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655374050 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655383110 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655385971 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655416012 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655431032 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655432940 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655443907 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655456066 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655467987 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655478001 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655479908 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655491114 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655497074 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655508041 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655513048 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655519009 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655530930 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655543089 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655555010 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655559063 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655565977 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655577898 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655590057 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655601978 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655601025 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655613899 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655626059 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655637026 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655641079 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655647993 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655658960 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655670881 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655682087 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655682087 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655694008 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655706882 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655724049 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655725002 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655738115 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655750036 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655772924 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655781031 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655785084 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655797005 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655808926 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655819893 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655821085 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655833960 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655847073 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655853033 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655859947 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655873060 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655884981 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655884027 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655895948 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655908108 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655920029 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655920029 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655931950 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655944109 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655955076 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655956984 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.655966043 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655977964 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.655989885 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656001091 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656003952 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.656013012 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656027079 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656039953 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.656040907 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656054020 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656066895 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656066895 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.656078100 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656090021 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656094074 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.656101942 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656114101 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656126022 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656128883 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.656136990 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656148911 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656161070 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656167030 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.656172991 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656184912 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656196117 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656208038 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656219006 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656224012 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.656230927 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656243086 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656255007 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656266928 CET156664973045.130.145.152192.168.2.4
                                                                                            Nov 16, 2024 22:03:05.656267881 CET4973015666192.168.2.445.130.145.152
                                                                                            Nov 16, 2024 22:03:05.656277895 CET156664973045.130.145.152192.168.2.4

                                                                                            DNS Queries

                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                            Nov 16, 2024 22:03:00.354007006 CET192.168.2.41.1.1.10x638cStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                                                                            DNS Answers

                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                            Nov 16, 2024 22:03:00.361521006 CET1.1.1.1192.168.2.40x638cNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                            Nov 16, 2024 22:03:00.361521006 CET1.1.1.1192.168.2.40x638cNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                            Nov 16, 2024 22:03:00.361521006 CET1.1.1.1192.168.2.40x638cNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false

                                                                                            HTTPS Proxied Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.449731172.67.74.1524437588C:\Users\user\Desktop\chelentano.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-11-16 21:03:01 UTC100OUTGET / HTTP/1.1
                                                                                            Accept: text/html; text/plain; */*
                                                                                            Host: api.ipify.org
                                                                                            Cache-Control: no-cache
                                                                                            2024-11-16 21:03:01 UTC399INHTTP/1.1 200 OK
                                                                                            Date: Sat, 16 Nov 2024 21:03:01 GMT
                                                                                            Content-Type: text/plain
                                                                                            Content-Length: 14
                                                                                            Connection: close
                                                                                            Vary: Origin
                                                                                            cf-cache-status: DYNAMIC
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8e3a6ce11af5316c-DFW
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1556&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2821&recv_bytes=738&delivery_rate=1748792&cwnd=246&unsent_bytes=0&cid=2b60669232195e5f&ts=438&x=0"
                                                                                            2024-11-16 21:03:01 UTC14INData Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39
                                                                                            Data Ascii: 173.254.250.69


                                                                                            Statistics

                                                                                            CPU Usage

                                                                                            Click to jump to process

                                                                                            Memory Usage

                                                                                            Click to jump to process

                                                                                            High Level Behavior Distribution

                                                                                            Click to dive into process behavior distribution

                                                                                            System Behavior

                                                                                            General

                                                                                            Target ID:0
                                                                                            Start time:16:02:58
                                                                                            Start date:16/11/2024
                                                                                            Path:C:\Users\user\Desktop\chelentano.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Users\user\Desktop\chelentano.exe"
                                                                                            Imagebase:0x7ff73f6d0000
                                                                                            File size:2'314'240 bytes
                                                                                            MD5 hash:21506AE1A222C3862C04D187B07ED714
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000000.00000002.1767201437.000001A6BCCB9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            Disassembly

                                                                                            Reset < >

                                                                                              Execution Graph

                                                                                              Execution Coverage:3.3%
                                                                                              Dynamic/Decrypted Code Coverage:50.3%
                                                                                              Signature Coverage:40.7%
                                                                                              Total number of Nodes:2000
                                                                                              Total number of Limit Nodes:40
                                                                                              execution_graph 98130 7ff73f6d4554 98131 7ff73f6d457c 98130->98131 98154 7ff73f6d4848 98130->98154 98131->98154 98155 7ff73f6d4b30 98131->98155 98133 7ff73f6d45cb 98166 7ff73f71d0e4 98133->98166 98136 7ff73f6d45fa 98137 7ff73f6d4b30 49 API calls 98136->98137 98147 7ff73f6d4622 ctype 98137->98147 98138 7ff73f6d4788 CreateWaitableTimerA SetWaitableTimer 98169 7ff73f6d4b6c 98138->98169 98140 7ff73f6d470f LoadLibraryA 98140->98147 98140->98154 98141 7ff73f6d4802 98142 7ff73f71d0e4 47 API calls 98141->98142 98143 7ff73f6d4809 98142->98143 98143->98154 98172 7ff73f6d4b4e 49 API calls ctype 98143->98172 98145 7ff73f71d0e4 47 API calls 98145->98147 98146 7ff73f6d481a 98148 7ff73f6d482d 98146->98148 98149 7ff73f6d481e 98146->98149 98147->98138 98147->98140 98147->98145 98150 7ff73f6d48a0 6 API calls 98147->98150 98147->98154 98173 7ff73f6d4b4e 49 API calls ctype 98148->98173 98151 7ff73f71d0e4 47 API calls 98149->98151 98150->98147 98152 7ff73f6d4823 ResumeThread 98151->98152 98152->98148 98174 7ff73f6d4ac0 98155->98174 98157 7ff73f6d4b3f 98158 7ff73f6d4b4e 98157->98158 98159 7ff73f6d4ac0 49 API calls 98157->98159 98160 7ff73f6d4ac0 49 API calls 98158->98160 98159->98158 98161 7ff73f6d4b5d 98160->98161 98162 7ff73f6d4b6c 98161->98162 98163 7ff73f6d4ac0 49 API calls 98161->98163 98164 7ff73f6d4ac0 49 API calls 98162->98164 98163->98162 98165 7ff73f6d4b7b ctype 98164->98165 98165->98133 98167 7ff73f7257f8 _Getctype 47 API calls 98166->98167 98168 7ff73f6d45d2 SleepEx 98167->98168 98168->98136 98168->98147 98170 7ff73f6d4ac0 49 API calls 98169->98170 98171 7ff73f6d4b7b ctype 98170->98171 98171->98141 98172->98146 98173->98154 98175 7ff73f6d4ae4 98174->98175 98178 7ff73f6d3544 98175->98178 98185 7ff73f71d128 GetSystemTimeAsFileTime 98178->98185 98182 7ff73f6d3556 98183 7ff73f71d0e4 47 API calls 98182->98183 98184 7ff73f6d3587 NtMakeTemporaryObject 98182->98184 98183->98182 98184->98157 98186 7ff73f6d354f 98185->98186 98187 7ff73f71d110 98186->98187 98190 7ff73f7257f8 GetLastError 98187->98190 98191 7ff73f725839 FlsSetValue 98190->98191 98192 7ff73f72581c FlsGetValue 98190->98192 98193 7ff73f725829 98191->98193 98195 7ff73f72584b 98191->98195 98192->98193 98194 7ff73f725833 98192->98194 98196 7ff73f7258a5 SetLastError 98193->98196 98194->98191 98212 7ff73f72503c 98195->98212 98198 7ff73f71d11d 98196->98198 98199 7ff73f7258c5 98196->98199 98198->98182 98228 7ff73f71f804 47 API calls 2 library calls 98199->98228 98202 7ff73f725878 FlsSetValue 98206 7ff73f725884 FlsSetValue 98202->98206 98207 7ff73f725896 98202->98207 98203 7ff73f725868 FlsSetValue 98205 7ff73f725871 98203->98205 98221 7ff73f72601c 98205->98221 98206->98205 98227 7ff73f7255a8 11 API calls _Getctype 98207->98227 98210 7ff73f72589e 98211 7ff73f72601c __free_lconv_num 11 API calls 98210->98211 98211->98196 98213 7ff73f72504d 98212->98213 98219 7ff73f72505b _Getctype 98212->98219 98214 7ff73f72509e 98213->98214 98213->98219 98232 7ff73f720c88 11 API calls _set_fmode 98214->98232 98215 7ff73f725082 HeapAlloc 98216 7ff73f72509c 98215->98216 98215->98219 98218 7ff73f7250a3 98216->98218 98218->98202 98218->98203 98219->98214 98219->98215 98229 7ff73f72239c 98219->98229 98222 7ff73f726021 HeapFree 98221->98222 98224 7ff73f726050 98221->98224 98223 7ff73f72603c GetLastError 98222->98223 98222->98224 98225 7ff73f726049 __free_lconv_num 98223->98225 98224->98193 98239 7ff73f720c88 11 API calls _set_fmode 98225->98239 98227->98210 98233 7ff73f7223dc 98229->98233 98232->98218 98238 7ff73f71fcc8 EnterCriticalSection 98233->98238 98239->98224 98240 7ff73f70f1bc 98261 7ff73f70edac 98240->98261 98243 7ff73f70f308 98276 7ff73f70f880 7 API calls 2 library calls 98243->98276 98244 7ff73f70f1d8 __scrt_acquire_startup_lock 98246 7ff73f70f312 98244->98246 98253 7ff73f70f1f6 __scrt_release_startup_lock 98244->98253 98277 7ff73f70f880 7 API calls 2 library calls 98246->98277 98248 7ff73f70f21b 98249 7ff73f70f31d BuildCatchObjectHelperInternal 98250 7ff73f70f2a1 98267 7ff73f70f9c8 98250->98267 98252 7ff73f70f2a6 98270 7ff73f6d2efc 98252->98270 98253->98248 98253->98250 98273 7ff73f714f60 47 API calls __GSHandlerCheck_EH 98253->98273 98259 7ff73f70f2c9 98259->98249 98275 7ff73f70ef30 7 API calls 98259->98275 98260 7ff73f70f2e0 98260->98248 98262 7ff73f70edb4 98261->98262 98263 7ff73f70edc0 __scrt_dllmain_crt_thread_attach 98262->98263 98264 7ff73f70edc9 98263->98264 98265 7ff73f70edcd 98263->98265 98264->98243 98264->98244 98265->98264 98278 7ff73f711214 7 API calls 2 library calls 98265->98278 98279 7ff73f737970 98267->98279 98281 7ff73f6d2f14 98270->98281 98273->98250 98274 7ff73f70fa0c GetModuleHandleW 98274->98259 98275->98260 98276->98246 98277->98249 98278->98264 98280 7ff73f70f9df GetStartupInfoW 98279->98280 98280->98252 98323 7ff73f6da980 98281->98323 98285 7ff73f6d2f61 98545 7ff73f6e7ad0 98285->98545 98288 7ff73f6d2f7f 98289 7ff73f6d2f84 98288->98289 98291 7ff73f6da980 52 API calls 98288->98291 98292 7ff73f6d2f8d 98289->98292 98295 7ff73f6d4b6c 49 API calls 98289->98295 98296 7ff73f6d2fe3 98291->98296 98300 7ff73f6da980 52 API calls 98292->98300 98301 7ff73f6d2f96 98292->98301 98298 7ff73f6d3069 98295->98298 98299 7ff73f6e1f90 98 API calls 98296->98299 98297 7ff73f6d2fb1 98302 7ff73f6d3111 98297->98302 98307 7ff73f6d2f14 152 API calls 98297->98307 98303 7ff73f6d307e 98298->98303 98609 7ff73f6d4b4e 49 API calls ctype 98298->98609 98305 7ff73f6d2fee 98299->98305 98306 7ff73f6d30c7 98300->98306 98612 7ff73f6db6a0 61 API calls 98301->98612 98310 7ff73f6d2f14 152 API calls 98303->98310 98313 7ff73f6e7ad0 57 API calls 98305->98313 98311 7ff73f6e1f90 98 API calls 98306->98311 98307->98288 98309 7ff73f6d2f0a 98309->98274 98310->98292 98312 7ff73f6d30d2 98311->98312 98610 7ff73f716070 50 API calls _invalid_parameter_noinfo_noreturn 98312->98610 98316 7ff73f6d3005 98313->98316 98315 7ff73f6d30de 98317 7ff73f6e7ad0 57 API calls 98315->98317 98318 7ff73f6d2f14 152 API calls 98316->98318 98319 7ff73f6d30e8 98317->98319 98320 7ff73f6d300f 98318->98320 98611 7ff73f6db6a0 61 API calls 98319->98611 98608 7ff73f6db6a0 61 API calls 98320->98608 98613 7ff73f6e8f20 98323->98613 98325 7ff73f6da9bb 98629 7ff73f6ed4c0 98325->98629 98330 7ff73f6e1f90 98716 7ff73f6d9290 98330->98716 98334 7ff73f6e20fa 98336 7ff73f6eab10 47 API calls 98334->98336 98338 7ff73f6e2186 messages 98336->98338 98337 7ff73f6e1ff9 ctype 98337->98334 99071 7ff73f6d74e0 49 API calls 6 library calls 98337->99071 98340 7ff73f6e32be 98338->98340 98341 7ff73f6e32c4 98338->98341 98725 7ff73f6e9700 98338->98725 99090 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98340->99090 99091 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98341->99091 98346 7ff73f6e32ca 99092 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98346->99092 98347 7ff73f6e22b4 98752 7ff73f6e6350 98347->98752 98350 7ff73f6e32d0 99093 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98350->99093 98355 7ff73f6e22d4 98360 7ff73f6e22ff ctype 98355->98360 99076 7ff73f6d79c0 49 API calls 6 library calls 98355->99076 98357 7ff73f6e32d6 99094 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98357->99094 98364 7ff73f6e23f8 98360->98364 99077 7ff73f6d74e0 49 API calls 6 library calls 98360->99077 98362 7ff73f6e2255 98362->98347 99072 7ff73f6dc070 91 API calls 3 library calls 98362->99072 99073 7ff73f6e7ba0 85 API calls 98362->99073 99074 7ff73f6e5d00 49 API calls Concurrency::cancel_current_task 98362->99074 99075 7ff73f6e0880 49 API calls Concurrency::cancel_current_task 98362->99075 98367 7ff73f6eab10 47 API calls 98364->98367 98365 7ff73f6e32dc 99095 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98365->99095 98372 7ff73f6e2496 messages 98367->98372 98369 7ff73f6e32e2 99096 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98369->99096 98371 7ff73f6e32e8 99097 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98371->99097 98372->98346 98372->98350 98373 7ff73f6e25d3 98372->98373 98374 7ff73f6e2540 98372->98374 98759 7ff73f6ec310 98373->98759 99078 7ff73f6ded80 49 API calls 3 library calls 98374->99078 98378 7ff73f6e256d 98381 7ff73f6eab10 47 API calls 98378->98381 98384 7ff73f6e25cb 98381->98384 98382 7ff73f6e25eb 99079 7ff73f6ded80 49 API calls 3 library calls 98382->99079 98387 7ff73f6dec80 47 API calls 98384->98387 98385 7ff73f6e2618 98386 7ff73f6eab10 47 API calls 98385->98386 98386->98384 98389 7ff73f6e3285 98387->98389 98388 7ff73f6e2680 98388->98384 98390 7ff73f6d9d90 86 API calls 98388->98390 98391 7ff73f70f520 std::_Throw_Cpp_error 8 API calls 98389->98391 98392 7ff73f6e26b2 98390->98392 98393 7ff73f6e3298 98391->98393 98779 7ff73f6d4e20 98392->98779 98393->98285 98396 7ff73f6e6350 49 API calls 98397 7ff73f6e2732 98396->98397 98791 7ff73f6d51b0 98397->98791 98399 7ff73f6e274d 98401 7ff73f6e2764 98399->98401 99080 7ff73f6d74e0 49 API calls 6 library calls 98399->99080 98402 7ff73f6eab10 47 API calls 98401->98402 98403 7ff73f6e27ed messages 98402->98403 98403->98357 98403->98365 98404 7ff73f6dc7c0 47 API calls 98403->98404 98405 7ff73f6e2894 98404->98405 98795 7ff73f6eb990 98405->98795 98408 7ff73f6e2906 99081 7ff73f6ded80 49 API calls 3 library calls 98408->99081 98409 7ff73f6e298d 98836 7ff73f6da070 98409->98836 98412 7ff73f6e2933 98414 7ff73f6eab10 47 API calls 98412->98414 98413 7ff73f6e299e 98416 7ff73f6e2a66 98413->98416 98417 7ff73f6e29c8 98413->98417 98415 7ff73f6e2985 98414->98415 98415->98384 98420 7ff73f6dec80 47 API calls 98415->98420 98418 7ff73f6e2aac 98416->98418 99083 7ff73f6d5350 49 API calls 2 library calls 98416->99083 99082 7ff73f6ded80 49 API calls 3 library calls 98417->99082 98844 7ff73f6d9050 98418->98844 98420->98384 98423 7ff73f6e29f5 98425 7ff73f6eab10 47 API calls 98423->98425 98440 7ff73f6e2a5e messages 98425->98440 98426 7ff73f6d51b0 49 API calls 98427 7ff73f6e2ad4 98426->98427 98856 7ff73f6df520 98427->98856 98429 7ff73f6dec80 47 API calls 98429->98415 98430 7ff73f6e2aea 98431 7ff73f6eab10 47 API calls 98430->98431 98432 7ff73f6e2b34 messages 98431->98432 98432->98369 98432->98371 98861 7ff73f6e3810 98432->98861 98435 7ff73f6d9290 86 API calls 98436 7ff73f6e2c12 98435->98436 98439 7ff73f6d51b0 49 API calls 98436->98439 98437 7ff73f6e3204 98437->98440 98443 7ff73f6e32b9 98437->98443 98438 7ff73f6e2bf7 98438->98437 98438->98440 99088 7ff73f6db110 47 API calls 2 library calls 98438->99088 98441 7ff73f6e2c29 98439->98441 98440->98429 98444 7ff73f6df520 std::_Throw_Cpp_error 49 API calls 98441->98444 99089 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98443->99089 98446 7ff73f6e2c3f 98444->98446 98447 7ff73f6eab10 47 API calls 98446->98447 98448 7ff73f6e2c89 98447->98448 98999 7ff73f6dad60 98448->98999 98450 7ff73f6e2c96 98451 7ff73f6dad60 Concurrency::details::SchedulerBase::GetBitSet 47 API calls 98450->98451 98452 7ff73f6e2ca3 98451->98452 99004 7ff73f6d91d0 98452->99004 98455 7ff73f6d51b0 49 API calls 98456 7ff73f6e2ccd 98455->98456 98457 7ff73f6df520 std::_Throw_Cpp_error 49 API calls 98456->98457 98458 7ff73f6e2ce3 98457->98458 98459 7ff73f6eab10 47 API calls 98458->98459 98460 7ff73f6e2d2d 98459->98460 98461 7ff73f6dad60 Concurrency::details::SchedulerBase::GetBitSet 47 API calls 98460->98461 98462 7ff73f6e2d3a 98461->98462 98463 7ff73f6dad60 Concurrency::details::SchedulerBase::GetBitSet 47 API calls 98462->98463 98464 7ff73f6e2d47 98463->98464 98465 7ff73f6e9700 54 API calls 98464->98465 98466 7ff73f6e2d75 98465->98466 98467 7ff73f6d9050 91 API calls 98466->98467 98468 7ff73f6e2d89 98467->98468 98469 7ff73f6d51b0 49 API calls 98468->98469 98470 7ff73f6e2da0 98469->98470 98471 7ff73f6df520 std::_Throw_Cpp_error 49 API calls 98470->98471 98472 7ff73f6e2db6 98471->98472 98473 7ff73f6eab10 47 API calls 98472->98473 98474 7ff73f6e2dee 98473->98474 98475 7ff73f6dad60 Concurrency::details::SchedulerBase::GetBitSet 47 API calls 98474->98475 98476 7ff73f6e2dfb 98475->98476 98477 7ff73f6dad60 Concurrency::details::SchedulerBase::GetBitSet 47 API calls 98476->98477 98478 7ff73f6e2e08 98477->98478 98479 7ff73f6e2f15 98478->98479 98480 7ff73f6d9d90 86 API calls 98478->98480 98481 7ff73f6d9050 91 API calls 98479->98481 98493 7ff73f6e2e22 98480->98493 98482 7ff73f6e2f4c 98481->98482 98483 7ff73f6d51b0 49 API calls 98482->98483 98485 7ff73f6e2f63 98483->98485 98486 7ff73f6df520 std::_Throw_Cpp_error 49 API calls 98485->98486 98487 7ff73f6e2f79 98486->98487 98489 7ff73f6eab10 47 API calls 98487->98489 98490 7ff73f6e2fb1 98489->98490 98492 7ff73f6dad60 Concurrency::details::SchedulerBase::GetBitSet 47 API calls 98490->98492 98494 7ff73f6e2fbe 98492->98494 98498 7ff73f6e2e72 98493->98498 99084 7ff73f6dc070 91 API calls 3 library calls 98493->99084 99085 7ff73f6e7ba0 85 API calls 98493->99085 99086 7ff73f6e5d00 49 API calls Concurrency::cancel_current_task 98493->99086 99087 7ff73f6e0880 49 API calls Concurrency::cancel_current_task 98493->99087 98496 7ff73f6dad60 Concurrency::details::SchedulerBase::GetBitSet 47 API calls 98494->98496 98497 7ff73f6e2fcb 98496->98497 99013 7ff73f6d4ba0 98497->99013 98499 7ff73f6e6350 49 API calls 98498->98499 98500 7ff73f6e2e85 98499->98500 98501 7ff73f6dc7c0 47 API calls 98500->98501 98502 7ff73f6e2e92 98501->98502 98503 7ff73f6d51b0 49 API calls 98502->98503 98505 7ff73f6e2ead 98503->98505 98504 7ff73f6e2fff 99017 7ff73f6d4d30 98504->99017 98506 7ff73f6df520 std::_Throw_Cpp_error 49 API calls 98505->98506 98508 7ff73f6e2ec3 98506->98508 98510 7ff73f6eab10 47 API calls 98508->98510 98509 7ff73f6e303e 98511 7ff73f6d51b0 49 API calls 98509->98511 98513 7ff73f6e2efb 98510->98513 98512 7ff73f6e3059 98511->98512 98514 7ff73f6df520 std::_Throw_Cpp_error 49 API calls 98512->98514 98515 7ff73f6dad60 Concurrency::details::SchedulerBase::GetBitSet 47 API calls 98513->98515 98516 7ff73f6e306f 98514->98516 98517 7ff73f6e2f08 98515->98517 98518 7ff73f6eab10 47 API calls 98516->98518 98519 7ff73f6dad60 Concurrency::details::SchedulerBase::GetBitSet 47 API calls 98517->98519 98520 7ff73f6e30a7 98518->98520 98519->98479 98521 7ff73f6dad60 Concurrency::details::SchedulerBase::GetBitSet 47 API calls 98520->98521 98522 7ff73f6e30b4 98521->98522 98523 7ff73f6dad60 Concurrency::details::SchedulerBase::GetBitSet 47 API calls 98522->98523 98524 7ff73f6e30c1 98523->98524 99035 7ff73f6e6400 98524->99035 98527 7ff73f6d51b0 49 API calls 98528 7ff73f6e30eb 98527->98528 98529 7ff73f6df520 std::_Throw_Cpp_error 49 API calls 98528->98529 98530 7ff73f6e3101 98529->98530 98531 7ff73f6eab10 47 API calls 98530->98531 98532 7ff73f6e3139 98531->98532 98533 7ff73f6dad60 Concurrency::details::SchedulerBase::GetBitSet 47 API calls 98532->98533 98534 7ff73f6e3146 98533->98534 98535 7ff73f6dad60 Concurrency::details::SchedulerBase::GetBitSet 47 API calls 98534->98535 98536 7ff73f6e3153 98535->98536 99041 7ff73f6ec670 98536->99041 98538 7ff73f6e3182 99063 7ff73f6dec80 98538->99063 98540 7ff73f6e31a5 98541 7ff73f6e31d1 98540->98541 98543 7ff73f6d4ba0 VirtualProtect 98540->98543 98542 7ff73f6dec80 47 API calls 98541->98542 98542->98438 98543->98541 99321 7ff73f6ecb20 98545->99321 98547 7ff73f6e7ae2 98548 7ff73f6d2f7a 98547->98548 99327 7ff73f6ed990 98547->99327 98548->98288 98550 7ff73f6d3300 98548->98550 98551 7ff73f6d3327 swprintf 98550->98551 99365 7ff73f71c550 98551->99365 98554 7ff73f6d358c 98561 7ff73f6d3609 98554->98561 98605 7ff73f6d35bd messages __scrt_get_show_window_mode swprintf 98554->98605 98555 7ff73f6d3dde 98559 7ff73f6d3de3 SleepEx 98555->98559 98556 7ff73f6d35cb 98557 7ff73f6d35d4 98556->98557 98558 7ff73f6d3986 GetUserNameA 98556->98558 98564 7ff73f6d3b9f GetModuleFileNameA 98557->98564 98574 7ff73f6d35dd 98557->98574 98577 7ff73f6d39ac 98558->98577 98565 7ff73f6d3df6 98559->98565 98560 7ff73f6d3621 98563 7ff73f6d358c 88 API calls 98560->98563 98561->98560 98562 7ff73f6d358c 88 API calls 98561->98562 98562->98560 98563->98605 98566 7ff73f6d3300 80 API calls 98564->98566 98570 7ff73f6d3e0f GetSystemInfo 98565->98570 98572 7ff73f6d358c 88 API calls 98565->98572 98579 7ff73f6d3bba 98566->98579 98567 7ff73f6d35e6 98569 7ff73f6d3e2d GlobalMemoryStatusEx 98567->98569 98567->98570 98583 7ff73f6d35f8 98567->98583 98568 7ff73f6d3d99 GetDiskFreeSpaceExA 98568->98555 98576 7ff73f6d3db6 98568->98576 98575 7ff73f6d3e4d 98569->98575 98570->98569 98573 7ff73f6d3e21 98570->98573 98572->98570 98578 7ff73f6d358c 88 API calls 98573->98578 98574->98567 98574->98568 98574->98574 98582 7ff73f6d358c 88 API calls 98575->98582 98575->98583 98576->98555 98581 7ff73f6d358c 88 API calls 98576->98581 98580 7ff73f6d39d0 98577->98580 99390 7ff73f7152e4 56 API calls 98577->99390 98578->98569 98587 7ff73f6d3be9 98579->98587 99391 7ff73f7152e4 56 API calls 98579->99391 98586 7ff73f6d358c 88 API calls 98580->98586 98588 7ff73f6d3a43 98580->98588 98581->98555 98582->98583 98583->98297 98585 7ff73f6d381f NtQuerySystemInformation 98585->98605 98586->98588 98589 7ff73f6d358c 88 API calls 98587->98589 98594 7ff73f6d3c5a 98587->98594 98593 7ff73f6d358c 88 API calls 98588->98593 98595 7ff73f6d3ac0 98588->98595 98589->98594 98590 7ff73f6d38b6 NtQuerySystemInformation 98590->98605 98592 7ff73f70ed34 std::_Facet_Register 49 API calls 98592->98605 98593->98595 98598 7ff73f6d358c 88 API calls 98594->98598 98601 7ff73f6d3cda 98594->98601 98602 7ff73f6d358c 88 API calls 98595->98602 98604 7ff73f6d3b31 98595->98604 98596 7ff73f6d3f02 99392 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98596->99392 98598->98601 98601->98574 98603 7ff73f6d358c 88 API calls 98601->98603 98602->98604 98603->98574 98604->98564 98607 7ff73f6d358c 88 API calls 98604->98607 98605->98555 98605->98556 98605->98585 98605->98590 98605->98592 98605->98596 98606 7ff73f6d358c 88 API calls 98605->98606 99380 7ff73f6d32bc 98605->99380 99389 7ff73f71d19c 47 API calls 3 library calls 98605->99389 98606->98605 98607->98564 98608->98289 98609->98303 98610->98315 98611->98301 98612->98309 98641 7ff73f70ed34 98613->98641 98616 7ff73f70ed34 std::_Facet_Register 49 API calls 98618 7ff73f6e8f68 __scrt_get_show_window_mode 98616->98618 98650 7ff73f6e8be0 98618->98650 98619 7ff73f6e8f91 98620 7ff73f6e8fb7 98619->98620 98624 7ff73f6e902f 98619->98624 98655 7ff73f6ded80 49 API calls 3 library calls 98620->98655 98622 7ff73f6e8fe0 98656 7ff73f6eab10 98622->98656 98628 7ff73f6e902a 98624->98628 98664 7ff73f6ded80 49 API calls 3 library calls 98624->98664 98626 7ff73f6e906a 98627 7ff73f6eab10 47 API calls 98626->98627 98627->98628 98628->98325 98630 7ff73f6ed4ef 98629->98630 98631 7ff73f70ed34 std::_Facet_Register 49 API calls 98630->98631 98632 7ff73f6ed519 98631->98632 98633 7ff73f6e9380 49 API calls 98632->98633 98634 7ff73f6daa33 98633->98634 98635 7ff73f6f03b0 98634->98635 98636 7ff73f6f03c5 98635->98636 98701 7ff73f6f9ea0 98636->98701 98643 7ff73f70ed3f 98641->98643 98642 7ff73f6e8f4d 98642->98616 98643->98642 98644 7ff73f72239c std::_Facet_Register 2 API calls 98643->98644 98645 7ff73f70ed5e 98643->98645 98644->98643 98648 7ff73f70ed69 98645->98648 98665 7ff73f70c57c RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 98645->98665 98666 7ff73f6d26b4 49 API calls 3 library calls 98648->98666 98649 7ff73f70ed6f 98651 7ff73f70ed34 std::_Facet_Register 49 API calls 98650->98651 98652 7ff73f6e8c06 98651->98652 98667 7ff73f6e9380 98652->98667 98654 7ff73f6e8c42 98654->98619 98655->98622 98657 7ff73f6eab39 98656->98657 98658 7ff73f6eab73 messages 98657->98658 98661 7ff73f6eaba1 98657->98661 98689 7ff73f70f520 98658->98689 98698 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98661->98698 98664->98626 98666->98649 98668 7ff73f6e9492 98667->98668 98669 7ff73f6e93b0 98667->98669 98668->98654 98670 7ff73f6e94ae 98669->98670 98671 7ff73f6e93de 98669->98671 98672 7ff73f6e9407 98669->98672 98687 7ff73f6d26b4 49 API calls 3 library calls 98670->98687 98671->98670 98674 7ff73f6e93eb 98671->98674 98675 7ff73f6e93f0 98672->98675 98677 7ff73f70ed34 std::_Facet_Register 49 API calls 98672->98677 98676 7ff73f70ed34 std::_Facet_Register 49 API calls 98674->98676 98679 7ff73f6e9454 messages 98675->98679 98688 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98675->98688 98676->98675 98677->98675 98679->98654 98687->98675 98690 7ff73f70f529 98689->98690 98691 7ff73f70fc7c IsProcessorFeaturePresent 98690->98691 98692 7ff73f6eab9b 98690->98692 98693 7ff73f70fc94 98691->98693 98692->98628 98699 7ff73f70fe74 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 98693->98699 98695 7ff73f70fca7 98700 7ff73f70fc48 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 98695->98700 98699->98695 98708 7ff73f6fa0a0 98701->98708 98704 7ff73f6f93a0 98705 7ff73f6d2f54 98704->98705 98706 7ff73f6f93bb 98704->98706 98705->98330 98707 7ff73f6f93fa GetSystemInfo 98706->98707 98707->98705 98713 7ff73f6f96e0 98708->98713 98710 7ff73f6fa0c4 98711 7ff73f6f03db 98710->98711 98712 7ff73f6fa162 InitializeCriticalSection 98710->98712 98711->98704 98712->98711 98714 7ff73f6f96ef GetSystemInfo 98713->98714 98715 7ff73f6f9747 98713->98715 98714->98715 98715->98710 98717 7ff73f6d9d90 86 API calls 98716->98717 98718 7ff73f6d92b7 98717->98718 98719 7ff73f6d4e20 49 API calls 98718->98719 98720 7ff73f6d92c9 98719->98720 98721 7ff73f6e6350 49 API calls 98720->98721 98722 7ff73f6d932b 98721->98722 98723 7ff73f6dc7c0 47 API calls 98722->98723 98724 7ff73f6d9336 98723->98724 98724->98337 99070 7ff73f6d79c0 49 API calls 6 library calls 98724->99070 98726 7ff73f6e9772 98725->98726 98730 7ff73f6ea020 messages 98725->98730 99098 7ff73f6d4bf0 GetCurrentProcess ReadProcessMemory 98726->99098 98727 7ff73f70f520 std::_Throw_Cpp_error 8 API calls 98728 7ff73f6e2243 98727->98728 98744 7ff73f6d9d90 98728->98744 98730->98727 98737 7ff73f6e97df messages std::_Locinfo::_Locinfo_ctor 98737->98730 98740 7ff73f703cd0 8 API calls 98737->98740 98741 7ff73f6d4bf0 5 API calls 98737->98741 98742 7ff73f6ea880 49 API calls 98737->98742 99110 7ff73f6ea0b0 98737->99110 99120 7ff73f6d5830 98737->99120 99127 7ff73f6e8ce0 98737->99127 99147 7ff73f6ea570 98737->99147 99151 7ff73f6da3b0 98737->99151 99165 7ff73f6e1da0 98737->99165 99169 7ff73f6ea2d0 49 API calls 3 library calls 98737->99169 98740->98737 98741->98737 98742->98737 98745 7ff73f6d9dae 98744->98745 99206 7ff73f6e3330 98745->99206 98748 7ff73f70ed34 std::_Facet_Register 49 API calls 98749 7ff73f6d9eab 98748->98749 98750 7ff73f6d9eba 98749->98750 99223 7ff73f70ca5c 57 API calls 5 library calls 98749->99223 98750->98362 98753 7ff73f6e638f 98752->98753 98754 7ff73f6e22c7 98753->98754 99248 7ff73f6df5b0 49 API calls 6 library calls 98753->99248 98756 7ff73f6dc7c0 98754->98756 99249 7ff73f6dadc0 98756->99249 98758 7ff73f6dc80e 98758->98355 98760 7ff73f6ec47b 98759->98760 98768 7ff73f6ec345 98759->98768 99256 7ff73f6ded80 49 API calls 3 library calls 98760->99256 98762 7ff73f6ec601 99259 7ff73f6ded80 49 API calls 3 library calls 98762->99259 98763 7ff73f6ec49c 98766 7ff73f6eab10 47 API calls 98763->98766 98764 7ff73f6e25e3 98764->98382 98764->98388 98766->98764 98768->98760 98768->98762 98768->98764 98769 7ff73f6ec58c 98768->98769 98770 7ff73f6e1da0 5 API calls 98768->98770 98772 7ff73f6eab10 47 API calls 98768->98772 98773 7ff73f6e9700 54 API calls 98768->98773 98774 7ff73f6ec521 98768->98774 98777 7ff73f6dec80 47 API calls 98768->98777 99255 7ff73f6ded80 49 API calls 3 library calls 98768->99255 99258 7ff73f6ded80 49 API calls 3 library calls 98769->99258 98770->98768 98772->98768 98773->98768 99257 7ff73f6ded80 49 API calls 3 library calls 98774->99257 98776 7ff73f6ec542 98778 7ff73f6eab10 47 API calls 98776->98778 98777->98768 98778->98764 98780 7ff73f6d4e50 98779->98780 98786 7ff73f6d4e9e 98780->98786 99260 7ff73f6e0880 49 API calls Concurrency::cancel_current_task 98780->99260 98782 7ff73f6d5075 98787 7ff73f6da780 49 API calls 98782->98787 98783 7ff73f6d5037 98784 7ff73f6d5048 98783->98784 99261 7ff73f6deaa0 49 API calls Concurrency::cancel_current_task 98783->99261 98784->98396 98786->98782 98786->98783 98788 7ff73f6d50b7 98787->98788 98789 7ff73f71111c Concurrency::cancel_current_task 2 API calls 98788->98789 98790 7ff73f6d50c8 98789->98790 98792 7ff73f6d51d0 98791->98792 98794 7ff73f6d51f0 ctype 98792->98794 99262 7ff73f6d79c0 49 API calls 6 library calls 98792->99262 98794->98399 98800 7ff73f6ebb12 98795->98800 98811 7ff73f6eb9f3 messages 98795->98811 98796 7ff73f6da3b0 49 API calls 98796->98811 98798 7ff73f70f520 std::_Throw_Cpp_error 8 API calls 98802 7ff73f6e28f8 98798->98802 98799 7ff73f6ebb45 98801 7ff73f6ebb8e messages 98799->98801 98804 7ff73f6ebbf0 98799->98804 98800->98799 98800->98801 99265 7ff73f6db110 47 API calls 2 library calls 98800->99265 98801->98798 98802->98408 98802->98409 99267 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98804->99267 98806 7ff73f6d9980 std::_Throw_Cpp_error 49 API calls 98806->98811 98811->98796 98811->98800 98811->98806 98816 7ff73f6ebbeb 98811->98816 99263 7ff73f6d5c30 49 API calls 98811->99263 99264 7ff73f6ea2d0 49 API calls 3 library calls 98811->99264 99266 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98816->99266 98837 7ff73f6da0bd 98836->98837 98838 7ff73f6da133 98836->98838 98839 7ff73f6da14d 98837->98839 98842 7ff73f6da0d0 98837->98842 98838->98413 99268 7ff73f6d3260 49 API calls Concurrency::cancel_current_task 98839->99268 98842->98838 98843 7ff73f6da3b0 49 API calls 98842->98843 98843->98842 98845 7ff73f6d9d90 86 API calls 98844->98845 98854 7ff73f6d907c 98845->98854 98846 7ff73f6d90d1 98847 7ff73f6e6350 49 API calls 98846->98847 98848 7ff73f6d90de 98847->98848 98850 7ff73f6dc7c0 47 API calls 98848->98850 98851 7ff73f6d90e9 98850->98851 98851->98426 98854->98846 99269 7ff73f6dc070 91 API calls 3 library calls 98854->99269 99270 7ff73f6e7ba0 85 API calls 98854->99270 99271 7ff73f6e5d00 49 API calls Concurrency::cancel_current_task 98854->99271 99272 7ff73f6e0880 49 API calls Concurrency::cancel_current_task 98854->99272 98857 7ff73f6df582 98856->98857 98860 7ff73f6df543 ctype 98856->98860 99273 7ff73f6d74e0 49 API calls 6 library calls 98857->99273 98859 7ff73f6df59b 98859->98430 98860->98430 98862 7ff73f6e386b messages 98861->98862 99274 7ff73f6eb680 98862->99274 98865 7ff73f6d9d90 86 API calls 98900 7ff73f6e3937 98865->98900 98866 7ff73f6d9d90 86 API calls 98909 7ff73f6e3a8b 98866->98909 98867 7ff73f6d9290 86 API calls 98870 7ff73f6e3f09 98867->98870 98868 7ff73f6d9d90 86 API calls 98871 7ff73f6e3d77 98868->98871 98869 7ff73f6e3994 98872 7ff73f6e6350 49 API calls 98869->98872 98875 7ff73f6d51b0 49 API calls 98870->98875 98876 7ff73f6e3dc6 98871->98876 99291 7ff73f6dc070 91 API calls 3 library calls 98871->99291 98877 7ff73f6e39a7 98872->98877 98873 7ff73f6e3ae3 98874 7ff73f6e6350 49 API calls 98873->98874 98880 7ff73f6e3af6 98874->98880 98881 7ff73f6e3f20 98875->98881 98879 7ff73f6e6350 49 API calls 98876->98879 98883 7ff73f6dc7c0 47 API calls 98877->98883 98885 7ff73f6e3de6 98879->98885 98886 7ff73f6dc7c0 47 API calls 98880->98886 98887 7ff73f6eab10 47 API calls 98881->98887 98889 7ff73f6e39b4 98883->98889 98891 7ff73f6dc7c0 47 API calls 98885->98891 98892 7ff73f6e3b03 98886->98892 98939 7ff73f6e3f2a messages 98887->98939 98888 7ff73f6e3d9f 99292 7ff73f6e7ba0 85 API calls 98888->99292 98894 7ff73f6d51b0 49 API calls 98889->98894 98897 7ff73f6e3df3 98891->98897 98924 7ff73f6e3b2e ctype 98892->98924 99289 7ff73f6d79c0 49 API calls 6 library calls 98892->99289 98899 7ff73f6e39cf 98894->98899 98901 7ff73f6d51b0 49 API calls 98897->98901 98898 7ff73f6e3db3 99293 7ff73f6e5d00 49 API calls Concurrency::cancel_current_task 98898->99293 98903 7ff73f6df520 std::_Throw_Cpp_error 49 API calls 98899->98903 98900->98869 99281 7ff73f6dc070 91 API calls 3 library calls 98900->99281 99282 7ff73f6e7ba0 85 API calls 98900->99282 99283 7ff73f6e5d00 49 API calls Concurrency::cancel_current_task 98900->99283 99284 7ff73f6e0880 49 API calls Concurrency::cancel_current_task 98900->99284 98908 7ff73f6e3e0e 98901->98908 98912 7ff73f6e39e5 98903->98912 98905 7ff73f6e45ea 98998 7ff73f6d4ba0 VirtualProtect 98905->98998 98907 7ff73f6e3c27 98921 7ff73f6eab10 47 API calls 98907->98921 98915 7ff73f6df520 std::_Throw_Cpp_error 49 API calls 98908->98915 98909->98873 99285 7ff73f6dc070 91 API calls 3 library calls 98909->99285 99286 7ff73f6e7ba0 85 API calls 98909->99286 99287 7ff73f6e5d00 49 API calls Concurrency::cancel_current_task 98909->99287 99288 7ff73f6e0880 49 API calls Concurrency::cancel_current_task 98909->99288 98911 7ff73f6e3dbe 99294 7ff73f6e0880 49 API calls Concurrency::cancel_current_task 98911->99294 98919 7ff73f6eab10 47 API calls 98912->98919 98922 7ff73f6e3e24 98915->98922 98917 7ff73f6e4622 99301 7ff73f6e5210 86 API calls 98917->99301 98925 7ff73f6e3a1d 98919->98925 98940 7ff73f6e3cb3 messages 98921->98940 98927 7ff73f6eab10 47 API calls 98922->98927 98924->98907 99290 7ff73f6d74e0 49 API calls 6 library calls 98924->99290 98929 7ff73f6dad60 Concurrency::details::SchedulerBase::GetBitSet 47 API calls 98925->98929 98926 7ff73f6e4ae6 99308 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98926->99308 98931 7ff73f6e3e5c messages 98927->98931 98937 7ff73f6e3a2a messages 98929->98937 98931->98867 98951 7ff73f6e4ada 98931->98951 98959 7ff73f6e4ad4 98931->98959 98933 7ff73f6dec80 47 API calls 98938 7ff73f6e4a70 98933->98938 98937->98866 98937->98940 98988 7ff73f6e4ac2 98937->98988 98942 7ff73f6dec80 47 API calls 98938->98942 98939->98905 98939->98926 98945 7ff73f6db7e0 49 API calls 98939->98945 98965 7ff73f6e4ae0 98939->98965 98969 7ff73f6df5b0 49 API calls 98939->98969 98978 7ff73f6ec670 49 API calls 98939->98978 98980 7ff73f6dec80 47 API calls 98939->98980 98986 7ff73f6da3b0 49 API calls 98939->98986 98987 7ff73f6d5c30 49 API calls 98939->98987 98994 7ff73f6e474a 98939->98994 99295 7ff73f6e0df0 96 API calls 6 library calls 98939->99295 99296 7ff73f6e34b0 98 API calls 7 library calls 98939->99296 99297 7ff73f6d56c0 49 API calls 3 library calls 98939->99297 99298 7ff73f6d7030 47 API calls 2 library calls 98939->99298 99299 7ff73f6db970 47 API calls 2 library calls 98939->99299 99300 7ff73f6db110 47 API calls 2 library calls 98939->99300 98940->98868 98940->98931 98952 7ff73f6e4ace 98940->98952 98958 7ff73f6e4ac8 98940->98958 98947 7ff73f6e4a7b 98942->98947 98945->98939 98956 7ff73f6dec80 47 API calls 98947->98956 99306 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98951->99306 99304 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98952->99304 98962 7ff73f6e4a85 98956->98962 99303 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98958->99303 99305 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98959->99305 98966 7ff73f6dec80 47 API calls 98962->98966 99307 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98965->99307 98968 7ff73f6e4a90 98966->98968 98971 7ff73f70f520 std::_Throw_Cpp_error 8 API calls 98968->98971 98969->98939 98974 7ff73f6e2beb 98971->98974 98974->98435 98974->98438 98978->98939 98980->98939 98986->98939 98987->98939 99302 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 98988->99302 98994->98933 98998->98917 99000 7ff73f6dad73 98999->99000 99001 7ff73f6dad97 messages 98999->99001 99000->99001 99310 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 99000->99310 99001->98450 99005 7ff73f6d9d90 86 API calls 99004->99005 99006 7ff73f6d91f7 99005->99006 99007 7ff73f6d4e20 49 API calls 99006->99007 99008 7ff73f6d9209 99007->99008 99009 7ff73f6e6350 49 API calls 99008->99009 99010 7ff73f6d926a 99009->99010 99011 7ff73f6dc7c0 47 API calls 99010->99011 99012 7ff73f6d9275 99011->99012 99012->98455 99311 7ff73f6e7ee0 99013->99311 99016 7ff73f6d4be2 99016->98504 99018 7ff73f6d4d63 ctype 99017->99018 99019 7ff73f6d4d72 99017->99019 99018->98509 99020 7ff73f6d4e12 99019->99020 99021 7ff73f6d4d88 99019->99021 99314 7ff73f6ded40 49 API calls Concurrency::cancel_current_task 99020->99314 99021->99018 99313 7ff73f6ded80 49 API calls 3 library calls 99021->99313 99036 7ff73f6e6429 99035->99036 99036->99036 99037 7ff73f6d4d30 49 API calls 99036->99037 99038 7ff73f6e64af 99037->99038 99039 7ff73f70f520 std::_Throw_Cpp_error 8 API calls 99038->99039 99040 7ff73f6e30d4 99039->99040 99040->98527 99042 7ff73f6ec6b1 99041->99042 99050 7ff73f6ec6c1 messages 99041->99050 99043 7ff73f70f520 std::_Throw_Cpp_error 8 API calls 99042->99043 99044 7ff73f6ec912 99043->99044 99044->98538 99045 7ff73f6ec89d 99045->99042 99048 7ff73f6ec8bb 99045->99048 99316 7ff73f6eabb0 49 API calls 99045->99316 99317 7ff73f6db110 47 API calls 2 library calls 99048->99317 99050->99045 99051 7ff73f6ec92d 99050->99051 99315 7ff73f6eabb0 49 API calls 99050->99315 99318 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 99051->99318 99064 7ff73f6dec99 99063->99064 99067 7ff73f6ded0d messages 99063->99067 99065 7ff73f6decbb 99064->99065 99319 7ff73f6db110 47 API calls 2 library calls 99064->99319 99065->99067 99320 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 99065->99320 99067->98540 99070->98337 99071->98334 99072->98362 99073->98362 99074->98362 99075->98362 99076->98360 99077->98364 99078->98378 99079->98385 99080->98401 99081->98412 99082->98423 99083->98418 99084->98493 99085->98493 99086->98493 99087->98493 99088->98438 99099 7ff73f6d4c46 99098->99099 99100 7ff73f6d4c50 GetLastError 99098->99100 99099->99100 99101 7ff73f6d4c4c 99099->99101 99100->99101 99102 7ff73f6d4c5d VirtualQueryEx 99100->99102 99101->98730 99106 7ff73f703cd0 99101->99106 99102->99101 99103 7ff73f6d4c79 99102->99103 99103->99101 99104 7ff73f6d4c8c ReadProcessMemory 99103->99104 99104->99101 99105 7ff73f6d4ca7 99104->99105 99105->99101 99109 7ff73f703d04 __scrt_get_show_window_mode 99106->99109 99107 7ff73f70f520 std::_Throw_Cpp_error 8 API calls 99108 7ff73f703e43 99107->99108 99108->98737 99109->99107 99111 7ff73f6ea105 99110->99111 99111->99111 99113 7ff73f6ea2bb 99111->99113 99117 7ff73f6ea14c ctype 99111->99117 99118 7ff73f6ea25b messages 99111->99118 99112 7ff73f70f520 std::_Throw_Cpp_error 8 API calls 99114 7ff73f6ea2a7 99112->99114 99171 7ff73f6ded40 49 API calls Concurrency::cancel_current_task 99113->99171 99114->98737 99117->99118 99170 7ff73f6df5b0 49 API calls 6 library calls 99117->99170 99118->99112 99121 7ff73f6d58e5 99120->99121 99122 7ff73f6d5861 99120->99122 99173 7ff73f6ded40 49 API calls Concurrency::cancel_current_task 99121->99173 99126 7ff73f6d586f ctype 99122->99126 99172 7ff73f6ded80 49 API calls 3 library calls 99122->99172 99126->98737 99130 7ff73f6e8d65 99127->99130 99128 7ff73f6e8dae ctype 99143 7ff73f6e8e94 99128->99143 99174 7ff73f6db7e0 99128->99174 99130->99128 99132 7ff73f6e8d9c 99130->99132 99133 7ff73f6e8dc8 99130->99133 99145 7ff73f6e8f13 99130->99145 99135 7ff73f6e8f19 99132->99135 99139 7ff73f70ed34 std::_Facet_Register 49 API calls 99132->99139 99134 7ff73f70ed34 std::_Facet_Register 49 API calls 99133->99134 99134->99128 99188 7ff73f6d26b4 49 API calls 3 library calls 99135->99188 99137 7ff73f6e8e4e 99138 7ff73f6e8e71 99137->99138 99184 7ff73f6df5b0 49 API calls 6 library calls 99137->99184 99138->99143 99185 7ff73f6df5b0 49 API calls 6 library calls 99138->99185 99139->99128 99140 7ff73f6e8f1f 99146 7ff73f6e8eed messages 99143->99146 99186 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 99143->99186 99187 7ff73f6d3260 49 API calls Concurrency::cancel_current_task 99145->99187 99146->98737 99148 7ff73f6ea82b 99147->99148 99149 7ff73f6ea5aa 99147->99149 99148->98737 99149->99148 99192 7ff73f6e86f0 49 API calls 3 library calls 99149->99192 99152 7ff73f6da446 99151->99152 99159 7ff73f6da462 ctype 99151->99159 99153 7ff73f6da552 99152->99153 99201 7ff73f6d3274 49 API calls std::_Facet_Register 99152->99201 99203 7ff73f6d3260 49 API calls Concurrency::cancel_current_task 99153->99203 99157 7ff73f6da54d 99202 7ff73f6d3260 49 API calls Concurrency::cancel_current_task 99157->99202 99158 7ff73f6da503 99163 7ff73f6d9980 std::_Throw_Cpp_error 49 API calls 99158->99163 99159->99157 99162 7ff73f6da4b4 ctype 99159->99162 99193 7ff73f6d9980 99162->99193 99164 7ff73f6da517 99163->99164 99164->98737 99167 7ff73f6e1daa 99165->99167 99166 7ff73f6e1e07 99166->98737 99167->99166 99168 7ff73f6d4bf0 5 API calls 99167->99168 99168->99166 99169->98737 99170->99118 99172->99126 99177 7ff73f6db7f2 99174->99177 99180 7ff73f6db89c ctype 99174->99180 99175 7ff73f6db90d 99191 7ff73f6d3260 49 API calls Concurrency::cancel_current_task 99175->99191 99177->99175 99179 7ff73f6db879 messages 99177->99179 99177->99180 99182 7ff73f6db908 99177->99182 99189 7ff73f6d3274 49 API calls std::_Facet_Register 99179->99189 99180->99137 99190 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 99182->99190 99184->99138 99185->99143 99188->99140 99189->99180 99192->99149 99194 7ff73f6d99b6 99193->99194 99195 7ff73f6d9a3d 99194->99195 99196 7ff73f6d99c8 99194->99196 99205 7ff73f6ded40 49 API calls Concurrency::cancel_current_task 99195->99205 99198 7ff73f6d99d6 ctype 99196->99198 99204 7ff73f6ded80 49 API calls 3 library calls 99196->99204 99198->99158 99201->99159 99204->99198 99224 7ff73f6df720 49 API calls Concurrency::cancel_current_task 99206->99224 99208 7ff73f6e3385 99209 7ff73f70ed34 std::_Facet_Register 49 API calls 99208->99209 99210 7ff73f6e338e 99209->99210 99211 7ff73f6e339d 99210->99211 99225 7ff73f70ca5c 57 API calls 5 library calls 99210->99225 99226 7ff73f6d9650 85 API calls 4 library calls 99211->99226 99214 7ff73f6e341e 99216 7ff73f6d9e2f 99214->99216 99227 7ff73f70d0f8 7 API calls 2 library calls 99214->99227 99215 7ff73f6e33cf 99215->99214 99218 7ff73f6e3446 99215->99218 99216->98748 99228 7ff73f6da780 99218->99228 99223->98750 99224->99208 99225->99211 99226->99215 99227->99216 99229 7ff73f6da7c0 99228->99229 99229->99229 99230 7ff73f6d5830 std::_Throw_Cpp_error 49 API calls 99229->99230 99231 7ff73f6da7d4 99230->99231 99247 7ff73f6da560 49 API calls std::_Throw_Cpp_error 99231->99247 99248->98754 99250 7ff73f6dadd9 99249->99250 99251 7ff73f6dae2b messages 99249->99251 99250->99251 99254 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 99250->99254 99251->98758 99255->98768 99256->98763 99257->98776 99258->98763 99259->98763 99260->98786 99261->98784 99262->98794 99263->98811 99264->98811 99265->98800 99269->98854 99270->98854 99271->98854 99272->98854 99273->98859 99275 7ff73f6e3916 99274->99275 99278 7ff73f6eb6b3 99274->99278 99275->98865 99275->98937 99277 7ff73f6da3b0 49 API calls 99277->99278 99278->99275 99278->99277 99279 7ff73f6d4bf0 GetCurrentProcess ReadProcessMemory GetLastError VirtualQueryEx ReadProcessMemory 99278->99279 99280 7ff73f6d5c30 49 API calls 99278->99280 99309 7ff73f71e170 20 API calls 99278->99309 99279->99278 99280->99278 99281->98900 99282->98900 99283->98900 99284->98900 99285->98909 99286->98909 99287->98909 99288->98909 99289->98924 99290->98907 99291->98888 99292->98898 99293->98911 99294->98876 99296->98939 99297->98939 99298->98939 99299->98939 99300->98939 99309->99278 99312 7ff73f6d4bb9 VirtualProtect 99311->99312 99312->99016 99313->99018 99315->99050 99316->99048 99317->99042 99319->99064 99322 7ff73f6ecb42 99321->99322 99326 7ff73f6ecbb4 messages 99321->99326 99340 7ff73f6ded80 49 API calls 3 library calls 99322->99340 99324 7ff73f6ecb61 99325 7ff73f6eab10 47 API calls 99324->99325 99325->99326 99326->98547 99341 7ff73f70c73c 99327->99341 99330 7ff73f6edcac 99362 7ff73f70e840 49 API calls 2 library calls 99330->99362 99331 7ff73f6edc9d 99361 7ff73f70e840 49 API calls 2 library calls 99331->99361 99335 7ff73f70c75c 99335->98548 99336 7ff73f70c74e ReleaseSRWLockExclusive 99336->99335 99337 7ff73f6edc66 99337->99335 99337->99336 99338 7ff73f6ed9d8 99338->99337 99357 7ff73f6ed760 99338->99357 99340->99324 99342 7ff73f70c764 GetCurrentThreadId 99341->99342 99343 7ff73f70c7bd 99342->99343 99344 7ff73f70c7a3 99342->99344 99346 7ff73f70c7c2 99343->99346 99347 7ff73f70c7d6 99343->99347 99345 7ff73f70c7a8 AcquireSRWLockExclusive 99344->99345 99349 7ff73f70c7b5 99344->99349 99345->99349 99348 7ff73f70c7ca AcquireSRWLockExclusive 99346->99348 99346->99349 99350 7ff73f70c81b 99347->99350 99356 7ff73f70c7e4 99347->99356 99348->99349 99353 7ff73f70f520 std::_Throw_Cpp_error 8 API calls 99349->99353 99350->99349 99351 7ff73f70c823 TryAcquireSRWLockExclusive 99350->99351 99351->99349 99354 7ff73f6ed9bd 99353->99354 99354->99330 99354->99331 99354->99338 99355 7ff73f70c80b TryAcquireSRWLockExclusive 99355->99349 99355->99356 99356->99349 99356->99355 99363 7ff73f70e904 GetSystemTimeAsFileTime _Xtime_get_ticks 99356->99363 99358 7ff73f6ed778 messages 99357->99358 99360 7ff73f6ed7ab 99358->99360 99364 7ff73f6e8080 VirtualFree 99358->99364 99360->99337 99363->99356 99366 7ff73f71c57a 99365->99366 99367 7ff73f71c5b2 99366->99367 99369 7ff73f71c5e5 99366->99369 99376 7ff73f7163d8 47 API calls _invalid_parameter_noinfo_noreturn 99367->99376 99377 7ff73f716b38 80 API calls _fread_nolock 99369->99377 99371 7ff73f71c64f 99374 7ff73f6d2fa7 99371->99374 99379 7ff73f715e60 47 API calls 2 library calls 99371->99379 99372 7ff73f71c5db 99372->99371 99378 7ff73f715e60 47 API calls 2 library calls 99372->99378 99374->98554 99376->99372 99377->99372 99378->99371 99379->99374 99381 7ff73f6d32c9 99380->99381 99388 7ff73f6d32ef 99380->99388 99382 7ff73f70ed34 std::_Facet_Register 49 API calls 99381->99382 99384 7ff73f6d32d1 99382->99384 99386 7ff73f6d32d9 99384->99386 99393 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 99384->99393 99385 7ff73f6d32f5 99386->98605 99394 7ff73f6d26b4 49 API calls 3 library calls 99388->99394 99389->98605 99390->98577 99391->98579 99394->99385 99395 14009d5f0 99396 14009d618 99395->99396 99401 14009d631 99395->99401 99466 1400940ac 6 API calls _Strcoll 99396->99466 99398 14009da0b 99490 1400940ac 6 API calls _Strcoll 99398->99490 99400 14009d61d 99467 1400940cc 6 API calls _Strcoll 99400->99467 99401->99398 99404 14009d67c 99401->99404 99402 14009da10 99491 1400940cc 6 API calls _Strcoll 99402->99491 99406 14009d685 99404->99406 99408 14009d626 99404->99408 99412 14009d6b6 99404->99412 99468 1400940ac 6 API calls _Strcoll 99406->99468 99409 14009d691 99492 14008fbec 41 API calls _invalid_parameter_noinfo 99409->99492 99410 14009d68a 99469 1400940cc 6 API calls _Strcoll 99410->99469 99414 14009d6dd 99412->99414 99415 14009d6ea 99412->99415 99416 14009d717 99412->99416 99414->99415 99417 14009d706 99414->99417 99470 1400940ac 6 API calls _Strcoll 99415->99470 99473 14009dedc 99416->99473 99458 1400a7c7c 99417->99458 99421 14009d6ef 99471 1400940cc 6 API calls _Strcoll 99421->99471 99427 14009d6f6 99472 14008fbec 41 API calls _invalid_parameter_noinfo 99427->99472 99428 14009b550 __free_lconv_num 6 API calls 99432 14009d739 99428->99432 99429 14009d859 99433 14009d8b7 ReadFile 99429->99433 99440 14009d863 _fread_nolock 99429->99440 99431 14009d845 GetConsoleMode 99431->99429 99436 14009d75c 99432->99436 99437 14009d741 99432->99437 99434 14009d8dd 99433->99434 99435 14009d9d1 __std_fs_directory_iterator_open 99433->99435 99434->99435 99439 14009d8a6 99434->99439 99444 14009d9dc 99435->99444 99448 14009d887 __std_fs_directory_iterator_open 99435->99448 99484 14009dcb0 41 API calls 2 library calls 99436->99484 99482 1400940cc 6 API calls _Strcoll 99437->99482 99446 14009d93b 99439->99446 99447 14009d916 99439->99447 99457 14009d701 99439->99457 99440->99439 99440->99448 99442 14009b550 __free_lconv_num 6 API calls 99442->99408 99443 14009d746 99483 1400940ac 6 API calls _Strcoll 99443->99483 99488 1400940cc 6 API calls _Strcoll 99444->99488 99452 14009d9bf 99446->99452 99446->99457 99486 14009d208 42 API calls 4 library calls 99447->99486 99448->99457 99485 140094040 6 API calls 2 library calls 99448->99485 99487 14009d048 42 API calls _fread_nolock 99452->99487 99453 14009d9e1 99489 1400940ac 6 API calls _Strcoll 99453->99489 99456 14009d9cc 99456->99457 99457->99442 99459 1400a7c85 99458->99459 99461 1400a7c92 99458->99461 99493 1400940cc 6 API calls _Strcoll 99459->99493 99462 14009d826 99461->99462 99494 1400940cc 6 API calls _Strcoll 99461->99494 99462->99429 99462->99431 99464 1400a7cc9 99495 14008fbec 41 API calls _invalid_parameter_noinfo 99464->99495 99466->99400 99467->99408 99468->99410 99469->99409 99470->99421 99471->99427 99472->99457 99475 14009deeb std::_Facet_Register wcsftime 99473->99475 99476 14009d728 99475->99476 99496 1400940cc 6 API calls _Strcoll 99475->99496 99477 14009b550 99476->99477 99478 14009b555 HeapFree 99477->99478 99479 14009b586 99477->99479 99478->99479 99480 14009b570 __std_fs_directory_iterator_open __free_lconv_num 99478->99480 99479->99428 99497 1400940cc 6 API calls _Strcoll 99480->99497 99482->99443 99483->99457 99484->99417 99485->99457 99486->99457 99487->99456 99488->99453 99489->99457 99490->99402 99491->99409 99492->99408 99493->99462 99494->99464 99495->99462 99496->99476 99497->99479 99498 14002e150 99499 14002e18f 99498->99499 99500 14002e2bf ISource 99499->99500 99516 140034e90 42 API calls 3 library calls 99499->99516 99515 14002e385 99500->99515 99541 1400acb70 99500->99541 99503 14002e36e 99504 14002e1c9 99517 140034c00 99504->99517 99506 14002e1f7 99529 14002cff0 42 API calls 99506->99529 99508 14002e21d ISource 99508->99515 99530 1400b9810 99508->99530 99510 14002e288 99511 14002e2c6 99510->99511 99513 14002e28e 99510->99513 99511->99500 99540 14002e9a0 48 API calls _Strcoll 99511->99540 99513->99500 99537 1400b97d0 FindNextFileW 99513->99537 99516->99504 99518 140034d24 99517->99518 99520 140034c26 99517->99520 99554 14002b870 42 API calls 99518->99554 99521 140034d1f 99520->99521 99523 140034ce2 99520->99523 99524 140034c8a 99520->99524 99528 140034c31 ctype 99520->99528 99553 14002b7b0 42 API calls 2 library calls 99521->99553 99525 1400acb98 std::_Facet_Register 42 API calls 99523->99525 99524->99521 99526 140034c97 99524->99526 99525->99528 99548 1400acb98 99526->99548 99528->99506 99529->99508 99531 1400b983b FindFirstFileExW 99530->99531 99532 1400b982e FindClose 99530->99532 99534 1400b9862 __std_fs_directory_iterator_open 99531->99534 99532->99531 99533 1400b987c 99532->99533 99556 140097bc4 41 API calls __std_fs_directory_iterator_open 99533->99556 99534->99510 99538 1400b97de 99537->99538 99539 1400b97e5 GetLastError 99537->99539 99538->99513 99540->99500 99542 1400acb79 99541->99542 99543 1400acb84 99542->99543 99544 1400acf4c IsProcessorFeaturePresent 99542->99544 99543->99503 99545 1400acf64 99544->99545 99557 1400ad144 RtlCaptureContext RtlLookupFunctionEntry capture_previous_context 99545->99557 99547 1400acf77 99547->99503 99550 1400acba3 Concurrency::cancel_current_task std::_Facet_Register 99548->99550 99549 1400acbbc 99549->99528 99550->99549 99555 14002b7b0 42 API calls 2 library calls 99550->99555 99552 1400acbd3 99553->99518 99555->99552 99557->99547 99558 7ff73f6dbd8a 99559 7ff73f6dbd9c 99558->99559 99561 7ff73f6dbdc4 99559->99561 99562 7ff73f6dbe09 99559->99562 99560 7ff73f6dbdd5 99561->99560 99589 7ff73f6deaa0 49 API calls Concurrency::cancel_current_task 99561->99589 99564 7ff73f6da780 49 API calls 99562->99564 99565 7ff73f6dbe4b 99564->99565 99566 7ff73f71111c Concurrency::cancel_current_task 2 API calls 99565->99566 99567 7ff73f6dbe5c 99566->99567 99570 7ff73f6dbf18 99567->99570 99572 7ff73f6d9760 99567->99572 99569 7ff73f6dbfe5 99570->99569 99590 7ff73f6deaa0 49 API calls Concurrency::cancel_current_task 99570->99590 99591 7ff73f70c674 99572->99591 99574 7ff73f6d977a 99575 7ff73f70c674 std::_Lockit::_Lockit 6 API calls 99574->99575 99580 7ff73f6d97c9 99574->99580 99576 7ff73f6d979f 99575->99576 99611 7ff73f70c6ec LeaveCriticalSection 99576->99611 99577 7ff73f6d9816 99613 7ff73f70c6ec LeaveCriticalSection 99577->99613 99579 7ff73f6d985a 99579->99570 99580->99577 99595 7ff73f6ddbd0 99580->99595 99584 7ff73f6d982e 99612 7ff73f70ca1c 49 API calls std::_Facet_Register 99584->99612 99585 7ff73f6d9868 99614 7ff73f6dec40 49 API calls Concurrency::cancel_current_task 99585->99614 99589->99560 99590->99569 99592 7ff73f70c688 99591->99592 99593 7ff73f70c683 99591->99593 99592->99574 99615 7ff73f71fd38 6 API calls std::_Locinfo::_Locinfo_ctor 99593->99615 99596 7ff73f6ddc08 99595->99596 99610 7ff73f6d9828 99595->99610 99597 7ff73f70ed34 std::_Facet_Register 49 API calls 99596->99597 99596->99610 99598 7ff73f6ddc1a 99597->99598 99600 7ff73f70c674 std::_Lockit::_Lockit 6 API calls 99598->99600 99606 7ff73f6ddc9c 99598->99606 99601 7ff73f6ddc54 99600->99601 99602 7ff73f6ddc90 99601->99602 99603 7ff73f6ddd5e 99601->99603 99616 7ff73f70cbcc 99602->99616 99623 7ff73f70c604 49 API calls Concurrency::cancel_current_task 99603->99623 99606->99610 99621 7ff73f70cc38 81 API calls std::_Locinfo::_Locinfo_ctor 99606->99621 99607 7ff73f6ddd6a 99608 7ff73f6ddcc6 __vcrt_freefls 99622 7ff73f70c6ec LeaveCriticalSection 99608->99622 99610->99584 99610->99585 99611->99580 99612->99577 99613->99579 99624 7ff73f720258 99616->99624 99621->99608 99622->99610 99623->99607 99629 7ff73f72694c 99624->99629 99650 7ff73f72610c 5 API calls __vcrt_FlsAlloc 99629->99650 99631 7ff73f72696c 99651 7ff73f72610c 5 API calls __vcrt_FlsAlloc 99631->99651 99633 7ff73f72698b 99652 7ff73f72610c 5 API calls __vcrt_FlsAlloc 99633->99652 99635 7ff73f7269aa 99653 7ff73f72610c 5 API calls __vcrt_FlsAlloc 99635->99653 99637 7ff73f7269c9 99654 7ff73f72610c 5 API calls __vcrt_FlsAlloc 99637->99654 99639 7ff73f7269e8 99655 7ff73f72610c 5 API calls __vcrt_FlsAlloc 99639->99655 99641 7ff73f726a07 99656 7ff73f72610c 5 API calls __vcrt_FlsAlloc 99641->99656 99643 7ff73f726a26 99657 7ff73f72610c 5 API calls __vcrt_FlsAlloc 99643->99657 99645 7ff73f726a45 99658 7ff73f72610c 5 API calls __vcrt_FlsAlloc 99645->99658 99647 7ff73f726a64 99659 7ff73f72610c 5 API calls __vcrt_FlsAlloc 99647->99659 99649 7ff73f726a83 99650->99631 99651->99633 99652->99635 99653->99637 99654->99639 99655->99641 99656->99643 99657->99645 99658->99647 99659->99649 99660 1400358f3 99668 14002d8f0 99660->99668 99662 140035926 FindNextFileW 99663 140035944 99662->99663 99664 140035951 FindClose 99663->99664 99665 14003595b 99663->99665 99664->99665 99666 1400acb70 _Strcoll 3 API calls 99665->99666 99667 14003596b 99666->99667 99669 14002d908 ISource 99668->99669 99669->99662 99670 1400b98c0 99673 1400b9902 99670->99673 99671 1400b990b __std_fs_directory_iterator_open 99672 1400acb70 _Strcoll 3 API calls 99671->99672 99675 1400b9ba3 99672->99675 99673->99671 99674 1400b9a1d 99673->99674 99676 1400b9963 GetFileAttributesExW 99673->99676 99702 1400b9c94 CreateFileW __std_fs_directory_iterator_open 99674->99702 99679 1400b99c8 99676->99679 99680 1400b9977 __std_fs_directory_iterator_open 99676->99680 99678 1400b9a40 99681 1400b9a75 GetFileInformationByHandleEx 99678->99681 99686 1400b9a46 _invalid_parameter_noinfo 99678->99686 99687 1400b9b13 99678->99687 99679->99671 99679->99674 99680->99671 99683 1400b9986 FindFirstFileW 99680->99683 99684 1400b9ab5 99681->99684 99691 1400b9a8f _invalid_parameter_noinfo __std_fs_directory_iterator_open 99681->99691 99682 1400b9b2e GetFileInformationByHandleEx 99682->99686 99692 1400b9b44 _invalid_parameter_noinfo __std_fs_directory_iterator_open 99682->99692 99683->99671 99685 1400b99a5 FindClose 99683->99685 99684->99687 99688 1400b9ad6 GetFileInformationByHandleEx 99684->99688 99685->99679 99686->99671 99689 1400b9bd5 99686->99689 99699 1400b9a5f 99686->99699 99687->99682 99687->99686 99688->99687 99696 1400b9af2 _invalid_parameter_noinfo __std_fs_directory_iterator_open 99688->99696 99703 140097bc4 41 API calls __std_fs_directory_iterator_open 99689->99703 99695 1400b9be6 99691->99695 99691->99699 99697 1400b9be0 99692->99697 99692->99699 99693 1400b9bda 99704 140097bc4 41 API calls __std_fs_directory_iterator_open 99693->99704 99706 140097bc4 41 API calls __std_fs_directory_iterator_open 99695->99706 99696->99693 99696->99699 99705 140097bc4 41 API calls __std_fs_directory_iterator_open 99697->99705 99699->99671 99702->99678 99707 7ff73f6d4320 99708 7ff73f6d32bc 49 API calls 99707->99708 99713 7ff73f6d4353 99708->99713 99709 7ff73f6d4b6c 49 API calls 99709->99713 99712 7ff73f6d4511 messages 99713->99707 99713->99709 99713->99712 99715 7ff73f6d3f08 85 API calls 99713->99715 99716 7ff73f6d4b4e 49 API calls ctype 99713->99716 99717 7ff73f7164c4 47 API calls _invalid_parameter_noinfo_noreturn 99713->99717 99715->99713 99716->99713 99718 14009db60 99723 1400a3b78 99718->99723 99721 14009db9e SetFilePointerEx 99722 14009db8d __std_fs_directory_iterator_open _fread_nolock 99721->99722 99724 1400a3b81 99723->99724 99725 1400a3b96 99723->99725 99735 1400940ac 6 API calls _Strcoll 99724->99735 99731 14009db87 99725->99731 99737 1400940ac 6 API calls _Strcoll 99725->99737 99727 1400a3b86 99736 1400940cc 6 API calls _Strcoll 99727->99736 99730 1400a3bd1 99738 1400940cc 6 API calls _Strcoll 99730->99738 99731->99721 99731->99722 99733 1400a3bd9 99739 14008fbec 41 API calls _invalid_parameter_noinfo 99733->99739 99735->99727 99736->99731 99737->99730 99738->99733 99739->99731 99740 7ff73f6e8540 GetSystemInfo 99741 7ff73f6ed7c0 99742 7ff73f6ed7e3 99741->99742 99743 7ff73f70c73c 14 API calls 99742->99743 99744 7ff73f6ed7f8 99743->99744 99745 7ff73f6ed931 99744->99745 99746 7ff73f6ed922 99744->99746 99747 7ff73f6ed810 99744->99747 99780 7ff73f70e840 49 API calls 2 library calls 99745->99780 99779 7ff73f70e840 49 API calls 2 library calls 99746->99779 99757 7ff73f6edcc0 99747->99757 99752 7ff73f6ed823 99756 7ff73f6ed833 99752->99756 99777 7ff73f6ed150 49 API calls 2 library calls 99752->99777 99755 7ff73f6ed912 99778 7ff73f70c744 ReleaseSRWLockExclusive 99756->99778 99758 7ff73f6edced 99757->99758 99759 7ff73f70ed34 std::_Facet_Register 49 API calls 99758->99759 99763 7ff73f6edd1b 99758->99763 99760 7ff73f6edd4c 99759->99760 99761 7ff73f6edd59 99760->99761 99762 7ff73f6edda8 99760->99762 99785 7ff73f6e8180 LoadLibraryA GetProcAddress 99761->99785 99781 7ff73f6e8510 GetSystemInfo 99762->99781 99763->99752 99765 7ff73f6edda3 99765->99762 99767 7ff73f6eddbe 99768 7ff73f6eddfa 99767->99768 99769 7ff73f6ede17 99767->99769 99782 7ff73f6e7f80 GetSystemInfo LoadLibraryA 99768->99782 99786 7ff73f6e8090 GetSystemInfo VirtualQuery VirtualAlloc GetLastError 99769->99786 99773 7ff73f6ede15 99773->99763 99774 7ff73f70ed34 std::_Facet_Register 49 API calls 99773->99774 99775 7ff73f6ede4a 99774->99775 99775->99763 99787 7ff73f6ecd60 49 API calls 4 library calls 99775->99787 99777->99756 99778->99755 99781->99767 99783 7ff73f6e805d 99782->99783 99784 7ff73f6e801a GetProcAddress GetCurrentProcess VirtualAlloc2 99782->99784 99783->99773 99784->99783 99785->99765 99786->99773 99787->99763 99788 140076480 99854 140079760 GetCurrentProcess OpenProcessToken 99788->99854 99791 1400764a4 100065 140079aa0 43 API calls 2 library calls 99791->100065 99792 1400764ce 99861 140085970 GetCurrentProcess OpenProcessToken 99792->99861 99795 1400764ae 100066 140084740 70 API calls _Strcoll 99795->100066 99798 140085970 8 API calls 99799 1400764e6 99798->99799 99869 140081ff0 99799->99869 99800 1400764b7 99803 1400764c2 ExitProcess 99800->99803 99802 1400764f0 100045 140076eb0 99802->100045 99803->99792 99805 140076576 ISource 99806 1400765b4 OpenMutexA 99805->99806 99812 140076746 99805->99812 99807 1400765ed ExitProcess 99806->99807 99808 1400765f9 CreateMutexA 99806->99808 99807->99808 100049 1400709f0 99808->100049 99855 1400797b8 GetTokenInformation 99854->99855 99856 1400797f4 99854->99856 99855->99856 99857 140079801 CloseHandle 99856->99857 99858 14007980d 99856->99858 99857->99858 99859 1400acb70 _Strcoll 3 API calls 99858->99859 99860 1400764a0 99859->99860 99860->99791 99860->99792 99862 1400859db LookupPrivilegeValueW 99861->99862 99863 140085a46 99861->99863 99862->99863 99864 1400859fc AdjustTokenPrivileges 99862->99864 99865 140085a5a 99863->99865 99866 140085a4e CloseHandle 99863->99866 99864->99863 99867 1400acb70 _Strcoll 3 API calls 99865->99867 99866->99865 99868 1400764da 99867->99868 99868->99798 100067 140080c30 GetCurrentHwProfileW 99869->100067 99873 1400820f9 99874 140082143 99873->99874 100210 14008de34 44 API calls 99873->100210 100089 140087550 99874->100089 99877 140082153 99880 14008219c 99877->99880 99881 1400821cc ISource ctype 99877->99881 100211 140096cc0 41 API calls _Strcoll 99877->100211 99879 14008229a ISource 99883 1400acb70 _Strcoll 3 API calls 99879->99883 99880->99881 100212 140096cc0 41 API calls _Strcoll 99880->100212 99881->99879 99884 1400822dc 99881->99884 99885 1400822bf 99883->99885 100101 140080500 99884->100101 99885->99802 99896 140081ff0 142 API calls 99897 14008237d 99896->99897 100153 14007ff80 99897->100153 99899 140082387 100157 1400524f0 99899->100157 99901 1400823b1 100166 14003eda0 99901->100166 99903 14008240b 99904 14003eda0 42 API calls 99903->99904 99905 14008244e 99904->99905 100180 140040fb0 99905->100180 99908 1400524f0 42 API calls 99909 1400824a7 99908->99909 99910 14003eda0 42 API calls 99909->99910 99911 1400824f6 99910->99911 99912 14003eda0 42 API calls 99911->99912 99913 140082545 99912->99913 99914 140040fb0 42 API calls 99913->99914 99915 140082575 99914->99915 99916 1400524f0 42 API calls 99915->99916 99917 14008259e 99916->99917 99918 14003eda0 42 API calls 99917->99918 99919 1400825ec 99918->99919 99920 14003eda0 42 API calls 99919->99920 99921 14008263b 99920->99921 99922 140040fb0 42 API calls 99921->99922 99923 14008266b 99922->99923 99924 1400524f0 42 API calls 99923->99924 99925 140082694 99924->99925 99926 14003eda0 42 API calls 99925->99926 99927 1400826e6 99926->99927 99928 14003eda0 42 API calls 99927->99928 99929 140082735 99928->99929 99930 140040fb0 42 API calls 99929->99930 99931 140082765 GlobalMemoryStatusEx 99930->99931 99932 14008278e 99931->99932 99933 140040fb0 42 API calls 99932->99933 99934 1400827d0 99933->99934 99935 14003eda0 42 API calls 99934->99935 99936 14008282e 99935->99936 99937 14003eda0 42 API calls 99936->99937 99938 14008287e 99937->99938 99939 140040fb0 42 API calls 99938->99939 99940 1400828ae 99939->99940 99941 1400524f0 42 API calls 99940->99941 99942 1400828da 99941->99942 99943 14003eda0 42 API calls 99942->99943 99944 140082928 99943->99944 99945 14003eda0 42 API calls 99944->99945 99946 140082977 99945->99946 99947 140040fb0 42 API calls 99946->99947 99948 1400829a7 99947->99948 99949 1400524f0 42 API calls 99948->99949 99950 1400829cd 99949->99950 99951 14003eda0 42 API calls 99950->99951 99952 140082a1b 99951->99952 99953 14003eda0 42 API calls 99952->99953 99954 140082ade 99953->99954 99955 140040fb0 42 API calls 99954->99955 99956 140082b0e 99955->99956 100213 14007fb30 12 API calls 99956->100213 99962 140082b54 99963 14003eda0 42 API calls 99962->99963 99964 140082ba2 99963->99964 99965 14003eda0 42 API calls 99964->99965 99966 140082c5b 99965->99966 99967 140040fb0 42 API calls 99966->99967 99968 140082c82 ISource 99967->99968 99992 140083acf 99968->99992 100243 14007f960 44 API calls 2 library calls 99968->100243 99970 140082d37 100244 1400425a0 42 API calls 2 library calls 99970->100244 99972 140082d45 99973 14003eda0 42 API calls 99972->99973 99974 140082d93 99973->99974 99975 14003eda0 42 API calls 99974->99975 99976 140082ecd 99975->99976 99977 140040fb0 42 API calls 99976->99977 99978 140082ef4 ISource 99977->99978 99978->99992 100245 140096718 GetSystemTimeAsFileTime 99978->100245 99980 140082f4e 100246 140097ba8 52 API calls wcsftime 99980->100246 99982 140082f77 100247 1400425a0 42 API calls 2 library calls 99982->100247 99984 140082fc6 99985 14003eda0 42 API calls 99984->99985 99986 140083014 99985->99986 99987 14003eda0 42 API calls 99986->99987 99988 140083064 99987->99988 99989 140040fb0 42 API calls 99988->99989 99990 14008308b 99989->99990 99991 1400830ca ISource _fread_nolock 99990->99991 99990->99992 99993 1400830f7 GetModuleFileNameA 99991->99993 99994 140083130 99993->99994 99995 1400422d0 42 API calls 99994->99995 99996 140083173 99995->99996 100248 1400425a0 42 API calls 2 library calls 99996->100248 99998 140083189 99999 14003eda0 42 API calls 99998->99999 100000 1400831d7 99999->100000 100001 14003eda0 42 API calls 100000->100001 100002 140083290 100001->100002 100003 140040fb0 42 API calls 100002->100003 100004 1400832b7 ISource 100003->100004 100004->99992 100249 140081660 100004->100249 100006 14008336f 100007 1400422d0 42 API calls 100006->100007 100008 14008338d 100007->100008 100451 1400425a0 42 API calls 2 library calls 100008->100451 100010 1400833a7 100011 14003eda0 42 API calls 100010->100011 100012 1400833ef 100011->100012 100013 14003eda0 42 API calls 100012->100013 100014 140083433 100013->100014 100015 140040fb0 42 API calls 100014->100015 100016 14008345a ISource 100015->100016 100016->99992 100017 1400422d0 42 API calls 100016->100017 100018 14008352c 100017->100018 100452 1400425a0 42 API calls 2 library calls 100018->100452 100020 140083546 100021 14003eda0 42 API calls 100020->100021 100022 14008358e 100021->100022 100023 14003eda0 42 API calls 100022->100023 100024 14008363a 100023->100024 100025 140040fb0 42 API calls 100024->100025 100026 140083661 ISource 100025->100026 100026->99992 100027 1400836d0 100026->100027 100028 1400837a2 100026->100028 100030 1400524f0 42 API calls 100027->100030 100453 140040840 42 API calls 2 library calls 100028->100453 100032 1400836ed 100030->100032 100031 1400837b3 100033 14003eda0 42 API calls 100031->100033 100034 14003eda0 42 API calls 100032->100034 100036 1400837fe 100033->100036 100035 140083738 100034->100035 100037 14003eda0 42 API calls 100035->100037 100038 14003eda0 42 API calls 100036->100038 100039 14008377c 100037->100039 100038->100039 100040 140040fb0 42 API calls 100039->100040 100041 140083872 ISource 100040->100041 100041->99992 100042 1400acb70 _Strcoll 3 API calls 100041->100042 100043 140083ac9 100041->100043 100044 140083aa3 100042->100044 100043->99992 100044->99802 100046 140076ed2 100045->100046 100046->100046 100047 140065760 43 API calls 100046->100047 100048 140076ee6 100047->100048 100048->99805 100050 140070a21 100049->100050 100722 1400718e0 42 API calls ISource 100050->100722 100052 14007113c 100723 1400415c0 42 API calls 4 library calls 100052->100723 100054 14007117f 100724 1400643c0 42 API calls 100054->100724 100056 1400711b7 100057 14003eda0 42 API calls 100056->100057 100058 14007122b 100057->100058 100725 140064500 43 API calls Concurrency::cancel_current_task 100058->100725 100060 14007123b 100726 1400428a0 42 API calls 2 library calls 100060->100726 100062 140071251 ISource 100063 14003eda0 42 API calls 100062->100063 100064 140071389 100063->100064 100065->99795 100066->99800 100068 140080c7a 100067->100068 100071 140080cd9 100067->100071 100454 140071bf0 100068->100454 100070 140080c89 100070->100071 100463 14008de34 44 API calls 100070->100463 100072 1400acb70 _Strcoll 3 API calls 100071->100072 100074 140080d51 100072->100074 100075 140080250 100074->100075 100465 140079920 100075->100465 100079 1400802f3 ISource _fread_nolock 100080 140080341 100079->100080 100081 140080417 100079->100081 100476 140072490 61 API calls 100079->100476 100082 1400acb70 _Strcoll 3 API calls 100080->100082 100083 1400803fe 100082->100083 100083->99873 100085 14008037d 100477 1400725f0 60 API calls 2 library calls 100085->100477 100087 1400803a4 100478 14003e100 42 API calls 100087->100478 100092 140087599 100089->100092 100100 140087698 100089->100100 100093 1400875d8 100092->100093 100094 140087636 100092->100094 100098 1400875fa ctype 100092->100098 100095 1400acb98 std::_Facet_Register 42 API calls 100093->100095 100096 1400875f1 100093->100096 100097 1400acb98 std::_Facet_Register 42 API calls 100094->100097 100095->100096 100096->100098 100488 14002b7b0 42 API calls 2 library calls 100096->100488 100097->100098 100098->99877 100489 14002b870 42 API calls 100100->100489 100102 140080559 _fread_nolock 100101->100102 100103 1400acb98 std::_Facet_Register 42 API calls 100102->100103 100104 1400805c3 100103->100104 100105 140080608 EnumDisplayDevicesW 100104->100105 100107 140080625 ISource 100105->100107 100110 1400806c9 100105->100110 100106 140071bf0 42 API calls 100106->100107 100107->100106 100113 140080691 EnumDisplayDevicesW 100107->100113 100115 14008080f 100107->100115 100490 140087d70 42 API calls 2 library calls 100107->100490 100109 1400806d1 100111 1400acb70 _Strcoll 3 API calls 100109->100111 100110->100109 100110->100110 100114 140040dc0 42 API calls 100110->100114 100112 1400807ee 100111->100112 100116 140080420 RegGetValueA 100112->100116 100113->100107 100113->100110 100114->100110 100117 14008049d 100116->100117 100118 1400acb70 _Strcoll 3 API calls 100117->100118 100119 1400804df 100118->100119 100120 140080820 100119->100120 100121 1400808af 100120->100121 100124 1400808c0 ISource 100120->100124 100502 1400451e0 42 API calls 4 library calls 100121->100502 100125 14008099e 100124->100125 100129 140080c0b 100124->100129 100491 140040dc0 100124->100491 100496 1400bb3c4 GetNativeSystemInfo 100125->100496 100127 1400809a3 100497 140065760 100127->100497 100130 140080a44 100131 140040dc0 42 API calls 100130->100131 100132 140080a8e 100131->100132 100133 140040dc0 42 API calls 100132->100133 100134 140080ae8 ISource 100133->100134 100134->100129 100135 1400acb70 _Strcoll 3 API calls 100134->100135 100136 140080bee 100135->100136 100137 140080110 100136->100137 100505 1400ad830 100137->100505 100140 14008015f 100141 140071bf0 42 API calls 100140->100141 100142 14008016c 100141->100142 100143 1400acb70 _Strcoll 3 API calls 100142->100143 100144 14008019e 100143->100144 100145 1400801b0 100144->100145 100146 1400ad830 _Strcoll 100145->100146 100147 1400801c0 GetComputerNameW 100146->100147 100148 14008020c 100147->100148 100149 1400801ff 100147->100149 100151 1400acb70 _Strcoll 3 API calls 100148->100151 100150 140071bf0 42 API calls 100149->100150 100150->100148 100152 14008023e 100151->100152 100152->99896 100154 140080080 100153->100154 100507 14007f200 100154->100507 100156 1400800a4 ISource 100156->99899 100158 140040fb0 42 API calls 100157->100158 100159 140052523 100158->100159 100160 1400acb98 std::_Facet_Register 42 API calls 100159->100160 100161 140052538 100160->100161 100541 14003fe50 100161->100541 100163 140052555 100164 1400acb70 _Strcoll 3 API calls 100163->100164 100165 14005256e 100164->100165 100165->99901 100167 14003eddf 100166->100167 100168 14003edd7 100166->100168 100170 14003ee74 100167->100170 100555 1400449c0 100167->100555 100565 140044b00 42 API calls 2 library calls 100168->100565 100566 140044b90 42 API calls 100170->100566 100172 14003edfd 100172->100170 100174 14003ee30 ISource 100172->100174 100175 1400acb70 _Strcoll 3 API calls 100174->100175 100177 14003ee5f 100175->100177 100176 14003ee96 100567 140044740 42 API calls 3 library calls 100176->100567 100177->99903 100179 14003eea9 Concurrency::cancel_current_task 100181 140040fed 100180->100181 100182 140041310 100181->100182 100183 140041026 100181->100183 100184 1400410c7 100181->100184 100204 140041382 ISource 100181->100204 100189 140041333 100182->100189 100190 1400413fa 100182->100190 100182->100204 100187 140041066 100183->100187 100191 14004143d 100183->100191 100570 140045f40 42 API calls 2 library calls 100183->100570 100186 1400410f4 100184->100186 100184->100191 100572 140045f40 42 API calls 2 library calls 100184->100572 100185 1400acb70 _Strcoll 3 API calls 100188 14004141f 100185->100188 100209 1400410c2 ISource 100186->100209 100573 140049d50 42 API calls 2 library calls 100186->100573 100187->100209 100571 140049d50 42 API calls 2 library calls 100187->100571 100188->99908 100193 1400413eb 100189->100193 100202 14004133c 100189->100202 100578 14003e3a0 42 API calls ISource 100190->100578 100579 14003e8f0 42 API calls 100191->100579 100192 140041307 100576 140041c60 42 API calls ISource 100192->100576 100577 140041c60 42 API calls ISource 100193->100577 100202->100191 100202->100204 100204->100185 100205 14003eec0 42 API calls 100205->100209 100207 140049d50 42 API calls 100207->100209 100209->100192 100209->100205 100209->100207 100574 140046000 42 API calls ISource 100209->100574 100575 140050000 42 API calls 100209->100575 100210->99873 100211->99877 100212->99880 100214 14007fce8 100213->100214 100215 14007fc80 SelectObject DeleteDC ReleaseDC DeleteObject 100213->100215 100580 1400788b0 100214->100580 100236 14007fce0 100215->100236 100217 14007fd95 EnterCriticalSection LeaveCriticalSection 100588 140078a40 GetObjectW IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll 100217->100588 100219 1400acb70 _Strcoll 3 API calls 100222 14007ff55 100219->100222 100220 14007fdca 100589 140078b30 100220->100589 100237 1400422d0 100222->100237 100224 14007fe28 100225 14007fe75 IStream_Read 100224->100225 100228 14007fe1a _fread_nolock 100224->100228 100628 14008b490 42 API calls 5 library calls 100224->100628 100227 14007fe8a _fread_nolock 100225->100227 100612 14003e1d0 100227->100612 100228->100225 100232 14007fecd SelectObject DeleteDC ReleaseDC DeleteObject 100618 14003e100 42 API calls 100232->100618 100234 14007ff0a 100619 140078990 100234->100619 100236->100219 100690 14003fc80 100237->100690 100239 14004233a 100240 14003fc80 42 API calls 100239->100240 100241 14004244d 100240->100241 100242 1400425a0 42 API calls 2 library calls 100241->100242 100242->99962 100243->99970 100244->99972 100245->99980 100246->99982 100247->99984 100248->99998 100250 1400818a1 _fread_nolock 100249->100250 100251 14008198c GetTimeZoneInformation 100250->100251 100697 140077a30 100251->100697 100254 140040dc0 42 API calls 100255 1400819e0 100254->100255 100701 14003fc10 100255->100701 100257 140081a2f ISource 100258 140077a30 3 API calls 100257->100258 100275 140081fa0 100257->100275 100259 140081afc 100258->100259 100706 140074000 42 API calls 2 library calls 100259->100706 100261 140081b11 100262 140081b5c 100261->100262 100707 140045990 42 API calls 4 library calls 100261->100707 100264 140040dc0 42 API calls 100262->100264 100265 140081beb 100264->100265 100266 140040dc0 42 API calls 100265->100266 100267 140081c3a 100266->100267 100268 140040dc0 42 API calls 100267->100268 100269 140081c94 ISource 100268->100269 100270 140040dc0 42 API calls 100269->100270 100269->100275 100271 140081e52 ISource 100270->100271 100272 140081f5f ISource 100271->100272 100271->100275 100273 1400acb70 _Strcoll 3 API calls 100272->100273 100274 140081f7f 100273->100274 100274->100006 100276 140080c30 46 API calls 100275->100276 100278 140082033 100276->100278 100277 140080250 62 API calls 100279 1400820f9 100277->100279 100278->100277 100280 140082143 100279->100280 100708 14008de34 44 API calls 100279->100708 100281 140087550 42 API calls 100280->100281 100283 140082153 100281->100283 100286 14008219c 100283->100286 100287 1400821cc ISource ctype 100283->100287 100709 140096cc0 41 API calls _Strcoll 100283->100709 100285 14008229a ISource 100289 1400acb70 _Strcoll 3 API calls 100285->100289 100286->100287 100710 140096cc0 41 API calls _Strcoll 100286->100710 100287->100285 100290 1400822dc 100287->100290 100291 1400822bf 100289->100291 100292 140080500 44 API calls 100290->100292 100291->100006 100293 14008233f 100292->100293 100294 140080420 4 API calls 100293->100294 100295 14008234c 100294->100295 100296 140080820 44 API calls 100295->100296 100297 140082359 100296->100297 100298 140080110 43 API calls 100297->100298 100299 140082366 100298->100299 100300 1400801b0 43 API calls 100299->100300 100301 140082373 100300->100301 100302 140081ff0 141 API calls 100301->100302 100303 14008237d 100302->100303 100304 14007ff80 50 API calls 100303->100304 100305 140082387 100304->100305 100306 1400524f0 42 API calls 100305->100306 100307 1400823b1 100306->100307 100308 14003eda0 42 API calls 100307->100308 100309 14008240b 100308->100309 100310 14003eda0 42 API calls 100309->100310 100311 14008244e 100310->100311 100312 140040fb0 42 API calls 100311->100312 100313 14008247e 100312->100313 100314 1400524f0 42 API calls 100313->100314 100315 1400824a7 100314->100315 100316 14003eda0 42 API calls 100315->100316 100317 1400824f6 100316->100317 100318 14003eda0 42 API calls 100317->100318 100319 140082545 100318->100319 100320 140040fb0 42 API calls 100319->100320 100321 140082575 100320->100321 100322 1400524f0 42 API calls 100321->100322 100323 14008259e 100322->100323 100324 14003eda0 42 API calls 100323->100324 100325 1400825ec 100324->100325 100326 14003eda0 42 API calls 100325->100326 100327 14008263b 100326->100327 100328 140040fb0 42 API calls 100327->100328 100329 14008266b 100328->100329 100330 1400524f0 42 API calls 100329->100330 100331 140082694 100330->100331 100332 14003eda0 42 API calls 100331->100332 100333 1400826e6 100332->100333 100334 14003eda0 42 API calls 100333->100334 100335 140082735 100334->100335 100336 140040fb0 42 API calls 100335->100336 100337 140082765 GlobalMemoryStatusEx 100336->100337 100338 14008278e 100337->100338 100339 140040fb0 42 API calls 100338->100339 100340 1400827d0 100339->100340 100341 14003eda0 42 API calls 100340->100341 100342 14008282e 100341->100342 100343 14003eda0 42 API calls 100342->100343 100344 14008287e 100343->100344 100345 140040fb0 42 API calls 100344->100345 100346 1400828ae 100345->100346 100347 1400524f0 42 API calls 100346->100347 100348 1400828da 100347->100348 100349 14003eda0 42 API calls 100348->100349 100350 140082928 100349->100350 100351 14003eda0 42 API calls 100350->100351 100352 140082977 100351->100352 100353 140040fb0 42 API calls 100352->100353 100354 1400829a7 100353->100354 100355 1400524f0 42 API calls 100354->100355 100356 1400829cd 100355->100356 100357 14003eda0 42 API calls 100356->100357 100358 140082a1b 100357->100358 100359 14003eda0 42 API calls 100358->100359 100360 140082ade 100359->100360 100361 140040fb0 42 API calls 100360->100361 100362 140082b0e 100361->100362 100363 14007fb30 111 API calls 100362->100363 100364 140082b22 100363->100364 100365 1400422d0 42 API calls 100364->100365 100366 140082b3e 100365->100366 100711 1400425a0 42 API calls 2 library calls 100366->100711 100368 140082b54 100369 14003eda0 42 API calls 100368->100369 100370 140082ba2 100369->100370 100371 14003eda0 42 API calls 100370->100371 100451->100010 100452->100020 100453->100031 100455 140071c1f ISource 100454->100455 100457 140071c3e 100454->100457 100456 1400acb70 _Strcoll 3 API calls 100455->100456 100462 140071cec 100455->100462 100458 140071cde 100456->100458 100459 140034c00 42 API calls 100457->100459 100458->100070 100460 140071c67 100459->100460 100464 140071d00 42 API calls 2 library calls 100460->100464 100463->100070 100464->100455 100479 140077d40 100465->100479 100469 14007996d 100470 140034c00 42 API calls 100469->100470 100474 140079a82 100469->100474 100471 1400799de 100470->100471 100472 140079a47 ISource 100471->100472 100471->100474 100473 1400acb70 _Strcoll 3 API calls 100472->100473 100475 140079a6c GetVolumeInformationW 100473->100475 100485 140077b50 42 API calls Concurrency::cancel_current_task 100474->100485 100475->100079 100476->100085 100477->100087 100478->100080 100480 140077dbf 100479->100480 100481 140077da0 __std_fs_get_current_path 100479->100481 100480->100481 100486 1400457d0 42 API calls 4 library calls 100480->100486 100484 140077ed5 100481->100484 100487 1400457d0 42 API calls 4 library calls 100481->100487 100484->100469 100486->100481 100487->100481 100488->100100 100490->100107 100492 140040e22 100491->100492 100495 140040de3 ctype 100491->100495 100503 140045cb0 42 API calls 4 library calls 100492->100503 100494 140040e3b 100494->100124 100495->100124 100496->100127 100498 140065825 100497->100498 100501 140065790 ctype 100497->100501 100504 140069b20 43 API calls 4 library calls 100498->100504 100500 14006583a 100500->100130 100501->100130 100502->100124 100503->100494 100504->100500 100506 140080120 GetUserNameW 100505->100506 100506->100140 100506->100142 100508 14007f3a0 100507->100508 100508->100508 100509 14007f3b7 InternetOpenA 100508->100509 100510 14007f475 InternetOpenUrlA 100509->100510 100523 14007f3e2 100509->100523 100512 14007f4e9 HttpQueryInfoW 100510->100512 100510->100523 100513 14007f516 100512->100513 100514 14007f54f HttpQueryInfoW 100512->100514 100513->100514 100516 14007f5d8 InternetQueryDataAvailable 100514->100516 100517 14007f5ac 100514->100517 100515 1400acb70 _Strcoll 3 API calls 100518 14007f45a 100515->100518 100520 14007f7d3 InternetCloseHandle 100516->100520 100534 14007f5f4 100516->100534 100537 140093f10 41 API calls 2 library calls 100517->100537 100518->100156 100520->100523 100521 14007f5bd 100521->100516 100538 1400451e0 42 API calls 4 library calls 100521->100538 100522 14007f86f 100540 14002b7b0 42 API calls 2 library calls 100522->100540 100523->100522 100530 14007f436 ISource 100523->100530 100525 14007f699 InternetReadFile 100532 14007f78d ISource 100525->100532 100536 14007f64e ISource ctype _fread_nolock 100525->100536 100527 14007f880 100528 14007f5ce 100528->100516 100529 1400acb98 std::_Facet_Register 42 API calls 100529->100536 100530->100515 100531 1400acb98 std::_Facet_Register 42 API calls 100531->100534 100532->100520 100532->100522 100534->100520 100534->100522 100534->100525 100534->100531 100534->100536 100535 14007f766 InternetQueryDataAvailable 100535->100520 100535->100536 100536->100522 100536->100525 100536->100529 100536->100532 100536->100534 100536->100535 100539 140045cb0 42 API calls 4 library calls 100536->100539 100537->100521 100538->100528 100539->100536 100540->100527 100543 14003fe7e 100541->100543 100545 14003fe9a ctype 100543->100545 100547 14003ff22 100543->100547 100548 14003feca 100543->100548 100552 14003ff5d 100543->100552 100545->100163 100546 1400acb98 std::_Facet_Register 42 API calls 100551 14003fee0 100546->100551 100549 1400acb98 std::_Facet_Register 42 API calls 100547->100549 100548->100546 100548->100551 100549->100545 100551->100545 100553 14002b7b0 42 API calls 2 library calls 100551->100553 100554 14002b870 42 API calls 100552->100554 100553->100552 100556 1400449e6 100555->100556 100557 140044af3 100556->100557 100558 140044a2c 100556->100558 100564 140044a9f 100556->100564 100569 14002b890 42 API calls 100557->100569 100560 1400acb98 std::_Facet_Register 42 API calls 100558->100560 100562 140044a4a 100560->100562 100568 140040840 42 API calls 2 library calls 100562->100568 100564->100172 100565->100167 100566->100176 100567->100179 100568->100564 100571->100187 100573->100186 100574->100209 100576->100182 100577->100204 100581 1400788d0 100580->100581 100587 14007892f 100580->100587 100629 1400ad260 AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 100581->100629 100587->100217 100588->100220 100590 1400788b0 11 API calls 100589->100590 100591 140078b64 100590->100591 100592 140078b6d EnterCriticalSection 100591->100592 100602 140078bac 100591->100602 100593 140078bd0 LeaveCriticalSection GdipGetImageEncodersSize 100592->100593 100594 140078b7e GdiplusStartup 100592->100594 100598 140078bec 100593->100598 100593->100602 100594->100593 100595 140078ba2 LeaveCriticalSection 100594->100595 100595->100602 100596 1400acb70 _Strcoll 3 API calls 100597 140078bbd IStream_Size IStream_Reset 100596->100597 100597->100224 100597->100228 100600 140078c08 _Strcoll 100598->100600 100630 140078640 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll 100598->100630 100601 140078c70 GdipGetImageEncoders 100600->100601 100603 140078c66 100600->100603 100601->100603 100605 140078c84 100601->100605 100602->100596 100603->100602 100631 14008efd8 7 API calls 3 library calls 100603->100631 100605->100603 100606 140078d78 GdipCreateBitmapFromHBITMAP GdipSaveImageToStream 100605->100606 100607 140078d0d GdipCreateBitmapFromScan0 GdipSaveImageToStream 100605->100607 100608 140078d68 GdipDisposeImage 100606->100608 100610 140078dd0 GdipDisposeImage 100606->100610 100607->100608 100609 140078d76 100607->100609 100608->100603 100609->100610 100610->100603 100632 140041a70 100612->100632 100617 140075c70 43 API calls 2 library calls 100617->100232 100618->100234 100620 1400789b4 DeleteObject 100619->100620 100621 1400789d9 100619->100621 100620->100621 100622 1400788b0 11 API calls 100621->100622 100623 1400789de EnterCriticalSection 100622->100623 100624 140078a16 LeaveCriticalSection 100623->100624 100625 1400789f1 EnterCriticalSection 100623->100625 100624->100236 100626 140078a03 GdiplusShutdown 100625->100626 100627 140078a09 LeaveCriticalSection 100625->100627 100626->100627 100627->100624 100628->100228 100630->100600 100631->100603 100633 1400acb98 std::_Facet_Register 42 API calls 100632->100633 100634 140041ad1 100633->100634 100648 1400ba8fc 100634->100648 100636 140041ae1 100657 140041dd0 100636->100657 100639 140041b6e 100640 14003e28f 100639->100640 100672 1400babc8 EnterCriticalSection FreeLibrary GetProcAddress std::_Lockit::_Lockit 100639->100672 100645 140040d50 100640->100645 100642 140041b96 100673 14002cc70 42 API calls 100642->100673 100644 140041bd6 Concurrency::cancel_current_task 100685 1400414c0 100645->100685 100674 1400ba29c 100648->100674 100650 1400ba91e 100655 1400ba962 ctype 100650->100655 100678 1400baaf4 42 API calls std::_Facet_Register 100650->100678 100652 1400ba936 100679 1400bab24 42 API calls std::locale::_Setgloballocale 100652->100679 100654 1400ba941 100654->100655 100680 14008efd8 7 API calls 3 library calls 100654->100680 100655->100636 100655->100655 100658 1400ba29c std::_Lockit::_Lockit 3 API calls 100657->100658 100659 140041e00 100658->100659 100660 1400ba29c std::_Lockit::_Lockit 3 API calls 100659->100660 100662 140041e25 100659->100662 100660->100662 100661 140041e9d 100663 1400acb70 _Strcoll 3 API calls 100661->100663 100662->100661 100682 14002c910 60 API calls 7 library calls 100662->100682 100664 140041b12 100663->100664 100664->100639 100664->100642 100666 140041eaf 100667 140041eb5 100666->100667 100668 140041f16 100666->100668 100683 1400ba8bc 42 API calls std::_Facet_Register 100667->100683 100684 14002c450 42 API calls 2 library calls 100668->100684 100671 140041f1b 100672->100640 100673->100644 100675 1400ba2ab 100674->100675 100676 1400ba2b0 100674->100676 100681 14009a73c EnterCriticalSection FreeLibrary GetProcAddress std::_Locinfo::_Locinfo_ctor 100675->100681 100676->100650 100678->100652 100679->100654 100680->100655 100682->100666 100683->100661 100684->100671 100686 1400acb98 std::_Facet_Register 42 API calls 100685->100686 100687 140041537 100686->100687 100688 1400ba8fc 46 API calls 100687->100688 100689 14003e306 100688->100689 100689->100617 100691 14003fc8d 100690->100691 100692 14003fca4 100690->100692 100691->100239 100695 14003fcbe _fread_nolock 100692->100695 100696 140045b00 42 API calls 5 library calls 100692->100696 100694 14003fd0c 100694->100239 100695->100239 100696->100694 100698 140077a61 100697->100698 100699 1400acb70 _Strcoll 3 API calls 100698->100699 100700 140077b3d 100699->100700 100700->100254 100702 14003fc70 100701->100702 100705 14003fc3b 100701->100705 100721 1400415a0 42 API calls 100702->100721 100705->100257 100706->100261 100707->100262 100708->100279 100709->100283 100710->100286 100711->100368 100722->100052 100723->100054 100724->100056 100725->100060 100726->100062 100727 140071ea0 CryptUnprotectData 100728 140071f06 100727->100728 100729 140071fcc 100727->100729 100733 140071f2d ctype _fread_nolock 100728->100733 100735 140045b00 42 API calls 5 library calls 100728->100735 100730 1400acb70 _Strcoll 3 API calls 100729->100730 100731 140071fe6 100730->100731 100734 140071f86 LocalFree 100733->100734 100734->100729 100735->100733 100736 140078f60 100787 14002e9a0 48 API calls _Strcoll 100736->100787 100738 140078fe7 100773 140078fef 100738->100773 100786 1400796ee Concurrency::cancel_current_task 100738->100786 100740 140078faf _fread_nolock 100740->100738 100740->100773 100788 1400891d0 75 API calls Concurrency::cancel_current_task 100740->100788 100741 1400acb70 _Strcoll 3 API calls 100742 140079691 100741->100742 100744 14007902e 100745 140079485 100744->100745 100746 140079091 100744->100746 100812 140054da0 42 API calls Concurrency::cancel_current_task 100745->100812 100789 140083b30 GetCurrentProcess GetProcessId RmStartSession 100746->100789 100749 140079716 100821 14002cc70 42 API calls 100749->100821 100750 1400794a3 100813 140054cc0 42 API calls 100750->100813 100754 1400794b1 100757 1400794d7 100754->100757 100814 1400451e0 42 API calls 4 library calls 100754->100814 100756 140079740 Concurrency::cancel_current_task 100815 140054da0 42 API calls Concurrency::cancel_current_task 100757->100815 100758 1400790b4 100761 1400790c7 100758->100761 100762 14007919c GetFileSize 100758->100762 100761->100749 100765 14007910e ISource 100761->100765 100763 1400791dd 100762->100763 100767 1400791b8 _fread_nolock 100762->100767 100763->100767 100809 140045b00 42 API calls 5 library calls 100763->100809 100764 1400794ea 100816 1400876a0 42 API calls 2 library calls 100764->100816 100808 1400519c0 42 API calls 100765->100808 100766 140079242 SetFilePointer ReadFile 100779 1400793a2 100766->100779 100781 140079291 100766->100781 100767->100766 100771 14007954d 100771->100749 100817 140052080 42 API calls 100771->100817 100772 14007915f 100772->100773 100773->100741 100775 1400793f7 ISource 100811 1400519c0 42 API calls 100775->100811 100776 140079314 ISource 100810 1400519c0 42 API calls 100776->100810 100777 14007957b 100782 1400795ad 100777->100782 100784 1400796ac 100777->100784 100779->100749 100779->100775 100781->100749 100781->100776 100818 1400519c0 42 API calls 100782->100818 100819 14002cc70 42 API calls 100784->100819 100820 14002e0f0 43 API calls Concurrency::cancel_current_task 100786->100820 100787->100740 100788->100744 100790 140083c91 100789->100790 100791 140083b98 RmRegisterResources 100789->100791 100794 1400acb70 _Strcoll 3 API calls 100790->100794 100792 140083bc3 RmGetList 100791->100792 100793 140083c88 RmEndSession 100791->100793 100795 140083cd4 100792->100795 100798 140083bff 100792->100798 100793->100790 100796 1400790a3 100794->100796 100797 140083cd7 RmEndSession 100795->100797 100807 140083cf0 51 API calls 6 library calls 100796->100807 100797->100790 100798->100795 100798->100797 100799 140083c36 RmGetList 100798->100799 100800 140083c5a 100799->100800 100801 140083ccc 100799->100801 100800->100801 100802 140083c5f 100800->100802 100823 14008efd8 7 API calls 3 library calls 100801->100823 100802->100793 100804 140083cb7 100802->100804 100822 14008efd8 7 API calls 3 library calls 100804->100822 100806 140083cbf RmEndSession 100806->100790 100807->100758 100808->100772 100809->100766 100810->100772 100811->100772 100812->100750 100813->100754 100814->100757 100815->100764 100816->100771 100817->100777 100818->100773 100819->100786 100821->100756 100822->100806 100823->100795 100824 1400bae38 100828 1400bae7e 100824->100828 100826 1400baeb1 100827 1400baed8 100826->100827 100849 14008f7cc 41 API calls _invalid_parameter_noinfo 100826->100849 100828->100827 100832 1400bc510 100828->100832 100830 1400baecc 100830->100827 100850 14008e530 42 API calls _invalid_parameter_noinfo 100830->100850 100833 1400bc43c 100832->100833 100834 1400bc462 100833->100834 100836 1400bc495 100833->100836 100857 1400940cc 6 API calls _Strcoll 100834->100857 100838 1400bc49b 100836->100838 100839 1400bc4a8 100836->100839 100837 1400bc467 100858 14008fbec 41 API calls _invalid_parameter_noinfo 100837->100858 100859 1400940cc 6 API calls _Strcoll 100838->100859 100851 14009b830 9 API calls 100839->100851 100843 1400bc4b2 100844 1400bc4bc 100843->100844 100845 1400bc4c9 100843->100845 100860 1400940cc 6 API calls _Strcoll 100844->100860 100852 1400bd78c 100845->100852 100848 1400bc472 100848->100826 100849->100830 100850->100827 100851->100843 100861 1400bd3ec 44 API calls 3 library calls 100852->100861 100854 1400bd7b2 100855 1400bd7e6 100854->100855 100862 1400bed58 100854->100862 100855->100848 100857->100837 100858->100848 100859->100848 100860->100848 100861->100854 100865 1400be208 100862->100865 100864 1400bed85 100864->100855 100866 1400be21f 100865->100866 100867 1400be23d 100865->100867 100916 1400940cc 6 API calls _Strcoll 100866->100916 100867->100866 100870 1400be259 100867->100870 100869 1400be224 100917 14008fbec 41 API calls _invalid_parameter_noinfo 100869->100917 100874 1400be968 100870->100874 100873 1400be230 100873->100864 100918 1400be54c 100874->100918 100876 1400be9af 100877 1400be9dd 100876->100877 100878 1400be9f5 100876->100878 100941 1400940ac 6 API calls _Strcoll 100877->100941 100934 1400a397c 100878->100934 100881 1400be9e2 100942 1400940cc 6 API calls _Strcoll 100881->100942 100882 1400be9fa 100883 1400bea1a CreateFileW 100882->100883 100884 1400bea01 100882->100884 100885 1400beb00 GetFileType 100883->100885 100886 1400bea85 100883->100886 100943 1400940ac 6 API calls _Strcoll 100884->100943 100891 1400beb5e 100885->100891 100892 1400beb0d __std_fs_directory_iterator_open 100885->100892 100889 1400beacd __std_fs_directory_iterator_open 100886->100889 100894 1400bea93 CreateFileW 100886->100894 100945 140094040 6 API calls 2 library calls 100889->100945 100890 1400be9ee 100890->100873 100948 1400a3894 7 API calls 2 library calls 100891->100948 100946 140094040 6 API calls 2 library calls 100892->100946 100893 1400bea06 100944 1400940cc 6 API calls _Strcoll 100893->100944 100894->100885 100894->100889 100899 1400beb80 100900 1400bebd4 100899->100900 100949 1400be754 46 API calls 2 library calls 100899->100949 100906 1400bebdb 100900->100906 100951 1400be2cc 45 API calls 2 library calls 100900->100951 100903 1400beb1c _invalid_parameter_noinfo 100903->100881 100947 1400940cc 6 API calls _Strcoll 100903->100947 100904 1400bec12 100904->100906 100907 1400bec21 100904->100907 100950 14009b6c8 42 API calls _invalid_parameter_noinfo 100906->100950 100907->100890 100909 1400beca0 _invalid_parameter_noinfo 100907->100909 100910 1400beca9 CreateFileW 100909->100910 100911 1400bece7 __std_fs_directory_iterator_open 100910->100911 100915 1400bed15 100910->100915 100952 140094040 6 API calls 2 library calls 100911->100952 100913 1400becf4 100953 1400a3abc 7 API calls 2 library calls 100913->100953 100915->100890 100916->100869 100917->100873 100919 1400be578 100918->100919 100927 1400be592 100918->100927 100919->100927 100954 1400940cc 6 API calls _Strcoll 100919->100954 100921 1400be587 100955 14008fbec 41 API calls _invalid_parameter_noinfo 100921->100955 100923 1400be661 100933 1400be6ba 100923->100933 100960 1400bc188 41 API calls 2 library calls 100923->100960 100924 1400be610 100924->100923 100958 1400940cc 6 API calls _Strcoll 100924->100958 100927->100924 100956 1400940cc 6 API calls _Strcoll 100927->100956 100928 1400be656 100959 14008fbec 41 API calls _invalid_parameter_noinfo 100928->100959 100931 1400be605 100957 14008fbec 41 API calls _invalid_parameter_noinfo 100931->100957 100933->100876 100938 1400a399f 100934->100938 100935 1400a39cd 100935->100882 100936 1400a39c8 100961 1400a36cc 9 API calls 2 library calls 100936->100961 100938->100935 100938->100936 100939 1400a3a1e EnterCriticalSection 100938->100939 100939->100935 100940 1400a3a2d LeaveCriticalSection 100939->100940 100940->100938 100941->100881 100942->100890 100943->100893 100944->100881 100945->100881 100946->100903 100947->100881 100948->100899 100949->100900 100950->100890 100951->100904 100952->100913 100953->100915 100954->100921 100955->100927 100956->100931 100957->100924 100958->100928 100959->100923 100960->100933 100961->100935 100962 14009bbb8 100965 14009bbc9 std::_Facet_Register wcsftime 100962->100965 100964 14009bc18 100965->100964 100966 1400940cc 6 API calls _Strcoll 100965->100966 100966->100964

                                                                                              Executed Functions

                                                                                              Function 000000014007FB30 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 225windowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Object$DeleteMetricsSystem$CreateSelectStream_$CapsCompatibleCriticalDeviceReleaseSection$BitmapEnterLeaveReadResetSizeStream
                                                                                              • String ID:
                                                                                              • API String ID: 3214587331-3916222277
                                                                                              • Opcode ID: e6297d83c5e3daae7c569f233a5639c4317fcd5bbfa91a6b2422efe832d9ecb4
                                                                                              • Instruction ID: f318ecd3730808032b5391f8620dce94293df76409b5fe480c5cede521fd26ce
                                                                                              • Opcode Fuzzy Hash: e6297d83c5e3daae7c569f233a5639c4317fcd5bbfa91a6b2422efe832d9ecb4
                                                                                              • Instruction Fuzzy Hash: 16B11D72218BC086E761DB22E8547EEB7A5F799BC0F408515EB8943B69DF3CC485CB10
                                                                                              Function 00007FF73F6E1F90 Relevance: 43.1, APIs: 9, Strings: 15, Instructions: 1078COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 40 7ff73f6e1f90-7ff73f6e1ff3 call 7ff73f6d9290 43 7ff73f6e2079-7ff73f6e20a4 call 7ff73f6d79c0 40->43 44 7ff73f6e1ff9-7ff73f6e2008 40->44 51 7ff73f6e20a7-7ff73f6e20f8 43->51 46 7ff73f6e200d-7ff73f6e2024 44->46 47 7ff73f6e200a 44->47 49 7ff73f6e2026-7ff73f6e202d 46->49 50 7ff73f6e2041 46->50 47->46 49->50 52 7ff73f6e202f-7ff73f6e2032 49->52 53 7ff73f6e2044-7ff73f6e2077 call 7ff73f7372d0 * 3 50->53 54 7ff73f6e2127-7ff73f6e2149 call 7ff73f6d74e0 51->54 55 7ff73f6e20fa-7ff73f6e2125 51->55 56 7ff73f6e2034-7ff73f6e2037 52->56 57 7ff73f6e2039-7ff73f6e203f 52->57 53->51 59 7ff73f6e214e-7ff73f6e2192 call 7ff73f6eab10 54->59 55->59 56->53 57->53 66 7ff73f6e2194-7ff73f6e21a8 59->66 67 7ff73f6e21c8-7ff73f6e21ea 59->67 69 7ff73f6e21c3 call 7ff73f70efb8 66->69 70 7ff73f6e21aa-7ff73f6e21bd 66->70 71 7ff73f6e2220-7ff73f6e2260 call 7ff73f6e9700 call 7ff73f6d9d90 67->71 72 7ff73f6e21ec-7ff73f6e2200 67->72 69->67 70->69 77 7ff73f6e32bf-7ff73f6e32c4 call 7ff73f7164c4 70->77 89 7ff73f6e22b4-7ff73f6e22f9 call 7ff73f6e6350 call 7ff73f6dc7c0 71->89 90 7ff73f6e2262-7ff73f6e2266 71->90 74 7ff73f6e2202-7ff73f6e2215 72->74 75 7ff73f6e221b call 7ff73f70efb8 72->75 74->75 79 7ff73f6e32c5-7ff73f6e32ca call 7ff73f7164c4 74->79 75->71 77->79 88 7ff73f6e32cb-7ff73f6e32d0 call 7ff73f7164c4 79->88 97 7ff73f6e32d1-7ff73f6e32d6 call 7ff73f7164c4 88->97 104 7ff73f6e2383-7ff73f6e23a0 call 7ff73f6d79c0 89->104 105 7ff73f6e22ff-7ff73f6e2327 89->105 93 7ff73f6e2270-7ff73f6e22b2 call 7ff73f6dc070 call 7ff73f6e7ba0 call 7ff73f6e5d00 call 7ff73f6e0880 90->93 93->89 108 7ff73f6e32d7-7ff73f6e32dc call 7ff73f7164c4 97->108 112 7ff73f6e23a5-7ff73f6e23f6 104->112 109 7ff73f6e2344 105->109 110 7ff73f6e2329-7ff73f6e2330 105->110 127 7ff73f6e32dd-7ff73f6e32e2 call 7ff73f7164c4 108->127 115 7ff73f6e2347-7ff73f6e2381 call 7ff73f7372d0 * 3 109->115 110->109 114 7ff73f6e2332-7ff73f6e2335 110->114 118 7ff73f6e2425-7ff73f6e2447 call 7ff73f6d74e0 112->118 119 7ff73f6e23f8-7ff73f6e2423 112->119 121 7ff73f6e233c-7ff73f6e2342 114->121 122 7ff73f6e2337-7ff73f6e233a 114->122 115->112 125 7ff73f6e244c-7ff73f6e24a2 call 7ff73f6eab10 118->125 119->125 121->115 122->115 136 7ff73f6e24a4-7ff73f6e24b8 125->136 137 7ff73f6e24d8-7ff73f6e24fa 125->137 138 7ff73f6e32e3-7ff73f6e32e8 call 7ff73f7164c4 127->138 142 7ff73f6e24d3 call 7ff73f70efb8 136->142 143 7ff73f6e24ba-7ff73f6e24cd 136->143 139 7ff73f6e2530-7ff73f6e253a 137->139 140 7ff73f6e24fc-7ff73f6e2510 137->140 151 7ff73f6e32e9-7ff73f6e32fa call 7ff73f7164c4 138->151 149 7ff73f6e25d3-7ff73f6e25e5 call 7ff73f6ec310 139->149 150 7ff73f6e2540-7ff73f6e25ce call 7ff73f6ded80 call 7ff73f6eab10 139->150 147 7ff73f6e2512-7ff73f6e2525 140->147 148 7ff73f6e252b call 7ff73f70efb8 140->148 142->137 143->88 143->142 147->97 147->148 148->139 160 7ff73f6e2680-7ff73f6e2697 call 7ff73f6defa0 149->160 161 7ff73f6e25eb-7ff73f6e267b call 7ff73f6ded80 call 7ff73f6eab10 149->161 167 7ff73f6e327b-7ff73f6e32b8 call 7ff73f6dec80 call 7ff73f70f520 150->167 170 7ff73f6e26a1-7ff73f6e26bf call 7ff73f6d9d90 160->170 171 7ff73f6e2699-7ff73f6e269c 160->171 161->167 178 7ff73f6e26c1-7ff73f6e26d1 170->178 179 7ff73f6e270c-7ff73f6e2762 call 7ff73f6d4e20 call 7ff73f6e6350 call 7ff73f6d51b0 170->179 171->167 178->179 187 7ff73f6e2764-7ff73f6e2773 179->187 188 7ff73f6e2780-7ff73f6e27a0 call 7ff73f6d74e0 179->188 189 7ff73f6e2775 187->189 190 7ff73f6e2778-7ff73f6e277e 187->190 192 7ff73f6e27a3-7ff73f6e27f9 call 7ff73f6eab10 188->192 189->190 190->192 196 7ff73f6e282f-7ff73f6e2851 192->196 197 7ff73f6e27fb-7ff73f6e280f 192->197 198 7ff73f6e2853-7ff73f6e2867 196->198 199 7ff73f6e2888-7ff73f6e289d call 7ff73f6dc7c0 196->199 200 7ff73f6e2811-7ff73f6e2824 197->200 201 7ff73f6e282a call 7ff73f70efb8 197->201 203 7ff73f6e2882-7ff73f6e2887 call 7ff73f70efb8 198->203 204 7ff73f6e2869-7ff73f6e287c 198->204 209 7ff73f6e289f-7ff73f6e28a1 199->209 210 7ff73f6e28c9-7ff73f6e28d4 199->210 200->108 200->201 201->196 203->199 204->127 204->203 209->210 211 7ff73f6e28a3-7ff73f6e28c7 209->211 212 7ff73f6e28d8-7ff73f6e2900 call 7ff73f6eb990 210->212 211->212 215 7ff73f6e2906-7ff73f6e2988 call 7ff73f6ded80 call 7ff73f6eab10 212->215 216 7ff73f6e298d-7ff73f6e29c2 call 7ff73f6da070 call 7ff73f6ebc00 212->216 225 7ff73f6e3265-7ff73f6e326c 215->225 226 7ff73f6e2a66-7ff73f6e2a7f 216->226 227 7ff73f6e29c8-7ff73f6e2a61 call 7ff73f6ded80 call 7ff73f6eab10 216->227 225->167 228 7ff73f6e326e-7ff73f6e327a call 7ff73f6dec80 225->228 229 7ff73f6e2a81-7ff73f6e2aa7 call 7ff73f6d5350 226->229 230 7ff73f6e2aac-7ff73f6e2b40 call 7ff73f6d9050 call 7ff73f6d51b0 call 7ff73f6df520 call 7ff73f6eab10 226->230 241 7ff73f6e325a-7ff73f6e3264 call 7ff73f6dec80 227->241 228->167 229->230 249 7ff73f6e2b76-7ff73f6e2b98 230->249 250 7ff73f6e2b42-7ff73f6e2b56 230->250 241->225 251 7ff73f6e2bce-7ff73f6e2bf5 call 7ff73f6e3810 249->251 252 7ff73f6e2b9a-7ff73f6e2bae 249->252 253 7ff73f6e2b71 call 7ff73f70efb8 250->253 254 7ff73f6e2b58-7ff73f6e2b6b 250->254 261 7ff73f6e2bff-7ff73f6e2e0b call 7ff73f6d9290 call 7ff73f6d51b0 call 7ff73f6df520 call 7ff73f6eab10 call 7ff73f6dad60 * 2 call 7ff73f6d91d0 call 7ff73f6d51b0 call 7ff73f6df520 call 7ff73f6eab10 call 7ff73f6dad60 * 2 call 7ff73f6e9700 call 7ff73f6d9050 call 7ff73f6d51b0 call 7ff73f6df520 call 7ff73f6eab10 call 7ff73f6dad60 * 2 251->261 262 7ff73f6e2bf7-7ff73f6e2bfa 251->262 255 7ff73f6e2bb0-7ff73f6e2bc3 252->255 256 7ff73f6e2bc9 call 7ff73f70efb8 252->256 253->249 254->138 254->253 255->151 255->256 256->251 315 7ff73f6e2f15-7ff73f6e31ae call 7ff73f6d9050 call 7ff73f6d51b0 call 7ff73f6df520 call 7ff73f6eab10 call 7ff73f6dad60 * 2 call 7ff73f6d4ba0 call 7ff73f6e7c10 call 7ff73f6d7df0 call 7ff73f6d4d30 call 7ff73f6d51b0 call 7ff73f6df520 call 7ff73f6eab10 call 7ff73f6dad60 * 2 call 7ff73f6e6400 call 7ff73f6d51b0 call 7ff73f6df520 call 7ff73f6eab10 call 7ff73f6dad60 * 2 call 7ff73f6ec670 call 7ff73f6e7c10 call 7ff73f6dec80 261->315 316 7ff73f6e2e11-7ff73f6e2e26 call 7ff73f6d9d90 261->316 263 7ff73f6e31df-7ff73f6e31e2 262->263 263->241 265 7ff73f6e31e4-7ff73f6e31ea 263->265 267 7ff73f6e3204-7ff73f6e323a 265->267 268 7ff73f6e31ec 265->268 271 7ff73f6e3251-7ff73f6e3259 call 7ff73f70efb8 267->271 272 7ff73f6e323c-7ff73f6e324f 267->272 270 7ff73f6e31f0-7ff73f6e3202 call 7ff73f6db110 268->270 270->267 271->241 272->271 275 7ff73f6e32b9-7ff73f6e32be call 7ff73f7164c4 272->275 275->77 389 7ff73f6e31b0-7ff73f6e31b4 315->389 390 7ff73f6e31d2-7ff73f6e31de call 7ff73f6dec80 315->390 321 7ff73f6e2e30-7ff73f6e2e70 call 7ff73f6dc070 call 7ff73f6e7ba0 call 7ff73f6e5d00 call 7ff73f6e0880 316->321 340 7ff73f6e2e72-7ff73f6e2f10 call 7ff73f6e6350 call 7ff73f6dc7c0 call 7ff73f6d51b0 call 7ff73f6df520 call 7ff73f6eab10 call 7ff73f6dad60 * 2 321->340 340->315 389->390 392 7ff73f6e31b6-7ff73f6e31ce call 7ff73f6d4ba0 389->392 390->263 394 7ff73f6e31d1 392->394 394->390
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                              • String ID: one$Chosen detour scheme: $Hook instructions: $Hook size: $Original function:$Prologue offset: $Prologue to overwrite:$Trampoline Jmp Tbl:$Trampoline:$UNKNOWN$failed$ions$m_fnAddress: $m_trampoline: $m_trampolineSz:
                                                                                              • API String ID: 3668304517-2571529286
                                                                                              • Opcode ID: 6dea04070afc1ebdef79afda176cdc7870c4fc517bbb67051c281ea0f97f1c3c
                                                                                              • Instruction ID: 6bd49b0322c687ea4c833af7dc5408803511d5475b286d216a2baf5e3d2f2edd
                                                                                              • Opcode Fuzzy Hash: 6dea04070afc1ebdef79afda176cdc7870c4fc517bbb67051c281ea0f97f1c3c
                                                                                              • Instruction Fuzzy Hash: 18B2B423A18BC1E5E728EF34D9403E96366FB95788F805232EA4D07796DF79E284D350
                                                                                              Function 00007FF73F6E34B0 Relevance: 36.3, APIs: 12, Strings: 8, Instructions: 1303COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                                                                              • String ID: Instructions needing entry:$Instructions needing relocation:$Instructions needing translation:$Jmp To Prol:$Original function:$Trampoline address: $jmp$m_fnAddress:
                                                                                              • API String ID: 3936042273-1617887432
                                                                                              • Opcode ID: 2486afc1e598fdc772e1ac3ff94fd1bbfdeebacad50be4a655f63a78fa4ee4cb
                                                                                              • Instruction ID: 7b0e632a6b3a9bb33c6ff50e96fdc6bad8ce86a64f227c58d9bbbf5e93683afd
                                                                                              • Opcode Fuzzy Hash: 2486afc1e598fdc772e1ac3ff94fd1bbfdeebacad50be4a655f63a78fa4ee4cb
                                                                                              • Instruction Fuzzy Hash: E0D2AE23A14BD199EB28EF34D9443ED6766EB957D8F804232DA5C07B9ADF38E184D310
                                                                                              Function 00007FF73F6E3810 Relevance: 28.9, APIs: 9, Strings: 7, Instructions: 929COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Instructions needing entry:$Instructions needing relocation:$Instructions needing translation:$Jmp To Prol:$Original function:$Trampoline address: $m_fnAddress:
                                                                                              • API String ID: 0-38338247
                                                                                              • Opcode ID: c4ff25c2c38d411b29f9f0d3f602e45d3cd29d8227800543d42d6121f17002a9
                                                                                              • Instruction ID: bd2ba4c6fe77819ddb23a93720bbcddd8884ca802c53d828cae0cec49364ec3c
                                                                                              • Opcode Fuzzy Hash: c4ff25c2c38d411b29f9f0d3f602e45d3cd29d8227800543d42d6121f17002a9
                                                                                              • Instruction Fuzzy Hash: 97929D23A14BD199EB24AF34C9443EDA766FB957D8F804232DA5C07B9ADF39D284D310
                                                                                              Function 00000001400B98C0 Relevance: 27.2, APIs: 18, Instructions: 229fileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1189 1400b98c0-1400b9900 1190 1400b9902-1400b9909 1189->1190 1191 1400b9915-1400b991e 1189->1191 1190->1191 1194 1400b990b-1400b9910 1190->1194 1192 1400b993a-1400b993c 1191->1192 1193 1400b9920-1400b9923 1191->1193 1197 1400b9b92 1192->1197 1198 1400b9942-1400b9946 1192->1198 1193->1192 1196 1400b9925-1400b992d 1193->1196 1195 1400b9b94-1400b9bba call 1400acb70 1194->1195 1199 1400b992f-1400b9931 1196->1199 1200 1400b9933-1400b9936 1196->1200 1197->1195 1202 1400b994c-1400b994f 1198->1202 1203 1400b9a1d-1400b9a44 call 1400b9c94 1198->1203 1199->1192 1199->1200 1200->1192 1205 1400b9963-1400b9975 GetFileAttributesExW 1202->1205 1206 1400b9951-1400b9959 1202->1206 1213 1400b9a66-1400b9a6f 1203->1213 1214 1400b9a46-1400b9a4f 1203->1214 1210 1400b99c8-1400b99d7 1205->1210 1211 1400b9977-1400b9980 call 1400d2160 1205->1211 1206->1205 1208 1400b995b-1400b995d 1206->1208 1208->1203 1208->1205 1212 1400b99db-1400b99dd 1210->1212 1211->1195 1228 1400b9986-1400b9998 FindFirstFileW 1211->1228 1218 1400b99e9-1400b9a17 1212->1218 1219 1400b99df-1400b99e7 1212->1219 1216 1400b9b23-1400b9b2c 1213->1216 1217 1400b9a75-1400b9a8d GetFileInformationByHandleEx 1213->1217 1220 1400b9a5f-1400b9a61 1214->1220 1221 1400b9a51-1400b9a59 call 1400d2138 1214->1221 1225 1400b9b7b-1400b9b7d 1216->1225 1226 1400b9b2e-1400b9b42 GetFileInformationByHandleEx 1216->1226 1223 1400b9a8f-1400b9a9b call 1400d2160 1217->1223 1224 1400b9ab5-1400b9ace 1217->1224 1218->1197 1218->1203 1219->1203 1219->1218 1220->1195 1221->1220 1246 1400b9bd5-1400b9bda call 140097bc4 1221->1246 1249 1400b9aae-1400b9ab0 1223->1249 1250 1400b9a9d-1400b9aa8 call 1400d2138 1223->1250 1224->1216 1234 1400b9ad0-1400b9ad4 1224->1234 1229 1400b9bbb-1400b9bbf 1225->1229 1230 1400b9b7f-1400b9b83 1225->1230 1232 1400b9b44-1400b9b50 call 1400d2160 1226->1232 1233 1400b9b68-1400b9b78 1226->1233 1236 1400b999a-1400b99a0 call 1400d2160 1228->1236 1237 1400b99a5-1400b99c6 FindClose 1228->1237 1242 1400b9bce-1400b9bd3 1229->1242 1243 1400b9bc1-1400b9bcc call 1400d2138 1229->1243 1230->1197 1239 1400b9b85-1400b9b90 call 1400d2138 1230->1239 1232->1249 1259 1400b9b56-1400b9b61 call 1400d2138 1232->1259 1233->1225 1244 1400b9b1c 1234->1244 1245 1400b9ad6-1400b9af0 GetFileInformationByHandleEx 1234->1245 1236->1195 1237->1212 1239->1197 1239->1246 1242->1195 1243->1242 1243->1246 1251 1400b9b20 1244->1251 1254 1400b9b13-1400b9b1a 1245->1254 1255 1400b9af2-1400b9afe call 1400d2160 1245->1255 1263 1400b9bdb-1400b9be0 call 140097bc4 1246->1263 1249->1195 1250->1249 1268 1400b9be7-1400b9bef call 140097bc4 1250->1268 1251->1216 1254->1251 1255->1249 1270 1400b9b00-1400b9b0b call 1400d2138 1255->1270 1273 1400b9b63 1259->1273 1274 1400b9be1-1400b9be6 call 140097bc4 1259->1274 1263->1274 1270->1263 1279 1400b9b11 1270->1279 1273->1249 1274->1268 1279->1249
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
                                                                                              • String ID:
                                                                                              • API String ID: 2398595512-0
                                                                                              • Opcode ID: 9b9cafa6476ba7d57e6375b49b2d31870033937920a690a77e8b0d8031f3f21f
                                                                                              • Instruction ID: 78d3b7904e2be2efe08361c3f480887f67cd56aa3d30c859a21cd1ed935ad958
                                                                                              • Opcode Fuzzy Hash: 9b9cafa6476ba7d57e6375b49b2d31870033937920a690a77e8b0d8031f3f21f
                                                                                              • Instruction Fuzzy Hash: 55918132314E4146F6768FABA844BDA27A1AB9D7F0F184714BBBA476F5DB38C841C700
                                                                                              Function 0000000140081660 Relevance: 26.6, APIs: 4, Strings: 10, Instructions: 2133timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: InformationTimeZone
                                                                                              • String ID: %d-%m-%Y, %H:%M:%S$[UTC$computer_name$cpu$gpu$ram$system$time$timezone$user_name
                                                                                              • API String ID: 565725191-1610854563
                                                                                              • Opcode ID: d3cf83e169ff3f4c24906931b1dd953e86c61076782a8d3af26abcf945dc70e3
                                                                                              • Instruction ID: b9f257b62ed73451381ea6531804185a1b92b6541c3fde4c1b208224bb846b02
                                                                                              • Opcode Fuzzy Hash: d3cf83e169ff3f4c24906931b1dd953e86c61076782a8d3af26abcf945dc70e3
                                                                                              • Instruction Fuzzy Hash: 8D236B73614BC485EB22CF66E8403DD77A1F799798F509215EB9D47BAAEB78C280C700
                                                                                              Function 00007FF73F6D358C Relevance: 23.4, APIs: 9, Strings: 4, Instructions: 639nativeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1849 7ff73f6d358c-7ff73f6d35bb 1850 7ff73f6d35bd-7ff73f6d35c0 1849->1850 1851 7ff73f6d3609-7ff73f6d3615 call 7ff73f6d4970 1849->1851 1852 7ff73f6d35c6-7ff73f6d35c9 1850->1852 1853 7ff73f6d3dde-7ff73f6d3e01 call 7ff73f6d49d6 SleepEx call 7ff73f6d49d6 1850->1853 1864 7ff73f6d3621-7ff73f6d3623 call 7ff73f6d358c 1851->1864 1865 7ff73f6d3617-7ff73f6d361c call 7ff73f6d358c 1851->1865 1855 7ff73f6d35cb-7ff73f6d35ce 1852->1855 1856 7ff73f6d3628-7ff73f6d3653 1852->1856 1888 7ff73f6d3e03-7ff73f6d3e0a call 7ff73f6d358c 1853->1888 1889 7ff73f6d3e0f-7ff73f6d3e1f GetSystemInfo 1853->1889 1861 7ff73f6d35d4-7ff73f6d35d7 1855->1861 1862 7ff73f6d3986-7ff73f6d39a7 GetUserNameA call 7ff73f715320 1855->1862 1859 7ff73f6d3655-7ff73f6d3658 1856->1859 1860 7ff73f6d368c-7ff73f6d36bd 1856->1860 1868 7ff73f6d365d-7ff73f6d368a 1859->1868 1869 7ff73f6d36c2-7ff73f6d36ef 1860->1869 1870 7ff73f6d3b9f-7ff73f6d3bb5 GetModuleFileNameA call 7ff73f6d3300 1861->1870 1871 7ff73f6d35dd-7ff73f6d35e0 1861->1871 1878 7ff73f6d39ac-7ff73f6d39af 1862->1878 1864->1856 1865->1864 1868->1860 1868->1868 1869->1869 1875 7ff73f6d36f1-7ff73f6d3716 1869->1875 1880 7ff73f6d3bba-7ff73f6d3bc8 call 7ff73f715320 1870->1880 1876 7ff73f6d35e6-7ff73f6d35e9 1871->1876 1877 7ff73f6d3d4b-7ff73f6d3d5e 1871->1877 1883 7ff73f6d371b-7ff73f6d3748 1875->1883 1884 7ff73f6d35ef-7ff73f6d35f2 1876->1884 1885 7ff73f6d3e2d-7ff73f6d3e4b GlobalMemoryStatusEx 1876->1885 1881 7ff73f6d3d60-7ff73f6d3d63 1877->1881 1882 7ff73f6d3d99-7ff73f6d3db4 GetDiskFreeSpaceExA 1877->1882 1886 7ff73f6d39d0-7ff73f6d39e5 1878->1886 1887 7ff73f6d39b1-7ff73f6d39ce call 7ff73f7152e4 call 7ff73f715320 1878->1887 1916 7ff73f6d3be9-7ff73f6d3bfe 1880->1916 1917 7ff73f6d3bca-7ff73f6d3be7 call 7ff73f7152e4 call 7ff73f715320 1880->1917 1894 7ff73f6d3d6a-7ff73f6d3d97 1881->1894 1882->1853 1899 7ff73f6d3db6-7ff73f6d3dd0 1882->1899 1883->1883 1900 7ff73f6d374a-7ff73f6d3773 1883->1900 1884->1889 1901 7ff73f6d35f8-7ff73f6d35fb 1884->1901 1895 7ff73f6d3e9d-7ff73f6d3eae 1885->1895 1896 7ff73f6d3e4d-7ff73f6d3e52 1885->1896 1897 7ff73f6d3a20-7ff73f6d3a38 call 7ff73f710dd4 1886->1897 1898 7ff73f6d39e7-7ff73f6d39ea 1886->1898 1887->1886 1888->1889 1889->1885 1892 7ff73f6d3e21-7ff73f6d3e28 call 7ff73f6d358c 1889->1892 1892->1885 1894->1882 1894->1894 1905 7ff73f6d3eb2-7ff73f6d3ec5 1895->1905 1896->1905 1927 7ff73f6d3a43-7ff73f6d3a6c 1897->1927 1928 7ff73f6d3a3a-7ff73f6d3a3e call 7ff73f6d358c 1897->1928 1906 7ff73f6d39f1-7ff73f6d3a1e 1898->1906 1899->1853 1908 7ff73f6d3dd2-7ff73f6d3dd9 call 7ff73f6d358c 1899->1908 1909 7ff73f6d3775-7ff73f6d3778 1900->1909 1910 7ff73f6d37ac-7ff73f6d37dd 1900->1910 1911 7ff73f6d3ed3-7ff73f6d3ee4 call 7ff73f6d49d6 1901->1911 1912 7ff73f6d3601-7ff73f6d3604 1901->1912 1905->1911 1913 7ff73f6d3ec7-7ff73f6d3ece call 7ff73f6d358c 1905->1913 1906->1897 1906->1906 1908->1853 1920 7ff73f6d377d-7ff73f6d37aa 1909->1920 1922 7ff73f6d37e2-7ff73f6d380f 1910->1922 1921 7ff73f6d3ee6-7ff73f6d3f01 1911->1921 1912->1921 1913->1911 1929 7ff73f6d3c00-7ff73f6d3c03 1916->1929 1930 7ff73f6d3c39-7ff73f6d3c4c call 7ff73f710dd4 1916->1930 1917->1916 1920->1910 1920->1920 1922->1922 1931 7ff73f6d3811-7ff73f6d381a 1922->1931 1936 7ff73f6d3a73-7ff73f6d3aa0 1927->1936 1928->1927 1937 7ff73f6d3c0a-7ff73f6d3c37 1929->1937 1943 7ff73f6d3c4e-7ff73f6d3c55 call 7ff73f6d358c 1930->1943 1944 7ff73f6d3c5a-7ff73f6d3c83 1930->1944 1933 7ff73f6d381f-7ff73f6d3848 NtQuerySystemInformation 1931->1933 1939 7ff73f6d396c-7ff73f6d3977 1933->1939 1940 7ff73f6d384e-7ff73f6d386b 1933->1940 1936->1936 1942 7ff73f6d3aa2-7ff73f6d3ab5 call 7ff73f710dd4 1936->1942 1937->1930 1937->1937 1939->1933 1947 7ff73f6d397d-7ff73f6d3983 1939->1947 1945 7ff73f6d38b1 1940->1945 1946 7ff73f6d386d-7ff73f6d3877 1940->1946 1956 7ff73f6d3ac0-7ff73f6d3add 1942->1956 1957 7ff73f6d3ab7-7ff73f6d3abb call 7ff73f6d358c 1942->1957 1943->1944 1954 7ff73f6d3c8a-7ff73f6d3cb7 1944->1954 1955 7ff73f6d38b6-7ff73f6d38d5 NtQuerySystemInformation 1945->1955 1952 7ff73f6d3880 call 7ff73f70ed34 1946->1952 1953 7ff73f6d3879 call 7ff73f6d32bc 1946->1953 1947->1862 1968 7ff73f6d3885-7ff73f6d38af call 7ff73f737970 1952->1968 1965 7ff73f6d387e 1953->1965 1954->1954 1959 7ff73f6d3cb9-7ff73f6d3ccc call 7ff73f710dd4 1954->1959 1961 7ff73f6d3934-7ff73f6d3937 1955->1961 1962 7ff73f6d38d7-7ff73f6d38f7 1955->1962 1964 7ff73f6d3ae4-7ff73f6d3b11 1956->1964 1957->1956 1980 7ff73f6d3cce-7ff73f6d3cd5 call 7ff73f6d358c 1959->1980 1981 7ff73f6d3cda-7ff73f6d3cef 1959->1981 1961->1939 1966 7ff73f6d3939-7ff73f6d3946 1961->1966 1962->1961 1969 7ff73f6d38f9-7ff73f6d3915 call 7ff73f710fbc 1962->1969 1964->1964 1970 7ff73f6d3b13-7ff73f6d3b26 call 7ff73f710dd4 1964->1970 1965->1968 1971 7ff73f6d3961-7ff73f6d3967 call 7ff73f70efb8 1966->1971 1972 7ff73f6d3948-7ff73f6d395b 1966->1972 1968->1955 1983 7ff73f6d392c-7ff73f6d3932 1969->1983 1984 7ff73f6d3917-7ff73f6d3926 call 7ff73f71d1d8 1969->1984 1991 7ff73f6d3b31-7ff73f6d3b46 1970->1991 1992 7ff73f6d3b28-7ff73f6d3b2c call 7ff73f6d358c 1970->1992 1971->1939 1972->1971 1978 7ff73f6d3f02-7ff73f6d3f07 call 7ff73f7164c4 1972->1978 1980->1981 1988 7ff73f6d3cf1-7ff73f6d3cf4 1981->1988 1989 7ff73f6d3d2a-7ff73f6d3d3d call 7ff73f710dd4 1981->1989 1983->1961 1983->1969 1984->1983 2002 7ff73f6d3e54-7ff73f6d3e57 1984->2002 1994 7ff73f6d3cfb-7ff73f6d3d28 1988->1994 1989->1877 2001 7ff73f6d3d3f-7ff73f6d3d46 call 7ff73f6d358c 1989->2001 1999 7ff73f6d3b81-7ff73f6d3b94 call 7ff73f710dd4 1991->1999 2000 7ff73f6d3b48-7ff73f6d3b4b 1991->2000 1992->1991 1994->1989 1994->1994 1999->1870 2009 7ff73f6d3b96-7ff73f6d3b9a call 7ff73f6d358c 1999->2009 2003 7ff73f6d3b52-7ff73f6d3b7f 2000->2003 2001->1877 2006 7ff73f6d3e8c-7ff73f6d3e98 call 7ff73f6d358c 2002->2006 2007 7ff73f6d3e59-7ff73f6d3e66 2002->2007 2003->1999 2003->2003 2006->1939 2010 7ff73f6d3e81-7ff73f6d3e87 call 7ff73f70efb8 2007->2010 2011 7ff73f6d3e68-7ff73f6d3e7b 2007->2011 2009->1870 2010->2006 2011->1978 2011->2010
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: System$InformationNameQuery$DiskFileFreeGlobalInfoMemoryModuleSleepSpaceStatusUser_invalid_parameter_noinfo_noreturn
                                                                                              • String ID: @$Kn2;0D$aqkoh<$zyumznx>knphno=
                                                                                              • API String ID: 2996925978-1891084399
                                                                                              • Opcode ID: c6ef5a57fdbca9f8d3a1e2206873aff3280e9d72684181b437b7f4576ae92ac2
                                                                                              • Instruction ID: 824569a5c7805e5c66241b458dd045a3477b0ff6a27121516f8adde83f683bc0
                                                                                              • Opcode Fuzzy Hash: c6ef5a57fdbca9f8d3a1e2206873aff3280e9d72684181b437b7f4576ae92ac2
                                                                                              • Instruction Fuzzy Hash: 59324B22B296E6A6F71CAF3494012F8A7A5EB88384FC40237E54C47BD5DE3CE516D720
                                                                                              Function 0000000140081FF0 Relevance: 22.5, APIs: 3, Strings: 9, Instructions: 1516COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Name$DevicesDisplayEnum$ComputerCurrentFileGlobalMemoryModuleProfileStatusUserValuewcsftime
                                                                                              • String ID: %d-%m-%Y, %H:%M:%S$computer_name$cpu$gpu$ram$system$time$timezone$user_name
                                                                                              • API String ID: 2509368203-1182675529
                                                                                              • Opcode ID: e61d77a7accd676b836279c1ede6e893b6c0811bf0262a024843482afec0d740
                                                                                              • Instruction ID: 94e5cc0ebb8cc1434cf8510cc9c95a840a40c68f7bc318a096c5be29de2477fb
                                                                                              • Opcode Fuzzy Hash: e61d77a7accd676b836279c1ede6e893b6c0811bf0262a024843482afec0d740
                                                                                              • Instruction Fuzzy Hash: 3BF25C73614BC099DB22CF66E8903DD77A1F799798F409216EB9D17BA9DB78C280C700
                                                                                              Function 000000014003B820 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 862libraryloaderCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2511 14003b820-14003b91f LoadLibraryA 2512 14003b925-14003bce0 GetProcAddress * 6 2511->2512 2513 14003c7e0-14003c7ea 2511->2513 2512->2513 2516 14003bce6-14003bce9 2512->2516 2514 14003c7ec-14003c7ee 2513->2514 2515 14003c7f9-14003c7fc 2513->2515 2514->2515 2517 14003c807-14003c836 call 1400acb70 2515->2517 2518 14003c7fe-14003c801 FreeLibrary 2515->2518 2516->2513 2519 14003bcef-14003bcf2 2516->2519 2518->2517 2519->2513 2522 14003bcf8-14003bcfb 2519->2522 2522->2513 2523 14003bd01-14003bd04 2522->2523 2523->2513 2525 14003bd0a-14003bd0d 2523->2525 2525->2513 2526 14003bd13-14003bd21 2525->2526 2527 14003bd25-14003bd27 2526->2527 2527->2513 2528 14003bd2d-14003bd39 2527->2528 2528->2513 2529 14003bd3f-14003bd48 2528->2529 2530 14003bd50-14003bd6b 2529->2530 2532 14003bd71-14003bd8f 2530->2532 2533 14003c7c7-14003c7d3 2530->2533 2532->2533 2536 14003bd95-14003bda7 2532->2536 2533->2530 2534 14003c7d9 2533->2534 2534->2513 2537 14003c7b3-14003c7c2 2536->2537 2538 14003bdad 2536->2538 2537->2533 2539 14003bdb2-14003be03 call 1400acb98 2538->2539 2544 14003c082 2539->2544 2545 14003be09-14003be10 2539->2545 2547 14003c084-14003c08b 2544->2547 2545->2544 2546 14003be16-14003bf0f call 140071bf0 call 1400422d0 call 1400425a0 2545->2546 2573 14003bf10-14003bf18 2546->2573 2549 14003c301-14003c33d 2547->2549 2550 14003c091-14003c098 2547->2550 2558 14003c343-14003c351 2549->2558 2559 14003c5d7-14003c5d9 2549->2559 2550->2549 2552 14003c09e-14003c18b call 140071bf0 call 1400422d0 call 1400425a0 2550->2552 2585 14003c192-14003c19a 2552->2585 2562 14003c357-14003c35e 2558->2562 2563 14003c5d0-14003c5d3 2558->2563 2564 14003c785-14003c79b call 14003e3a0 2559->2564 2565 14003c5df-14003c708 call 140045330 call 14003eda0 call 140045330 call 14003eda0 call 140040fb0 call 1400acb98 call 140059100 2559->2565 2562->2563 2570 14003c364-14003c458 call 140071bf0 call 1400422d0 call 1400425a0 2562->2570 2563->2559 2568 14003c5d5 2563->2568 2580 14003c7a1-14003c7ac 2564->2580 2581 14003bdb0 2564->2581 2661 14003c714-14003c727 call 140040840 2565->2661 2662 14003c70a-14003c70c 2565->2662 2568->2559 2601 14003c460-14003c467 2570->2601 2573->2573 2578 14003bf1a-14003bf74 call 140045330 call 140043990 call 140040fb0 2573->2578 2607 14003bfa7-14003bfd1 2578->2607 2608 14003bf76-14003bf87 2578->2608 2580->2537 2581->2539 2585->2585 2590 14003c19c-14003c1f5 call 140045330 call 140043990 call 140040fb0 2585->2590 2621 14003c228-14003c252 2590->2621 2622 14003c1f7-14003c208 2590->2622 2601->2601 2605 14003c469-14003c4c2 call 140045330 call 140043990 call 140040fb0 2601->2605 2670 14003c4c4-14003c4d5 2605->2670 2671 14003c4f5-14003c51e 2605->2671 2616 14003bfd3-14003bfe7 2607->2616 2617 14003c009-14003c02f 2607->2617 2612 14003bfa2 call 1400acb90 2608->2612 2613 14003bf89-14003bf9c 2608->2613 2612->2607 2613->2612 2619 14003c891-14003c896 call 14008fc0c 2613->2619 2624 14003c002-14003c007 call 1400acb90 2616->2624 2625 14003bfe9-14003bffc 2616->2625 2627 14003c031-14003c045 2617->2627 2628 14003c067-14003c080 2617->2628 2632 14003c897-14003c89c call 14008fc0c 2619->2632 2633 14003c254-14003c268 2621->2633 2634 14003c28a-14003c2b0 2621->2634 2629 14003c223 call 1400acb90 2622->2629 2630 14003c20a-14003c21d 2622->2630 2624->2617 2625->2624 2625->2632 2638 14003c047-14003c05a 2627->2638 2639 14003c060-14003c065 call 1400acb90 2627->2639 2628->2547 2629->2621 2630->2629 2645 14003c8a3-14003c8a8 call 14008fc0c 2630->2645 2640 14003c89d-14003c8a2 call 14008fc0c 2632->2640 2648 14003c283-14003c288 call 1400acb90 2633->2648 2649 14003c26a-14003c27d 2633->2649 2642 14003c2b2-14003c2c6 2634->2642 2643 14003c2e8-14003c2fa 2634->2643 2638->2639 2638->2640 2639->2628 2640->2645 2653 14003c2e1-14003c2e6 call 1400acb90 2642->2653 2654 14003c2c8-14003c2db 2642->2654 2643->2549 2660 14003c8a9-14003c8ae call 14008fc0c 2645->2660 2648->2634 2649->2648 2649->2660 2653->2643 2654->2653 2665 14003c8af-14003c8b4 call 14008fc0c 2654->2665 2660->2665 2684 14003c72b-14003c737 2661->2684 2672 14003c712 2662->2672 2673 14003c83d-14003c88a call 140040a00 call 140044670 call 140044740 call 1400af198 2662->2673 2692 14003c8b5-14003c8ba call 14008fc0c 2665->2692 2681 14003c4d7-14003c4ea 2670->2681 2682 14003c4f0 call 1400acb90 2670->2682 2675 14003c554-14003c57a 2671->2675 2676 14003c520-14003c534 2671->2676 2672->2684 2706 14003c88b-14003c890 call 14008fc0c 2673->2706 2690 14003c57c-14003c590 2675->2690 2691 14003c5b0-14003c5c9 2675->2691 2685 14003c536-14003c549 2676->2685 2686 14003c54f call 1400acb90 2676->2686 2681->2682 2681->2692 2682->2671 2688 14003c739-14003c75c 2684->2688 2689 14003c75e-14003c768 call 140049d50 2684->2689 2685->2686 2696 14003c837-14003c83c call 14008fc0c 2685->2696 2686->2675 2699 14003c76d-14003c77e call 140040fb0 2688->2699 2689->2699 2701 14003c592-14003c5a5 2690->2701 2702 14003c5ab call 1400acb90 2690->2702 2691->2563 2696->2673 2699->2564 2701->2702 2701->2706 2702->2691 2706->2619
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AddressProc$Library$FreeLoad
                                                                                              • String ID: cannot use push_back() with $system$vault
                                                                                              • API String ID: 2449869053-1741236777
                                                                                              • Opcode ID: 2a6e3f19ecdff1ea9ffaadaac1c94547f1a58e70e712d370eda34b7674ff9e23
                                                                                              • Instruction ID: a54249f8528d4f3be8c91e259b16b1782131f62f239ca1c119aade931fb183f9
                                                                                              • Opcode Fuzzy Hash: 2a6e3f19ecdff1ea9ffaadaac1c94547f1a58e70e712d370eda34b7674ff9e23
                                                                                              • Instruction Fuzzy Hash: D5925F32215BC489DB62CF26E8843DE73A4F789798F504215EB9C5BBA9EF74C694C700
                                                                                              Function 0000000140076480 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 173synchronizationCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Process$Exit$MutexOpenToken$CloseCreateCurrentFileHandleInformationInitializeModuleName
                                                                                              • String ID: SeDebugPrivilege$SeImpersonatePrivilege
                                                                                              • API String ID: 4279366119-3768118664
                                                                                              • Opcode ID: b3e0630f4c9362b23b1cfd05753a482c2d05c3af0410e48dacbbc16ec5fa00a8
                                                                                              • Instruction ID: d0589101b5e7bde3bc61e22e3420e504ebf615904bad5d0e82a545c1058e7245
                                                                                              • Opcode Fuzzy Hash: b3e0630f4c9362b23b1cfd05753a482c2d05c3af0410e48dacbbc16ec5fa00a8
                                                                                              • Instruction Fuzzy Hash: 9B618C72218A8081FA22BB66A4553EE6390FB9D7D4F504615F78E436FADF3CC185CA10
                                                                                              Function 00000001400A114C Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335timeCOMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2887 1400a114c-1400a1187 call 1400a07e8 call 1400a07f0 call 1400a0858 2894 1400a118d-1400a1198 call 1400a07f8 2887->2894 2895 1400a13b1-1400a13fd call 14008fc3c call 1400a07e8 call 1400a07f0 call 1400a0858 2887->2895 2894->2895 2901 1400a119e-1400a11a8 2894->2901 2922 1400a153b-1400a15a9 call 14008fc3c call 1400a9d94 2895->2922 2923 1400a1403-1400a140e call 1400a07f8 2895->2923 2902 1400a11ca-1400a11ce 2901->2902 2903 1400a11aa-1400a11ad 2901->2903 2906 1400a11d1-1400a11d9 2902->2906 2905 1400a11b0-1400a11bb 2903->2905 2908 1400a11bd-1400a11c4 2905->2908 2909 1400a11c6-1400a11c8 2905->2909 2906->2906 2910 1400a11db-1400a11ee call 14009dedc 2906->2910 2908->2905 2908->2909 2909->2902 2912 1400a11f7-1400a1205 2909->2912 2917 1400a11f0-1400a11f2 call 14009b550 2910->2917 2918 1400a1206-1400a1212 call 14009b550 2910->2918 2917->2912 2928 1400a1219-1400a1221 2918->2928 2941 1400a15ab-1400a15b2 2922->2941 2942 1400a15b7-1400a15ba 2922->2942 2923->2922 2930 1400a1414-1400a141f call 1400a0828 2923->2930 2928->2928 2931 1400a1223-1400a1234 call 1400a62e8 2928->2931 2930->2922 2939 1400a1425-1400a1448 call 14009b550 GetTimeZoneInformation 2930->2939 2931->2895 2940 1400a123a-1400a1290 call 1400bf960 * 4 call 1400a1068 2931->2940 2956 1400a1510-1400a153a call 1400a07e0 call 1400a07d0 call 1400a07d8 2939->2956 2957 1400a144e-1400a146f 2939->2957 2999 1400a1292-1400a1296 2940->2999 2947 1400a1647-1400a164a 2941->2947 2943 1400a15bc 2942->2943 2944 1400a15f1-1400a1604 call 14009dedc 2942->2944 2948 1400a15bf 2943->2948 2964 1400a160f-1400a162a call 1400a9d94 2944->2964 2965 1400a1606 2944->2965 2947->2948 2952 1400a1650-1400a1658 call 1400a114c 2947->2952 2954 1400a15c4-1400a15f0 call 14009b550 call 1400acb70 2948->2954 2955 1400a15bf call 1400a13c8 2948->2955 2952->2954 2955->2954 2961 1400a147a-1400a1481 2957->2961 2962 1400a1471-1400a1477 2957->2962 2968 1400a1483-1400a148b 2961->2968 2969 1400a1495 2961->2969 2962->2961 2982 1400a162c-1400a162f 2964->2982 2983 1400a1631-1400a1643 call 14009b550 2964->2983 2971 1400a1608-1400a160d call 14009b550 2965->2971 2968->2969 2976 1400a148d-1400a1493 2968->2976 2980 1400a1497-1400a150b call 1400bf960 * 4 call 1400a4cb4 call 1400a1660 * 2 2969->2980 2971->2943 2976->2980 2980->2956 2982->2971 2983->2947 3001 1400a129c-1400a12a0 2999->3001 3002 1400a1298 2999->3002 3001->2999 3004 1400a12a2-1400a12c7 call 140093f10 3001->3004 3002->3001 3010 1400a12ca-1400a12ce 3004->3010 3012 1400a12d0-1400a12db 3010->3012 3013 1400a12dd-1400a12e1 3010->3013 3012->3013 3015 1400a12e3-1400a12e7 3012->3015 3013->3010 3018 1400a12e9-1400a1311 call 140093f10 3015->3018 3019 1400a1368-1400a136c 3015->3019 3027 1400a132f-1400a1333 3018->3027 3028 1400a1313 3018->3028 3020 1400a136e-1400a1370 3019->3020 3021 1400a1373-1400a1380 3019->3021 3020->3021 3023 1400a139b-1400a13aa call 1400a07e0 call 1400a07d0 3021->3023 3024 1400a1382-1400a1398 call 1400a1068 3021->3024 3023->2895 3024->3023 3027->3019 3031 1400a1335-1400a1353 call 140093f10 3027->3031 3033 1400a1316-1400a131d 3028->3033 3039 1400a135f-1400a1366 3031->3039 3033->3027 3034 1400a131f-1400a132d 3033->3034 3034->3027 3034->3033 3039->3019 3040 1400a1355-1400a1359 3039->3040 3040->3019 3041 1400a135b 3040->3041 3041->3039
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                              • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                              • API String ID: 355007559-239921721
                                                                                              • Opcode ID: 2c86195adcfd5834508f4e9503c6274a04fe0c4d3ee55324ca76c4afc5113c0b
                                                                                              • Instruction ID: cb2aea354cc43386a080a4be0874509c45fd6303dd9085e94252ea63d2a3d950
                                                                                              • Opcode Fuzzy Hash: 2c86195adcfd5834508f4e9503c6274a04fe0c4d3ee55324ca76c4afc5113c0b
                                                                                              • Instruction Fuzzy Hash: E6D1A43660065086FB22EF37E4517E967A1F7ACBD4F448226FF4987AA5DB38C481CB40
                                                                                              Function 000000014007F200 Relevance: 13.9, APIs: 9, Instructions: 408networkfileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 3042 14007f200-14007f39e 3043 14007f3a0-14007f3a7 3042->3043 3043->3043 3044 14007f3a9-14007f3dc call 140045330 InternetOpenA 3043->3044 3047 14007f475-14007f48c 3044->3047 3048 14007f3e2-14007f3f8 3044->3048 3050 14007f491-14007f4b8 InternetOpenUrlA 3047->3050 3051 14007f48e 3047->3051 3049 14007f400-14007f408 3048->3049 3052 14007f43b-14007f474 call 1400acb70 3049->3052 3053 14007f40a-14007f41b 3049->3053 3054 14007f4ba-14007f4e4 3050->3054 3055 14007f4e9-14007f514 HttpQueryInfoW 3050->3055 3051->3050 3058 14007f436 call 1400acb90 3053->3058 3059 14007f41d-14007f430 3053->3059 3054->3049 3056 14007f516-14007f54a 3055->3056 3057 14007f54f-14007f5aa HttpQueryInfoW 3055->3057 3056->3057 3063 14007f5d8-14007f5ee InternetQueryDataAvailable 3057->3063 3064 14007f5ac-14007f5c2 call 140093f10 3057->3064 3058->3052 3059->3058 3061 14007f875-14007f87a call 14008fc0c 3059->3061 3075 14007f87b-14007f880 call 14002b7b0 3061->3075 3070 14007f5f4-14007f5f9 3063->3070 3071 14007f7d3-14007f826 InternetCloseHandle 3063->3071 3064->3063 3079 14007f5c4-14007f5d3 call 1400451e0 3064->3079 3073 14007f600-14007f606 3070->3073 3078 14007f82f-14007f838 3071->3078 3073->3071 3076 14007f60c-14007f626 3073->3076 3081 14007f628-14007f62e 3076->3081 3082 14007f699-14007f6b1 InternetReadFile 3076->3082 3078->3052 3083 14007f83e-14007f84f 3078->3083 3079->3063 3086 14007f630-14007f637 3081->3086 3087 14007f65c-14007f65f call 1400acb98 3081->3087 3090 14007f6b7-14007f6bc 3082->3090 3091 14007f78d-14007f794 3082->3091 3083->3058 3088 14007f855-14007f868 3083->3088 3086->3075 3093 14007f63d-14007f648 call 1400acb98 3086->3093 3102 14007f664-14007f694 call 1400bf960 3087->3102 3088->3061 3095 14007f86a 3088->3095 3090->3091 3096 14007f6c2-14007f6cd 3090->3096 3091->3071 3092 14007f796-14007f7a7 3091->3092 3099 14007f7c2-14007f7cf call 1400acb90 3092->3099 3100 14007f7a9-14007f7bc 3092->3100 3104 14007f86f-14007f874 call 14008fc0c 3093->3104 3112 14007f64e-14007f65a 3093->3112 3095->3058 3097 14007f6ff-14007f719 call 140045cb0 3096->3097 3098 14007f6cf-14007f6fd call 1400bf2c0 3096->3098 3115 14007f71a-14007f721 3097->3115 3098->3115 3099->3071 3100->3099 3100->3104 3102->3082 3104->3061 3112->3102 3117 14007f764 3115->3117 3118 14007f723-14007f734 3115->3118 3121 14007f766-14007f77c InternetQueryDataAvailable 3117->3121 3119 14007f736-14007f749 3118->3119 3120 14007f74f-14007f762 call 1400acb90 3118->3120 3119->3104 3119->3120 3120->3121 3121->3071 3123 14007f77e-14007f788 3121->3123 3123->3073
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Internet$Query$AvailableDataHttpInfoOpen$CloseConcurrency::cancel_current_taskFileHandleRead
                                                                                              • String ID:
                                                                                              • API String ID: 1475545111-0
                                                                                              • Opcode ID: baacb7022ef037ed66fea30172715bf4c804657d998897411c6c358c9a2b6b71
                                                                                              • Instruction ID: ce928a80c7cff9b54580fc0f9624dc8560371eaf7eb7573381f1f5808c2e681f
                                                                                              • Opcode Fuzzy Hash: baacb7022ef037ed66fea30172715bf4c804657d998897411c6c358c9a2b6b71
                                                                                              • Instruction Fuzzy Hash: 52027F32A14B9486EB11CB6AE8403AE77B5F7997D8F204215EF9C57BA9DF38C081C700
                                                                                              Function 00000001400BE968 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 3125 1400be968-1400be9db call 1400be54c 3128 1400be9dd-1400be9e6 call 1400940ac 3125->3128 3129 1400be9f5-1400be9ff call 1400a397c 3125->3129 3134 1400be9e9-1400be9f0 call 1400940cc 3128->3134 3135 1400bea1a-1400bea83 CreateFileW 3129->3135 3136 1400bea01-1400bea18 call 1400940ac call 1400940cc 3129->3136 3151 1400bed36-1400bed56 3134->3151 3137 1400beb00-1400beb0b GetFileType 3135->3137 3138 1400bea85-1400bea8b 3135->3138 3136->3134 3144 1400beb5e-1400beb65 3137->3144 3145 1400beb0d-1400beb48 call 1400d2160 call 140094040 call 1400d2138 3137->3145 3141 1400beacd-1400beafb call 1400d2160 call 140094040 3138->3141 3142 1400bea8d-1400bea91 3138->3142 3141->3134 3142->3141 3147 1400bea93-1400beacb CreateFileW 3142->3147 3149 1400beb6d-1400beb70 3144->3149 3150 1400beb67-1400beb6b 3144->3150 3145->3134 3171 1400beb4e-1400beb59 call 1400940cc 3145->3171 3147->3137 3147->3141 3155 1400beb76-1400bebcb call 1400a3894 3149->3155 3156 1400beb72 3149->3156 3150->3155 3165 1400bebea-1400bec1b call 1400be2cc 3155->3165 3166 1400bebcd-1400bebd9 call 1400be754 3155->3166 3156->3155 3175 1400bec1d-1400bec1f 3165->3175 3176 1400bec21-1400bec63 3165->3176 3166->3165 3177 1400bebdb 3166->3177 3171->3134 3179 1400bebdd-1400bebe5 call 14009b6c8 3175->3179 3180 1400bec85-1400bec90 3176->3180 3181 1400bec65-1400bec69 3176->3181 3177->3179 3179->3151 3184 1400bed34 3180->3184 3185 1400bec96-1400bec9a 3180->3185 3181->3180 3183 1400bec6b-1400bec80 3181->3183 3183->3180 3184->3151 3185->3184 3187 1400beca0-1400bece5 call 1400d2138 CreateFileW 3185->3187 3190 1400bed1a-1400bed2f 3187->3190 3191 1400bece7-1400bed15 call 1400d2160 call 140094040 call 1400a3abc 3187->3191 3190->3184 3191->3190
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                              • String ID:
                                                                                              • API String ID: 1617910340-0
                                                                                              • Opcode ID: 484b9744f6cc28d441a3ba22cd2a9bb849a09fc1e06d845b9773f87c4c6ec638
                                                                                              • Instruction ID: 1f4e0671ae6eda90a79519c6e5d71f409463027aeafb3cc91cf2f06a3d0322dc
                                                                                              • Opcode Fuzzy Hash: 484b9744f6cc28d441a3ba22cd2a9bb849a09fc1e06d845b9773f87c4c6ec638
                                                                                              • Instruction Fuzzy Hash: 71C19D36720A8086EB11CFAAD4917ED3771F79DBE8F015215EB6A9B7A4DB38C456C300
                                                                                              Function 00000001400A13C8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                              • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                              • API String ID: 3458911817-239921721
                                                                                              • Opcode ID: 94df1ec9e2384a72c79be9da220bb4aa566035efaa8ab6aaac74d351b0b15fee
                                                                                              • Instruction ID: 24a90bdb08aceee3997b5279fd9eafcb3bdff3fa571b4a0845494e5839021355
                                                                                              • Opcode Fuzzy Hash: 94df1ec9e2384a72c79be9da220bb4aa566035efaa8ab6aaac74d351b0b15fee
                                                                                              • Instruction Fuzzy Hash: 86516D3261464096F762EF37E8817D97760F79CBC4F44422ABB4987AB6DB38C4818B40
                                                                                              Function 000000014003C8C0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328processCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                              • String ID: [PID:
                                                                                              • API String ID: 420147892-2210602247
                                                                                              • Opcode ID: baf24e3afe3209363ad73a0cfdf071b9a604545281296ab33caba5bad70c7be5
                                                                                              • Instruction ID: 2638dde17c8d9d49267d472b5da948808293535ce8eecdd1b7ae6527acc1649c
                                                                                              • Opcode Fuzzy Hash: baf24e3afe3209363ad73a0cfdf071b9a604545281296ab33caba5bad70c7be5
                                                                                              • Instruction Fuzzy Hash: F0E18F72614BC085EB22DB26E8803DE67A5F7897E8F504215FB9D47BA9DF78C294C700
                                                                                              Function 00007FF73F6D4554 Relevance: 7.7, APIs: 5, Instructions: 226timelibrarythreadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: TimerWaitable$CreateLibraryLoadResumeSleepThread
                                                                                              • String ID:
                                                                                              • API String ID: 2864272952-0
                                                                                              • Opcode ID: 85f8fc62dfd02435b4dffcc8576b057b1c145ce789bd07f9788faaa7b8b7e451
                                                                                              • Instruction ID: 64f686fd6cb89a57e5c268a423b4f62855b124ea9bcf5e2d16985306ca6003c5
                                                                                              • Opcode Fuzzy Hash: 85f8fc62dfd02435b4dffcc8576b057b1c145ce789bd07f9788faaa7b8b7e451
                                                                                              • Instruction Fuzzy Hash: 3E919067A046D2E7EB18AF65D4505F9A3A6FB45BD4B804036EE0D07B84DF3CE8619710
                                                                                              Function 0000000140085970 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                                                              • String ID:
                                                                                              • API String ID: 3038321057-0
                                                                                              • Opcode ID: 29a02e95aae9899e0029659e102052f54fff5397b51cb33b914b83ea41570e5f
                                                                                              • Instruction ID: 34ce752f9ab4a56b2deac93a7bd861715a39945583b4098be1e1f478c1badeef
                                                                                              • Opcode Fuzzy Hash: 29a02e95aae9899e0029659e102052f54fff5397b51cb33b914b83ea41570e5f
                                                                                              • Instruction Fuzzy Hash: 4A216832218B8086E7618B62F88438AB7A4FB8CBD0F558125FB8957B68DF7CC545CB00
                                                                                              Function 000000014003ACC0 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 671COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Cred$EnumerateFree
                                                                                              • String ID: cannot use push_back() with
                                                                                              • API String ID: 3403564193-4122110429
                                                                                              • Opcode ID: 883c792fbab307b5e421ac1b095e8b1444d52e8822cbffabf230e8b0b4400744
                                                                                              • Instruction ID: 36f6f23de775bbde7fb143acede6b28c36744b506e3723a123fcb712a0b7f3e8
                                                                                              • Opcode Fuzzy Hash: 883c792fbab307b5e421ac1b095e8b1444d52e8822cbffabf230e8b0b4400744
                                                                                              • Instruction Fuzzy Hash: 2F625072614BC489EB22CF66E8903DE77A1F789798F505315EB9D17BA9DB38C284C700
                                                                                              Function 0000000140071EA0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CryptDataFreeLocalUnprotect
                                                                                              • String ID:
                                                                                              • API String ID: 1561624719-0
                                                                                              • Opcode ID: 534917215b691bdf8008ca3940d01222a19eb5e5d5bf9c8332b99172fc4e0cb2
                                                                                              • Instruction ID: 1012aa67ab5575fa7dabbc20d00f8a9710edfb2bddd748b72b5be8e93224168a
                                                                                              • Opcode Fuzzy Hash: 534917215b691bdf8008ca3940d01222a19eb5e5d5bf9c8332b99172fc4e0cb2
                                                                                              • Instruction Fuzzy Hash: D2413232614B80CAE3218F75E4403ED37A4F79978CF444229FB8817E9ADB79C6A4C754
                                                                                              Function 00007FF73F6E9700 Relevance: 1.7, Strings: 1, Instructions: 432COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                              • String ID: nop
                                                                                              • API String ID: 3668304517-258488684
                                                                                              • Opcode ID: f17234b282f812c14c95624dee4ce68ed202b886a0915112ef8017143ffaa727
                                                                                              • Instruction ID: 1a10623cd8d07bb01fd98aa0a064c96dcdb46a439537c7047ff178f2eec2079d
                                                                                              • Opcode Fuzzy Hash: f17234b282f812c14c95624dee4ce68ed202b886a0915112ef8017143ffaa727
                                                                                              • Instruction Fuzzy Hash: 1912D133A08BD299EB249F25D9443EDA3A6EF557D8F844231DA9C07AD9DF39E180D310
                                                                                              Function 00000001400813B0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: DriveLogicalStrings
                                                                                              • String ID:
                                                                                              • API String ID: 2022863570-0
                                                                                              • Opcode ID: 05563d9c9f8d9765ab942f76f343afa8ceddb3167ad04ffcdfa04968ca2d4d44
                                                                                              • Instruction ID: 762c538b592356dff3a6ce454e42c970aaa603d24f9c2a176b6a2edc9c8e9b7a
                                                                                              • Opcode Fuzzy Hash: 05563d9c9f8d9765ab942f76f343afa8ceddb3167ad04ffcdfa04968ca2d4d44
                                                                                              • Instruction Fuzzy Hash: A8416D33A18B8082E711CF25E8803DEB774F798788F555215EB8823A79DB78D6D1DB40
                                                                                              Function 00007FF73F6D4AC0 Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: MakeObjectTemporary
                                                                                              • String ID:
                                                                                              • API String ID: 2645245090-0
                                                                                              • Opcode ID: 6a862c28f31d64bcf16794884afac330a1f7b54cdfb20a1835c7e509fe9ea051
                                                                                              • Instruction ID: fff0cfafba3205781474d87239343b9d9b8b8ad7d69bde9826e14e6bbae670b4
                                                                                              • Opcode Fuzzy Hash: 6a862c28f31d64bcf16794884afac330a1f7b54cdfb20a1835c7e509fe9ea051
                                                                                              • Instruction Fuzzy Hash: EFF0C972909B81EADB1CEB51F8450A9B765FF987C0B404835EA8C47725CF3CE060AB64
                                                                                              Function 00007FF73F71FFBC Relevance: .2, Instructions: 207COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                              • String ID:
                                                                                              • API String ID: 3215553584-0
                                                                                              • Opcode ID: 213e0517995829b4433645234137e2cf3142657ebec2bc9b121cc5dc926dacfd
                                                                                              • Instruction ID: 69e9db0b4c4b31b6493da3ca03a46706c81244b268f29e7c4d7e3270bd7b2882
                                                                                              • Opcode Fuzzy Hash: 213e0517995829b4433645234137e2cf3142657ebec2bc9b121cc5dc926dacfd
                                                                                              • Instruction Fuzzy Hash: 4D81D476A04A95A6EB28EF25D8803BC63A0FB48BD4FC44636EE1D47795CF38E0419320
                                                                                              Function 0000000140078B30 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 194windowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2016 140078b30-140078b6b call 1400788b0 2019 140078b6d-140078b7c EnterCriticalSection 2016->2019 2020 140078bac 2016->2020 2021 140078bd0-140078bea LeaveCriticalSection GdipGetImageEncodersSize 2019->2021 2022 140078b7e-140078ba0 GdiplusStartup 2019->2022 2023 140078bb1-140078bcf call 1400acb70 2020->2023 2021->2020 2026 140078bec-140078bff 2021->2026 2022->2021 2024 140078ba2-140078ba6 LeaveCriticalSection 2022->2024 2024->2020 2028 140078c01-140078c0a call 140078640 2026->2028 2029 140078c3b-140078c49 call 1400966e4 2026->2029 2036 140078c38 2028->2036 2037 140078c0c-140078c16 2028->2037 2034 140078c50-140078c5a 2029->2034 2035 140078c4b-140078c4e 2029->2035 2038 140078c5e 2034->2038 2035->2038 2036->2029 2039 140078c18 2037->2039 2040 140078c22-140078c36 call 1400ad830 2037->2040 2042 140078c61-140078c64 2038->2042 2039->2040 2040->2042 2044 140078c66-140078c6b 2042->2044 2045 140078c70-140078c7e GdipGetImageEncoders 2042->2045 2046 140078dde-140078de1 2044->2046 2047 140078c84-140078c8d 2045->2047 2048 140078dc9-140078dce 2045->2048 2051 140078e04-140078e06 2046->2051 2052 140078de3-140078de7 2046->2052 2049 140078cbf 2047->2049 2050 140078c8f-140078c9d 2047->2050 2048->2046 2054 140078cc6-140078cd6 2049->2054 2055 140078ca0-140078cab 2050->2055 2051->2023 2053 140078df0-140078e02 call 14008efd8 2052->2053 2053->2051 2057 140078cd8-140078ce9 2054->2057 2058 140078cef-140078d0b 2054->2058 2059 140078cb8-140078cbd 2055->2059 2060 140078cad-140078cb2 2055->2060 2057->2048 2057->2058 2063 140078d78-140078db7 GdipCreateBitmapFromHBITMAP GdipSaveImageToStream 2058->2063 2064 140078d0d-140078d66 GdipCreateBitmapFromScan0 GdipSaveImageToStream 2058->2064 2059->2049 2059->2055 2060->2059 2061 140078d6d-140078d71 2060->2061 2061->2054 2067 140078dd0-140078ddd GdipDisposeImage 2063->2067 2068 140078db9 2063->2068 2065 140078d68-140078d6b 2064->2065 2066 140078d76 2064->2066 2069 140078dbc-140078dc3 GdipDisposeImage 2065->2069 2066->2067 2067->2046 2068->2069 2069->2048
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream
                                                                                              • String ID: &
                                                                                              • API String ID: 1703174404-3042966939
                                                                                              • Opcode ID: 524f3fd988fd5da9a142abe3460ca7494f5175dc71200abd548d20379ee1c311
                                                                                              • Instruction ID: 91ca7ef0bf8a51011a936eb11742b6bb682dc54b826b12b3f90657a60efb070d
                                                                                              • Opcode Fuzzy Hash: 524f3fd988fd5da9a142abe3460ca7494f5175dc71200abd548d20379ee1c311
                                                                                              • Instruction Fuzzy Hash: 23914B32240B809AEB228F22E8407D977A4F76CBD8F558215FF4957BA4DB38C996C350
                                                                                              Function 0000000140079BE0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 250networkCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2718 140079be0-140079c37 call 14007f890 2721 140079c7d-140079d61 call 1400524f0 call 140045330 call 14003eda0 call 140045330 call 14003eda0 call 140040fb0 WSAStartup 2718->2721 2722 140079c39-140079c41 2718->2722 2735 140079e28 2721->2735 2754 140079d67-140079d8b socket 2721->2754 2723 140079c45-140079c4d 2722->2723 2725 140079c52-140079c62 2723->2725 2726 140079c4f 2723->2726 2728 140079c74-140079c7b 2725->2728 2729 140079c64-140079c6e call 1400bfd00 2725->2729 2726->2725 2728->2721 2728->2723 2729->2728 2729->2735 2738 140079e2a-140079e32 2735->2738 2739 140079e65-140079ea9 call 1400acb70 2738->2739 2740 140079e34-140079e45 2738->2740 2743 140079e47-140079e5a 2740->2743 2744 140079e60 call 1400acb90 2740->2744 2743->2744 2747 140079fcf-140079fd4 call 14008fc0c 2743->2747 2744->2739 2755 140079fd5-140079fda call 14008fc0c 2747->2755 2756 140079e22 WSACleanup 2754->2756 2757 140079d91-140079dbe htons 2754->2757 2756->2735 2759 140079dc4-140079dd4 call 140087890 2757->2759 2760 140079ecd-140079efe call 140078e10 call 14003fb70 2757->2760 2767 140079dd6 2759->2767 2768 140079dd9-140079e06 inet_pton connect 2759->2768 2772 140079f36-140079f7c call 140078e10 call 14003fb70 2760->2772 2773 140079f00-140079f16 2760->2773 2767->2768 2770 140079e0c-140079e13 2768->2770 2771 140079eaa-140079eb4 2768->2771 2770->2759 2775 140079e15-140079e1c closesocket 2770->2775 2771->2760 2774 140079eb6-140079ebf 2771->2774 2787 140079fb8-140079fc4 2772->2787 2788 140079f7e-140079f94 2772->2788 2776 140079f18-140079f2b 2773->2776 2777 140079f31 call 1400acb90 2773->2777 2779 140079ec4-140079ecc call 1400415c0 2774->2779 2780 140079ec1 2774->2780 2775->2756 2776->2755 2776->2777 2777->2772 2779->2760 2780->2779 2787->2738 2789 140079f96-140079fa9 2788->2789 2790 140079fab-140079fb0 call 1400acb90 2788->2790 2789->2790 2791 140079fc9-140079fce call 14008fc0c 2789->2791 2790->2787 2791->2747
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
                                                                                              • String ID: geo$system
                                                                                              • API String ID: 213021568-2364779556
                                                                                              • Opcode ID: c7777637b258e530dbc954033b76ffb5a805f2f32057b730cb4fd4f5f2b81010
                                                                                              • Instruction ID: 285a129e456712ba6082bcc77ad357df936d975360b878f49f16957cea3e4a12
                                                                                              • Opcode Fuzzy Hash: c7777637b258e530dbc954033b76ffb5a805f2f32057b730cb4fd4f5f2b81010
                                                                                              • Instruction Fuzzy Hash: 53C18B72B11B4085FB02DBA6E4503DC33A2A799BA8F414216EB1D6B6F9DE38C546C300
                                                                                              Function 0000000140083B30 Relevance: 13.6, APIs: 9, Instructions: 117COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 3198 140083b30-140083b92 GetCurrentProcess GetProcessId RmStartSession 3199 140083c91 3198->3199 3200 140083b98-140083bbd RmRegisterResources 3198->3200 3201 140083c93-140083cb6 call 1400acb70 3199->3201 3202 140083bc3-140083bf9 RmGetList 3200->3202 3203 140083c88-140083c8b RmEndSession 3200->3203 3205 140083bff-140083c04 3202->3205 3206 140083cd4 3202->3206 3203->3199 3205->3206 3208 140083c0a-140083c30 call 1400966e4 3205->3208 3209 140083cd7-140083cdf RmEndSession 3206->3209 3208->3209 3212 140083c36-140083c58 RmGetList 3208->3212 3209->3201 3213 140083c5a-140083c5d 3212->3213 3214 140083ccc-140083ccf call 14008efd8 3212->3214 3213->3214 3215 140083c5f-140083c68 3213->3215 3214->3206 3215->3203 3217 140083c6a 3215->3217 3218 140083c70-140083c7f 3217->3218 3219 140083c81-140083c86 3218->3219 3220 140083cb7-140083cca call 14008efd8 RmEndSession 3218->3220 3219->3203 3219->3218 3220->3199
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Session$ListProcess$CurrentRegisterResourcesStart
                                                                                              • String ID:
                                                                                              • API String ID: 3299295986-0
                                                                                              • Opcode ID: 66a0440454f858689b4cb82879d8a312e600f7eccee216c674467dbce1873752
                                                                                              • Instruction ID: 4da0510642fd848fb8bcf76b3320aaf3fb59ff25f31ccd2a24b64a59eb708cf8
                                                                                              • Opcode Fuzzy Hash: 66a0440454f858689b4cb82879d8a312e600f7eccee216c674467dbce1873752
                                                                                              • Instruction Fuzzy Hash: E2511732B14A518AFB15CFA6E4547DD73A1BB8C788F50512AEF0A67BA8DF34C906C740
                                                                                              Function 00007FF73F6E7F80 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 53librarymemoryloaderCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressAlloc2CurrentInfoLibraryLoadProcProcessSystemVirtual
                                                                                              • String ID: VirtualAlloc2$kernelbase.dll
                                                                                              • API String ID: 3240720159-1188699709
                                                                                              • Opcode ID: ee9e691f3339f1b8678635fd649736d1d6724eaee0207cfec3d84d95d58957b8
                                                                                              • Instruction ID: 2a73725512bd7cd908725986bd5c7898ac6aad1c659bdf8d362864e0561224f1
                                                                                              • Opcode Fuzzy Hash: ee9e691f3339f1b8678635fd649736d1d6724eaee0207cfec3d84d95d58957b8
                                                                                              • Instruction Fuzzy Hash: 2E214C36B08B8192EB10CB15F4483A9B7A4FB89B80F944236EB8D03764DF7DD195CB40
                                                                                              Function 000000014009D5F0 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 3226 14009d5f0-14009d616 3227 14009d631-14009d635 3226->3227 3228 14009d618-14009d62c call 1400940ac call 1400940cc 3226->3228 3230 14009da0b-14009da17 call 1400940ac call 1400940cc 3227->3230 3231 14009d63b-14009d642 3227->3231 3246 14009da22 3228->3246 3250 14009da1d call 14008fbec 3230->3250 3231->3230 3234 14009d648-14009d676 3231->3234 3234->3230 3237 14009d67c-14009d683 3234->3237 3240 14009d69c-14009d69f 3237->3240 3241 14009d685-14009d697 call 1400940ac call 1400940cc 3237->3241 3243 14009d6a5-14009d6ab 3240->3243 3244 14009da07-14009da09 3240->3244 3241->3250 3243->3244 3249 14009d6b1-14009d6b4 3243->3249 3248 14009da25-14009da3c 3244->3248 3246->3248 3249->3241 3252 14009d6b6-14009d6db 3249->3252 3250->3246 3255 14009d70e-14009d715 3252->3255 3256 14009d6dd-14009d6df 3252->3256 3257 14009d6ea-14009d701 call 1400940ac call 1400940cc call 14008fbec 3255->3257 3258 14009d717-14009d73f call 14009dedc call 14009b550 * 2 3255->3258 3259 14009d6e1-14009d6e8 3256->3259 3260 14009d706-14009d70c 3256->3260 3289 14009d894 3257->3289 3291 14009d75c-14009d787 call 14009dcb0 3258->3291 3292 14009d741-14009d757 call 1400940cc call 1400940ac 3258->3292 3259->3257 3259->3260 3261 14009d78c-14009d7a3 3260->3261 3264 14009d81e-14009d828 call 1400a7c7c 3261->3264 3265 14009d7a5-14009d7ad 3261->3265 3278 14009d82e-14009d843 3264->3278 3279 14009d8b2 3264->3279 3265->3264 3268 14009d7af-14009d7b1 3265->3268 3268->3264 3272 14009d7b3-14009d7c9 3268->3272 3272->3264 3276 14009d7cb-14009d7d7 3272->3276 3276->3264 3283 14009d7d9-14009d7db 3276->3283 3278->3279 3281 14009d845-14009d857 GetConsoleMode 3278->3281 3285 14009d8b7-14009d8d7 ReadFile 3279->3285 3281->3279 3288 14009d859-14009d861 3281->3288 3283->3264 3290 14009d7dd-14009d7f5 3283->3290 3286 14009d8dd-14009d8e5 3285->3286 3287 14009d9d1-14009d9da call 1400d2160 3285->3287 3286->3287 3294 14009d8eb 3286->3294 3309 14009d9dc-14009d9f2 call 1400940cc call 1400940ac 3287->3309 3310 14009d9f7-14009d9fa 3287->3310 3288->3285 3295 14009d863-14009d885 call 1400d23b8 3288->3295 3298 14009d897-14009d8a1 call 14009b550 3289->3298 3290->3264 3297 14009d7f7-14009d803 3290->3297 3291->3261 3292->3289 3301 14009d8f2-14009d907 3294->3301 3318 14009d8a6-14009d8b0 3295->3318 3319 14009d887 call 1400d2160 3295->3319 3297->3264 3304 14009d805-14009d807 3297->3304 3298->3248 3301->3298 3307 14009d909-14009d914 3301->3307 3304->3264 3311 14009d809-14009d819 3304->3311 3316 14009d93b-14009d943 3307->3316 3317 14009d916-14009d92f call 14009d208 3307->3317 3309->3289 3314 14009d88d-14009d88f call 140094040 3310->3314 3315 14009da00-14009da02 3310->3315 3311->3264 3314->3289 3315->3298 3325 14009d9bf-14009d9cc call 14009d048 3316->3325 3326 14009d945-14009d957 3316->3326 3329 14009d934-14009d936 3317->3329 3318->3301 3319->3314 3325->3329 3330 14009d959 3326->3330 3331 14009d9b2-14009d9ba 3326->3331 3329->3298 3334 14009d95e-14009d965 3330->3334 3331->3298 3336 14009d9a1-14009d9ac 3334->3336 3337 14009d967-14009d96b 3334->3337 3336->3331 3338 14009d96d-14009d974 3337->3338 3339 14009d987 3337->3339 3338->3339 3341 14009d976-14009d97a 3338->3341 3340 14009d98d-14009d99d 3339->3340 3340->3334 3342 14009d99f 3340->3342 3341->3339 3343 14009d97c-14009d985 3341->3343 3342->3331 3343->3340
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                              • String ID:
                                                                                              • API String ID: 3215553584-0
                                                                                              • Opcode ID: 197761c4084f71b538abde1851977105dd70471639988d7dce5d49f8975dacdd
                                                                                              • Instruction ID: 841b2728c93b3887653dc9800ffbd716b7e6352b756ce4ae0355bef11b2994df
                                                                                              • Opcode Fuzzy Hash: 197761c4084f71b538abde1851977105dd70471639988d7dce5d49f8975dacdd
                                                                                              • Instruction Fuzzy Hash: 79C1E13224878592EB639B5794407EE7BA4F799BC0F5A4112FB8A037B2DF79C859C301
                                                                                              Function 00007FF73F6D9760 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                              • String ID:
                                                                                              • API String ID: 2081738530-0
                                                                                              • Opcode ID: e1b166543a53702fe14943f6d3da6476f2ee8035fa3cb2c4c17bf39e30227ea5
                                                                                              • Instruction ID: 2315719dd0c0283422d39523cac7978eb6cb3e52575757d2fa51213743974c5a
                                                                                              • Opcode Fuzzy Hash: e1b166543a53702fe14943f6d3da6476f2ee8035fa3cb2c4c17bf39e30227ea5
                                                                                              • Instruction Fuzzy Hash: 3A31C422A086D3A0EA19BF15D8001F8E366EF44BE4F881532EA0D472A9DE3CE455D321
                                                                                              Function 0000000140078990 Relevance: 9.0, APIs: 6, Instructions: 41COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
                                                                                              • String ID:
                                                                                              • API String ID: 4268643673-0
                                                                                              • Opcode ID: 83031f1c3d95a3b59bc2a22e43b72ccd41805d9851eefa9cc92077698de98015
                                                                                              • Instruction ID: c9ca659fb5a3d6881cb484776de8e1e5d4a8d55f00fea3343c422757f577f082
                                                                                              • Opcode Fuzzy Hash: 83031f1c3d95a3b59bc2a22e43b72ccd41805d9851eefa9cc92077698de98015
                                                                                              • Instruction Fuzzy Hash: 0B111332101B4091FB129F26E8443AD73A4FB58FA8F684216EB69076B4DF38C997C350
                                                                                              Function 00007FF73F6D4320 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 133COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                              • String ID: 2-by$expa$nd 3$te k
                                                                                              • API String ID: 3668304517-3581043453
                                                                                              • Opcode ID: 3b2f1e77da82971571ebb1b64f8b5a91f52f215159679f9b82a4ad03c8c99f16
                                                                                              • Instruction ID: 3ca9b0074d061e754929628bd134f107d7bbc65551470d65fa324cc04e477a65
                                                                                              • Opcode Fuzzy Hash: 3b2f1e77da82971571ebb1b64f8b5a91f52f215159679f9b82a4ad03c8c99f16
                                                                                              • Instruction Fuzzy Hash: A551BA73A18BD19BE714DF69E4403ADB7A5F784398F90423AEA5C1BA88DF38D415CB10
                                                                                              Function 00007FF73F6D4BF0 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: Process$MemoryRead$CurrentErrorLastQueryVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 2584129402-0
                                                                                              • Opcode ID: 490604cf631213c4f7d4bc8b53f009a007d38b9b330d27ad8b9b0915c93be651
                                                                                              • Instruction ID: 57690eeccddb0f211d26e34ef3b3e66bae1009cb39fc7ec0a27f50eb8b052214
                                                                                              • Opcode Fuzzy Hash: 490604cf631213c4f7d4bc8b53f009a007d38b9b330d27ad8b9b0915c93be651
                                                                                              • Instruction Fuzzy Hash: 76217132608BC5A2EA645F12E504BA9E3A9FB58FC4F844033EE5C43B54CF3CE5519750
                                                                                              Function 00007FF73F6DDBD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                              • String ID: bad locale name
                                                                                              • API String ID: 2775327233-1405518554
                                                                                              • Opcode ID: bb31426e4975f7316b5c6ef063c998f1dbeecb8845509a8ad3d2d8caecd9f0db
                                                                                              • Instruction ID: 1cdd9b6fbf934308d58febb7207e0c3b3dc8594f4860277266714a110770c9cd
                                                                                              • Opcode Fuzzy Hash: bb31426e4975f7316b5c6ef063c998f1dbeecb8845509a8ad3d2d8caecd9f0db
                                                                                              • Instruction Fuzzy Hash: 03415127A0AB81E9EB18FF60D4502ED63B9EF48788F840835EE4C17A45DE38E5259364
                                                                                              Function 000000014007E9F0 Relevance: 6.4, APIs: 4, Instructions: 417networkCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: recv$Cleanupclosesocket
                                                                                              • String ID:
                                                                                              • API String ID: 146070474-0
                                                                                              • Opcode ID: 119812952f032c4019b3f725c9fc04c2943c3ccae372477230373a14daec7cf2
                                                                                              • Instruction ID: 8f90e498ecfe37442e4cb8d9bb0550216e7919a8ac38086568310a5e78a47168
                                                                                              • Opcode Fuzzy Hash: 119812952f032c4019b3f725c9fc04c2943c3ccae372477230373a14daec7cf2
                                                                                              • Instruction Fuzzy Hash: A8127D72618BC081EA22DB26E4553DAA761F7DD7E0F504216EBAD47AEADF7CC580C700
                                                                                              Function 0000000140079760 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                                              • String ID:
                                                                                              • API String ID: 215268677-0
                                                                                              • Opcode ID: 5cf106d3b2ffd2a7e9a61a7f883b18dc6c947c023f1ec599732081f4b0d6fdce
                                                                                              • Instruction ID: 144575f0deb0e9815bcc8e8dc4aca1776a187f33cbba52a0c54232388bc02d8c
                                                                                              • Opcode Fuzzy Hash: 5cf106d3b2ffd2a7e9a61a7f883b18dc6c947c023f1ec599732081f4b0d6fdce
                                                                                              • Instruction Fuzzy Hash: 2E11FB32219B8086EB519F16F84038BB7A1FB89BC0F599125FB9957B68CF3CC456CB40
                                                                                              Function 0000000140080420 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45registryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Value
                                                                                              • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                              • API String ID: 3702945584-1787575317
                                                                                              • Opcode ID: 4b31b020cac4b58e91cc22bf7df28ffde147e0876d00deb1f16a5955c36cd2ac
                                                                                              • Instruction ID: 26ea67e421c70577f1e0c3ab239bea92f6106dcb702c6358f79fbb29e0ad476a
                                                                                              • Opcode Fuzzy Hash: 4b31b020cac4b58e91cc22bf7df28ffde147e0876d00deb1f16a5955c36cd2ac
                                                                                              • Instruction Fuzzy Hash: DA116032218B8086E761CF22F4413DAB3A4F79DB94F515216EB9807B69DFBCC155CB40
                                                                                              Function 00000001400810A0 Relevance: 4.6, APIs: 3, Instructions: 96registryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: EnumOpen
                                                                                              • String ID:
                                                                                              • API String ID: 3231578192-0
                                                                                              • Opcode ID: a8920e58832bf877e089fa0af907033f7a3b2d639e35d700202a240f283f6ca3
                                                                                              • Instruction ID: 5512091da0cbc6cd73f4513cc040b23e9187fd4e3f47f1afb6a08641439c0744
                                                                                              • Opcode Fuzzy Hash: a8920e58832bf877e089fa0af907033f7a3b2d639e35d700202a240f283f6ca3
                                                                                              • Instruction Fuzzy Hash: A0317E32610B8485F721CFA2E844BDE7764FB997D8F204215EF9957A64DF78C692C700
                                                                                              Function 00007FF73F70F1BC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                              • String ID:
                                                                                              • API String ID: 3251591375-0
                                                                                              • Opcode ID: ca5095f9f0934c8dcb10c6eb8d6758b74392b30f2ff198211e2c5aacfc8ee1c1
                                                                                              • Instruction ID: 4c29c67354a8f715262592b339de8e8c35cfa30d0d91c883a0ee4f2fd259ff14
                                                                                              • Opcode Fuzzy Hash: ca5095f9f0934c8dcb10c6eb8d6758b74392b30f2ff198211e2c5aacfc8ee1c1
                                                                                              • Instruction Fuzzy Hash: E3315929A1D5C372FA5CBB64A8113F9A291DF493C4FC44035E94D4B2D7CE6CB84AA272
                                                                                              Function 000000014007F890 Relevance: 4.6, APIs: 3, Instructions: 50COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Info$User
                                                                                              • String ID:
                                                                                              • API String ID: 2017065092-0
                                                                                              • Opcode ID: 3bc4dc8b205c8f5e86355db1c7d37ea7e16e754cf88f8655ed4f115315335814
                                                                                              • Instruction ID: 8b5ee01ef88d727dc76fcb086716a614bb15383b0d222ccb43ef0a8bca5a155e
                                                                                              • Opcode Fuzzy Hash: 3bc4dc8b205c8f5e86355db1c7d37ea7e16e754cf88f8655ed4f115315335814
                                                                                              • Instruction Fuzzy Hash: 0611BF3261478582E7119F62F51079EB3A1FB98FC8F045224EF8503B69DF7CD5908B84
                                                                                              Function 0000000140080C30 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CurrentProfile
                                                                                              • String ID: Unknown
                                                                                              • API String ID: 2104809126-1654365787
                                                                                              • Opcode ID: 327d7d51cf89ce8cae5e34d504ec04f85fc3bceab43135c4ad84e114b6f625fa
                                                                                              • Instruction ID: 3e2fa29568d11d1f5a996732cbc4d5e05cc6a294b75f1d6f72ac71020be503a2
                                                                                              • Opcode Fuzzy Hash: 327d7d51cf89ce8cae5e34d504ec04f85fc3bceab43135c4ad84e114b6f625fa
                                                                                              • Instruction Fuzzy Hash: C3319C33628BC086E7528F22E5403DAA760F7D9B84F545215FBC917A6ADB7CC695CB00
                                                                                              Function 00007FF73F6ED990 Relevance: 3.2, APIs: 2, Instructions: 239COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00007FF73F70C73C: GetCurrentThreadId.KERNEL32 ref: 00007FF73F70C78D
                                                                                                • Part of subcall function 00007FF73F70C73C: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00000000,00007FF73F6ED7F8,?,?,?,?,?,00000000,?,00007FF73F6DF036), ref: 00007FF73F70C7AC
                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00007FF73F6EDCA7
                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00007FF73F6EDCB2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: Cpp_errorThrow_std::_$AcquireCurrentExclusiveLockThread
                                                                                              • String ID:
                                                                                              • API String ID: 819584676-0
                                                                                              • Opcode ID: 302b13fe02147a03c01b2f1579b1d2d468bc84a40fc0edb99238a591d773af4d
                                                                                              • Instruction ID: 8bf12b366719cb6d12b27abcdfebc3ef58ec3960ded159d7c517d6ade4e52048
                                                                                              • Opcode Fuzzy Hash: 302b13fe02147a03c01b2f1579b1d2d468bc84a40fc0edb99238a591d773af4d
                                                                                              • Instruction Fuzzy Hash: C5912273708AA0D2DA58AF25D644279F3AAFB88BD0B898032DB5D47755DE3DD442C710
                                                                                              Function 00007FF73F6ED7C0 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: Cpp_errorThrow_std::_
                                                                                              • String ID:
                                                                                              • API String ID: 2134207285-0
                                                                                              • Opcode ID: 8e3aeff37c88ccf3a6fa36c33444dfc1bc0dd36012cd1caa14f6e5121c297ec8
                                                                                              • Instruction ID: da3e82abe6794fb2837605803abb4fa0b92f64a6270ce5c492ac918890afee79
                                                                                              • Opcode Fuzzy Hash: 8e3aeff37c88ccf3a6fa36c33444dfc1bc0dd36012cd1caa14f6e5121c297ec8
                                                                                              • Instruction Fuzzy Hash: 93412537A086D1C2EB28AB26D4402ADA3A5FB98FD4F5C4131DB8D47796CE2DD841DB10
                                                                                              Function 0000000140078E10 Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: FolderFreeKnownPathTask
                                                                                              • String ID:
                                                                                              • API String ID: 969438705-0
                                                                                              • Opcode ID: a442a38656185b6b65161427b3884d9092c58ae80b0ece02cdbb5bb680eef673
                                                                                              • Instruction ID: e0922fc889aabda0f678259bd8a1d27f145056e1d3b083c73cdcd55e4bf8acb9
                                                                                              • Opcode Fuzzy Hash: a442a38656185b6b65161427b3884d9092c58ae80b0ece02cdbb5bb680eef673
                                                                                              • Instruction Fuzzy Hash: 3B315272A14B8481E721CF6AE44139EB761F79D7E4F505316FBAC43AA9DB7CC1818B40
                                                                                              Function 0000000140077390 Relevance: 3.1, APIs: 2, Instructions: 69registryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CloseOpen
                                                                                              • String ID:
                                                                                              • API String ID: 47109696-0
                                                                                              • Opcode ID: 33579b64be932ee1adaf6035fef093b9a7736483f65c6bed23fb5657630c88d8
                                                                                              • Instruction ID: e9443b259e2ff5e769b0daaa1292e56475e382c592423062085a76afa0c8a150
                                                                                              • Opcode Fuzzy Hash: 33579b64be932ee1adaf6035fef093b9a7736483f65c6bed23fb5657630c88d8
                                                                                              • Instruction Fuzzy Hash: F121BF32710A8085FA529B22E8407EAA760EB9DBD4F585221FF4D43BBADB7CC581C700
                                                                                              Function 000000014009DB60 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ErrorFileLastPointer
                                                                                              • String ID:
                                                                                              • API String ID: 2976181284-0
                                                                                              • Opcode ID: 7e9ab1c6d8c64915d6648e9c143c2363700413bfa3c055332623f50353a46816
                                                                                              • Instruction ID: 0a2fa258feb8b01d7de52e36993dff2ecf07ca3983954f37093da69aceb6b73a
                                                                                              • Opcode Fuzzy Hash: 7e9ab1c6d8c64915d6648e9c143c2363700413bfa3c055332623f50353a46816
                                                                                              • Instruction Fuzzy Hash: 7C119E72214B8081EA219B2AE84439DB361E799BF4F544312FF794B7E9CF78C0518700
                                                                                              Function 00000001400358F3 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Find$CloseFileNext
                                                                                              • String ID:
                                                                                              • API String ID: 2066263336-0
                                                                                              • Opcode ID: c09ff1b7f36846cd2f70e20038cef65db65028f9499b4e4cc306786389cb5efe
                                                                                              • Instruction ID: ecad7f01f66b79fa710e5962096eba47fe8f75f9ecd59c154f0dbbe5f1464cfe
                                                                                              • Opcode Fuzzy Hash: c09ff1b7f36846cd2f70e20038cef65db65028f9499b4e4cc306786389cb5efe
                                                                                              • Instruction Fuzzy Hash: CD01EC36218A8185EA62DB52F85439B6364F7DDBD4F804022DF8D43B69DE38C8868B00
                                                                                              Function 00007FF73F70ED34 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                              • String ID:
                                                                                              • API String ID: 1173176844-0
                                                                                              • Opcode ID: 165452f2f7277d6ed3a06b87a4f69957e1f2300d44031e13ac042c3ef071d8ad
                                                                                              • Instruction ID: 66e7aa60aac7ef16b78ccba7d8ae7eaf5033d56f6a709fd4ffb88c58e8ebc571
                                                                                              • Opcode Fuzzy Hash: 165452f2f7277d6ed3a06b87a4f69957e1f2300d44031e13ac042c3ef071d8ad
                                                                                              • Instruction Fuzzy Hash: 41E0B649E2958B62F92C32611C561F481408F5D3F0EE81B30E93D0A2D7AD1CB5956672
                                                                                              Function 00007FF73F6D32BC Relevance: 3.0, APIs: 2, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                              • String ID:
                                                                                              • API String ID: 73155330-0
                                                                                              • Opcode ID: cfa1755a0aa82b0f7f368fc0a85c1cf19868f536946038b675d804a82711a901
                                                                                              • Instruction ID: ff7706979aee559ed947170f054f2c0ad4a74fb9e46a2e200d16c9aebd87fbca
                                                                                              • Opcode Fuzzy Hash: cfa1755a0aa82b0f7f368fc0a85c1cf19868f536946038b675d804a82711a901
                                                                                              • Instruction Fuzzy Hash: 2CE08C56E06787A1EC1CB3A184930B942958F883B0ED00F30E63C067C2ED2CB4626220
                                                                                              Function 000000014009B550 Relevance: 2.5, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ErrorFreeHeapLast
                                                                                              • String ID:
                                                                                              • API String ID: 485612231-0
                                                                                              • Opcode ID: 31eb857e7b2226c7b656d9114bec736a780ec52add63351ab0fcaaedff7179f8
                                                                                              • Instruction ID: f6169e75486995b8cfd2b5c6041e3332aad15b7110b3a4412abb221213ab08d3
                                                                                              • Opcode Fuzzy Hash: 31eb857e7b2226c7b656d9114bec736a780ec52add63351ab0fcaaedff7179f8
                                                                                              • Instruction Fuzzy Hash: 3AE05E75B11A0582FF1B67F399A93ED12956FADBD1F058530BB15832B2EE3888954210
                                                                                              Function 0000000140080250 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: InformationVolume
                                                                                              • String ID:
                                                                                              • API String ID: 2039140958-0
                                                                                              • Opcode ID: 2a00b1a0eed9fcd5efd147b76d63c0988b6e0613cc5591b1d12a293245ad4a8b
                                                                                              • Instruction ID: dd742eef3eb71578eb0a38c21647134830ba85d75451c89411c41e56ebe2e84b
                                                                                              • Opcode Fuzzy Hash: 2a00b1a0eed9fcd5efd147b76d63c0988b6e0613cc5591b1d12a293245ad4a8b
                                                                                              • Instruction Fuzzy Hash: A3519E33A14B808AE712CF69E8443DD73B4F799788F505216EB9C57AA9DF78C684CB40
                                                                                              Function 00007FF73F6F936E Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: InfoSystem
                                                                                              • String ID:
                                                                                              • API String ID: 31276548-0
                                                                                              • Opcode ID: 85e78becf5e0b393c28cc3bf2d0f3cb5e4f07d43e8bed05addc3f9719ad868ea
                                                                                              • Instruction ID: cb46890d5d0a814e68acbdb0ffa541eb6dd4ad09b7980a3e3cd0445a9b07d621
                                                                                              • Opcode Fuzzy Hash: 85e78becf5e0b393c28cc3bf2d0f3cb5e4f07d43e8bed05addc3f9719ad868ea
                                                                                              • Instruction Fuzzy Hash: 5A315E12E18AC2DAF3129BB8D4153FCB371EF6534DF456220DE886287AEF3862D59351
                                                                                              Function 00007FF73F6F93A0 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: InfoSystem
                                                                                              • String ID:
                                                                                              • API String ID: 31276548-0
                                                                                              • Opcode ID: 31cfbb304dbb38aa9956329e73355eff859b8526e685caf864eafee6b5224503
                                                                                              • Instruction ID: 0c31095a18fc550e52e9a09fdc0f22c04a232d2a6750cfaa1ca74cbea703142d
                                                                                              • Opcode Fuzzy Hash: 31cfbb304dbb38aa9956329e73355eff859b8526e685caf864eafee6b5224503
                                                                                              • Instruction Fuzzy Hash: 28313B12E18AC6AAF3169FB890013FCA371AFA434DF456331DE4962839EF3562D9D350
                                                                                              Function 00007FF73F7240D8 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                              • String ID:
                                                                                              • API String ID: 3215553584-0
                                                                                              • Opcode ID: 3996bf036a137b91db98cb56a751e6bc7bfa4dee88faa39515da7531d3e44c23
                                                                                              • Instruction ID: dff3217270637e4ffe9b2f489df61222514fe652cff3f7601123a3fd6a1899c8
                                                                                              • Opcode Fuzzy Hash: 3996bf036a137b91db98cb56a751e6bc7bfa4dee88faa39515da7531d3e44c23
                                                                                              • Instruction Fuzzy Hash: FB11E776A04B4AADEB15EFA0D8812EC37B4FB0839CF900536EA4D12B59DF34D195C7A0
                                                                                              Function 000000014007ADC0 Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: send
                                                                                              • String ID:
                                                                                              • API String ID: 2809346765-0
                                                                                              • Opcode ID: af342f55a76444dc29af71e8fb4152a83f454f5b800a0383b076c9e997804f61
                                                                                              • Instruction ID: 2712cb1e368439583ef0ff8b3452ad06edf40515ac0b4633c3b1e7322f7c7dab
                                                                                              • Opcode Fuzzy Hash: af342f55a76444dc29af71e8fb4152a83f454f5b800a0383b076c9e997804f61
                                                                                              • Instruction Fuzzy Hash: 33018B35714A8482EB518F1BF94039AA3A0F78DBD4F585134EF5E43B58EA38C8918B00
                                                                                              Function 00007FF73F6F96E0 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: InfoSystem
                                                                                              • String ID:
                                                                                              • API String ID: 31276548-0
                                                                                              • Opcode ID: 0685d7b19520df5c67a0e8c3580d37c6a02a096465734ab015583635341ef8b9
                                                                                              • Instruction ID: 5af6eff1056c47f17911d99e6ea7fcba96fde22a66819ba31b7bc487801be052
                                                                                              • Opcode Fuzzy Hash: 0685d7b19520df5c67a0e8c3580d37c6a02a096465734ab015583635341ef8b9
                                                                                              • Instruction Fuzzy Hash: 30F01D30F187869BDB4CDB1DA81126977E2F788744F804139E54EC37A8DE2CE8118B50
                                                                                              Function 00007FF73F6D4BA0 Relevance: 1.5, APIs: 1, Instructions: 22memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: ProtectVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 544645111-0
                                                                                              • Opcode ID: 51f90e94aeca4c95b2cd34b2a5ed23752a343929b840a27942d17f55598ccede
                                                                                              • Instruction ID: 22012fd4946c25d44542f13ebcc9594fb0d2d4f40f5d006e0ca06d59a14d36d9
                                                                                              • Opcode Fuzzy Hash: 51f90e94aeca4c95b2cd34b2a5ed23752a343929b840a27942d17f55598ccede
                                                                                              • Instruction Fuzzy Hash: 52E092237182D5E2D704AB26F5841FAE362BB99BC0B944035EE9C07716CD2DD801DF50
                                                                                              Function 00000001400B97D0 Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: FileFindNext
                                                                                              • String ID:
                                                                                              • API String ID: 2029273394-0
                                                                                              • Opcode ID: 4177796e15072c585db232ab642f29accb6d05ea1f689265af403d42f2bb1474
                                                                                              • Instruction ID: d343e42f0501e0478ce046e7b4ad1d26ec59c9f722ce7e036319c61eb3e5a038
                                                                                              • Opcode Fuzzy Hash: 4177796e15072c585db232ab642f29accb6d05ea1f689265af403d42f2bb1474
                                                                                              • Instruction Fuzzy Hash: 9EC09B39F55D06C1F6551F735C4238A11E47B7D781F408060D30482170DD3C81D74721
                                                                                              Function 00000001400BB3C4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: InfoNativeSystem
                                                                                              • String ID:
                                                                                              • API String ID: 1721193555-0
                                                                                              • Opcode ID: 5d96549d17151685d9874b2efd5e6665c09aeaad6767ec6861ada1b691878f94
                                                                                              • Instruction ID: d8588725117227abdcdc34116d9b2bcb0c60ff49f8bf55b53c216b4b3b5310f7
                                                                                              • Opcode Fuzzy Hash: 5d96549d17151685d9874b2efd5e6665c09aeaad6767ec6861ada1b691878f94
                                                                                              • Instruction Fuzzy Hash: 58B0923AA148C0C3D612EB04E84224A7331FBA8B0CFD00000E78D42624CE2CCA2A8E00
                                                                                              Function 00007FF73F6E8540 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF73F6DEFF1), ref: 00007FF73F6E8549
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: InfoSystem
                                                                                              • String ID:
                                                                                              • API String ID: 31276548-0
                                                                                              • Opcode ID: 25cf75335121583dfdfec9cb8cd8dee3505061b7bcd7ce15733641bd302c82b6
                                                                                              • Instruction ID: 83c78048e4989349eb336b2a1e847b2de7f9857171d22d4960eb3b17819f5e8e
                                                                                              • Opcode Fuzzy Hash: 25cf75335121583dfdfec9cb8cd8dee3505061b7bcd7ce15733641bd302c82b6
                                                                                              • Instruction Fuzzy Hash: 28B09B25E149C4D3C521FB04D9450557371F79CB04FC00151D14D41714DE1CD6198E00
                                                                                              Function 00007FF73F6FA0A0 Relevance: 1.4, APIs: 1, Instructions: 100COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00007FF73F6F96E0: GetSystemInfo.KERNEL32(?,?,?,?,?,?,00007FF73F6FA0C4), ref: 00007FF73F6F96F4
                                                                                              • InitializeCriticalSection.KERNEL32 ref: 00007FF73F6FA170
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalInfoInitializeSectionSystem
                                                                                              • String ID:
                                                                                              • API String ID: 3396500325-0
                                                                                              • Opcode ID: b63e4777be97870028eb3e82a7e7475413f5be94e8a6e66ceb6330b743b8c388
                                                                                              • Instruction ID: 446f2458e3bbe79096cd0f8c35da526f1028bf588507244222b56b65b2e66941
                                                                                              • Opcode Fuzzy Hash: b63e4777be97870028eb3e82a7e7475413f5be94e8a6e66ceb6330b743b8c388
                                                                                              • Instruction Fuzzy Hash: 4441AC32E05B89DAE714DF12E84059EFBA9FB68BD0B858035CF9943B50DB38E890C710
                                                                                              Function 000000014009BBB8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AllocHeap
                                                                                              • String ID:
                                                                                              • API String ID: 4292702814-0
                                                                                              • Opcode ID: 89c4a105d1922272e2462610b84ed45905b4a23a50f1930c6b4ffa1c52014e05
                                                                                              • Instruction ID: 6c531239d40ee5e4a2902b226633eb57cac5011e2b9d900c6599e8325af725e8
                                                                                              • Opcode Fuzzy Hash: 89c4a105d1922272e2462610b84ed45905b4a23a50f1930c6b4ffa1c52014e05
                                                                                              • Instruction Fuzzy Hash: AAF090B030520980FE575B679A513E512805B9CBD0F0C8531BB1A873F2DE7CC5814220
                                                                                              Function 000000014009DEDC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AllocHeap
                                                                                              • String ID:
                                                                                              • API String ID: 4292702814-0
                                                                                              • Opcode ID: 9205f215ad2653e1577bdd25e83756dbf467762e7c9e560a58e2579e2ecf73cf
                                                                                              • Instruction ID: 96e13d477e2ea5b68fd7ccafc69e1366d973b9abeb779e8dcccaf29a9117702d
                                                                                              • Opcode Fuzzy Hash: 9205f215ad2653e1577bdd25e83756dbf467762e7c9e560a58e2579e2ecf73cf
                                                                                              • Instruction Fuzzy Hash: A8F0A03035124584FE172BB358227E932905B9C7E0F0847327F3B872E1DA3CC4818110
                                                                                              Function 00007FF73F726FE8 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • HeapAlloc.KERNEL32(?,?,?,00007FF73F729AE1,?,?,00000000,00007FF73F72E203,?,?,?,00007FF73F722CA3,?,?,?,00007FF73F722B99), ref: 00007FF73F727026
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocHeap
                                                                                              • String ID:
                                                                                              • API String ID: 4292702814-0
                                                                                              • Opcode ID: 32880910578a27a9564e9d5d69925be913ad7062b9b1684f8e7dd551eca65773
                                                                                              • Instruction ID: cca226f8aeb48d1f87b5510503318dc41ad5338beca6d2fec76049ecba4ba137
                                                                                              • Opcode Fuzzy Hash: 32880910578a27a9564e9d5d69925be913ad7062b9b1684f8e7dd551eca65773
                                                                                              • Instruction Fuzzy Hash: 0BF03A08E0C28A70FA6C3B625E416F9D1A0DF8C7E0FC81630D82E852D2DE6CB4466270

                                                                                              Non-executed Functions

                                                                                              Function 00007FF73F6D8070 Relevance: 67.4, APIs: 16, Strings: 22, Instructions: 916COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                              • String ID: $ $c2 ?? ?? $c2 ?? ?? 0f 1f 44 00 00$c2 ?? ?? 0f 1f 84 00 00 00 00 00$c2 ?? ?? 66 0f 1f 84 00 00 00 00 00$c2 ?? ?? 66 66 0f 1f 84 00 00 00 00 00$c2 ?? ?? 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00$c2 ?? ?? cc cc cc cc cc cc 66 0f 1f 44 00 00$c2 ?? ?? cc cc cc cc cc cc 66 0f 1f 84 00 00 00 00 00$c2 ?? ?? cc cc cc cc cc cc 66 66 0f 1f 84 00 00 00 00 00$c2 ?? ?? cc cc cc cc cc cc cc 66 66 0f 1f 84 00 00 00 00 00$c3 $c3 0f 1f 44 00 00$c3 0f 1f 84 00 00 00 00 00$c3 66 0f 1f 84 00 00 00 00 00$c3 66 66 0f 1f 84 00 00 00 00 00$c3 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00$c3 cc cc cc cc cc cc 66 0f 1f 44 00 00$c3 cc cc cc cc cc cc 66 0f 1f 84 00 00 00 00 00$c3 cc cc cc cc cc cc 66 66 0f 1f 84 00 00 00 00 00$c3 cc cc cc cc cc cc cc 66 66 0f 1f 84 00 00 00 00 00
                                                                                              • API String ID: 3668304517-3837975418
                                                                                              • Opcode ID: b42931ba09c89b7cc0914b28a1dde43ef4ef91879d0b312a5abf58d8d17061c7
                                                                                              • Instruction ID: a928a8fe4a8d337016203c284bf334a4779ee78d7e59e4a9870a9c2adde4f3b5
                                                                                              • Opcode Fuzzy Hash: b42931ba09c89b7cc0914b28a1dde43ef4ef91879d0b312a5abf58d8d17061c7
                                                                                              • Instruction Fuzzy Hash: E392F623A14BD2A5EB189B34D5483ECA366FB457D4F905232EA9C06BE9DF7CE180D350
                                                                                              Function 00000001400843F0 Relevance: 34.3, APIs: 18, Strings: 1, Instructions: 1015stringmemorynativeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: lstrcpy$lstrcat$AllocateInitLockMemoryObjectStringUnicodeVirtual$AcquireEnumerateFolderFreeInitializeKnownLoadedModulesPathReleaseTaskUninitialize
                                                                                              • String ID: 0
                                                                                              • API String ID: 1424456515-4108050209
                                                                                              • Opcode ID: 6ab5860048078404b08774eb621f8c2ed188637054e4c41919c08ed4710e8169
                                                                                              • Instruction ID: d1b0b74d629fbdfa23808d7784c7a9837c07540af2c9878b2135e3a3a2eb4a86
                                                                                              • Opcode Fuzzy Hash: 6ab5860048078404b08774eb621f8c2ed188637054e4c41919c08ed4710e8169
                                                                                              • Instruction Fuzzy Hash: E3C29736626F848AD7918F6AE88169DB3B5F788B88F105219FECD57B18EF38C154C740
                                                                                              Function 0000000140006180 Relevance: 30.2, Strings: 24, Instructions: 238COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                              • String ID: BOOTNXT$autorun.inf$boot.ini$boot.sdi$bootfont.bin$bootmgfw.efi$bootmgr$bootsect.bak$bootstat.dat$d3d9caps.dat$desktop.ini$gdipfontcachev1.dat$iconcache.db$indexervolumeguid$mib.bin$ntldr$ntuser.dat$ntuser.dat.log$ntuser.ini$reagent.xml$thumbs.db$winre.wim$winsipolicy.p7b$wpsettings.dat
                                                                                              • API String ID: 118556049-850610325
                                                                                              • Opcode ID: dea6d34053270f54165e7821960ee4cc20a6cc02140d0cf59d37aac2e2ba149c
                                                                                              • Instruction ID: a421a36a023068aa29fcad27acd30c2338e587ed8756a21bd3deff31cd8c958e
                                                                                              • Opcode Fuzzy Hash: dea6d34053270f54165e7821960ee4cc20a6cc02140d0cf59d37aac2e2ba149c
                                                                                              • Instruction Fuzzy Hash: D0C12362D70BC985E722DB36DC923E55361F7EE384F506316BA8866866EB74E3C4C340
                                                                                              Function 000000014004C820 Relevance: 29.3, APIs: 2, Strings: 14, Instructions: 1339COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 000000014004DEA1
                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 000000014004DF4F
                                                                                                • Part of subcall function 000000014002B930: __std_exception_copy.LIBVCRUNTIME ref: 000000014002B973
                                                                                                • Part of subcall function 00000001400AF198: RtlPcToFileHeader.KERNEL32 ref: 00000001400AF1E8
                                                                                                • Part of subcall function 00000001400AF198: RaiseException.KERNEL32 ref: 00000001400AF229
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Concurrency::cancel_current_task$ExceptionFileHeaderRaise__std_exception_copy
                                                                                              • String ID: "$#base$#include$*$/$No closed word$Unexpected eof$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
                                                                                              • API String ID: 145623376-3561477107
                                                                                              • Opcode ID: 361d72bd4709def6a4f609f4fa24ae8153a654784caad3b90ac2d429779cc2c6
                                                                                              • Instruction ID: 922a43b0bfb3320b1e09c0a69905fec27db791f2e7b910ff19e93df92efef7e5
                                                                                              • Opcode Fuzzy Hash: 361d72bd4709def6a4f609f4fa24ae8153a654784caad3b90ac2d429779cc2c6
                                                                                              • Instruction Fuzzy Hash: A5D27E72210BC499EB729F26D8543DD33A1F749BD8F458222EB4D1BAA9DF74C685C304
                                                                                              Function 0000000140005DB0 Relevance: 25.2, Strings: 20, Instructions: 202COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                              • String ID: #recycle$$recycle.bin$$windows.~bt$$windows.~ws$$winreagent$All users$AppData$Application Data$Boot$PerfLogs$Program Files$Program Files (x86)$ProgramData$System Volume Information$Windows$Windows.old$Windows.~bt$bootmgr$config.msi$ntldr
                                                                                              • API String ID: 118556049-2722463023
                                                                                              • Opcode ID: b349f0743e28fad41dd0cf6d04c419ecc5bc303b8eb5692233894048f4044c83
                                                                                              • Instruction ID: cb1f1a79905c169176f84319a286e819c3d1305308cc080649ce1386deffbe9a
                                                                                              • Opcode Fuzzy Hash: b349f0743e28fad41dd0cf6d04c419ecc5bc303b8eb5692233894048f4044c83
                                                                                              • Instruction Fuzzy Hash: EFA13762D71FC985E712DB36DC923E55321F7EE388F506306BA8866866EB74E2C4C340
                                                                                              Function 000000014004E320 Relevance: 24.1, APIs: 2, Strings: 11, Instructions: 1388COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                              • String ID: #base$#include$No closed word$Unexpected eof$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
                                                                                              • API String ID: 118556049-1838291449
                                                                                              • Opcode ID: b5287aff4d33eed72af7018457b4126d96b056adf5592194d94a81707646957f
                                                                                              • Instruction ID: f45671f661cca8ad8b6fc8505681403b41097a2b46c11b6a0eabc4bca19b9bc9
                                                                                              • Opcode Fuzzy Hash: b5287aff4d33eed72af7018457b4126d96b056adf5592194d94a81707646957f
                                                                                              • Instruction Fuzzy Hash: ACE28D72211BC489EB72DF26D9503ED23A1F749BD8F454222EB4D0BAA9DF78C685D304
                                                                                              Function 0000000140083CF0 Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 351nativelibraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Handle$Query$CloseInformationProcessSystem$AddressCurrentFinalModuleNameObjectOpenPathProc
                                                                                              • String ID: File$NtDuplicateObject$ntdll.dll
                                                                                              • API String ID: 2729825427-3955674919
                                                                                              • Opcode ID: 83ec5291b0018ab41cfe03df20e7dd2d1f1a72359edb3c28957622346f052dbc
                                                                                              • Instruction ID: 5f06b0e0e128540174c09338d6285e380c67aae915a26e8c51ec70aeb0794474
                                                                                              • Opcode Fuzzy Hash: 83ec5291b0018ab41cfe03df20e7dd2d1f1a72359edb3c28957622346f052dbc
                                                                                              • Instruction Fuzzy Hash: 10E18F73B14A8089FB11DBA6D4143ED27A1F799BD8F408121EF5D57BA9DE38C68AC340
                                                                                              Function 00000001400751E0 Relevance: 21.5, APIs: 1, Strings: 11, Instructions: 465COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ExecuteShell
                                                                                              • String ID: .cmd$.exe$.exe$.ps1$.vbs$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$open$runas
                                                                                              • API String ID: 587946157-4093014531
                                                                                              • Opcode ID: 5fa60de95bd03661044e3fc0dac292e7a1a752f4b59490dd2e6ebca0d811477b
                                                                                              • Instruction ID: b5281d601738a43ca211a99e1055133fc5e051f27855edb02c4b0c1275ff8ddc
                                                                                              • Opcode Fuzzy Hash: 5fa60de95bd03661044e3fc0dac292e7a1a752f4b59490dd2e6ebca0d811477b
                                                                                              • Instruction Fuzzy Hash: 70229C72A20B8489EB11DF29E8803DD37A1F7887A8F505216FB5D47AB9DFB8C584C740
                                                                                              Function 0000000140084740 Relevance: 16.6, APIs: 8, Strings: 1, Instructions: 839stringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: lstrcatlstrcpy$Object$AcquireAllocateInitializeLockMemoryUninitializeVirtual
                                                                                              • String ID: 0
                                                                                              • API String ID: 3636535045-4108050209
                                                                                              • Opcode ID: 148f1cac526a25eedb59746f716de0c0cfa115320cfb54a3382c2084b1ee678e
                                                                                              • Instruction ID: 8c7b09bbf5c7122b16ba28e428a853a3eff83895a479c57ea2f3f9a8387bf1b3
                                                                                              • Opcode Fuzzy Hash: 148f1cac526a25eedb59746f716de0c0cfa115320cfb54a3382c2084b1ee678e
                                                                                              • Instruction Fuzzy Hash: 2BB2973662AFC58AD7808F69E88165EB7B5F788B88F106215FECD57B18EB38C154C740
                                                                                              Function 000000014007AE50 Relevance: 13.2, APIs: 2, Strings: 4, Instructions: 2695COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                              • String ID: cannot compare iterators of different containers$cannot use push_back() with $type must be string, but is $value
                                                                                              • API String ID: 118556049-2711811579
                                                                                              • Opcode ID: a2dba7e70cf099fd7a4de2094bb4a85c1ef6e3937679e5fa4afee9f10795526d
                                                                                              • Instruction ID: e60008f7f84b6c3740a31766efd91a03ab009c2b7edee56fda540ab7752bb5c8
                                                                                              • Opcode Fuzzy Hash: a2dba7e70cf099fd7a4de2094bb4a85c1ef6e3937679e5fa4afee9f10795526d
                                                                                              • Instruction Fuzzy Hash: E9535972611BC489EB72DF26D8803DD33A5F749798F509616EB5D5BAAAEF34C284C300
                                                                                              Function 0000000140078F60 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 451fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: File$PointerReadSize
                                                                                              • String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                              • API String ID: 404940565-15404121
                                                                                              • Opcode ID: b548caa736ec3c348e1439c5da8914f590a63263b627fd5598bf14829292a84c
                                                                                              • Instruction ID: 5edffb9c9e573463b4dd48dfa20c5045759caa4cd85463c1147fb348f9822fd8
                                                                                              • Opcode Fuzzy Hash: b548caa736ec3c348e1439c5da8914f590a63263b627fd5598bf14829292a84c
                                                                                              • Instruction Fuzzy Hash: 35320432615BC489EB21CF36D8807DD37A1F789B88F548226EB4D5BBA9EB74C645C700
                                                                                              Function 00000001400A6F14 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
                                                                                              • String ID: utf8
                                                                                              • API String ID: 3069159798-905460609
                                                                                              • Opcode ID: 4309449c26b629e9b6de698707476955217e9cbe9722d2e68f3c85218e94a805
                                                                                              • Instruction ID: c8676370c03f2832b14b5ac92e44ce7c7e0275684d35be30625b5c07bc7d450d
                                                                                              • Opcode Fuzzy Hash: 4309449c26b629e9b6de698707476955217e9cbe9722d2e68f3c85218e94a805
                                                                                              • Instruction Fuzzy Hash: B6918C3230074086FB669F63D841BE923A4F7ACBC0F448225BF59477A6DB79C996CB40
                                                                                              Function 00000001400A795C Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                              • String ID:
                                                                                              • API String ID: 2591520935-0
                                                                                              • Opcode ID: 3301e9280f1409413c6e5163e9b0fada1059872855e0caf1ff3eea5915758eb7
                                                                                              • Instruction ID: feb63dcf0bdec3949d4e76bc79658d237640d57012ff30aab0ceb24d224915c4
                                                                                              • Opcode Fuzzy Hash: 3301e9280f1409413c6e5163e9b0fada1059872855e0caf1ff3eea5915758eb7
                                                                                              • Instruction Fuzzy Hash: 73718F7271061099FB269B62DC50BEC33A4BBAC7C4F448225AF1D577E5EB38C585CB21
                                                                                              Function 0000000140064710 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 410COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: __std_exception_destroy
                                                                                              • String ID: value
                                                                                              • API String ID: 2453523683-494360628
                                                                                              • Opcode ID: 1c2ba53565f946c9080e6b53425894bea7830ffcab37d4544949e565ea5696af
                                                                                              • Instruction ID: b1c523dfb46d95ff63a91890f65b1b3e8e807c93fa61b7d9179ce92ad787025e
                                                                                              • Opcode Fuzzy Hash: 1c2ba53565f946c9080e6b53425894bea7830ffcab37d4544949e565ea5696af
                                                                                              • Instruction Fuzzy Hash: 4E029F32A24BC085EB02CB76D8803EE6761E7997E4F605615FB9D47AEADF78C185C700
                                                                                              Function 0000000140088B70 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 410COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: __std_exception_destroy
                                                                                              • String ID: value
                                                                                              • API String ID: 2453523683-494360628
                                                                                              • Opcode ID: 04f4b7c235365a1010fc6c63079ea135c62ed19ee5361597eed9e8b3ec8bad99
                                                                                              • Instruction ID: 970f2944975341a257ab404fa4abbac2a857008dc3ac11f7c0c90d2f312cbe8b
                                                                                              • Opcode Fuzzy Hash: 04f4b7c235365a1010fc6c63079ea135c62ed19ee5361597eed9e8b3ec8bad99
                                                                                              • Instruction Fuzzy Hash: 1A028A33A24B8089EB12DB76D4843ED6761F7997E4F505212FB9D43AEADB78C285C700
                                                                                              Function 000000014008F920 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 1239891234-0
                                                                                              • Opcode ID: c7f70f128318b326f672a7b0d6647dc5eb587961ea58d1b4d09a7c2ba848fd84
                                                                                              • Instruction ID: 5f8d02a2a52773e592abde51a21ef668a942117cb33230e5cbd38566097d7bbb
                                                                                              • Opcode Fuzzy Hash: c7f70f128318b326f672a7b0d6647dc5eb587961ea58d1b4d09a7c2ba848fd84
                                                                                              • Instruction Fuzzy Hash: C3314E32214B8096EB61CF26E8403EE73A4F798794F540116FB9D43BA9DF38C155CB10
                                                                                              Function 0000000140039090 Relevance: 8.4, Strings: 6, Instructions: 916COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: content$directory_iterator::directory_iterator$exists$filename$files$key
                                                                                              • API String ID: 0-2980817763
                                                                                              • Opcode ID: d2e8c5784b7336250cda634c7e7f077fe517af5955372375b5b4bdb43e8c1d63
                                                                                              • Instruction ID: db886dd1511d2bf5be93a71c4dec273d0f001a764d79c9cfe459ddf8002fb08e
                                                                                              • Opcode Fuzzy Hash: d2e8c5784b7336250cda634c7e7f077fe517af5955372375b5b4bdb43e8c1d63
                                                                                              • Instruction Fuzzy Hash: 83A25B72611BC48ADB228F36D8843DE73A5F799798F505616EB9C4BBA9DF74C280C340
                                                                                              Function 00007FF73F72D02C Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                              • String ID:
                                                                                              • API String ID: 2227656907-0
                                                                                              • Opcode ID: 3e0a43cd693a05410b509f488a5a0548e281c97be78be681143cf9592b373582
                                                                                              • Instruction ID: f742f75fb5aa9e60998a71ad69eb2e998f84be4add254252d09c485086eced2d
                                                                                              • Opcode Fuzzy Hash: 3e0a43cd693a05410b509f488a5a0548e281c97be78be681143cf9592b373582
                                                                                              • Instruction Fuzzy Hash: E1B1C42AB186DAB1EA68AB21EC041F9E391EB48BD0FC45135DE5D47B85DF3CF441A310
                                                                                              Function 0000000140037B8D Relevance: 7.4, Strings: 5, Instructions: 1142COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: config$content$filename$status$users
                                                                                              • API String ID: 0-2677590375
                                                                                              • Opcode ID: a9a058be19f95ffe05f0a44f403eb0c6d5e3b0d8bd0c1896b65ef1cfdc461b5a
                                                                                              • Instruction ID: 88bed40317cff88bec96c74472af5b50869bd5d48732fb9cc8dfc92afe38185a
                                                                                              • Opcode Fuzzy Hash: a9a058be19f95ffe05f0a44f403eb0c6d5e3b0d8bd0c1896b65ef1cfdc461b5a
                                                                                              • Instruction Fuzzy Hash: 8DC26072611BC589DB32DF36D8943DD63A1F789798F405216EB9D4BAAAEF34C684C300
                                                                                              Function 00000001400BBB14 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00000001400BBB97
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                              • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                              • API String ID: 389471666-631824599
                                                                                              • Opcode ID: e8ffe009acab376759065dd43441e42d099b308a5e20a56206d0bc25ee25ae09
                                                                                              • Instruction ID: 9dc1694343e02967c11c7c3d0e29f81101dece21e8fb3b6c562d59960a48fa23
                                                                                              • Opcode Fuzzy Hash: e8ffe009acab376759065dd43441e42d099b308a5e20a56206d0bc25ee25ae09
                                                                                              • Instruction Fuzzy Hash: 00115A32210B40A7F75A9B67EA843ED33A0FB58785F408125EB4983A61EF78D0B4C720
                                                                                              Function 00000001400302E0 Relevance: 7.0, Strings: 5, Instructions: 747COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: __std_fs_convert_wide_to_narrow$__std_fs_code_page
                                                                                              • String ID: content$directory_iterator::directory_iterator$exists$filename$status
                                                                                              • API String ID: 3645842244-3429737954
                                                                                              • Opcode ID: 5ece81433d9ff37a7c059390fab1d368b36a848333c2fa9aefaf8ad46434897e
                                                                                              • Instruction ID: d73ea0c104233689a445c32717ff6da1951ca3655a894b6c35e9ca85daf2ae71
                                                                                              • Opcode Fuzzy Hash: 5ece81433d9ff37a7c059390fab1d368b36a848333c2fa9aefaf8ad46434897e
                                                                                              • Instruction Fuzzy Hash: 53726032611BC089EB62DF36D8903EE6360F78D798F549625EB8D47AA9DF74C684C700
                                                                                              Function 0000000140061340 Relevance: 6.8, Strings: 5, Instructions: 599COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: cannot use push_back() with $directory_iterator::directory_iterator$exists$prefs.js$status
                                                                                              • API String ID: 0-2713369562
                                                                                              • Opcode ID: 28fca9b23354bd683b427f2f8d1bb70e567294dfa82398b1eaf78fa5c7db42d7
                                                                                              • Instruction ID: 63d978f2dda3e68515005d76a2ef6ca3ac3a7e1fa577548c5563e2d706d29ac1
                                                                                              • Opcode Fuzzy Hash: 28fca9b23354bd683b427f2f8d1bb70e567294dfa82398b1eaf78fa5c7db42d7
                                                                                              • Instruction Fuzzy Hash: E1522632609FC484E6729B16E8813DAB3A4F7C9784F505626EBCC53B69EF78C594CB00
                                                                                              Function 0000000140097348 Relevance: 6.1, APIs: 4, Instructions: 83memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Virtual$AllocInfoProtectQuerySystem
                                                                                              • String ID:
                                                                                              • API String ID: 3562403962-0
                                                                                              • Opcode ID: 324fd5cd604fef47d1152131e1f7c01459585a6c12e9a2e3e67a5e0172bc20d3
                                                                                              • Instruction ID: d91057414ffa4c73b9b01bd033ad8b4648322d2f3e60c39491e11190a2f9d873
                                                                                              • Opcode Fuzzy Hash: 324fd5cd604fef47d1152131e1f7c01459585a6c12e9a2e3e67a5e0172bc20d3
                                                                                              • Instruction Fuzzy Hash: 88313536310A819EEB21CF32D8547D963A5F74DB88F95802AAA4D4BB69DB38D646C700
                                                                                              Function 0000000140068950 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 376COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: __std_exception_copy
                                                                                              • String ID: parse_error$value
                                                                                              • API String ID: 592178966-1739288027
                                                                                              • Opcode ID: 3e116b332420aacf114edbbec7826855a4b42931067101207a73c55646cc7bb8
                                                                                              • Instruction ID: 8244d5c1f1ed087e50a97b553c421f27148c391dfb4737c9bdab5d2393af6ecf
                                                                                              • Opcode Fuzzy Hash: 3e116b332420aacf114edbbec7826855a4b42931067101207a73c55646cc7bb8
                                                                                              • Instruction Fuzzy Hash: 4BF1BF72A20A8095EB12DF76E8513ED2362F79D7D8F905612FB5C17AAAEF74C184C340
                                                                                              Function 000000014003A1F0 Relevance: 5.6, Strings: 4, Instructions: 609COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: content$directory_iterator::directory_iterator$exists$filename
                                                                                              • API String ID: 0-1400943384
                                                                                              • Opcode ID: e2373231b1ff66b0894e044b160cc32f93b85538415c22739f29677aec00290d
                                                                                              • Instruction ID: af20b811e710999986ff35a911c3500b010dfb73ffacbcf88ee0eea74d4bf58c
                                                                                              • Opcode Fuzzy Hash: e2373231b1ff66b0894e044b160cc32f93b85538415c22739f29677aec00290d
                                                                                              • Instruction Fuzzy Hash: DC527F73624BC489EB628F26E8403DE73A1F789798F405215EB9D47BA9EF78C584C700
                                                                                              Function 00000001400A19B8 Relevance: 5.5, APIs: 3, Instructions: 1005COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                              • String ID:
                                                                                              • API String ID: 1286766494-0
                                                                                              • Opcode ID: 626dcb227b5bc7ac8be461749a241f678d20af3c8eaaec26e2b9a3e8116e3e07
                                                                                              • Instruction ID: b718dfecaa3ddfc3bc52139a138ba4e290b4b0cd523622613b77e9720c13a749
                                                                                              • Opcode Fuzzy Hash: 626dcb227b5bc7ac8be461749a241f678d20af3c8eaaec26e2b9a3e8116e3e07
                                                                                              • Instruction Fuzzy Hash: 9292F43320578086E7668F2AE5503ED37A5F7ADBC8F548225FB8507BA5DB39C991CB00
                                                                                              Function 0000000140088240 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 254COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              • out_of_range, xrefs: 00000001400882B2
                                                                                              • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 000000014008854F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: __std_exception_copy
                                                                                              • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899$out_of_range
                                                                                              • API String ID: 592178966-2497706888
                                                                                              • Opcode ID: 58b4b1ac7839a45aacf2307d221f6284d641360b3ebd18aeb6119a6f3cf397e6
                                                                                              • Instruction ID: 859cc02d407c1f41063c26cd0541dd94ca3be4aad8ee5ef7ae090caff03dabfc
                                                                                              • Opcode Fuzzy Hash: 58b4b1ac7839a45aacf2307d221f6284d641360b3ebd18aeb6119a6f3cf397e6
                                                                                              • Instruction Fuzzy Hash: 42A19073B14B8085EB12CB6AD4553EC2362F79DBD8F509212EF5D17BAADA78C295C300
                                                                                              Function 00000001400B9480 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: FormatInfoLocaleMessage
                                                                                              • String ID: !x-sys-default-locale
                                                                                              • API String ID: 4235545615-2729719199
                                                                                              • Opcode ID: f19c835850623712fbca22d426e0c2013945c380ca8add72a55f3f09a2f97b50
                                                                                              • Instruction ID: f3a926f20b1b010318398b7a8846d58a51c33b94a468237811250e05d48ce9cb
                                                                                              • Opcode Fuzzy Hash: f19c835850623712fbca22d426e0c2013945c380ca8add72a55f3f09a2f97b50
                                                                                              • Instruction Fuzzy Hash: 27018C72704B8082E7228F53B550BEA67A2F7987C4F548015EB8547BA9CB3CC545C700
                                                                                              Function 00000001400706A6 Relevance: 4.4, Strings: 3, Instructions: 653COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 2OWqJZldB3s=$port$rXwr2/Mp0kvTmn+hdCWeFmDWltFpcKXkn/UOvH+3cNE=
                                                                                              • API String ID: 0-1454942929
                                                                                              • Opcode ID: 1065e8d0ee9d3b13a44241aec8427c35599ae581f942a7ef67f31200059e3b1f
                                                                                              • Instruction ID: a3d859d16d8325973c10661ad618f0210053299145ddcdfd328b26100e205a32
                                                                                              • Opcode Fuzzy Hash: 1065e8d0ee9d3b13a44241aec8427c35599ae581f942a7ef67f31200059e3b1f
                                                                                              • Instruction Fuzzy Hash: B1725F72629BC485E661CB26E4403DAB3A4F7D9784F505316EBCD13BA9EF38C195CB04
                                                                                              Function 0000000140036130 Relevance: 3.9, Strings: 2, Instructions: 1357COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Software$exists
                                                                                              • API String ID: 0-2364128853
                                                                                              • Opcode ID: 578ae4ccc995a136451f604d93af071f0c765f13489324fc5f464d3885e6d86e
                                                                                              • Instruction ID: 28be1766aa20d503d1d767cf1f8b32bf6039996a3715809a7116e46607de2276
                                                                                              • Opcode Fuzzy Hash: 578ae4ccc995a136451f604d93af071f0c765f13489324fc5f464d3885e6d86e
                                                                                              • Instruction Fuzzy Hash: 0AD25D72A10BC48AEB228F7AD8403DE63A0F79D798F105216EB9D57BA9DF74C581C340
                                                                                              Function 00000001400486D0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 311COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                              • String ID: vector<bool> too long
                                                                                              • API String ID: 118556049-842332957
                                                                                              • Opcode ID: 480ce8ef24abe21b7eb60846a31ecc9542ed4649fab68e73c9c70b8ba08d1b42
                                                                                              • Instruction ID: 61e65e13e69fc43ad40f22c7197a07162a21ed4251ea8bf3e913d489e5c4e1f9
                                                                                              • Opcode Fuzzy Hash: 480ce8ef24abe21b7eb60846a31ecc9542ed4649fab68e73c9c70b8ba08d1b42
                                                                                              • Instruction Fuzzy Hash: 62C18932A14B8089EB21CF66D8403ED6360F399BD8F155626EF9C27BA9EB74D591C700
                                                                                              Function 000000014004E130 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 310COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                              • String ID: conditional not closed
                                                                                              • API String ID: 118556049-2481790218
                                                                                              • Opcode ID: d7e0244399ac7a8c38ea61a957ad12611169f52f7b4399fa912360db9583ce19
                                                                                              • Instruction ID: f61f111c253a821cdff31c41d955cc0a28299ebbd23709346a6101b3d68f3d52
                                                                                              • Opcode Fuzzy Hash: d7e0244399ac7a8c38ea61a957ad12611169f52f7b4399fa912360db9583ce19
                                                                                              • Instruction Fuzzy Hash: 19D17072605BC485EB62CF22E9403ED77A5F75D7C8F554226EB890BBA9DB78C690C300
                                                                                              Function 000000014009C1A8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: InfoLocale
                                                                                              • String ID: GetLocaleInfoEx
                                                                                              • API String ID: 2299586839-2904428671
                                                                                              • Opcode ID: 0fc81d44bec917c2802c26d4724ac6a513cb7d03bb6cf24fcfbb40603345bdc0
                                                                                              • Instruction ID: 60772653225e43ecb605bd3172af7641be404793e2a22508e73316e49db17a4f
                                                                                              • Opcode Fuzzy Hash: 0fc81d44bec917c2802c26d4724ac6a513cb7d03bb6cf24fcfbb40603345bdc0
                                                                                              • Instruction Fuzzy Hash: 7E016271704A8086E7059B57B4407DEA760EB9DBD0F584426FF4913BB9CE3CC5428740
                                                                                              Function 0000000140076760 Relevance: 3.4, APIs: 2, Instructions: 391COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ExecuteFileModuleNameShell
                                                                                              • String ID:
                                                                                              • API String ID: 1703432166-0
                                                                                              • Opcode ID: 91602a81c8f62de41fc0bb930770fc7bd409e86215165c215da3a63e53f2daaf
                                                                                              • Instruction ID: d8ee42ea1a97b23c07e2054ee784d732b75578541ab312a8fe866e8dd7ea17d2
                                                                                              • Opcode Fuzzy Hash: 91602a81c8f62de41fc0bb930770fc7bd409e86215165c215da3a63e53f2daaf
                                                                                              • Instruction Fuzzy Hash: 01121972625F848AEB418F69E88079EB3A4F788798F505215FFDD57B68EB38D190C700
                                                                                              Function 000000014009F7F4 Relevance: 3.2, APIs: 2, Instructions: 227COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ExceptionRaise_clrfp
                                                                                              • String ID:
                                                                                              • API String ID: 15204871-0
                                                                                              • Opcode ID: 57a16f90b848e9bfce21c4af82cc5806e79d9fd20c8b8e6b755f3e4c735a4a33
                                                                                              • Instruction ID: 919453debe393908ced8d172903d6ff7188dc84b86e7c64348104e548fea3f73
                                                                                              • Opcode Fuzzy Hash: 57a16f90b848e9bfce21c4af82cc5806e79d9fd20c8b8e6b755f3e4c735a4a33
                                                                                              • Instruction Fuzzy Hash: 68B12E77610B848BE756CF2AC8463AD7BA0F348B88F158915EB9D877B4CB39C451D701
                                                                                              Function 00007FF73F729028 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionRaise_clrfp
                                                                                              • String ID:
                                                                                              • API String ID: 15204871-0
                                                                                              • Opcode ID: 16089e8a79f3e867c82da085aab726f07dd3f88bbbf6223f5e1fcc83706dddd1
                                                                                              • Instruction ID: 3efab19fd96942034d70ed2b45d1768e65d3105e568b2c05871e1a4b47fe1465
                                                                                              • Opcode Fuzzy Hash: 16089e8a79f3e867c82da085aab726f07dd3f88bbbf6223f5e1fcc83706dddd1
                                                                                              • Instruction Fuzzy Hash: 1DB17F77600B899BE719CF29C8853A877F0F748B88F588925DB5D837A4CB39E451D710
                                                                                              Function 0000000140080500 Relevance: 3.2, APIs: 2, Instructions: 187COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: DevicesDisplayEnum
                                                                                              • String ID:
                                                                                              • API String ID: 2211661463-0
                                                                                              • Opcode ID: 2b8b428b17e50488dcb0f7508568a54b23ee9546e4c0b4db8270795c0fdec0a8
                                                                                              • Instruction ID: 19c7139242929449c4d4c4b87db3b2f232012005095485b94cee5487fd6aff28
                                                                                              • Opcode Fuzzy Hash: 2b8b428b17e50488dcb0f7508568a54b23ee9546e4c0b4db8270795c0fdec0a8
                                                                                              • Instruction Fuzzy Hash: 1281B933A14B8486E761CB22E84479E77A4F388798F505225EF9C17BA9DF78D291CB00
                                                                                              Function 0000000140035EE0 Relevance: 3.1, APIs: 2, Instructions: 145encryptionCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CryptDataFreeLocalUnprotect
                                                                                              • String ID:
                                                                                              • API String ID: 1561624719-0
                                                                                              • Opcode ID: e83c11dec8a52c273d5158a65c8e10aa182b1c90293aa03496142179bc238d44
                                                                                              • Instruction ID: 9e8f040241498dcf4d5bb1e335b6897edc659cddbd66c8fa246a9ca2a154ff2f
                                                                                              • Opcode Fuzzy Hash: e83c11dec8a52c273d5158a65c8e10aa182b1c90293aa03496142179bc238d44
                                                                                              • Instruction Fuzzy Hash: 16616932B10B809AF712DFB5E4413DE77A1E75878CF048225EB8917AAADB78C5A4D340
                                                                                              Function 00000001400721C0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CryptDataFreeLocalProtect
                                                                                              • String ID:
                                                                                              • API String ID: 2714945720-0
                                                                                              • Opcode ID: 6da8b2380d1e6afdbe15ad09ed0a82a6e20629f9e1f2d0947d1afcdde56a6e99
                                                                                              • Instruction ID: 07660ed2e832bc3cae1564f7fa5c8dbcf9799d612d8db6e1a4bffde423264a9b
                                                                                              • Opcode Fuzzy Hash: 6da8b2380d1e6afdbe15ad09ed0a82a6e20629f9e1f2d0947d1afcdde56a6e99
                                                                                              • Instruction Fuzzy Hash: C2414232614B80DAE3218F75E4403ED37A4F79878CF084229BB8807E9ADB79C6A5C754
                                                                                              Function 00000001400728C0 Relevance: 3.0, Strings: 2, Instructions: 529COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: %$+
                                                                                              • API String ID: 0-2626897407
                                                                                              • Opcode ID: 775d02d70bd61bf60929dd4d0ac51ebeac3a7b73e8056140f6b91f10b80afd83
                                                                                              • Instruction ID: 0a8ec977388b622f50a70cbcb7b4272b44195d339a8611528508db7e15a04db2
                                                                                              • Opcode Fuzzy Hash: 775d02d70bd61bf60929dd4d0ac51ebeac3a7b73e8056140f6b91f10b80afd83
                                                                                              • Instruction Fuzzy Hash: DF22F232714A848AFB26CB66E4503ED67A1E7597D8F444226EF491BBE9DB3CC485C340
                                                                                              Function 00000001400A29F4 Relevance: 2.9, Strings: 2, Instructions: 358COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: a/p$am/pm
                                                                                              • API String ID: 0-3206640213
                                                                                              • Opcode ID: 84aeccd4d3097aa3e4106772785546d072a9ec9c45404e341c4189bc1fea45af
                                                                                              • Instruction ID: 389fbfe1557313ed34f230b6718cffe82f081497b7082f91035d3b4547c0b750
                                                                                              • Opcode Fuzzy Hash: 84aeccd4d3097aa3e4106772785546d072a9ec9c45404e341c4189bc1fea45af
                                                                                              • Instruction Fuzzy Hash: E0E1AC3270424086EB6ADF2A95547ED23A1FB797C4F558322FB0A47AE4DB38C9D1DB00
                                                                                              Function 000000014002FEE0 Relevance: 2.7, Strings: 2, Instructions: 226COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: dumps$emoji
                                                                                              • API String ID: 0-2873254224
                                                                                              • Opcode ID: f7c1d0fb9677e435d25e24cad687abe55fd77fc57aacf0daad7dd5b9b370ae1b
                                                                                              • Instruction ID: 16a966c1e6dc8a75da5fec909bf11861ce83cbd3804195759c473be833db9215
                                                                                              • Opcode Fuzzy Hash: f7c1d0fb9677e435d25e24cad687abe55fd77fc57aacf0daad7dd5b9b370ae1b
                                                                                              • Instruction Fuzzy Hash: 81B10932929BC886D761CB26E88179AB7A4F79D784F545315FBCD13B59EB38C290CB00
                                                                                              Function 00000001400555B0 Relevance: 2.0, APIs: 1, Instructions: 455COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                              • String ID:
                                                                                              • API String ID: 118556049-0
                                                                                              • Opcode ID: 4d5c391330686f2bf49f9cfbe987d8adeb6d73f7f4667b30d5a3bcd523a1dd06
                                                                                              • Instruction ID: 07ff841972f4859cfb3c331632cf9f1651e54e97bc8d744083198f1847ac1cb1
                                                                                              • Opcode Fuzzy Hash: 4d5c391330686f2bf49f9cfbe987d8adeb6d73f7f4667b30d5a3bcd523a1dd06
                                                                                              • Instruction Fuzzy Hash: D8028872711B8485EB11DBA2E0543EE63B1E348BD8F448612EF9C17BA9EF35C595C380
                                                                                              Function 000000014006CF70 Relevance: 1.7, APIs: 1, Instructions: 232COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                              • String ID:
                                                                                              • API String ID: 118556049-0
                                                                                              • Opcode ID: c06b593c725dc07872aa154df743db2783a7f6756c4fde3946b93bd7402ecb75
                                                                                              • Instruction ID: 14a07b967faba2495f95876cee6859b88b251465bb270adb094911aea4f91af1
                                                                                              • Opcode Fuzzy Hash: c06b593c725dc07872aa154df743db2783a7f6756c4fde3946b93bd7402ecb75
                                                                                              • Instruction Fuzzy Hash: E1A19B32B11B9889EB01CB6AD8903EC37B1F359788F644816EF8D57B69DB38C095C350
                                                                                              Function 000000014006C930 Relevance: 1.7, APIs: 1, Instructions: 221COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                              • String ID:
                                                                                              • API String ID: 118556049-0
                                                                                              • Opcode ID: f00762eceee1fdbe069b05ad4d53d399861816b59c8adad253d3f5e0714af0d5
                                                                                              • Instruction ID: dd3bab6621994a701314441ebc57f5e31fbbfe2868830d1758e33f15d639154b
                                                                                              • Opcode Fuzzy Hash: f00762eceee1fdbe069b05ad4d53d399861816b59c8adad253d3f5e0714af0d5
                                                                                              • Instruction Fuzzy Hash: B8A18C32715B9889EB01CBAAD8803EC7771F359B88F648816EF8D53B65DB38C191C350
                                                                                              Function 000000014006CC50 Relevance: 1.7, APIs: 1, Instructions: 221COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                              • String ID:
                                                                                              • API String ID: 118556049-0
                                                                                              • Opcode ID: 50a55a3ba420cf9c46d51042fa6837dcd9d920783ad03091e359f59e14185712
                                                                                              • Instruction ID: 905b50fdf4e2d9dafa4c8cd5a0b079d42b41cf8199f5cebde9984da35bd73fe2
                                                                                              • Opcode Fuzzy Hash: 50a55a3ba420cf9c46d51042fa6837dcd9d920783ad03091e359f59e14185712
                                                                                              • Instruction Fuzzy Hash: DFA18D32725B9889EB01CB6AD8803EC77B1F359B88F644826EF8D57B65DB38C195C350
                                                                                              Function 000000014006C600 Relevance: 1.7, APIs: 1, Instructions: 220COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                              • String ID:
                                                                                              • API String ID: 118556049-0
                                                                                              • Opcode ID: f77224b4a8fa35b9d78d45c826c3399db25f702fe04158d418ed51350959cbf1
                                                                                              • Instruction ID: 5466a8df070760fce31f30708c42200c4e7f0de2470285a5167c48058d4aae7b
                                                                                              • Opcode Fuzzy Hash: f77224b4a8fa35b9d78d45c826c3399db25f702fe04158d418ed51350959cbf1
                                                                                              • Instruction Fuzzy Hash: 8BA18932B25B9889EB11CBAAD8807EC77B1F359B88F644516EF8D57B65DB38C095C300
                                                                                              Function 000000014006C300 Relevance: 1.7, APIs: 1, Instructions: 214COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                              • String ID:
                                                                                              • API String ID: 118556049-0
                                                                                              • Opcode ID: 5510556c1010a6b5d9d490fa0fdf4b9eb31bde02135fd0d777d8d99617ec394c
                                                                                              • Instruction ID: b4a6a48b7b4e050dafe35e1efa87def716fca71769d0e53fd640bbf652c55f37
                                                                                              • Opcode Fuzzy Hash: 5510556c1010a6b5d9d490fa0fdf4b9eb31bde02135fd0d777d8d99617ec394c
                                                                                              • Instruction Fuzzy Hash: 6DA19D72721B9889EB11CB6AD8803EC77B1F359788F648816EF8E57B65DB38D190C350
                                                                                              Function 000000014006D2A0 Relevance: 1.7, APIs: 1, Instructions: 210COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                              • String ID:
                                                                                              • API String ID: 118556049-0
                                                                                              • Opcode ID: 7b2aa9d5b68e4baef185b3c85445150f1967f249de06819966022115a2a2ec44
                                                                                              • Instruction ID: 295257dd697b7c105f498c469163df65e835385e9ddaf58949bb6541f3a3edca
                                                                                              • Opcode Fuzzy Hash: 7b2aa9d5b68e4baef185b3c85445150f1967f249de06819966022115a2a2ec44
                                                                                              • Instruction Fuzzy Hash: A4A18C32B01B9889EB01CB6AD8803EC37B1F359B88F644816EF8D57B65DB38D591C350
                                                                                              Function 00000001400A7270 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                              • String ID:
                                                                                              • API String ID: 3029459697-0
                                                                                              • Opcode ID: 58800bb6c4d0d9c609f2f6f306793987a7a581936cd52f064e9451565f60872b
                                                                                              • Instruction ID: 3f0976dd2273b61df12df39fa004812411145b84e83f8b154e4c7763893b7dbc
                                                                                              • Opcode Fuzzy Hash: 58800bb6c4d0d9c609f2f6f306793987a7a581936cd52f064e9451565f60872b
                                                                                              • Instruction Fuzzy Hash: F011E473A046448AEB268F27D440BDC7BA0F364FE0F448215EB69433E4CA74C6D1CB40
                                                                                              Function 0000000140059A10 Relevance: 1.6, Strings: 1, Instructions: 304COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: .
                                                                                              • API String ID: 0-248832578
                                                                                              • Opcode ID: 2c3158a9e9f93a969c2a666a1f9b5d2ec7ab747aeecbc16c19022b1ce8de7816
                                                                                              • Instruction ID: 40819633d232c9ce66d6ddcfb851f73d9ff1d85534e7ac04d1ad7f72ff7e9d99
                                                                                              • Opcode Fuzzy Hash: 2c3158a9e9f93a969c2a666a1f9b5d2ec7ab747aeecbc16c19022b1ce8de7816
                                                                                              • Instruction Fuzzy Hash: 78C15D32200B8586EB62DF2BD5843E963A1F78D7D4F554212FB9943BA9DF7AC881C740
                                                                                              Function 00000001400A7340 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                              • String ID:
                                                                                              • API String ID: 3029459697-0
                                                                                              • Opcode ID: fd6ab9fb082eedb8b2c8f5dae22463227a7604b7e6560a2cecb061507bc0ecca
                                                                                              • Instruction ID: 7bafb4245b4d6e6c49a7039ce1a260dab7ff05426a5d8df10d52709872900359
                                                                                              • Opcode Fuzzy Hash: fd6ab9fb082eedb8b2c8f5dae22463227a7604b7e6560a2cecb061507bc0ecca
                                                                                              • Instruction Fuzzy Hash: 9E01D473B0428086EB124F17E840BDD76E1E768BE4F46C321EB69472E5DB7585C19B00
                                                                                              Function 0000000140080110 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: NameUser
                                                                                              • String ID:
                                                                                              • API String ID: 2645101109-0
                                                                                              • Opcode ID: 5706546f313706de72a237bf98d2ae5729b4666c4094d2ca0903643dc08702f3
                                                                                              • Instruction ID: 75203e3dd4f3446b24b524f80e4a0863d0743b465ce5161dc7d8d01dbbe675d1
                                                                                              • Opcode Fuzzy Hash: 5706546f313706de72a237bf98d2ae5729b4666c4094d2ca0903643dc08702f3
                                                                                              • Instruction Fuzzy Hash: B801213251878082EB61CF26E8513DAB3A4F79D7C8F544226BB8D47669DBBCC194CB40
                                                                                              Function 000000014009BC68 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: EnumLocalesSystem
                                                                                              • String ID:
                                                                                              • API String ID: 2099609381-0
                                                                                              • Opcode ID: f8325550294e071d185dd7c07cc84b153cedbfbab89d167ada8b5b9da10e3d51
                                                                                              • Instruction ID: 2ca7fd1f05b54c963b0f9f1873e639ef9e3b6397ab2a8ea23eb847ac3e523e9b
                                                                                              • Opcode Fuzzy Hash: f8325550294e071d185dd7c07cc84b153cedbfbab89d167ada8b5b9da10e3d51
                                                                                              • Instruction Fuzzy Hash: F3F037B2300A4482E705DB2AF8903D97362F79DBD0F549029EB8983375CE3CC961C344
                                                                                              Function 0000000140096718 Relevance: 1.5, APIs: 1, Instructions: 28timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Time$FileSystem
                                                                                              • String ID:
                                                                                              • API String ID: 2086374402-0
                                                                                              • Opcode ID: 75fbddce294d53850cb8720f3d0c995c641d577ea31d2d54e246c1f818b064cd
                                                                                              • Instruction ID: c7cea57233372fb9159a36606d1a044877f3cf972546b1b200f72c322394f39e
                                                                                              • Opcode Fuzzy Hash: 75fbddce294d53850cb8720f3d0c995c641d577ea31d2d54e246c1f818b064cd
                                                                                              • Instruction Fuzzy Hash: 3FF0A7F5B2968843EE15876AA5143949292AF5CBF4F049321BE3D4F7D9FA2CC5518700
                                                                                              Function 0000000140080820 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: cores
                                                                                              • API String ID: 0-2370456839
                                                                                              • Opcode ID: 019590ad0115f10e951c560004b76864ab1ec08fd4aca4a6271a35c849fb04af
                                                                                              • Instruction ID: 48d1548ce1e6ebc5c2a27cab5b9e345949e07f61dba3ac79fc42b0b1d037f52b
                                                                                              • Opcode Fuzzy Hash: 019590ad0115f10e951c560004b76864ab1ec08fd4aca4a6271a35c849fb04af
                                                                                              • Instruction Fuzzy Hash: D3C1AC73E14B808AF712CB79D4413ED7761F7997A8F105315EB9827AAADB78C285C340
                                                                                              Function 00000001400422D0 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 0000000140042359
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                                                                                              • API String ID: 0-1713319389
                                                                                              • Opcode ID: 1eee20377743313037e87dfd3250b9e477803adeff44f7471b4d9c7a36738e30
                                                                                              • Instruction ID: 925d489703091ca12576b7202d7096703c3c39e77b84180031faccdb0c752408
                                                                                              • Opcode Fuzzy Hash: 1eee20377743313037e87dfd3250b9e477803adeff44f7471b4d9c7a36738e30
                                                                                              • Instruction Fuzzy Hash: 6741E2736196E04AD702CB3A84113BD7FB1E36AB88F5D8162EBD487756CA3DC216D710
                                                                                              Function 00000001400283D0 Relevance: .8, Instructions: 795COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b9b8fdb5bbf29e83ba46770476c642bc1a2f153b56793c0f77b40a01b05bd800
                                                                                              • Instruction ID: 6fd620c9e0f5bedb9f15f85c158c24cad8e7168b1e25cee419643e3ff8d0de5b
                                                                                              • Opcode Fuzzy Hash: b9b8fdb5bbf29e83ba46770476c642bc1a2f153b56793c0f77b40a01b05bd800
                                                                                              • Instruction Fuzzy Hash: A9A2A536615FC88AD7418FAAEC8129D73BAF7487A8B101629EFCC57F19EBB4C1548740
                                                                                              Function 0000000140025520 Relevance: .8, Instructions: 792COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c1804191905474db3806b1d037f893adb2ed77d66bc4beb4581f85d947f7d520
                                                                                              • Instruction ID: e41204705a852172ae2b054ded55e2618ca728897cf866b669b185b485851132
                                                                                              • Opcode Fuzzy Hash: c1804191905474db3806b1d037f893adb2ed77d66bc4beb4581f85d947f7d520
                                                                                              • Instruction Fuzzy Hash: 1192A432915BC88AD7718F25E8813DAB7A8F79D788F505315EACC26B19EB78C394C704
                                                                                              Function 000000014003CF60 Relevance: .7, Instructions: 715COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2092706473517ea0c366690d6f38e16538b21e80869a88610edc27ebe7c2e44b
                                                                                              • Instruction ID: c63deb447e546a620d84dd5bda6f133db35409457661ed0a61920c8a1f25ac83
                                                                                              • Opcode Fuzzy Hash: 2092706473517ea0c366690d6f38e16538b21e80869a88610edc27ebe7c2e44b
                                                                                              • Instruction Fuzzy Hash: 4D723B72615BC489EB22CB6AE8413DE73A1F78D798F505316EB9C57BA9DB78C240C700
                                                                                              Function 00007FF73F6F5066 Relevance: .4, Instructions: 381COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 786666a9a54f52a190c473ee7ae8493f2f49a3a75754473c15ce5d98129577dd
                                                                                              • Instruction ID: acf2239ea0ec55d5e7ff13cb3d72bbfc6c9514b8f3c0d92eef2f481707e631ec
                                                                                              • Opcode Fuzzy Hash: 786666a9a54f52a190c473ee7ae8493f2f49a3a75754473c15ce5d98129577dd
                                                                                              • Instruction Fuzzy Hash: 8DE10633A297E1DAE75D8A29C8103BD6BA6F780788F448035DE5E87794CE3DE901DB10
                                                                                              Function 00007FF73F6F50F7 Relevance: .4, Instructions: 375COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2b9b08f864ebc6cba58c8e1870d8bcf31582010cfed26ac9fcba16b337000063
                                                                                              • Instruction ID: a30c3c3fa6279da49d714de95ea3403fcd0cc7c81922ca9a439c8d5ef493e41d
                                                                                              • Opcode Fuzzy Hash: 2b9b08f864ebc6cba58c8e1870d8bcf31582010cfed26ac9fcba16b337000063
                                                                                              • Instruction Fuzzy Hash: 9FE11773A296D1DAF75D8A28C8113BD6BA6F740788F488035DE5E87784CE3DE941D710
                                                                                              Function 00000001400566A0 Relevance: .4, Instructions: 361COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ff8ff783da37649173626c7f7158936b22345755ff077d27462f74136c1878ba
                                                                                              • Instruction ID: dafb699e495c2d652fdf687402d44136577feb28b99791e9de0fcf84d8cf050a
                                                                                              • Opcode Fuzzy Hash: ff8ff783da37649173626c7f7158936b22345755ff077d27462f74136c1878ba
                                                                                              • Instruction Fuzzy Hash: 4AC126737246A487EB56CF66D9447A9B762F3D8BD0F45C120EF4A17B98DA39C806CB00
                                                                                              Function 0000000140006610 Relevance: .3, Instructions: 346COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 580023e57457b16ea408328f40b5758b718534400140a22a5eb7bf246391415f
                                                                                              • Instruction ID: f932bca1567ff62eeda4dcee26db571784017181178d686ac3c3edb1d849f5a3
                                                                                              • Opcode Fuzzy Hash: 580023e57457b16ea408328f40b5758b718534400140a22a5eb7bf246391415f
                                                                                              • Instruction Fuzzy Hash: 8912D532619FC88AE7718F29E84139AB3A4F78D788F505315EACC57B59EB38C254CB04
                                                                                              Function 000000014002F1C0 Relevance: .3, Instructions: 344COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5b9bb14f3e6f81c4ca495dde812bac6ba233e40ca319bd20837c8fef78df23bb
                                                                                              • Instruction ID: e07ed76bf420f18a3300aa9c3de6e5b31a1f1c5e762ac490d9d2e64e7d0a15f4
                                                                                              • Opcode Fuzzy Hash: 5b9bb14f3e6f81c4ca495dde812bac6ba233e40ca319bd20837c8fef78df23bb
                                                                                              • Instruction Fuzzy Hash: FAF13D72A14F848AEB218B6AE44139D77A0F78C7A8F104315FFDC57BA9EB78C5908700
                                                                                              Function 000000014002F8B0 Relevance: .3, Instructions: 336COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 079b1f84be3b535fe92e849f67de76fb46ce780e6d9d242d08bacea83d607d2a
                                                                                              • Instruction ID: 614a0e38fa03bb51f17c49afeebedabe0e1bc579e2cfbe1b67cf751655d23a82
                                                                                              • Opcode Fuzzy Hash: 079b1f84be3b535fe92e849f67de76fb46ce780e6d9d242d08bacea83d607d2a
                                                                                              • Instruction Fuzzy Hash: 6DF13D32614F888AEB618B6AE44139D77A5F78C7A8F104315FFDC57BA9EB78C1908700
                                                                                              Function 000000014006FDB0 Relevance: .3, Instructions: 323COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 655795ea1ab5a198988e0e408986396b56164b6074d6943c6ab19582f79ef5f0
                                                                                              • Instruction ID: 2b51c44eea14fc37d7107aa0c263fd063001c5382bdfa568941b80e1dab965f9
                                                                                              • Opcode Fuzzy Hash: 655795ea1ab5a198988e0e408986396b56164b6074d6943c6ab19582f79ef5f0
                                                                                              • Instruction Fuzzy Hash: D5C1C3B3A146948BE355CF2DD401A5D7BA0F398B84F40A629EF56C3B01E778D9A5CF80
                                                                                              Function 0000000140026510 Relevance: .3, Instructions: 314COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 58385eaf4bb05c4dd650fe9c3293d5d132ea8d53e59e9018c70652c9bfdaf018
                                                                                              • Instruction ID: 244b888381bb05f69ebf8f4e9bd995f9f910602567c472218c583180e57d9a4c
                                                                                              • Opcode Fuzzy Hash: 58385eaf4bb05c4dd650fe9c3293d5d132ea8d53e59e9018c70652c9bfdaf018
                                                                                              • Instruction Fuzzy Hash: 5002D532915BC489D7228F79E8413D977A4F7AD788F105215EACC2BB69EBB4C294C700
                                                                                              Function 0000000140098C34 Relevance: .3, Instructions: 309COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
                                                                                              • String ID:
                                                                                              • API String ID: 4023145424-0
                                                                                              • Opcode ID: 322595ec12f5de06c83f20879fba4a9b345772d0caa38136a1763f2217a78fe8
                                                                                              • Instruction ID: b5ce25ed971178a8560dd956dd38226f245c9be8c7f91d869d0a31216916f6ec
                                                                                              • Opcode Fuzzy Hash: 322595ec12f5de06c83f20879fba4a9b345772d0caa38136a1763f2217a78fe8
                                                                                              • Instruction Fuzzy Hash: F5C1C37630068085EB729B6798107EA27A5F79CBC8F405126FF9987BE9DB39C545CB00
                                                                                              Function 00000001400958D0 Relevance: .3, Instructions: 285COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 29683b013f8ac11bc27aba6a7a5ac6f6d500d56baa688bda10aee56a2ac3d60c
                                                                                              • Instruction ID: 465f10b081ef39a0b0b1c53d0cacc2ad0859e40d3fe0f7fe3d6722f3564e7983
                                                                                              • Opcode Fuzzy Hash: 29683b013f8ac11bc27aba6a7a5ac6f6d500d56baa688bda10aee56a2ac3d60c
                                                                                              • Instruction Fuzzy Hash: 51C1ED72600A448AEB2AEF2BD5907AD3BA0F74DBD9F244215EF09477E5DB35C845C740
                                                                                              Function 0000000140095044 Relevance: .2, Instructions: 247COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 961d3e7eb4dbe1c42d41fae25b585760f3c2351026af9e0dc6bb8535c2ebc898
                                                                                              • Instruction ID: 433a43793d0fd8ab36007aa4d7fe533c1ff53295d67e0e1ac9a18f63f2ac8bad
                                                                                              • Opcode Fuzzy Hash: 961d3e7eb4dbe1c42d41fae25b585760f3c2351026af9e0dc6bb8535c2ebc898
                                                                                              • Instruction Fuzzy Hash: DEB14972114B8486EB669F3BD0903AC3FB4E34EBC9F284116EB8A477A5DB76C541C741
                                                                                              Function 0000000140097060 Relevance: .2, Instructions: 207COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                              • String ID:
                                                                                              • API String ID: 3215553584-0
                                                                                              • Opcode ID: 785bb13fe01c7cf8ebae0a68e8c88eb6843a3380ff6b94b7bcfacfe4a0d1ed08
                                                                                              • Instruction ID: 6e5082cd8b268532cbb99ed60f7a63936767c33c1d27f6c0316509795a6a3248
                                                                                              • Opcode Fuzzy Hash: 785bb13fe01c7cf8ebae0a68e8c88eb6843a3380ff6b94b7bcfacfe4a0d1ed08
                                                                                              • Instruction Fuzzy Hash: C681AF73210A5486EB66CF6AC4917AD23A0F788BE8F148616FF6E977A5DF34C041C300
                                                                                              Function 0000000140006D20 Relevance: .2, Instructions: 203COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4e8cb9989ebccae2b4934454dacc3e473b3a3bc5e9d1377eb956669a5a9cd281
                                                                                              • Instruction ID: 9780cdb29e3349499c479d8be2a81b7db5d3ca83ef343859d757ae583d6a04ef
                                                                                              • Opcode Fuzzy Hash: 4e8cb9989ebccae2b4934454dacc3e473b3a3bc5e9d1377eb956669a5a9cd281
                                                                                              • Instruction Fuzzy Hash: 47B1F532915FC88AD7118FB9E840299B7B5F7997A8F145315EB8C23F69EB74C154C700
                                                                                              Function 00000001400BE2CC Relevance: .2, Instructions: 183COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                              • String ID:
                                                                                              • API String ID: 3215553584-0
                                                                                              • Opcode ID: 4f2b32ed55bdf8b9409e071c7d5cdb246953037830da7258260c434281152d86
                                                                                              • Instruction ID: 62c3ae1a8ba796245f779a7eafcc6816095e680672ad2dd835c437fa63b3ffdc
                                                                                              • Opcode Fuzzy Hash: 4f2b32ed55bdf8b9409e071c7d5cdb246953037830da7258260c434281152d86
                                                                                              • Instruction Fuzzy Hash: D1610532714ED042F77A8EAB84447ED66E0A7487F4F184629FB268BBE5E779C8008701
                                                                                              Function 00000001400701F0 Relevance: .2, Instructions: 174COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8564914535ee6488183395aa034df85c3b96b43cc627a35cfc23d0d483c1855f
                                                                                              • Instruction ID: 83fa40dff9d8fddf4d6748226ff835bf0cb44efe09f0f7ba020bf552d73a8b03
                                                                                              • Opcode Fuzzy Hash: 8564914535ee6488183395aa034df85c3b96b43cc627a35cfc23d0d483c1855f
                                                                                              • Instruction Fuzzy Hash: F361DD2321E2C48BD30EDF7C589106D7F61D3A7908788469DEA85EBB4BC514C91ACBA6
                                                                                              Function 0000000140078230 Relevance: .2, Instructions: 156COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 08e682c8f50e6a31ebca66eccf7bc014078cfb37ed238d168109819e35b8cd79
                                                                                              • Instruction ID: 9a4fdff203fbe54daeaddf10faee8f19fa0e998406d0747606889806d72ffd80
                                                                                              • Opcode Fuzzy Hash: 08e682c8f50e6a31ebca66eccf7bc014078cfb37ed238d168109819e35b8cd79
                                                                                              • Instruction Fuzzy Hash: 1151E4A3B0568443DB248B49F842B96F7A5FB987C5F00A126EE8D57B68EB3CD5818700
                                                                                              Function 00000001400945F8 Relevance: .1, Instructions: 145COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                                                                                              • Instruction ID: bda84b1824013184e901044c9162f89eb6971486f0d8fdd93b231d5c991db21e
                                                                                              • Opcode Fuzzy Hash: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                                                                                              • Instruction Fuzzy Hash: F151B176224A5486EB268F2AC040BA977A1E74EFECF288111EF48577B4D736DC53C780
                                                                                              Function 00000001400947FC Relevance: .1, Instructions: 145COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
                                                                                              • Instruction ID: 56bc9dfee9c9d62c56348c85dc09ea7561f76258268a6931bf9dbce5217b3057
                                                                                              • Opcode Fuzzy Hash: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
                                                                                              • Instruction Fuzzy Hash: 84518036614A9086EB268F2AC050BAE37A0E34DFD8F248115EF89577B5CB36DC53C780
                                                                                              Function 0000000140094A00 Relevance: .1, Instructions: 145COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                                                                                              • Instruction ID: a34930b951578ab82af46aba38902a78245f96a6eb1497d8605a08631e040099
                                                                                              • Opcode Fuzzy Hash: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                                                                                              • Instruction Fuzzy Hash: 36518C36610A6086E7368B2AC050BAD37A1E38DFD8F294111EF49577B9DB36DC53C784
                                                                                              Function 00007FF73F718108 Relevance: .1, Instructions: 145COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e46230d8c0bb23a9b26f12389beaf27d8e9063d4bba2e4d98de2a57eaa924be5
                                                                                              • Instruction ID: 8d38e868b1c21ba05c995b2914017910481c4a7e1d1babdce588d5eff0694ca7
                                                                                              • Opcode Fuzzy Hash: e46230d8c0bb23a9b26f12389beaf27d8e9063d4bba2e4d98de2a57eaa924be5
                                                                                              • Instruction Fuzzy Hash: 5851D63BA14E9196F7299B28D1442B873A0EB49B98FE44135CE4C17794CB3EF846E750
                                                                                              Function 00000001400A9EA0 Relevance: .1, Instructions: 126COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ErrorFreeHeapLast
                                                                                              • String ID:
                                                                                              • API String ID: 485612231-0
                                                                                              • Opcode ID: 8fbae818eea1d914da60437b7a5c964747a04bdd4ff824fbc22ee65c1649dd6a
                                                                                              • Instruction ID: 622d658bb579463342a60eb88acdba3291ff192c6105db1b9149c96326d0f966
                                                                                              • Opcode Fuzzy Hash: 8fbae818eea1d914da60437b7a5c964747a04bdd4ff824fbc22ee65c1649dd6a
                                                                                              • Instruction Fuzzy Hash: 5741BE72310A5486EF04CF6BD9147A9B3A1B35CFD0F599126EF0D97BA8DA7DC0828700
                                                                                              Function 00000001400D2008 Relevance: .0, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 65fcb47a17adf94f373ff647ddafb07328eb1c747429ddd71517b78256354565
                                                                                              • Instruction ID: 2ac5b8604f8082e3b301dca745a97aeb38b0fb8bcd962e4c35fbf8d2e483cc53
                                                                                              • Opcode Fuzzy Hash: 65fcb47a17adf94f373ff647ddafb07328eb1c747429ddd71517b78256354565
                                                                                              • Instruction Fuzzy Hash: BBF0CDBBA1D7D05AF35356250C7E3CC2FA19BBABA2F8D804AAB40835E394560C07D261
                                                                                              Function 00000001400D22D8 Relevance: .0, Instructions: 24COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d53a79903260b7a4f0e6c71e7ffc168a0f2adb2b336afcda935cdf6e025e0c2f
                                                                                              • Instruction ID: a97666989a6c50524937c3b4f7cf11007b280822b607ed7aeea63bb8bdf8f352
                                                                                              • Opcode Fuzzy Hash: d53a79903260b7a4f0e6c71e7ffc168a0f2adb2b336afcda935cdf6e025e0c2f
                                                                                              • Instruction Fuzzy Hash: 95F030B7A5FFD006F3A395260E7A39C2ED29BB9745F1E404AAB44031D3F4151C055231
                                                                                              Function 00000001400D2398 Relevance: .0, Instructions: 15COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2210f077ef86c7bf4614ea0c37c8164b564742ed14eb5f7aa46d453aca7d6b85
                                                                                              • Instruction ID: 2104ec59a4dc49f82b8982bc21a3bd57277665e00a15ef369f3c2076de0706b5
                                                                                              • Opcode Fuzzy Hash: 2210f077ef86c7bf4614ea0c37c8164b564742ed14eb5f7aa46d453aca7d6b85
                                                                                              • Instruction Fuzzy Hash: 89E04FA7A4DBC019F31742610C3F74C1ED15B7AB11F4D809F9784036E3B45D6D018321
                                                                                              Function 00000001400D22C8 Relevance: .0, Instructions: 5COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bf1b8df624b78c9f13672db90697f33a184046833f8e29593a1d8da03b41296a
                                                                                              • Instruction ID: 3e52525d39e57bbbd7167a3d2a5026f39e520ea7036a62e7442895414421d68b
                                                                                              • Opcode Fuzzy Hash: bf1b8df624b78c9f13672db90697f33a184046833f8e29593a1d8da03b41296a
                                                                                              • Instruction Fuzzy Hash: 7DA002DBE99384ABCB1609700CE14E91F1679B2900395505EE351D33D3BC8D0A0B9522
                                                                                              Function 00000001400D26E0 Relevance: .0, Instructions: 5COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a42a01495bc10c92585e70db87d9dd7e84e2cd6d90333ee8a624f4433841b9f2
                                                                                              • Instruction ID: fc375e107b753bca87d2e5f25e52953cf1a968f4214fa0c85e8a076f85c030cc
                                                                                              • Opcode Fuzzy Hash: a42a01495bc10c92585e70db87d9dd7e84e2cd6d90333ee8a624f4433841b9f2
                                                                                              • Instruction Fuzzy Hash: 10A01277308190C6F1030A1004093882750DB62740F89C040960003403C025040E8A10
                                                                                              Function 00000001400D2090 Relevance: .0, Instructions: 2COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f01a4154ba30de378ee8f3a0bf3b2dfb59d47392f9fc814d815bb3a6ccc76d7c
                                                                                              • Instruction ID: af3653673c9bae8fed5e00a7e40e93a6d893659c824e5b6b97dfa18919de230f
                                                                                              • Opcode Fuzzy Hash: f01a4154ba30de378ee8f3a0bf3b2dfb59d47392f9fc814d815bb3a6ccc76d7c
                                                                                              • Instruction Fuzzy Hash:
                                                                                              Function 000000014006ED30 Relevance: 28.7, APIs: 19, Instructions: 177processCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CloseHandle$Process32Token$InformationNextOpenProcess$ConvertCreateErrorFirstLastSnapshotStringToolhelp32
                                                                                              • String ID:
                                                                                              • API String ID: 3925315391-0
                                                                                              • Opcode ID: c152bcc0f857d81ff5647e8ddb4c180c87544070a640b5307595c1d27c25ffce
                                                                                              • Instruction ID: e76f1ebeb704c98237b583daf9801828aa5510d0b409167e4f846fc11401e4ad
                                                                                              • Opcode Fuzzy Hash: c152bcc0f857d81ff5647e8ddb4c180c87544070a640b5307595c1d27c25ffce
                                                                                              • Instruction Fuzzy Hash: 7E813736214B8082FB52CB66E8443AEA7A6FB98BD4F504125FF8947BA8DF78C545C700
                                                                                              Function 00000001400981FC Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Value$ErrorLast$Heap$AllocFree
                                                                                              • String ID:
                                                                                              • API String ID: 570795689-0
                                                                                              • Opcode ID: 039c9e09f7b0b479bda9def718700e7d12b289cc769761084de473972523203a
                                                                                              • Instruction ID: a80ce912e97d4204afe66bda0cdaff3348733f0b0512e2f52126cd6cd2ed238e
                                                                                              • Opcode Fuzzy Hash: 039c9e09f7b0b479bda9def718700e7d12b289cc769761084de473972523203a
                                                                                              • Instruction Fuzzy Hash: F5413E7060460082F97B637795527ED22925B8DBF0F588B28BF36577F6EE39D4114701
                                                                                              Function 0000000140074C60 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 159COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                              • String ID: bad locale name$false$true
                                                                                              • API String ID: 164343898-1062449267
                                                                                              • Opcode ID: ac14ec4081e7218eb524f80c83b8b839b3b5ebd962557539344c6cba77ef8f3b
                                                                                              • Instruction ID: b6042c49e0fdf50d421250a2f9291c072cfad1849c90b21f6164cabc77790bcf
                                                                                              • Opcode Fuzzy Hash: ac14ec4081e7218eb524f80c83b8b839b3b5ebd962557539344c6cba77ef8f3b
                                                                                              • Instruction Fuzzy Hash: C2712C32702B408AFB16DFB6D4503EC73B5FB98B98F044125AB4927BAADB38C511D345
                                                                                              Function 00007FF73F6DC070 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 199COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                              • String ID: -> $]: $ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                              • API String ID: 3668304517-65459876
                                                                                              • Opcode ID: f9529d1262f45794f893172a3fb2218e312ce632347a028db3db72a0b862267f
                                                                                              • Instruction ID: 0e121a8dc1a84aca59dad1badefd3aea2c9059c11104273cf964d5067333dba6
                                                                                              • Opcode Fuzzy Hash: f9529d1262f45794f893172a3fb2218e312ce632347a028db3db72a0b862267f
                                                                                              • Instruction Fuzzy Hash: 9691C033604AD5A5EB18EF29E4803EDA766EB84BC4F809132EA4E477E9CF2CD451D350
                                                                                              Function 000000014009BCE4 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AddressFreeLibraryProc
                                                                                              • String ID: api-ms-$ext-ms-
                                                                                              • API String ID: 3013587201-537541572
                                                                                              • Opcode ID: c6120ce6c378417c8061f2daa80316ce8b84504fe2d3d9dfde353b277e126bba
                                                                                              • Instruction ID: 8220be3b321e96a62fa523ccb547e2e55f12d4419ca12e8ad036c7b969c026eb
                                                                                              • Opcode Fuzzy Hash: c6120ce6c378417c8061f2daa80316ce8b84504fe2d3d9dfde353b277e126bba
                                                                                              • Instruction Fuzzy Hash: E641D231322A0082FA17DB27AA447D923A5BB5DBF0F494229FF19477B4EF38C4468300
                                                                                              Function 00007FF73F72610C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • FreeLibrary.KERNEL32(?,?,00007FF73F72696C,?,?,?,?,00007FF73F71FD41,?,?,?,?,00007FF73F70C688,?,?,?), ref: 00007FF73F726288
                                                                                              • GetProcAddress.KERNEL32(?,?,00007FF73F72696C,?,?,?,?,00007FF73F71FD41,?,?,?,?,00007FF73F70C688,?,?,?), ref: 00007FF73F726294
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressFreeLibraryProc
                                                                                              • String ID: api-ms-$ext-ms-
                                                                                              • API String ID: 3013587201-537541572
                                                                                              • Opcode ID: cebf85696f7496ba91beafcd6355927ac5a9610b08450431fdc6bf855b832028
                                                                                              • Instruction ID: b6db1146a277ab186ede59c0039424e54ccb7af76909f6aebc4e268a55fd032b
                                                                                              • Opcode Fuzzy Hash: cebf85696f7496ba91beafcd6355927ac5a9610b08450431fdc6bf855b832028
                                                                                              • Instruction Fuzzy Hash: F841F125B19A8A71EA2DAB16AC045F5A2D1FF49BD0FC84136DD0D87788EF3CF414A360
                                                                                              Function 0000000140075090 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81networkfileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Internet$CloseFileHandleOpenRead
                                                                                              • String ID: File Downloader
                                                                                              • API String ID: 4038090926-3631955488
                                                                                              • Opcode ID: d760029ad861ea7f7ea2ffc299629ee0db5f3c755485599aed123bc73a668a15
                                                                                              • Instruction ID: bfb265ce36db056b15d965d478bcbb8bb938d8e175729399c245ed9ae15a8519
                                                                                              • Opcode Fuzzy Hash: d760029ad861ea7f7ea2ffc299629ee0db5f3c755485599aed123bc73a668a15
                                                                                              • Instruction Fuzzy Hash: 0B314832214B8086EA229F26E8507DAB7A4FB99BC5F944115FF8943B68DFBCC5558B00
                                                                                              Function 00000001400932AC Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                              • String ID: f$p$p
                                                                                              • API String ID: 3215553584-1995029353
                                                                                              • Opcode ID: da133f4d1d1d50a9f8077a7ed93c78c5851a9c9ee1111e96f3e2a2a160aeb47c
                                                                                              • Instruction ID: e7fb270209fc59bed852ca4785643875915e0a9791c3c7e783b5d6bf283a1668
                                                                                              • Opcode Fuzzy Hash: da133f4d1d1d50a9f8077a7ed93c78c5851a9c9ee1111e96f3e2a2a160aeb47c
                                                                                              • Instruction Fuzzy Hash: C712907270824186FB269B57E0547FAB6A2F3887D4F988116F7D247AF4DB78D9808F10
                                                                                              Function 00007FF73F700030 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 131COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: __swprintf_l
                                                                                              • String ID: %%%u$%s@%u$<Reg-%u>?%u$@%s
                                                                                              • API String ID: 1488884202-156413795
                                                                                              • Opcode ID: 7fd671964039da7dbb8933364dd42fea94609a5ef2f2242c80f7015ed7fd2c49
                                                                                              • Instruction ID: 755bd18fa2f742774d5667d1162bcf8503e04f95f0c92db96c33bb1d83bf36d0
                                                                                              • Opcode Fuzzy Hash: 7fd671964039da7dbb8933364dd42fea94609a5ef2f2242c80f7015ed7fd2c49
                                                                                              • Instruction Fuzzy Hash: 98512539A0C6E292E758A715E8003F8A761AF887E4FD40232DA6C477E9DF2DF581D711
                                                                                              Function 00000001400AABDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                              • String ID: CONOUT$
                                                                                              • API String ID: 3230265001-3130406586
                                                                                              • Opcode ID: 97ef1f90b5d1e549fd4d93c948d975b58c02b300c1de8e440893a5efab19f807
                                                                                              • Instruction ID: 8dadf6f5a56d60ecf8f81703174400bf42c957489f8d82f436bb4056bb13bce1
                                                                                              • Opcode Fuzzy Hash: 97ef1f90b5d1e549fd4d93c948d975b58c02b300c1de8e440893a5efab19f807
                                                                                              • Instruction Fuzzy Hash: 81116D31314A8086F7518B57E854399B3A0F7ADFE4F144224EF59877A4DF7CC8458740
                                                                                              Function 00000001400BB73C Relevance: 9.2, APIs: 6, Instructions: 239COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ByteCharMultiWide$CompareInfoString
                                                                                              • String ID:
                                                                                              • API String ID: 2984826149-0
                                                                                              • Opcode ID: f9110f350b147d39b824703678ab19b38572e061a31005d64d23ccef20f85515
                                                                                              • Instruction ID: e05c567637f5436f7b4e5854200c66fa704dbebf4f97f2e885f1cc2981a05130
                                                                                              • Opcode Fuzzy Hash: f9110f350b147d39b824703678ab19b38572e061a31005d64d23ccef20f85515
                                                                                              • Instruction Fuzzy Hash: B2A1AE72604B808BFB238FA394503ED76A5E758BE8F444621FB5907BE5DBB8CA45C301
                                                                                              Function 00000001400BB3DC Relevance: 9.2, APIs: 6, Instructions: 206COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ByteCharMultiStringWide
                                                                                              • String ID:
                                                                                              • API String ID: 2829165498-0
                                                                                              • Opcode ID: f91b7c4b2395b2fea06cc2c02e2e1cf9136a9b33eadb0f027fb768752b3ac841
                                                                                              • Instruction ID: c6cac4dc1e11ae01760347a2ab03accf4a59e7a90a541d43830e36e0be7f87f7
                                                                                              • Opcode Fuzzy Hash: f91b7c4b2395b2fea06cc2c02e2e1cf9136a9b33eadb0f027fb768752b3ac841
                                                                                              • Instruction Fuzzy Hash: CE81A072200B8087EB228F66E4407A977E5FB98BE8F544625FB5947BE9DB7CC941C700
                                                                                              Function 0000000140098374 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLastError.KERNEL32 ref: 0000000140098383
                                                                                              • FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,00000001400940D5,?,?,?,?,000000014009B584), ref: 00000001400983B9
                                                                                              • FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,00000001400940D5,?,?,?,?,000000014009B584), ref: 00000001400983E6
                                                                                              • FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,00000001400940D5,?,?,?,?,000000014009B584), ref: 00000001400983F7
                                                                                              • FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,00000001400940D5,?,?,?,?,000000014009B584), ref: 0000000140098408
                                                                                              • SetLastError.KERNEL32 ref: 0000000140098423
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Value$ErrorLast
                                                                                              • String ID:
                                                                                              • API String ID: 2506987500-0
                                                                                              • Opcode ID: 47747b4fce285073a0e2fe22e01b95934fc6c31783b87f6b8fd0ce1873d4bd80
                                                                                              • Instruction ID: bbf18a45137da7c412e4799e3a4da64e19dfec212c683a90e58579de2fbf9b7a
                                                                                              • Opcode Fuzzy Hash: 47747b4fce285073a0e2fe22e01b95934fc6c31783b87f6b8fd0ce1873d4bd80
                                                                                              • Instruction Fuzzy Hash: EC117C3070464082FA6AA7279A527ED62525F8CBF0F448728BF7657BF6DE38D4118700
                                                                                              Function 000000014002DB90 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 280COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: __std_exception_destroy$ApisFile__std_fs_code_page
                                                                                              • String ID: ", "$: "
                                                                                              • API String ID: 741338541-747220369
                                                                                              • Opcode ID: 183de0af4bf5c104e9fd460dc0e40e0f6bffd643279a52128d6833ebb1cca696
                                                                                              • Instruction ID: 3b435bcbca237dbda664ba81961a27016b3838a2af38c9f1768d018300258ce4
                                                                                              • Opcode Fuzzy Hash: 183de0af4bf5c104e9fd460dc0e40e0f6bffd643279a52128d6833ebb1cca696
                                                                                              • Instruction Fuzzy Hash: D0B19C72710A4095EB02EF66E0543ED33A1E758BC8F508526EF5D5BBAADF38C995C380
                                                                                              Function 000000014009F4D8 Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: _set_statfp
                                                                                              • String ID:
                                                                                              • API String ID: 1156100317-0
                                                                                              • Opcode ID: 5459f65f4676636fdc901623b58b7eba5cdeda63d87ce883b5aed9902fe8fe9f
                                                                                              • Instruction ID: 1710e1716973c1a313206f7d86182a13b7e1a4bcbe22680aceb670f7ee5c9dd1
                                                                                              • Opcode Fuzzy Hash: 5459f65f4676636fdc901623b58b7eba5cdeda63d87ce883b5aed9902fe8fe9f
                                                                                              • Instruction Fuzzy Hash: 8681C032118E8486F3739F37A5403FEA6A1AB5D7D8F154301BF5A275F5DB38C981A600
                                                                                              Function 000000014009843C Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • FlsGetValue.KERNEL32(?,?,?,000000014008F8AF,?,?,00000000,000000014008FB4A,?,?,?,?,-2891666E48DAA7FF,000000014008FAD6), ref: 000000014009845B
                                                                                              • FlsSetValue.KERNEL32(?,?,?,000000014008F8AF,?,?,00000000,000000014008FB4A,?,?,?,?,-2891666E48DAA7FF,000000014008FAD6), ref: 000000014009847A
                                                                                              • FlsSetValue.KERNEL32(?,?,?,000000014008F8AF,?,?,00000000,000000014008FB4A,?,?,?,?,-2891666E48DAA7FF,000000014008FAD6), ref: 00000001400984A2
                                                                                              • FlsSetValue.KERNEL32(?,?,?,000000014008F8AF,?,?,00000000,000000014008FB4A,?,?,?,?,-2891666E48DAA7FF,000000014008FAD6), ref: 00000001400984B3
                                                                                              • FlsSetValue.KERNEL32(?,?,?,000000014008F8AF,?,?,00000000,000000014008FB4A,?,?,?,?,-2891666E48DAA7FF,000000014008FAD6), ref: 00000001400984C4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Value
                                                                                              • String ID:
                                                                                              • API String ID: 3702945584-0
                                                                                              • Opcode ID: 64b21c8772d4c2280a2575dd52794ef6fbd465c186315b0bb9d8ae0d08d06aa7
                                                                                              • Instruction ID: f2c8a1394976aa572b4b3ea03ccc6eeb0867dee7737c87fc9a5fa4b79e45c8bc
                                                                                              • Opcode Fuzzy Hash: 64b21c8772d4c2280a2575dd52794ef6fbd465c186315b0bb9d8ae0d08d06aa7
                                                                                              • Instruction Fuzzy Hash: 7D118F7070424142FA7B9327AA527E961415F8C7F4F488729BF7A57BF6EE38D4118700
                                                                                              Function 0000000140046510 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 237COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: std::_$GetcollLocinfo::_Locinfo_ctorLockitLockit::_
                                                                                              • String ID: bad locale name
                                                                                              • API String ID: 1287851536-1405518554
                                                                                              • Opcode ID: 5948856726f2b840d409c5f4b733e0a6895806bfff6a98c357fa50f557e46ac7
                                                                                              • Instruction ID: 1e95a86128f9099804978c87e52d00bdd147c21b1a35b1dc1d98c486db94063a
                                                                                              • Opcode Fuzzy Hash: 5948856726f2b840d409c5f4b733e0a6895806bfff6a98c357fa50f557e46ac7
                                                                                              • Instruction Fuzzy Hash: E8916D32B01B808AFB16DFB6E4503EC3361EB48BC8F054525EB592BBAADE38C551C745
                                                                                              Function 00000001400BD3EC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                              • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                              • API String ID: 3215553584-1196891531
                                                                                              • Opcode ID: c93d0c80d14289c47e4e012ab7823fd63e1d2ef69c6c82be7162492af36b69b4
                                                                                              • Instruction ID: af4ea66b0387ae81521fdb9ec0db1dba4260a1699b29e9a64e2b7298754a3348
                                                                                              • Opcode Fuzzy Hash: c93d0c80d14289c47e4e012ab7823fd63e1d2ef69c6c82be7162492af36b69b4
                                                                                              • Instruction Fuzzy Hash: 2C816772A04E0086FB779FAB81903E9BBB0E319BC8F558017FB46972B5E339D8419751
                                                                                              Function 0000000140059E10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: __std_exception_destroy
                                                                                              • String ID: at line $, column
                                                                                              • API String ID: 2453523683-191570568
                                                                                              • Opcode ID: 40fa3857f4feaa950f825e08dbaba4dddf4bcda4851685c3f32437d1a4db4242
                                                                                              • Instruction ID: 42502781d1c54d23748bdc79e97fad415d38dffec936dd6b56aaefe9e0b9ea82
                                                                                              • Opcode Fuzzy Hash: 40fa3857f4feaa950f825e08dbaba4dddf4bcda4851685c3f32437d1a4db4242
                                                                                              • Instruction Fuzzy Hash: C951AF72A14B8081EA11DF1BE5813AEA761F79DBD0F104611FBA847BAADF39C591C740
                                                                                              Function 000000014002C910 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: std::_$GetctypeLocinfo::_Locinfo_ctorLockitLockit::_
                                                                                              • String ID: bad locale name
                                                                                              • API String ID: 1612978173-1405518554
                                                                                              • Opcode ID: 97a67ff78dc1c9865f5140c0fd7da35d8d9f7c34203690876748439388acebb1
                                                                                              • Instruction ID: 33dd21c51c2689faa17939b52d89de942c71b20a4f1dfe9de207af66e0059ef0
                                                                                              • Opcode Fuzzy Hash: 97a67ff78dc1c9865f5140c0fd7da35d8d9f7c34203690876748439388acebb1
                                                                                              • Instruction Fuzzy Hash: 68514836712B809AFB12CFA2D4903EC73B5EB49788F444029EF8927AA6DB34C955D345
                                                                                              Function 0000000140080F00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101registryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Open
                                                                                              • String ID: ?
                                                                                              • API String ID: 71445658-1684325040
                                                                                              • Opcode ID: 7a5dc59477f54229e9283b353c6fb504f914d1809cc60569f6f9725c42af7ce8
                                                                                              • Instruction ID: f59193fde31b12f16bc7eaa2e02e19e88690bfbb91d05c554e08d6fa694f4ae9
                                                                                              • Opcode Fuzzy Hash: 7a5dc59477f54229e9283b353c6fb504f914d1809cc60569f6f9725c42af7ce8
                                                                                              • Instruction Fuzzy Hash: 62419072618B8081EB51CB26F4803AEB7A1FBD97D4F105215FB9943AA9DF7CC194CB40
                                                                                              Function 00000001400B9520 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AddressHandleModuleProc
                                                                                              • String ID: GetTempPath2W$kernel32.dll
                                                                                              • API String ID: 1646373207-1846531799
                                                                                              • Opcode ID: 54cfff917e61736e637f3daaf4ede8ca0052c6a8694a4254edfc7bf5cdf1c370
                                                                                              • Instruction ID: 9fc1ad943f3150dd33a16686bf4c96b6565ef5c5b71d091d0fbab70fb06b86ed
                                                                                              • Opcode Fuzzy Hash: 54cfff917e61736e637f3daaf4ede8ca0052c6a8694a4254edfc7bf5cdf1c370
                                                                                              • Instruction Fuzzy Hash: B5E0E531300A4482EE0AAB12F9843AD2361FB9DBC5F589029EA0E07338DE3CC48B8310
                                                                                              Function 000000014006F480 Relevance: 6.5, APIs: 4, Instructions: 478COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Process32$CloseHandleImpersonateLoggedNextOpenProcessUser$CreateFirstRevertSelfSnapshotTokenToolhelp32
                                                                                              • String ID:
                                                                                              • API String ID: 1562318730-0
                                                                                              • Opcode ID: ffeadf0ee18f2bc84767736d888f0101608cd5a7807fc2781920c5c1b7914a63
                                                                                              • Instruction ID: 7d11138bed14001e9a20f972041504370d7828cd5a6dc1a633d7bac69a723ea5
                                                                                              • Opcode Fuzzy Hash: ffeadf0ee18f2bc84767736d888f0101608cd5a7807fc2781920c5c1b7914a63
                                                                                              • Instruction Fuzzy Hash: 3B22BE72614B8086FB029B7AD8543ED2762E7897E8F605601FB6D47AFADF78C481D700
                                                                                              Function 000000014009A888 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                              • String ID:
                                                                                              • API String ID: 2718003287-0
                                                                                              • Opcode ID: 523722e26ffa46449d979bd975143a43a29be3ae997596a7a20ff96f8c1017ee
                                                                                              • Instruction ID: f3305f2fb35918a2f3c8c79c53fe28da178ee17efa2ad8cf0b2b474e0742e1d1
                                                                                              • Opcode Fuzzy Hash: 523722e26ffa46449d979bd975143a43a29be3ae997596a7a20ff96f8c1017ee
                                                                                              • Instruction Fuzzy Hash: 31D1C172B14A848AE712CF6AD4403DC37B1F7597D8F058216EF5D9BBA9DA38C406C780
                                                                                              Function 000000014009B248 Relevance: 6.2, APIs: 4, Instructions: 218COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ConsoleErrorLastMode
                                                                                              • String ID:
                                                                                              • API String ID: 953036326-0
                                                                                              • Opcode ID: ff0b11da3eb5572d6ecf13898564005a102edae2abd8db21ab52748eeea9148d
                                                                                              • Instruction ID: 019394df496d6244afe94088924e8332af31b86073adac6f0fd0889a546c3440
                                                                                              • Opcode Fuzzy Hash: ff0b11da3eb5572d6ecf13898564005a102edae2abd8db21ab52748eeea9148d
                                                                                              • Instruction Fuzzy Hash: 4291DF72710A5085FB62DF6B95803ED3BA0F759BE8F544109FF4A67AA5CB38C882C700
                                                                                              Function 0000000140084220 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: EnvironmentInitStringStringsUnicode$Free
                                                                                              • String ID:
                                                                                              • API String ID: 2488768755-0
                                                                                              • Opcode ID: 9ef064dd6b1193a2e317814dba3e2b270db8320ab69c8f3d20a08b5252e84ce4
                                                                                              • Instruction ID: 6b9ce6490b8bf096a76cc6edd16765a6a462edb9d1c66785b7c6a6552cbab2ea
                                                                                              • Opcode Fuzzy Hash: 9ef064dd6b1193a2e317814dba3e2b270db8320ab69c8f3d20a08b5252e84ce4
                                                                                              • Instruction Fuzzy Hash: 12518A33A18B8482EB128F26E54039D7760F798BD4F599215EB9D03BA5DF78D2E1C700
                                                                                              Function 0000000140040120 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocalestd::locale::_
                                                                                              • String ID:
                                                                                              • API String ID: 3698853521-0
                                                                                              • Opcode ID: f70e8215099087a7998588726e142b4002e864ca88b967037f390683ad6cc197
                                                                                              • Instruction ID: ee8b44e1a8d000ea85175ec69280d0b0382f3ca686e1c441b6adcf2c9661376a
                                                                                              • Opcode Fuzzy Hash: f70e8215099087a7998588726e142b4002e864ca88b967037f390683ad6cc197
                                                                                              • Instruction Fuzzy Hash: 2F414632221B4086EA52DF56E8843DA73A4F78CB94F5A1626FB9D137B6DF38C442C704
                                                                                              Function 00000001400740C0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                                                              • String ID:
                                                                                              • API String ID: 1168246061-0
                                                                                              • Opcode ID: f751cf97cbdb91efc437d10692cdb5900781dee89e6afe037389110580d2090b
                                                                                              • Instruction ID: 30c30808b820496da014a0f67b9031e768b99412f5953b1f7616555f12768c5c
                                                                                              • Opcode Fuzzy Hash: f751cf97cbdb91efc437d10692cdb5900781dee89e6afe037389110580d2090b
                                                                                              • Instruction Fuzzy Hash: AF415932211A4081FB16EF56E8403DA6760F39DBE4F581221AB4907BB5DF3CC482C700
                                                                                              Function 0000000140074940 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                                                              • String ID:
                                                                                              • API String ID: 1168246061-0
                                                                                              • Opcode ID: 225fe1b72370eebaf99dac6ca4c61f0c7a8ae1283e1f422937767657019483ac
                                                                                              • Instruction ID: 97c136d5f850db9e315c0bebb449880c5f7bf93b077432cd676f4d7cd98b6770
                                                                                              • Opcode Fuzzy Hash: 225fe1b72370eebaf99dac6ca4c61f0c7a8ae1283e1f422937767657019483ac
                                                                                              • Instruction Fuzzy Hash: B6416732211A4086FB12DF67E4803DA67A0F38DBE4F181226AB9D077B9DF3CC4428710
                                                                                              Function 00000001400539F0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                                                              • String ID:
                                                                                              • API String ID: 1168246061-0
                                                                                              • Opcode ID: 268a738e79390acd07def2dc4d1be91678e0d7bbd421806bae9408622498fc9b
                                                                                              • Instruction ID: 41dfd7b2fb8d84404eb936995949f98a51f3a6e96fcf9b366ac91052ee80f0dd
                                                                                              • Opcode Fuzzy Hash: 268a738e79390acd07def2dc4d1be91678e0d7bbd421806bae9408622498fc9b
                                                                                              • Instruction Fuzzy Hash: 67414232214A4085FA26DB57E8543EA77A0F38DBE4F981626EB8D477B9DF39C442C700
                                                                                              Function 0000000140041DD0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                                                              • String ID:
                                                                                              • API String ID: 1168246061-0
                                                                                              • Opcode ID: deae80201b058b93dee9511eb23f4883bce05ec3d16f28b31309998fe1f492bf
                                                                                              • Instruction ID: 0f242aeb19428095b3b4ff121d4c6731f4f9a253452f0cd89c72cf864e8b8130
                                                                                              • Opcode Fuzzy Hash: deae80201b058b93dee9511eb23f4883bce05ec3d16f28b31309998fe1f492bf
                                                                                              • Instruction Fuzzy Hash: 1241583A214A4081FA26DF57E4403DAB7A0F78CBE4F590626BB9D477B9DF38C4428714
                                                                                              Function 00007FF73F6E8090 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1768044794.00007FF73F6D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73F6D0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1768025799.00007FF73F6D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F73B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768087766.00007FF73F75E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768225229.00007FF73F8FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1768246664.00007FF73F903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff73f6d0000_chelentano.jbxd
                                                                                              Similarity
                                                                                              • API ID: Virtual$AllocErrorInfoLastQuerySystem
                                                                                              • String ID:
                                                                                              • API String ID: 1049033158-0
                                                                                              • Opcode ID: c8704ef1a0a8b5c54b8508df02da92c122e1098ded75d4dee760d4b4c3904de0
                                                                                              • Instruction ID: 860cafb43deffea9ea2c55bf26acb8d7fef2e321822f4707db9fbfd599410cf7
                                                                                              • Opcode Fuzzy Hash: c8704ef1a0a8b5c54b8508df02da92c122e1098ded75d4dee760d4b4c3904de0
                                                                                              • Instruction Fuzzy Hash: 9F210222B18792D2EA189B21E7443F9A326BBA8FC0F985131DA4D07B54DE3DE580D790
                                                                                              Function 00000001400B9704 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ByteCharErrorLastMultiWide
                                                                                              • String ID:
                                                                                              • API String ID: 203985260-0
                                                                                              • Opcode ID: 885017ec562e008ced87b7a088d7b161d23e12804f5abb955417809e776ebcf4
                                                                                              • Instruction ID: 9972b83a7486bee005c6b6b5c859c20ef93431e596310c8a9094b598c6582069
                                                                                              • Opcode Fuzzy Hash: 885017ec562e008ced87b7a088d7b161d23e12804f5abb955417809e776ebcf4
                                                                                              • Instruction Fuzzy Hash: CA213B76628B84C7F3108F22E44435EB6B4F79DBD4F244128EB8957B65DB39C4018B40
                                                                                              Function 00000001400B9BF0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Handle$AddressAttributesCloseErrorFeatureFileLastModulePresentProcProcessor__std_fs_open_handle
                                                                                              • String ID:
                                                                                              • API String ID: 156590933-0
                                                                                              • Opcode ID: ab22cb6cb8c17ed70bd3674071cc7aa31663a6931c8f4e60418ec3b925b4023f
                                                                                              • Instruction ID: 98aa0997b70f6753b76d58248d923b420046d08a402e457cad8a9bd5db08d6d2
                                                                                              • Opcode Fuzzy Hash: ab22cb6cb8c17ed70bd3674071cc7aa31663a6931c8f4e60418ec3b925b4023f
                                                                                              • Instruction Fuzzy Hash: E8117331214E4046FB625FA7A4C43AA6AB1E79D7F0F145614BB7747AF6DA38C4418F00
                                                                                              Function 00000001400ADC18 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                              • String ID:
                                                                                              • API String ID: 2933794660-0
                                                                                              • Opcode ID: f06392d29159ea5021ae0933302a5494cfde722d0989828b5d6bd782ea4d1856
                                                                                              • Instruction ID: 0dd9dcacb845f48a253521ac83a2cca21c83a6a5bc2880636f7848e1445c12d8
                                                                                              • Opcode Fuzzy Hash: f06392d29159ea5021ae0933302a5494cfde722d0989828b5d6bd782ea4d1856
                                                                                              • Instruction Fuzzy Hash: 1F111532710B008AEB01CB62E8543A833A4F76DBA8F440E25EB6D877A4DF78C1A58350
                                                                                              Function 000000014002EAA0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 207COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: [json.exception.
                                                                                              • API String ID: 0-791563284
                                                                                              • Opcode ID: 1889b773349bea32aa7d986dba9e2e9a900f4de924c1d0c1589eb58619d75cfc
                                                                                              • Instruction ID: 05f359953e9b9669a5f2d794a8a924b0304dba2376285ed3a9963eee2ca0abb7
                                                                                              • Opcode Fuzzy Hash: 1889b773349bea32aa7d986dba9e2e9a900f4de924c1d0c1589eb58619d75cfc
                                                                                              • Instruction Fuzzy Hash: 2571E472B10B9085FB02CF7AD8513DD67A1E799BD4F544215EF5917BAADB78C482C300
                                                                                              Function 0000000140074EC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                              • String ID: bad locale name
                                                                                              • API String ID: 3988782225-1405518554
                                                                                              • Opcode ID: 5f7c07f400263df17817c2433d4bfbc2a694bf5eff58aac397ae8a98a7cc8488
                                                                                              • Instruction ID: 0ff5834fd7cccfed9dda83122226308b81dcbf88b767e808e74ea62672ff6e2c
                                                                                              • Opcode Fuzzy Hash: 5f7c07f400263df17817c2433d4bfbc2a694bf5eff58aac397ae8a98a7cc8488
                                                                                              • Instruction Fuzzy Hash: 9F51E932701A8089EB16DFB2D4903EC33A4FB59B88F444435FB4967AA6DF38C565D354
                                                                                              Function 0000000140054780 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                              • String ID: bad locale name
                                                                                              • API String ID: 3988782225-1405518554
                                                                                              • Opcode ID: c85f5f4d0835978807908d786877568eeda184a6032ef30fff5fd87d8d9f5d51
                                                                                              • Instruction ID: 19c40ac4ea62f52b551c1ca9be8750d2f0db8b92167cd4aa2704d10651e33b42
                                                                                              • Opcode Fuzzy Hash: c85f5f4d0835978807908d786877568eeda184a6032ef30fff5fd87d8d9f5d51
                                                                                              • Instruction Fuzzy Hash: 32512732702A809AEB16DFB2D4903EC33A4FB58788F444535FB4967AA6DF35C525D304
                                                                                              Function 00000001400A1068 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                              • String ID: ?
                                                                                              • API String ID: 1286766494-1684325040
                                                                                              • Opcode ID: ce26cdfa0ba9dc54c136b275a7ee5fff97ad7105a63be4f09223bdc61017f595
                                                                                              • Instruction ID: 2cd9a1539d554dc540e9a82de50cf858f681d5926ac85a2294fa0341e4b9f859
                                                                                              • Opcode Fuzzy Hash: ce26cdfa0ba9dc54c136b275a7ee5fff97ad7105a63be4f09223bdc61017f595
                                                                                              • Instruction Fuzzy Hash: 9B41C53260878446FB669B27F5117EA66A0E7E8BE4F144325FF5847AF5DA38C4C1CB00
                                                                                              Function 000000014009AF20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ErrorFileLastWrite
                                                                                              • String ID: U
                                                                                              • API String ID: 442123175-4171548499
                                                                                              • Opcode ID: 95c1b5a9b453dd21b53d1d3abd175e481a437f6821d85bbfa209bab1ceee3d57
                                                                                              • Instruction ID: 340f031495362eb345ed01b47deeee5cd32316c87f3800ea0841bef917583308
                                                                                              • Opcode Fuzzy Hash: 95c1b5a9b453dd21b53d1d3abd175e481a437f6821d85bbfa209bab1ceee3d57
                                                                                              • Instruction Fuzzy Hash: BC41A072214A4086EB219F66E4543EA77A1F798BD4F414121FF4E87BA4EB7CC441CB50
                                                                                              Function 00000001400AF198 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1766343157.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_140000000_chelentano.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ExceptionFileHeaderRaise
                                                                                              • String ID: csm
                                                                                              • API String ID: 2573137834-1018135373
                                                                                              • Opcode ID: 4d2c4101b9d2858735cfea5a09a2e9289d44dfdbc7b24173af3d04f9105eea82
                                                                                              • Instruction ID: 7a1b4bff0ea955f190068e43f7a33faa2e1f05678b2fca4cdbb4cbb64d7e996b
                                                                                              • Opcode Fuzzy Hash: 4d2c4101b9d2858735cfea5a09a2e9289d44dfdbc7b24173af3d04f9105eea82
                                                                                              • Instruction Fuzzy Hash: 9B11FB36214B8482EB628B16F44039977E5FB9CB94F584225EF8D07768DF3CC592CB00