Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Fortexternal.exe

Overview

General Information

Sample name:Fortexternal.exe
Analysis ID:1565319
MD5:9ea1cba0f5612a501df02b77bad76b1b
SHA1:0271a7fbe4bc14e3e9da7f86509b56689f09fad6
SHA256:bff256cd9e1eba31a2773edda9c514a6b544dea0b0accc52054a77c0f9117bef
Tags:exeuser-aachum
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Accesses Audio hardware information via COM
Contain functionality to detect virtual machines
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Found many strings related to Crypto-Wallets (likely being stolen)
Locky time evasion found (measures execution of CloseHandle and GetProcessHeap)
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes / dynamic malware analysis system (mutex check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Abnormal high CPU Usage
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to dynamically determine API calls
Contains functionality to enumerate device drivers
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • Fortexternal.exe (PID: 1164 cmdline: "C:\Users\user\Desktop\Fortexternal.exe" MD5: 9EA1CBA0F5612A501DF02B77BAD76B1B)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    Process Memory Space: Fortexternal.exe PID: 1164JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.Fortexternal.exe.18cd0a8a0c0.0.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-11-29T16:04:00.901494+010028032742Potentially Bad Traffic192.168.2.549704104.26.9.59443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: Fortexternal.exeAvira: detected
        Multi AV Scanner detection for submitted file
        Source: Fortexternal.exeReversingLabs: Detection: 13%
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Machine Learning detection for sample
        Source: Fortexternal.exeJoe Sandbox ML: detected
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_0000018CD0A05B00 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,CryptUnprotectData,0_2_0000018CD0A05B00
        Source: unknownHTTPS traffic detected: 104.26.9.59:443 -> 192.168.2.5:49704 version: TLS 1.2
        Source: Fortexternal.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: 4~C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb=55GCTL source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp
        Source: Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_0000018CD09E44B3 Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileA,type_info::_name_internal_method,type_info::_name_internal_method,0_2_0000018CD09E44B3
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_0000018CD0A7694C FindFirstFileExW,0_2_0000018CD0A7694C
        Source: Joe Sandbox ViewIP Address: 104.26.9.59 104.26.9.59
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49704 -> 104.26.9.59:443
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43Host: api.myip.com
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43Host: api.myip.com
        Source: global trafficDNS traffic detected: DNS query: api.myip.com
        Source: Fortexternal.exe, 00000000.00000003.3034655629.0000018CD242A000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD258B000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2098405327.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD2568000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2096279929.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: Fortexternal.exe, 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4472768495.0000018CD2150000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4470519625.0000018CCBC0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.myip.com/
        Source: Fortexternal.exe, 00000000.00000002.4470519625.0000018CCBC0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.myip.com/a
        Source: Fortexternal.exe, 00000000.00000002.4471755752.0000018CD0654000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.myip.com/x~
        Source: Fortexternal.exe, 00000000.00000003.2105850326.0000018CD25B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
        Source: Fortexternal.exe, 00000000.00000003.2105850326.0000018CD25B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
        Source: Fortexternal.exe, 00000000.00000003.3034655629.0000018CD242A000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD258B000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2098405327.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD2568000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2096279929.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: Fortexternal.exe, 00000000.00000003.3034655629.0000018CD242A000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD258B000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2098405327.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD2568000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2096279929.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
        Source: Fortexternal.exe, 00000000.00000003.3034655629.0000018CD242A000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD258B000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2098405327.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD2568000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2096279929.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: Fortexternal.exe, 00000000.00000003.2105850326.0000018CD25B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
        Source: Fortexternal.exe, 00000000.00000003.2105850326.0000018CD25B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
        Source: Fortexternal.exe, 00000000.00000003.3034655629.0000018CD242A000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD258B000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2098405327.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD2568000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2096279929.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: Fortexternal.exe, 00000000.00000003.3034655629.0000018CD242A000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD258B000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2098405327.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD2568000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2096279929.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: Fortexternal.exe, 00000000.00000003.3034655629.0000018CD242A000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD258B000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2098405327.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD2568000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2096279929.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage(Hold
        Source: Fortexternal.exe, 00000000.00000003.2105850326.0000018CD25B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
        Source: Fortexternal.exe, 00000000.00000003.2105850326.0000018CD25B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
        Source: Fortexternal.exe, 00000000.00000003.2105850326.0000018CD25B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
        Source: Fortexternal.exe, 00000000.00000003.3034655629.0000018CD242A000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD258B000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2098405327.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD2568000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2096279929.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
        Source: Fortexternal.exe, 00000000.00000003.3034655629.0000018CD242A000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD258B000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2098405327.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD2568000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2096279929.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
        Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
        Source: unknownHTTPS traffic detected: 104.26.9.59:443 -> 192.168.2.5:49704 version: TLS 1.2
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CF4970 OpenClipboard,MultiByteToWideChar,GlobalAlloc,GlobalLock,MultiByteToWideChar,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,CloseClipboard,0_2_00007FF7B9CF4970
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CF4970 OpenClipboard,MultiByteToWideChar,GlobalAlloc,GlobalLock,MultiByteToWideChar,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,CloseClipboard,0_2_00007FF7B9CF4970
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CF4820 OpenClipboard,GetClipboardData,CloseClipboard,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard,0_2_00007FF7B9CF4820
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D22F30 GetClientRect,QueryPerformanceCounter,GetForegroundWindow,ClientToScreen,SetCursorPos,GetCursorPos,ScreenToClient,GetKeyState,GetKeyState,GetKeyState,GetKeyState,0_2_00007FF7B9D22F30
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D23902 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,0_2_00007FF7B9D23902

        System Summary

        barindex
        PE file contains section with special chars
        Source: Fortexternal.exeStatic PE information: section name: ",aR
        Source: Fortexternal.exeStatic PE information: section name: b>bbb
        Source: Fortexternal.exeStatic PE information: section name: b&b+
        Source: C:\Users\user\Desktop\Fortexternal.exeProcess Stats: CPU usage > 49%
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D3F8A0 PostQuitMessage,GetWindowRect,SetWindowPos,NtdllDefWindowProc_A,0_2_00007FF7B9D3F8A0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D21EF00_2_00007FF7B9D21EF0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D2C0A00_2_00007FF7B9D2C0A0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D22F300_2_00007FF7B9D22F30
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D4030C0_2_00007FF7B9D4030C
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D216600_2_00007FF7B9D21660
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D228E00_2_00007FF7B9D228E0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CFAAF00_2_00007FF7B9CFAAF0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CE9AC00_2_00007FF7B9CE9AC0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D27A800_2_00007FF7B9D27A80
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CDCA100_2_00007FF7B9CDCA10
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D139E00_2_00007FF7B9D139E0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D0F9D00_2_00007FF7B9D0F9D0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CD89900_2_00007FF7B9CD8990
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CFD9400_2_00007FF7B9CFD940
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D18C900_2_00007FF7B9D18C90
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CE0BB00_2_00007FF7B9CE0BB0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CFEBC00_2_00007FF7B9CFEBC0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D1EF100_2_00007FF7B9D1EF10
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CFEE700_2_00007FF7B9CFEE70
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CF1E500_2_00007FF7B9CF1E50
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CEEE500_2_00007FF7B9CEEE50
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CFDDE00_2_00007FF7B9CFDDE0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CF0DC00_2_00007FF7B9CF0DC0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CF80F00_2_00007FF7B9CF80F0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CD9F900_2_00007FF7B9CD9F90
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D1CF700_2_00007FF7B9D1CF70
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CE72F00_2_00007FF7B9CE72F0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CFC2B00_2_00007FF7B9CFC2B0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D262900_2_00007FF7B9D26290
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CE72200_2_00007FF7B9CE7220
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CF02200_2_00007FF7B9CF0220
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D051F00_2_00007FF7B9D051F0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D211B00_2_00007FF7B9D211B0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D101300_2_00007FF7B9D10130
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D0C3F00_2_00007FF7B9D0C3F0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CDC3300_2_00007FF7B9CDC330
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D1E6800_2_00007FF7B9D1E680
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CE86300_2_00007FF7B9CE8630
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D156000_2_00007FF7B9D15600
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D125E00_2_00007FF7B9D125E0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D085E00_2_00007FF7B9D085E0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CF26000_2_00007FF7B9CF2600
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D239020_2_00007FF7B9D23902
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D6F9000_2_00007FF7B9D6F900
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CFE9100_2_00007FF7B9CFE910
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D0A8E00_2_00007FF7B9D0A8E0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CD98B00_2_00007FF7B9CD98B0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CF98900_2_00007FF7B9CF9890
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9CE27B00_2_00007FF7B9CE27B0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D097C00_2_00007FF7B9D097C0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D1F7400_2_00007FF7B9D1F740
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D007500_2_00007FF7B9D00750
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_0000018CD0A3B0800_2_0000018CD0A3B080
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_0000018CD0A769C00_2_0000018CD0A769C0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: String function: 00007FF7B9CEB1B0 appears 36 times
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: String function: 00007FF7B9D2B9D0 appears 54 times
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: String function: 00007FF7B9D47590 appears 40 times
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: String function: 00007FF7B9D7A838 appears 866 times
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: String function: 00007FF7B9D43350 appears 1052 times
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: String function: 00007FF7B9D28E60 appears 49 times
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: String function: 00007FF7B9D4B500 appears 49 times
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: String function: 00007FF7B9CF4B40 appears 40 times
        Source: Fortexternal.exeStatic PE information: Resource name: None type: DOS executable (COM)
        Source: Fortexternal.exeStatic PE information: Resource name: None type: DOS executable (COM)
        Source: Fortexternal.exeStatic PE information: Section: b>bbb ZLIB complexity 0.9987748329817159
        Source: classification engineClassification label: mal100.spyw.expl.evad.winEXE@1/1@1/1
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D27A80 GetLastError,FormatMessageW,LocalFree,GetLastError,FormatMessageW,LocalFree,00007FF8C0844BD0,GetLastError,GetLastError,FormatMessageW,LocalFree,GetLastError,FormatMessageW,LocalFree,GetLastError,GetLastError,FormatMessageW,LocalFree,0_2_00007FF7B9D27A80
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D292C0 GetDiskFreeSpaceExW,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,GetPhysicallyInstalledSystemMemory,0_2_00007FF7B9D292C0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_0000018CD09D6BC0 std::_Fac_node::_Fac_node,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,0_2_0000018CD09D6BC0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D2A000 CoInitialize,CoCreateInstance,CoCreateInstance,0_2_00007FF7B9D2A000
        Source: C:\Users\user\Desktop\Fortexternal.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\FQQLHUPB.htmJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeMutant created: \Sessions\1\BaseNamedObjects\MicrosoftVirtualPC7UserServiceMakeSureWe'reTheOnlyOneMutex
        Source: C:\Users\user\Desktop\Fortexternal.exeMutant created: \Sessions\1\BaseNamedObjects\Frz_State
        Source: C:\Users\user\Desktop\Fortexternal.exeMutant created: \Sessions\1\BaseNamedObjects\Sandboxie_SingleInstanceMutex_Control
        Source: C:\Users\user\Desktop\Fortexternal.exeMutant created: \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_Mutex1
        Source: C:\Users\user\Desktop\Fortexternal.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: Fortexternal.exe, 00000000.00000003.2880322518.0000018CD223F000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2402006304.0000018CD223F000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2104062133.0000018CD2240000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2211597592.0000018CD223F000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4472934292.0000018CD223F000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2143307795.0000018CD223F000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2274864289.0000018CD223F000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2268550621.0000018CD223F000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2198698411.0000018CD223F000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.3020733876.0000018CD223F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE visits(id INTEGER PRIMARY KEY AUTOINCREMENT,url INTEGER NOT NULL,visit_time INTEGER NOT NULL,from_visit INTEGER,external_referrer_url TEXT,transition INTEGER DEFAULT 0 NOT NULL,segment_id INTEGER,visit_duration INTEGER DEFAULT 0 NOT NULL,incremented_omnibox_typed_score BOOLEAN DEFAULT FALSE NOT NULL,opener_visit INTEGER,originator_cache_guid TEXT,originator_visit_id INTEGER,originator_from_visit INTEGER,originator_opener_visit INTEGER,is_known_to_sync BOOLEAN DEFAULT FALSE NOT NULL,consider_for_ntp_most_visited BOOLEAN DEFAULT FALSE NOT NULL);z
        Source: Fortexternal.exe, 00000000.00000002.4472895318.0000018CD218F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE server_card_metadata (id VARCHAR NOT NULL, use_count INTEGER NOT NULL DEFAULT 0, use_date INTEGER NOT NULL DEFAULT 0, billing_address_id VARCHAR);
        Source: Fortexternal.exe, 00000000.00000002.4474637994.0000018CD2537000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2095796153.0000018CD2410000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.3011985426.0000018CD23F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: Fortexternal.exeReversingLabs: Detection: 13%
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: d3d9.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: msvcp140.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: vcruntime140_1.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: wevtapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: vcruntime140_1.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: drprov.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: winsta.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: ntlanman.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: davclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: davhlpr.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: quartz.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: winmmbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: mmdevapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: devobj.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: ksuser.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: avrt.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: audioses.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: msacm32.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: midimap.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: resourcepolicyclient.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: dxcore.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: xinput1_4.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: inputhost.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32Jump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: Fortexternal.exeStatic PE information: Image base 0x140000000 > 0x60000000
        Source: Fortexternal.exeStatic file information: File size 1151019 > 1048576
        Source: Fortexternal.exeStatic PE information: Raw size of b>bbb is bigger than: 0x100000 < 0x10aa00
        Source: Fortexternal.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: 4~C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb=55GCTL source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp
        Source: Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp

        Data Obfuscation

        barindex
        Detected unpacking (changes PE section rights)
        Source: C:\Users\user\Desktop\Fortexternal.exeUnpacked PE file: 0.2.Fortexternal.exe.7ff7b9cd0000.1.unpack ",aR:EW;b>bbb:EW;Unknown_Section2:W; vs ",aR:ER;b>bbb:ER;Unknown_Section2:W;
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D223A0 QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,GetProcAddress,GetProcAddress,0_2_00007FF7B9D223A0
        Source: initial sampleStatic PE information: section where entry point is pointing to: b>bbb
        Source: Fortexternal.exeStatic PE information: section name: ",aR
        Source: Fortexternal.exeStatic PE information: section name: b>bbb
        Source: Fortexternal.exeStatic PE information: section name: b&b+
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_0000018CD0A17374 push ecx; iretd 0_2_0000018CD0A17375
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_0000018CD0A1760B push cs; ret 0_2_0000018CD0A1761C
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_0000018CD0A179A1 pushfd ; ret 0_2_0000018CD0A179A2
        Source: Fortexternal.exeStatic PE information: section name: b>bbb entropy: 7.999721295159668
        Source: C:\Users\user\Desktop\Fortexternal.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior

        Malware Analysis System Evasion

        barindex
        Accesses Audio hardware information via COM
        Source: C:\Users\user\Desktop\Fortexternal.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}Jump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\TreatAsJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\InprocServer32Jump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\InprocHandler32Jump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\InprocHandlerJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}Jump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\TreatAsJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\InprocServer32Jump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\InprocHandler32Jump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\InprocHandlerJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\LocalServer32Jump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\LocalServerJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}Jump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\ElevationJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}Jump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\TreatAsJump to behavior
        Contain functionality to detect virtual machines
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: VBoxSF VBoxGuest VBoxMouse 0_2_00007FF7B9D3CC55
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: VBOX_DEFAULT: disk = VBOX_DEFAULT: ram = VBOX_DEFAULT: less than windows 10 detected VBOX_DEFAULT: windows 10 detected VBOX_DEFAULT: windows 11 detected VBOX_DEFAULT: returned false due to lack of precondition spec comparisons 0_2_00007FF7B9D292C0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: VBoxTrayToolWndClass VBoxTrayToolWnd 0_2_00007FF7B9D298D0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: VMware- VMware VMware Fusion 0_2_00007FF7B9D3C810
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: vmware VMware 0_2_00007FF7B9D3CA00
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: HKLM\HARDWARE\ACPI\DSDT\VBOX__ HKLM\HARDWARE\ACPI\FADT\VBOX__ HKLM\HARDWARE\ACPI\RSDT\VBOX__ HKLM\SYSTEM\ControlSet001\Services\VBoxGuest HKLM\SYSTEM\ControlSet001\Services\VBoxMouse HKLM\SYSTEM\ControlSet001\Services\VBoxService HKLM\SYSTEM\ControlSet001\Services\VBoxService HKLM\SYSTEM\ControlSet001\Services\VBoxSF HKLM\SYSTEM\ControlSet001\Services\VBoxVideo VMware HKCU\SOFTWARE\VMware, Inc.\VMware Tools VMware HKLM\SOFTWARE\VMware, Inc.\VMware Tools VMware VMware VMware HKLM\SYSTEM\ControlSet001\Services\VMTools VMware VMware HKLM\SYSTEM\ControlSet001\Services\vmware VMware VMware VMware HKLM\SYSTEM\CurrentControlSet\Enum\IDE\CdRomNECVMWar_VMware_IDE_CD* VMware HKLM\SYSTEM\CurrentControlSet\Enum\IDE\CdRomNECVMWar_VMware_SATA_CD* VMware HKLM\SYSTEM\CurrentControlSet\Enum\IDE\DiskVMware_Virtual_IDE_Hard_Drive* VMware HKLM\SYSTEM\CurrentControlSet\Enum\IDE\DiskVMware_Virtual_SATA_Hard_Drive* VMware 0_2_00007FF7B9D289A0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: BOCHS_CPU: neither AMD or Intel detected, returned false BOCHS_CPU: technique 1 found Bochs BOCHS_CPU: technique 2 found Bochs 0_2_00007FF7B9D2AD10
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: qemu-ga.exe qemu-ga.exe QEMU QEMU 0_2_00007FF7B9D2BC60
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: QEMU Virtual CPU QEMU Virtual CPU QEMU QEMU 0_2_00007FF7B9D2AC70
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: QEMU QEMU QEMU_HDD: model = QEMU_HDD: model = 0_2_00007FF7B9D3D0B0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: C:\windows\System32\Drivers\VMToolsHook.dll C:\windows\System32\Drivers\VBoxMouse.sys C:\windows\System32\Drivers\VBoxGuest.sys C:\windows\System32\Drivers\VBoxSF.sys C:\windows\System32\Drivers\VBoxVideo.sys C:\windows\System32\vboxoglpackspu.dll C:\windows\System32\vboxoglpassthroughspu.dll C:\windows\System32\vboxservice.exe C:\windows\System32\vboxservice.exe C:\windows\System32\vboxoglcrutil.dll C:\windows\System32\vboxdisp.dll C:\windows\System32\vboxhook.dll C:\windows\System32\vboxmrxnp.dll C:\windows\System32\vboxogl.dll C:\windows\System32\vboxtray.exe C:\windows\System32\VBoxControl.exe C:\windows\System32\vboxoglerrorspu.dll C:\windows\System32\vboxoglfeedbackspu.dll c:\windows\system32\vboxoglarrayspu.dll vbox VM_FILES: vmware score: VM_FILES: vbox score: VMware 0_2_00007FF7B9D29000
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: qemu qemu vbox vmware QEMU QEMU 0_2_00007FF7B9D27FA0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: BOCHS Bochs Bochs QEMU QEMU VBOX VMware VMWARE vmware tools VMware* VMware SVGA* 0_2_00007FF7B9D2B220
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: qemu-ga qemu-ga QEMU QEMU 0_2_00007FF7B9D2A200
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: vboxservice.exe vboxservice.exe vboxtray.exe 0_2_00007FF7B9D2A350
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: vmware VMware 0_2_00007FF7B9D28880
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: VMwareVMware VBoxVBoxVBox VMware QEMU QEMU 0_2_00007FF7B9D25760
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: SOFTWARE\VMware, Inc.\VMware Tools VMWARE_REG: result = VMware 0_2_00007FF7B9D28770
        Contains functionality to detect hardware virtualization (CPUID execution measurement)
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D2AAD0 0_2_00007FF7B9D2AAD0
        Locky time evasion found (measures execution of CloseHandle and GetProcessHeap)
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D282B0 GetProcessHeap,CloseHandle,0_2_00007FF7B9D282B0
        Query firmware table information (likely to detect VMs)
        Source: C:\Users\user\Desktop\Fortexternal.exeSystem information queried: FirmwareTableInformationJump to behavior
        Tries to detect sandboxes / dynamic malware analysis system (mutex check)
        Source: C:\Users\user\Desktop\Fortexternal.exeMutex created: \Sessions\1\BaseNamedObjects\Sandboxie_SingleInstanceMutex_ControlJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeMutex created: \Sessions\1\BaseNamedObjects\Frz_StateJump to behavior
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: DIR_WATCH.DLL
        Source: Fortexternal.exeBinary or memory string: JOEBOXSERVER.EXE
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: QEMU-GA.EXE
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMUSRVC.EXE
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SBIEDLL.DLL
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: API_LOG.DLL
        Source: Fortexternal.exeBinary or memory string: JOEBOXCONTROL.EXE
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: XENSERVICE.EXE
        Source: C:\Users\user\Desktop\Fortexternal.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios\Data name: SMBiosDataJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios\Data name: AcpiDataJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D2AAD0 rdtsc 0_2_00007FF7B9D2AAD0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: GetCursorPos,Sleep,GetCursorPos,0_2_00007FF7B9D286C0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: K32EnumDeviceDrivers,K32GetDeviceDriverBaseNameA,00007FF8C6125630,00007FF8C6125630,0_2_00007FF7B9D3CC55
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: GetAdaptersInfo,0_2_00007FF7B9D7A088
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: GetAdaptersInfo,00007FF8C610F020,GetAdaptersInfo,00007FF8C610F020,0_2_00007FF7B9D283C0
        Source: C:\Users\user\Desktop\Fortexternal.exeWindow / User API: threadDelayed 5385Jump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeWindow / User API: foregroundWindowGot 1632Jump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-74047
        Source: C:\Users\user\Desktop\Fortexternal.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_0000018CD09E44B3 Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileA,type_info::_name_internal_method,type_info::_name_internal_method,0_2_0000018CD09E44B3
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_0000018CD0A7694C FindFirstFileExW,0_2_0000018CD0A7694C
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D2C470 GetSystemInfo,0_2_00007FF7B9D2C470
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: C:\windows\System32\Drivers\Vmmouse.sys
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VBoxMouse
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HYPER_X: added Hyper-V artifact VM
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\vmci
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VM_FILES: vmware score:
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: hyper-v
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SOFTWARE\Microsoft\VirtualMachine
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Hyper-V artifact (not an actual VM)
        Source: Fortexternal.exe, 00000000.00000002.4472768495.0000018CD2150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VBoxTrayToolWndClass
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\vmdebug
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\msvmmouf
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMware SVGA*
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\xenevtchn
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: c:\windows\system32\drivers\vpc-s3.sys
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SOFTWARE\VMware, Inc.\VMware Tools
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: C:\windows\System32\Drivers\VMToolsHook.dll
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMUSrvc.exe
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: C:\windows\System32\Drivers\VBoxMouse.sys
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ManufacturerSELECT * FROM Win32_BaseBoard. Error: Failed to open event log: Failed to query event log: EvtNext failed. Error: EvtRender failed. Error: VMID: qemukvmvirtualvboxvirtualboxmonitorhypervhypervisorhvisorparallelsvmwarematch = BRAND_KEYWORDS: matches:
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\VMMEMCTL
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\HARDWARE\ACPI\FADT\VBOX__
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: vmware
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\HARDWARE\ACPI\DSDT\VBOX__
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: c:\windows\system32\drivers\prlmouse.sys
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\xennet6
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\HARDWARE\ACPI\RSDT\VBOX__
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\vpc-s3
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: QEMU+KVM Hyper-V Enlightenment
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\CurrentControlSet\Enum\IDE\CdRomNECVMWar_VMware_IDE_CD*
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: c:\windows\system32\drivers\prleth.sys
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: C:\windows\System32\vboxmrxnp.dll
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\xensvc
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: C:\windows\System32\Drivers\vmhgfs.dll
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VBoxSF
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\vmware
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SOFTWARE\Microsoft\Hyper-V
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: C:\windows\System32\vboxservice.exe
        Source: Fortexternal.exe, 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: vmtoolsdvboxservicer
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\CurrentControlSet\Enum\IDE\DiskVMware_Virtual_IDE_Hard_Drive*
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\vmx86
        Source: Fortexternal.exe, 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: vmwareuser
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\xenvdb
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\VBoxSF
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: KVM Hyper-V Enlightenment
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\VBoxService
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: vboxtray
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: C:\windows\System32\Drivers\VBoxSF.sys
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\vmicheartbeat
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Microsoft Virtual PC/Hyper-V
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Xbox NanoVisor (Hyper-V)
        Source: Fortexternal.exe, 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: vmtoolsd
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: c:\windows\system32\drivers\vmsrvc.sys
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\xennet
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VBoxGuest
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: c:\windows\system32\drivers\prl_pv32.sys
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMware
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMware*
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: QEMU Virtual CPU
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HYPER_X: added Hyper-V real VM
        Source: Fortexternal.exe, 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: vboxservice
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: QEMU+KVM
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: vmusrvc.exe
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: QEMU_HDD: model =
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
        Source: Fortexternal.exe, 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: vboxtrayx64dbge
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\CurrentControlSet\Enum\IDE\CdRomNECVMWar_VMware_SATA_CD*
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: qemu-ga.exe
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMware-
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: \\.\VBoxMiniRdrDN
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\vmicexchange
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\vmicshutdown
        Source: Fortexternal.exe, 00000000.00000003.2087549124.0000018CD21C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2073909900.0000018CD21C0000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2090329014.0000018CD21C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2091902136.0000018CD21C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2092187920.0000018CD21C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4472934292.0000018CD21C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2093754124.0000018CD21C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: C:\windows\System32\vboxtray.exe
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VBoxTrayToolWnd
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMWARE
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Microsoft Hyper-V
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\VBoxMouse
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKCU\SOFTWARE\VMware, Inc.\VMware Tools
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Microsoft Azure Hyper-V
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: NETTITUDE_VM_MEMORY: Hyper-V detected
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: qemu-ga
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMWARE_REG: result =
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: C:\windows\System32\Drivers\vmGuestLib.dll
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMware ESX
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\VMTools
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMwareVMware
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: vmsrvc.exe
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: vboxservice.exe
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMware Workstation
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\vpcbus
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: vboxtray.exe
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: c:\windows\system32\drivers\prlvideo.sys
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: C:\windows\System32\Drivers\VBoxGuest.sys
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\vmmouse
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\CurrentControlSet\Enum\IDE\DiskVMware_Virtual_SATA_Hard_Drive*
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\vmicvss
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: vmware tools
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMware GSX
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMware Fusion
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMware Express
        Source: Fortexternal.exe, 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: vmwaretray
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
        Source: Fortexternal.exe, 00000000.00000003.2097449555.0000018CD252A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
        Source: Fortexternal.exe, 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: qemu-gaVGAuthServicevmwaretrays
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\vpcuhub
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: c:\windows\system32\drivers\prlfs.sys
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMSrvc.exe
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: C:\windows\System32\vboxhook.dll
        Source: Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HKLM\SYSTEM\ControlSet001\Services\VBoxGuest
        Source: Fortexternal.exe, 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: wiresharkvmwareuserf
        Source: Fortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: C:\windows\System32\Drivers\VmGuestLibJava.dll
        Source: C:\Users\user\Desktop\Fortexternal.exeSystem information queried: ModuleInformationJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D2AAD0 rdtsc 0_2_00007FF7B9D2AAD0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D7582C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7B9D7582C
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D223A0 QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,GetProcAddress,GetProcAddress,0_2_00007FF7B9D223A0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D282B0 GetProcessHeap,CloseHandle,0_2_00007FF7B9D282B0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D75A0C SetUnhandledExceptionFilter,0_2_00007FF7B9D75A0C
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D7A1C0 SetUnhandledExceptionFilter,0_2_00007FF7B9D7A1C0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D7582C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7B9D7582C
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D28330 cpuid 0_2_00007FF7B9D28330
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,GetProcAddress,GetProcAddress,0_2_00007FF7B9D223A0
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: GetKeyboardLayout,GetLocaleInfoA,0_2_00007FF7B9D23C5B
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: GetLocaleInfoA,0_2_00007FF7B9D7A260
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D75AB8 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7B9D75AB8
        Source: C:\Users\user\Desktop\Fortexternal.exeCode function: 0_2_00007FF7B9D28880 GetUserNameA,00007FF8C61AFA40,0_2_00007FF7B9D28880

        Stealing of Sensitive Information

        barindex
        Found many strings related to Crypto-Wallets (likely being stolen)
        Source: Fortexternal.exeString found in binary or memory: \Electrum\wallets
        Source: Fortexternal.exeString found in binary or memory: \ElectronCash\wallets
        Source: Fortexternal.exeString found in binary or memory: \com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
        Source: Fortexternal.exeString found in binary or memory: \Exodus\exodus.wallet
        Source: Fortexternal.exeString found in binary or memory: \Ethereum\keystore
        Source: Fortexternal.exeString found in binary or memory: Exodus Web
        Source: Fortexternal.exeString found in binary or memory: \Ethereum\keystore
        Source: Fortexternal.exeString found in binary or memory: \Coinomi\Coinomi\wallets
        Source: Fortexternal.exeString found in binary or memory: \Ethereum\keystore
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Users\user\Desktop\Fortexternal.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\prefs.jsJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Fortexternal.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
        Source: Yara matchFile source: 0.2.Fortexternal.exe.18cd0a8a0c0.0.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Fortexternal.exe PID: 1164, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
        Native API        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		1
        Deobfuscate/Decode Files or Information        		1
        OS Credential Dumping        		1
        System Time Discovery        		Remote Services1
        Archive Collected Data        		1
        Ingress Tool Transfer        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts3
        Obfuscated Files or Information        		1
        Input Capture        		1
        Account Discovery        		Remote Desktop Protocol2
        Data from Local System        		21
        Encrypted Channel        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)12
        Software Packing        		Security Account Manager1
        File and Directory Discovery        		SMB/Windows Admin Shares1
        Input Capture        		2
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        DLL Side-Loading        		NTDS135
        System Information Discovery        		Distributed Component Object Model3
        Clipboard Data        		13
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Masquerading        		LSA Secrets1
        Query Registry        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
        Virtualization/Sandbox Evasion        		Cached Domain Credentials651
        Security Software Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync21
        Virtualization/Sandbox Evasion        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem2
        Process Discovery        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
        Application Window Discovery        		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
        IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
        System Owner/User Discovery        		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
        Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
        System Network Configuration Discovery        		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Fortexternal.exe13%ReversingLabs
        Fortexternal.exe100%AviraHEUR/AGEN.1314582
        Fortexternal.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        api.myip.com
        		104.26.9.59
        		truefalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://api.myip.com/false
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://ac.ecosia.org/autocomplete?q=Fortexternal.exe, 00000000.00000003.3034655629.0000018CD242A000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD258B000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2098405327.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD2568000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2096279929.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://duckduckgo.com/chrome_newtabFortexternal.exe, 00000000.00000003.3034655629.0000018CD242A000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD258B000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2098405327.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD2568000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2096279929.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://duckduckgo.com/ac/?q=Fortexternal.exe, 00000000.00000003.3034655629.0000018CD242A000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD258B000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2098405327.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD2568000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2096279929.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpgFortexternal.exe, 00000000.00000003.2105850326.0000018CD25B7000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoFortexternal.exe, 00000000.00000003.3034655629.0000018CD242A000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD258B000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2098405327.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD2568000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2096279929.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgFortexternal.exe, 00000000.00000003.2105850326.0000018CD25B7000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usageFortexternal.exe, Fortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpfalse
                          		high
                          https://api.myip.com/x~Fortexternal.exe, 00000000.00000002.4471755752.0000018CD0654000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchFortexternal.exe, 00000000.00000003.3034655629.0000018CD242A000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD258B000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2098405327.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD2568000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2096279929.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiFortexternal.exe, 00000000.00000003.2105850326.0000018CD25B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&refFortexternal.exe, 00000000.00000003.2105850326.0000018CD25B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.Fortexternal.exe, 00000000.00000003.2105850326.0000018CD25B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Fortexternal.exe, 00000000.00000003.3034655629.0000018CD242A000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD258B000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2098405327.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD2568000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2096279929.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477Fortexternal.exe, 00000000.00000003.2105850326.0000018CD25B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Fortexternal.exe, 00000000.00000003.3034655629.0000018CD242A000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD258B000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2098405327.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD2568000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2096279929.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage(HoldFortexternal.exe, 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmpfalse
                                            		high
                                            https://www.ecosia.org/newtab/Fortexternal.exe, 00000000.00000003.3034655629.0000018CD242A000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD258B000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2098405327.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD2568000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2096279929.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://api.myip.com/aFortexternal.exe, 00000000.00000002.4470519625.0000018CCBC0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&ctaFortexternal.exe, 00000000.00000003.2105850326.0000018CD25B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=Fortexternal.exe, 00000000.00000003.3034655629.0000018CD242A000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD258B000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2098405327.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000002.4475737301.0000018CD2568000.00000004.00000020.00020000.00000000.sdmp, Fortexternal.exe, 00000000.00000003.2096279929.0000018CD24C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    104.26.9.59
                                                    		api.myip.comUnited States
                                                    		13335CLOUDFLARENETUSfalse

                                                    General Information

                                                    Joe Sandbox version:41.0.0 Charoite
                                                    Analysis ID:1565319
                                                    Start date and time:2024-11-29 16:03:04 +01:00
                                                    Joe Sandbox product:CloudBasic
                                                    Overall analysis duration:0h 8m 2s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                    Number of analysed new started processes analysed:4
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Sample name:Fortexternal.exe
                                                    Detection:MAL
                                                    Classification:mal100.spyw.expl.evad.winEXE@1/1@1/1
                                                    EGA Information:
                                                    • Successful, ratio: 100%
                                                    HCA Information:
                                                    • Successful, ratio: 94%
                                                    • Number of executed functions: 52
                                                    • Number of non-executed functions: 134
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .exe
                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                    Warnings

                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                    • VT rate limit hit for: Fortexternal.exe

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    10:04:37API Interceptor16851270x Sleep call for process: Fortexternal.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    104.26.9.59file.exeGet hashmaliciousUnknownBrowse
                                                      file.exeGet hashmaliciousLummaC, Ailurophile Stealer, Amadey, LummaC Stealer, StealcBrowse
                                                        ZoomInstaller.exeGet hashmaliciousUnknownBrowse
                                                          ZoomInstaller.exeGet hashmaliciousUnknownBrowse
                                                            file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC StealerBrowse
                                                              eSLlhErJ0q.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                iBO7gzlZr3.exeGet hashmaliciousLummaCBrowse
                                                                  5zFCjSBLvw.exeGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                                                                    FySc2FzpA8.exeGet hashmaliciousGo InjectorBrowse
                                                                      setup.exeGet hashmaliciousLummaC, Mars Stealer, PureLog Stealer, RedLine, Stealc, Stealerium, VidarBrowse

                                                                        Domains

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        api.myip.comfile.exeGet hashmaliciousUnknownBrowse
                                                                        • 104.26.9.59
                                                                        file.exeGet hashmaliciousAmadey, CryptbotBrowse
                                                                        • 172.67.75.163
                                                                        file.exeGet hashmaliciousAmadey, XWormBrowse
                                                                        • 172.67.75.163
                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                        • 104.26.8.59
                                                                        file.exeGet hashmaliciousLummaC, Ailurophile Stealer, Amadey, LummaC Stealer, StealcBrowse
                                                                        • 104.26.9.59
                                                                        file.exeGet hashmaliciousAilurophile StealerBrowse
                                                                        • 104.26.8.59
                                                                        installer.exeGet hashmaliciousUnknownBrowse
                                                                        • 172.67.75.163
                                                                        installer.exeGet hashmaliciousUnknownBrowse
                                                                        • 172.67.75.163
                                                                        installer.exeGet hashmaliciousUnknownBrowse
                                                                        • 172.67.75.163
                                                                        installer.exeGet hashmaliciousUnknownBrowse
                                                                        • 104.26.8.59

                                                                        ASNs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        CLOUDFLARENETUSsiveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                        • 104.26.12.205
                                                                        https://google.lk/url?q=ernie.grue@nationalmi.com&nationalmi.com&sa=t&url=amp/s/i--iy.s3.us-east-1.amazonaws.com/vocabulary.html#ZXJuaWUuZ3J1ZUBuYXRpb25hbG1pLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                        • 104.26.13.205
                                                                        file.ps1Get hashmaliciousLummaC StealerBrowse
                                                                        • 172.67.170.85
                                                                        IMG_1205 #U2014 ThingLink.htmlGet hashmaliciousUnknownBrowse
                                                                        • 104.18.41.175
                                                                        bUAmCazc.ps1Get hashmaliciousLummaC StealerBrowse
                                                                        • 172.67.170.85
                                                                        http://myhobbybuys.comGet hashmaliciousUnknownBrowse
                                                                        • 104.17.25.14
                                                                        https://29112024red01kamcjduq.z33.web.core.windows.netGet hashmaliciousTechSupportScamBrowse
                                                                        • 104.17.25.14
                                                                        http://antena1.rtp.ptGet hashmaliciousRATDispenserBrowse
                                                                        • 104.22.62.150
                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                        • 172.67.165.166
                                                                        https://herald-review.com/users/logout-success/?expire=1626371676&referer_url=http://209.159.152.50Get hashmaliciousHTMLPhisherBrowse
                                                                        • 104.17.25.14

                                                                        JA3 Fingerprints

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        37f463bf4616ecd445d4a1937da06e19siveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                        • 104.26.9.59
                                                                        file.exeGet hashmaliciousClipboard HijackerBrowse
                                                                        • 104.26.9.59
                                                                        file.exeGet hashmaliciousClipboard HijackerBrowse
                                                                        • 104.26.9.59
                                                                        pPLD6OSn7O.exeGet hashmaliciousUnknownBrowse
                                                                        • 104.26.9.59
                                                                        pPLD6OSn7O.exeGet hashmaliciousUnknownBrowse
                                                                        • 104.26.9.59
                                                                        0b3SUiWz3y.exeGet hashmaliciousUnknownBrowse
                                                                        • 104.26.9.59
                                                                        ww7Oxm9pwx.exeGet hashmaliciousUnknownBrowse
                                                                        • 104.26.9.59
                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                        • 104.26.9.59
                                                                        0b3SUiWz3y.exeGet hashmaliciousUnknownBrowse
                                                                        • 104.26.9.59
                                                                        ww7Oxm9pwx.exeGet hashmaliciousUnknownBrowse
                                                                        • 104.26.9.59

                                                                        Dropped Files

                                                                        No context

                                                                        Created / dropped Files

                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\FQQLHUPB.htm

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\Fortexternal.exe
                                                                        File Type:JSON data
                                                                        Category:dropped
                                                                        Size (bytes):57
                                                                        Entropy (8bit):4.3585198384225
                                                                        Encrypted:false
                                                                        SSDEEP:3:YMb1gXMlJ9eMfQxaNmGGL4:YMeX6uxaNmRL4
                                                                        MD5:E86153F34E01C5AED461F812D7472D86
                                                                        SHA1:CB4491FAC004B18059BA1BDDFE2CD5696CD94F87
                                                                        SHA-256:D174A4EFD5E9EAC12E0161D4C4A1D5C26122C4C5EA6A1BE49D7A277B535CB2DF
                                                                        SHA-512:CA8A07D9515808AC4331D1790F75C2A05672E299366DE0A0EE55698F8679B366428DFB18E8390FF034B58E3D0D05165F4C9EE8F7481B7509B51A18A84DF5F51B
                                                                        Malicious:false
                                                                        Reputation:low
                                                                        Preview:{"ip":"8.46.123.228","country":"United States","cc":"US"}

                                                                        Static File Info

                                                                        General

                                                                        File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                        Entropy (8bit):7.941678120775294
                                                                        TrID:
                                                                        • Win64 Executable GUI (202006/5) 93.51%
                                                                        • Win64 Executable (generic) (12005/4) 5.56%
                                                                        • DOS Executable Generic (2002/1) 0.93%
                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                        File name:Fortexternal.exe
                                                                        File size:1'151'019 bytes
                                                                        MD5:9ea1cba0f5612a501df02b77bad76b1b
                                                                        SHA1:0271a7fbe4bc14e3e9da7f86509b56689f09fad6
                                                                        SHA256:bff256cd9e1eba31a2773edda9c514a6b544dea0b0accc52054a77c0f9117bef
                                                                        SHA512:775c53b20545aa1a1dda4d6dcf24bdbb1de92e75732eac0cc2ee881340deaaac2f86aff0252caf45e1fe4f98431e86bdc8bfea00f61960c13edf70a2276997cd
                                                                        SSDEEP:24576:9kTa+r26m0APvncJ7GkTAW7lBgZH66tR5nXNAApPZ735AAoP:WTa+r2n0yvn07GET3L6L5XNAcB3iA0
                                                                        TLSH:7135122FF7D47761D921C0B3CAEB8749B3306265C2359F5B09C54E5FA19A40A7A8BF20
                                                                        File Content Preview:MZ......................@..1.01.UPX!._0x001ae48.........................!..L.!This program cannot be run in DOS mode....$.......7.posl.<sl.<sl.<z..<gl.<8..=ql.<c..=ul.<c..=wl.<c..=yl.<c..=Zl.<8..=ol.<T.e<pl.<sl.<.m.<8..={l.<8..<rl.<8..=rl.<Richsl.<.......

                                                                        File Icon

                                                                        Icon Hash:00928e8e8686b000

                                                                        Static PE Info

                                                                        General

                                                                        Entrypoint:0x140571bf0
                                                                        Entrypoint Section:b>bbb
                                                                        Digitally signed:false
                                                                        Imagebase:0x140000000
                                                                        Subsystem:windows gui
                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                        Time Stamp:0x6743617E [Sun Nov 24 17:25:18 2024 UTC]
                                                                        TLS Callbacks:
                                                                        CLR (.Net) Version:
                                                                        OS Version Major:6
                                                                        OS Version Minor:0
                                                                        File Version Major:6
                                                                        File Version Minor:0
                                                                        Subsystem Version Major:6
                                                                        Subsystem Version Minor:0
                                                                        Import Hash:28575fafb8c0c2a177285558e2945540

                                                                        Entrypoint Preview

                                                                        Instruction
                                                                        push ebx
                                                                        push esi
                                                                        push edi
                                                                        push ebp
                                                                        dec eax
                                                                        lea esi, dword ptr [FFEF6405h]
                                                                        dec eax
                                                                        lea edi, dword ptr [esi-00467000h]
                                                                        push edi
                                                                        mov eax, 0056F1A2h
                                                                        push eax
                                                                        dec eax
                                                                        mov ecx, esp
                                                                        dec eax
                                                                        mov edx, edi
                                                                        dec eax
                                                                        mov edi, esi
                                                                        mov esi, 00109BECh
                                                                        push ebp
                                                                        dec eax
                                                                        mov ebp, esp
                                                                        inc esp
                                                                        mov ecx, dword ptr [ecx]
                                                                        dec ecx
                                                                        mov eax, edx
                                                                        dec eax
                                                                        mov edx, esi
                                                                        dec eax
                                                                        lea esi, dword ptr [edi+02h]
                                                                        push esi
                                                                        mov al, byte ptr [edi]
                                                                        dec edx
                                                                        mov cl, al
                                                                        and al, 07h
                                                                        shr cl, 00000003h
                                                                        dec eax
                                                                        mov ebx, FFFFFD00h
                                                                        dec eax
                                                                        shl ebx, cl
                                                                        mov cl, al
                                                                        dec eax
                                                                        lea ebx, dword ptr [esp+ebx*2-00000E78h]
                                                                        dec eax
                                                                        and ebx, FFFFFFC0h
                                                                        push 00000000h
                                                                        dec eax
                                                                        cmp esp, ebx
                                                                        jne 00007FC800D6A6EBh
                                                                        push ebx
                                                                        dec eax
                                                                        lea edi, dword ptr [ebx+08h]
                                                                        mov cl, byte ptr [esi-01h]
                                                                        dec edx
                                                                        mov byte ptr [edi+02h], al
                                                                        mov al, cl
                                                                        shr cl, 00000004h
                                                                        mov byte ptr [edi+01h], cl
                                                                        and al, 0Fh
                                                                        mov byte ptr [edi], al
                                                                        dec eax
                                                                        lea ecx, dword ptr [edi-04h]
                                                                        push eax
                                                                        inc ecx
                                                                        push edi
                                                                        dec eax
                                                                        lea eax, dword ptr [edi+04h]
                                                                        inc ebp
                                                                        xor edi, edi
                                                                        inc ecx
                                                                        push esi
                                                                        inc ecx
                                                                        mov esi, 00000001h
                                                                        inc ecx
                                                                        push ebp
                                                                        inc ebp
                                                                        xor ebp, ebp
                                                                        inc ecx
                                                                        push esp
                                                                        push ebp
                                                                        push ebx
                                                                        dec eax
                                                                        sub esp, 48h
                                                                        dec eax
                                                                        mov dword ptr [esp+38h], ecx
                                                                        dec eax
                                                                        mov dword ptr [esp+20h], eax
                                                                        mov eax, 00000001h
                                                                        dec eax
                                                                        mov dword ptr [esp+40h], esi
                                                                        dec esp
                                                                        mov dword ptr [esp+30h], eax
                                                                        mov ebx, eax
                                                                        inc esp
                                                                        mov dword ptr [esp+2Ch], ecx
                                                                        movzx ecx, byte ptr [edi+02h]
                                                                        shl ebx, cl
                                                                        mov ecx, ebx

                                                                        Rich Headers

                                                                        Programming Language:
                                                                        • [IMP] VS2008 SP1 build 30729
                                                                        • [IMP] VS2005 build 50727

                                                                        Data Directories

                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x5808f40x700b&b+
                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x5730000xd8f4b&b+
                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x2af0000x6fa8",aR
                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x580ff40x20b&b+
                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x5727e00x28b>bbb
                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x5728100x140b>bbb
                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                        Sections

                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                        ",aR0x10000x4670000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                        b>bbb0x4680000x10b0000x10aa004159b5d554a59287fc68dd9009325fd8False0.9987748329817159ARC archive data, packed7.999721295159668IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                        b&b+0x5730000xf0000xe200d7bd3f996c1e76bb402bf61f4d2efad1False0.26581512721238937data3.949481025316456IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                        Resources

                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                        None0x5807380x2edata1.108695652173913
                                                                        RT_RCDATA0x2c37640x3201empty0
                                                                        RT_RCDATA0x2c69680x3201empty0
                                                                        RT_RCDATA0x2c9b6c0x3201empty0
                                                                        RT_RCDATA0x2ccd700x3201empty0
                                                                        RT_RCDATA0x2cff740x3201empty0
                                                                        RT_RCDATA0x2d31780x3201empty0
                                                                        RT_RCDATA0x2d637c0x3201empty0
                                                                        RT_RCDATA0x2d95800x3201empty0
                                                                        RT_RCDATA0x2dc7840x3201empty0
                                                                        RT_RCDATA0x2df9880x3201empty0
                                                                        RT_RCDATA0x2e2b8c0x3201empty0
                                                                        RT_RCDATA0x2e5d900x3201empty0
                                                                        RT_RCDATA0x2e8f940x3201empty0
                                                                        RT_RCDATA0x2ec1980x3201empty0
                                                                        RT_RCDATA0x2ef39c0x3201empty0
                                                                        RT_RCDATA0x2f25a00x3201empty0
                                                                        RT_RCDATA0x2f57a40x3201empty0
                                                                        RT_RCDATA0x2f89a80x3201empty0
                                                                        RT_RCDATA0x2fbbac0x3201empty0
                                                                        RT_RCDATA0x2fedb00x3201empty0
                                                                        RT_RCDATA0x301fb40x3201empty0
                                                                        RT_RCDATA0x3051b80x3201empty0
                                                                        RT_RCDATA0x3083bc0x74empty0
                                                                        RT_RCDATA0x3084300x3201empty0
                                                                        RT_RCDATA0x30b6340x3201empty0
                                                                        RT_RCDATA0x30e8380x3201empty0
                                                                        RT_RCDATA0x311a3c0x3201empty0
                                                                        RT_RCDATA0x314c400x687empty0
                                                                        RT_RCDATA0x3152c80xfempty0
                                                                        RT_RCDATA0x3152d80x3201empty0
                                                                        RT_RCDATA0x3184dc0xe316aempty0
                                                                        RT_RCDATA0x3fb6480xe598empty0
                                                                        RT_RCDATA0x409be00x3201empty0
                                                                        RT_RCDATA0x40cde40x23empty0
                                                                        RT_RCDATA0x40ce080x55empty0
                                                                        RT_RCDATA0x40ce600x3201empty0
                                                                        RT_RCDATA0x4100640x9eempty0
                                                                        RT_RCDATA0x4101040x1f2empty0
                                                                        RT_RCDATA0x4102f80x3201empty0
                                                                        RT_RCDATA0x4134fc0x3201empty0
                                                                        RT_RCDATA0x4167000x3201empty0
                                                                        RT_RCDATA0x4199040x3201empty0
                                                                        RT_RCDATA0x41cb080x7dempty0
                                                                        RT_RCDATA0x41cb880x7dempty0
                                                                        RT_RCDATA0x41cc080x7dempty0
                                                                        RT_RCDATA0x41cc880x7dempty0
                                                                        RT_RCDATA0x41cd080x7dempty0
                                                                        RT_RCDATA0x41cd880x7dempty0
                                                                        RT_RCDATA0x41ce080x7dempty0
                                                                        RT_RCDATA0x41ce880x7dempty0
                                                                        RT_RCDATA0x41cf080x7dempty0
                                                                        RT_RCDATA0x41cf880x7dempty0
                                                                        RT_RCDATA0x41d0080x7dempty0
                                                                        RT_RCDATA0x41d0880x7dempty0
                                                                        RT_RCDATA0x41d1080x7dempty0
                                                                        RT_RCDATA0x41d1880x7dempty0
                                                                        RT_RCDATA0x41d2080x7dempty0
                                                                        RT_RCDATA0x41d2880x7dempty0
                                                                        RT_RCDATA0x41d3080x7dempty0
                                                                        RT_RCDATA0x41d3880x7dempty0
                                                                        RT_RCDATA0x41d4080x7dempty0
                                                                        RT_RCDATA0x41d4880x7dempty0
                                                                        RT_RCDATA0x41d5080x7dempty0
                                                                        RT_RCDATA0x41d5880x7dempty0
                                                                        RT_RCDATA0x41d6080x3201empty0
                                                                        RT_RCDATA0x42080c0x3201empty0
                                                                        RT_RCDATA0x423a100x3201empty0
                                                                        RT_RCDATA0x426c140x3201empty0
                                                                        RT_RCDATA0x429e180x3201empty0
                                                                        RT_RCDATA0x42d01c0x3201empty0
                                                                        RT_RCDATA0x4302200x3201empty0
                                                                        RT_RCDATA0x4334240x3201empty0
                                                                        RT_RCDATA0x4366280x3201empty0
                                                                        RT_RCDATA0x43982c0x3201empty0
                                                                        RT_RCDATA0x43ca300x3201empty0
                                                                        RT_RCDATA0x43fc340x3201empty0
                                                                        RT_RCDATA0x442e380x3201empty0
                                                                        RT_RCDATA0x44603c0x3201empty0
                                                                        RT_RCDATA0x4492400x3201empty0
                                                                        RT_RCDATA0x44c4440x3201empty0
                                                                        RT_RCDATA0x44f6480x3201empty0
                                                                        RT_RCDATA0x45284c0x3201empty0
                                                                        RT_RCDATA0x455a500x3201empty0
                                                                        RT_RCDATA0x458c540x3201empty0
                                                                        RT_RCDATA0x45be580x3201empty0
                                                                        RT_RCDATA0x45f05c0x3201empty0
                                                                        RT_RCDATA0x4622600x3201empty0
                                                                        RT_RCDATA0x4654640x3201empty0
                                                                        RT_RCDATA0x4686680x3201data1.0008593078665728
                                                                        RT_RCDATA0x46b86c0x3201data1.0008593078665728
                                                                        RT_RCDATA0x46ea700x3201data1.0008593078665728
                                                                        RT_RCDATA0x471c740x3201data1.0008593078665728
                                                                        RT_RCDATA0x474e780x3201data1.0008593078665728
                                                                        RT_RCDATA0x47807c0x3201data1.0008593078665728
                                                                        RT_RCDATA0x47b2800x3201data1.0008593078665728
                                                                        RT_RCDATA0x47e4840x3201data1.0008593078665728
                                                                        RT_RCDATA0x4816880x3201data1.0008593078665728
                                                                        RT_RCDATA0x48488c0x3201data1.0008593078665728
                                                                        RT_RCDATA0x487a900x3201data1.0008593078665728
                                                                        RT_RCDATA0x48ac940x3201data1.0008593078665728
                                                                        RT_RCDATA0x48de980x3201data1.0008593078665728
                                                                        RT_RCDATA0x49109c0x3201PGP Secret Sub-key -1.0008593078665728
                                                                        RT_RCDATA0x4942a00x3201data1.0008593078665728
                                                                        RT_RCDATA0x4974a40x3201data1.0008593078665728
                                                                        RT_RCDATA0x49a6a80x3201data1.0008593078665728
                                                                        RT_RCDATA0x49d8ac0x3201data1.0008593078665728
                                                                        RT_RCDATA0x4a0ab00x3201data1.0008593078665728
                                                                        RT_RCDATA0x4a3cb40x3201data1.0008593078665728
                                                                        RT_RCDATA0x4a6eb80x3201data1.0008593078665728
                                                                        RT_RCDATA0x4aa0bc0x3201data1.0008593078665728
                                                                        RT_RCDATA0x4ad2c00x3201data1.0008593078665728
                                                                        RT_RCDATA0x4b04c40x3201data1.0008593078665728
                                                                        RT_RCDATA0x4b36c80x3201data1.0008593078665728
                                                                        RT_RCDATA0x4b68cc0x3201data1.0008593078665728
                                                                        RT_RCDATA0x4b9ad00x3201data1.0008593078665728
                                                                        RT_RCDATA0x4bccd40x3201data1.0008593078665728
                                                                        RT_RCDATA0x4bfed80x3201data1.0008593078665728
                                                                        RT_RCDATA0x4c30dc0x3201data1.0008593078665728
                                                                        RT_RCDATA0x4c62e00x3201data1.0008593078665728
                                                                        RT_RCDATA0x4c94e40x3201data1.0008593078665728
                                                                        RT_RCDATA0x4cc6e80x3201data1.0008593078665728
                                                                        RT_RCDATA0x4cf8ec0x3201data1.0008593078665728
                                                                        RT_RCDATA0x4d2af00x3201data1.0008593078665728
                                                                        RT_RCDATA0x4d5cf40x3201data1.0008593078665728
                                                                        RT_RCDATA0x4d8ef80x3201data1.0008593078665728
                                                                        RT_RCDATA0x4dc0fc0x3201data1.0008593078665728
                                                                        RT_RCDATA0x4df3000x3201OpenPGP Public Key1.0008593078665728
                                                                        RT_RCDATA0x4e25040x3201data1.0008593078665728
                                                                        RT_RCDATA0x4e57080x3201data1.0008593078665728
                                                                        RT_RCDATA0x4e890c0x3201data1.0008593078665728
                                                                        RT_RCDATA0x4ebb100x3201data1.0008593078665728
                                                                        RT_RCDATA0x4eed140x3201data1.0008593078665728
                                                                        RT_RCDATA0x4f1f180x3201data1.0008593078665728
                                                                        RT_RCDATA0x4f511c0x3201data1.0008593078665728
                                                                        RT_RCDATA0x4f83200x3201data1.0008593078665728
                                                                        RT_RCDATA0x4fb5240x3201data1.0008593078665728
                                                                        RT_RCDATA0x4fe7280x3201data1.0008593078665728
                                                                        RT_RCDATA0x50192c0x3201data1.0008593078665728
                                                                        RT_RCDATA0x504b300x3201data1.0008593078665728
                                                                        RT_RCDATA0x507d340x3201data1.0008593078665728
                                                                        RT_RCDATA0x50af380x3201data1.0008593078665728
                                                                        RT_RCDATA0x50e13c0x3201data1.0008593078665728
                                                                        RT_RCDATA0x5113400x3201data1.0008593078665728
                                                                        RT_RCDATA0x5145440x3201data1.0008593078665728
                                                                        RT_RCDATA0x5177480x3201data1.0008593078665728
                                                                        RT_RCDATA0x51a94c0x3201data1.0008593078665728
                                                                        RT_RCDATA0x51db500x3201data1.0008593078665728
                                                                        RT_RCDATA0x520d540x3201data1.0008593078665728
                                                                        RT_RCDATA0x523f580x3201SysEx File - Lexicon1.0008593078665728
                                                                        RT_RCDATA0x52715c0x3201data1.0008593078665728
                                                                        RT_RCDATA0x52a3600x3201data1.0008593078665728
                                                                        RT_RCDATA0x52d5640x3201data1.0008593078665728
                                                                        RT_RCDATA0x5307680x3201data1.0008593078665728
                                                                        RT_RCDATA0x53396c0x3201data1.0008593078665728
                                                                        RT_RCDATA0x536b700x3201data1.0008593078665728
                                                                        RT_RCDATA0x539d740x3201data1.0008593078665728
                                                                        RT_RCDATA0x53cf780x3201data1.0008593078665728
                                                                        RT_RCDATA0x54017c0x3201data1.0008593078665728
                                                                        RT_RCDATA0x5433800x3201data1.0008593078665728
                                                                        RT_RCDATA0x5465840x3201data1.0008593078665728
                                                                        RT_RCDATA0x5497880x3201data1.0008593078665728
                                                                        RT_RCDATA0x54c98c0x3201data1.0008593078665728
                                                                        RT_RCDATA0x54fb900x3201data1.0008593078665728
                                                                        RT_RCDATA0x552d940x3201data1.0008593078665728
                                                                        RT_RCDATA0x555f980x3201data1.0008593078665728
                                                                        RT_RCDATA0x55919c0x3201data1.0008593078665728
                                                                        RT_RCDATA0x55c3a00x3201data1.0008593078665728
                                                                        RT_RCDATA0x55f5a40x3201data1.0008593078665728
                                                                        RT_RCDATA0x5627a80x3201data1.0008593078665728
                                                                        RT_MANIFEST0x58076c0x2data5.0
                                                                        RT_MANIFEST0x5807740x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727
                                                                        None0x565b300x162data1.0310734463276836
                                                                        None0x565c940xb8data1.059782608695652
                                                                        None0x565d4c0x122data1.0379310344827586
                                                                        None0x565e700x16edata1.030054644808743
                                                                        None0x565fe00xfadata1.044
                                                                        None0x5660dc0x156data1.0321637426900585
                                                                        None0x5662340xf4data1.0450819672131149
                                                                        None0x5663280xf8data1.0443548387096775
                                                                        None0x5664200xc8data1.055
                                                                        None0x5664e80xa0data1.06875
                                                                        None0x5665880xe0PGP Secret Sub-key -1.0491071428571428
                                                                        None0x5666680xa8data1.0654761904761905
                                                                        None0x5667100x164data1.0308988764044944
                                                                        None0x5668740x146data1.0337423312883436
                                                                        None0x5669bc0xfadata1.044
                                                                        None0x566ab80x18edata1.0276381909547738
                                                                        None0x566c480xb0data1.0625
                                                                        None0x566cf80x12edata1.0364238410596027
                                                                        None0x566e280xf0data1.0458333333333334
                                                                        None0x566f180x142data1.0341614906832297
                                                                        None0x56705c0x138data1.0352564102564104
                                                                        None0x5671940xc2data1.056701030927835
                                                                        None0x5672580xe6data1.0478260869565217
                                                                        None0x5673400xb2data1.0617977528089888
                                                                        None0x5673f40xa2data1.0679012345679013
                                                                        None0x5674980x158data1.0319767441860466
                                                                        None0x5675f00xf8data1.0443548387096775
                                                                        None0x5676e80x144data1.0339506172839505
                                                                        None0x56782c0xa4data1.0670731707317074
                                                                        None0x5678d00x150data1.0327380952380953
                                                                        None0x567a200xdedata1.0495495495495495
                                                                        None0x567b000x8cdata1.0785714285714285
                                                                        None0x567b8c0xf4data1.0450819672131149
                                                                        None0x567c800xecdata1.0466101694915255
                                                                        None0x567d6c0x102DOS executable (COM)1.0426356589147288
                                                                        None0x567e700xc6data1.0555555555555556
                                                                        None0x567f380x108data1.0416666666666667
                                                                        None0x5680400xc4data1.0561224489795917
                                                                        None0x5681040x104data1.0423076923076924
                                                                        None0x5682080x114data1.039855072463768
                                                                        None0x56831c0x106data1.0419847328244274
                                                                        None0x5684240x6edata1.1
                                                                        None0x5684940x130data1.0361842105263157
                                                                        None0x5685c40x10adata1.0413533834586466
                                                                        None0x5686d00x134data1.0357142857142858
                                                                        None0x5688040xfcdata1.0436507936507937
                                                                        None0x5689000xa6data1.0662650602409638
                                                                        None0x5689a80xe8data1.0474137931034482
                                                                        None0x568a900xb4data1.0611111111111111
                                                                        None0x568b440x8cdata1.0785714285714285
                                                                        None0x568bd00x144data1.0339506172839505
                                                                        None0x568d140x74data1.0948275862068966
                                                                        None0x568d880xa6data1.0662650602409638
                                                                        None0x568e300xc0data1.0572916666666667
                                                                        None0x568ef00xdedata1.0495495495495495
                                                                        None0x568fd00xcedata1.0533980582524272
                                                                        None0x5690a00xacdata1.063953488372093
                                                                        None0x56914c0x80data1.0859375
                                                                        None0x5691cc0x114data1.039855072463768
                                                                        None0x5692e00xb2data1.0617977528089888
                                                                        None0x5693940x124data1.0376712328767124
                                                                        None0x5694b80xd6data1.0514018691588785
                                                                        None0x5695900x14edata1.032934131736527
                                                                        None0x5696e00xdedata1.0495495495495495
                                                                        None0x5697c00x10adata1.0413533834586466
                                                                        None0x5698cc0x106data1.0419847328244274
                                                                        None0x5699d40xbadata1.0591397849462365
                                                                        None0x569a900xa4data1.0670731707317074
                                                                        None0x569b340x94data1.0743243243243243
                                                                        None0x569bc80xb8data1.059782608695652
                                                                        None0x569c800x10cDOS executable (COM)1.041044776119403
                                                                        None0x569d8c0xfcdata1.0436507936507937
                                                                        None0x569e880x116data1.039568345323741
                                                                        None0x569fa00x10edata1.0407407407407407
                                                                        None0x56a0b00x140data1.034375
                                                                        None0x56a1f00xacdata1.063953488372093
                                                                        None0x56a29c0x122data1.0379310344827586
                                                                        None0x56a3c00xe2data1.0486725663716814
                                                                        None0x56a4a40xfedata1.0433070866141732
                                                                        None0x56a5a40x11edata1.0384615384615385
                                                                        None0x56a6c40xe4data1.0482456140350878
                                                                        None0x56a7a80x114data1.039855072463768
                                                                        None0x56a8bc0x122data1.0379310344827586
                                                                        None0x56a9e00x192data1.027363184079602
                                                                        None0x56ab740xd0data1.0528846153846154
                                                                        None0x56ac440xeadata1.047008547008547
                                                                        None0x56ad300x138data1.0352564102564104
                                                                        None0x56ae680x7cdata1.0887096774193548
                                                                        None0x56aee40x8cdata1.0785714285714285
                                                                        None0x56af700x15edata1.0314285714285714
                                                                        None0x56b0d00x100data1.04296875
                                                                        None0x56b1d00x100data1.04296875
                                                                        None0x56b2d00x106data1.0419847328244274
                                                                        None0x56b3d80xf8data1.0443548387096775
                                                                        None0x56b4d00x110data1.0404411764705883
                                                                        None0x56b5e00xc6data1.0555555555555556
                                                                        None0x56b6a80x12adata1.0369127516778522
                                                                        None0x56b7d40xe0data1.0491071428571428
                                                                        None0x56b8b40xd2data1.0523809523809524
                                                                        None0x56b9880xb8data1.059782608695652
                                                                        None0x56ba400x14edata1.032934131736527
                                                                        None0x56bb900xcaold packed data1.0544554455445545
                                                                        None0x56bc5c0x18cOpenPGP Secret Key1.0277777777777777
                                                                        None0x56bde80x13adata1.035031847133758
                                                                        None0x56bf240xf2data1.0454545454545454
                                                                        None0x56c0180x148data1.0335365853658536
                                                                        None0x56c1600x74data1.0948275862068966
                                                                        None0x56c1d40x96data1.0733333333333333
                                                                        None0x56c26c0xc6data1.0555555555555556
                                                                        None0x56c3340x176data1.0294117647058822
                                                                        None0x56c4ac0xcadata1.0544554455445545

                                                                        Imports

                                                                        DLLImport
                                                                        ADVAPI32.dllRegOpenKeyW
                                                                        api-ms-win-crt-filesystem-l1-1-0.dll_access
                                                                        api-ms-win-crt-heap-l1-1-0.dllfree
                                                                        api-ms-win-crt-locale-l1-1-0.dll_configthreadlocale
                                                                        api-ms-win-crt-math-l1-1-0.dllsinf
                                                                        api-ms-win-crt-multibyte-l1-1-0.dll_mbscmp
                                                                        api-ms-win-crt-runtime-l1-1-0.dllexit
                                                                        api-ms-win-crt-stdio-l1-1-0.dllfseek
                                                                        api-ms-win-crt-string-l1-1-0.dllstrcmp
                                                                        api-ms-win-crt-utility-l1-1-0.dllrand
                                                                        d3d9.dllDirect3DCreate9
                                                                        IMM32.dllImmGetContext
                                                                        IPHLPAPI.DLLGetAdaptersInfo
                                                                        kernEl32.DlLLoadLibraryA, DeleteAtom, GetProcAddress, VirtualProtect
                                                                        MPR.dllWNetGetProviderNameW
                                                                        MSVCP140.dll_Strxfrm
                                                                        NTDll.DLLRtlVirtualUnwind
                                                                        OlE32.DLLCoInitialize
                                                                        OLEAUT32.dllVariantClear
                                                                        SHELL32.dllShellExecuteA
                                                                        SHLWAPI.dllPathCombineA
                                                                        USER32.dllSetCursor
                                                                        VCRUNTIME140.dllmemcmp
                                                                        VCRUNTIME140_1.dll__CxxFrameHandler4
                                                                        wevtapi.dllEvtNext

                                                                        Possible Origin

                                                                        Language of compilation systemCountry where language is spokenMap
                                                                        EnglishUnited States

                                                                        Network Behavior

                                                                        Suricata IDS Alerts

                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                        2024-11-29T16:04:00.901494+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549704104.26.9.59443TCP

                                                                        Network Port Distribution

                                                                        TCP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Nov 29, 2024 16:03:59.010489941 CET49704443192.168.2.5104.26.9.59
                                                                        Nov 29, 2024 16:03:59.010530949 CET44349704104.26.9.59192.168.2.5
                                                                        Nov 29, 2024 16:03:59.010607004 CET49704443192.168.2.5104.26.9.59
                                                                        Nov 29, 2024 16:03:59.048656940 CET49704443192.168.2.5104.26.9.59
                                                                        Nov 29, 2024 16:03:59.048674107 CET44349704104.26.9.59192.168.2.5
                                                                        Nov 29, 2024 16:04:00.382134914 CET44349704104.26.9.59192.168.2.5
                                                                        Nov 29, 2024 16:04:00.382339954 CET49704443192.168.2.5104.26.9.59
                                                                        Nov 29, 2024 16:04:00.522241116 CET49704443192.168.2.5104.26.9.59
                                                                        Nov 29, 2024 16:04:00.522263050 CET44349704104.26.9.59192.168.2.5
                                                                        Nov 29, 2024 16:04:00.522733927 CET44349704104.26.9.59192.168.2.5
                                                                        Nov 29, 2024 16:04:00.523245096 CET49704443192.168.2.5104.26.9.59
                                                                        Nov 29, 2024 16:04:00.525295973 CET49704443192.168.2.5104.26.9.59
                                                                        Nov 29, 2024 16:04:00.567341089 CET44349704104.26.9.59192.168.2.5
                                                                        Nov 29, 2024 16:04:00.901516914 CET44349704104.26.9.59192.168.2.5
                                                                        Nov 29, 2024 16:04:00.901627064 CET44349704104.26.9.59192.168.2.5
                                                                        Nov 29, 2024 16:04:00.901658058 CET49704443192.168.2.5104.26.9.59
                                                                        Nov 29, 2024 16:04:00.902084112 CET49704443192.168.2.5104.26.9.59
                                                                        Nov 29, 2024 16:04:00.903239965 CET49704443192.168.2.5104.26.9.59
                                                                        Nov 29, 2024 16:04:00.903256893 CET44349704104.26.9.59192.168.2.5

                                                                        UDP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Nov 29, 2024 16:03:58.551580906 CET6354553192.168.2.51.1.1.1
                                                                        Nov 29, 2024 16:03:58.834400892 CET53635451.1.1.1192.168.2.5

                                                                        DNS Queries

                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                        Nov 29, 2024 16:03:58.551580906 CET192.168.2.51.1.1.10x8c97Standard query (0)api.myip.comA (IP address)IN (0x0001)false

                                                                        DNS Answers

                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                        Nov 29, 2024 16:03:58.834400892 CET1.1.1.1192.168.2.50x8c97No error (0)api.myip.com104.26.9.59A (IP address)IN (0x0001)false
                                                                        Nov 29, 2024 16:03:58.834400892 CET1.1.1.1192.168.2.50x8c97No error (0)api.myip.com104.26.8.59A (IP address)IN (0x0001)false
                                                                        Nov 29, 2024 16:03:58.834400892 CET1.1.1.1192.168.2.50x8c97No error (0)api.myip.com172.67.75.163A (IP address)IN (0x0001)false

                                                                        HTTP Request Dependency Graph

                                                                        • api.myip.com

                                                                        HTTPS Proxied Packets

                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        0192.168.2.549704104.26.9.594431164C:\Users\user\Desktop\Fortexternal.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-29 15:04:00 UTC182OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43
                                                                        Host: api.myip.com
                                                                        2024-11-29 15:04:00 UTC778INHTTP/1.1 200 OK
                                                                        Date: Fri, 29 Nov 2024 15:04:00 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        vary: Accept-Encoding
                                                                        CF-Cache-Status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AEghMuSM%2B7HOUjga1vEB%2Fr9juB5ib1QAhkDbZZADaIXXfLsXrNjwYHbey%2FVnB3JjdcDF5wa28m6b85VJK7o51TAMVUKwdlxoqweijhuOig6iLKBpMYVglgiNCjT2lQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8ea37cdc48bfde99-EWR
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1531&min_rtt=1509&rtt_var=611&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2818&recv_bytes=820&delivery_rate=1726788&cwnd=161&unsent_bytes=0&cid=4ef9263786cee0f9&ts=534&x=0"
                                                                        2024-11-29 15:04:00 UTC63INData Raw: 33 39 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 32 32 38 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 63 22 3a 22 55 53 22 7d 0d 0a
                                                                        Data Ascii: 39{"ip":"8.46.123.228","country":"United States","cc":"US"}
                                                                        2024-11-29 15:04:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                        Data Ascii: 0


                                                                        Statistics

                                                                        CPU Usage

                                                                        Click to jump to process

                                                                        Memory Usage

                                                                        Click to jump to process

                                                                        High Level Behavior Distribution

                                                                        Click to dive into process behavior distribution

                                                                        System Behavior

                                                                        General

                                                                        Target ID:0
                                                                        Start time:10:03:53
                                                                        Start date:29/11/2024
                                                                        Path:C:\Users\user\Desktop\Fortexternal.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"C:\Users\user\Desktop\Fortexternal.exe"
                                                                        Imagebase:0x7ff7b9cd0000
                                                                        File size:1'151'019 bytes
                                                                        MD5 hash:9EA1CBA0F5612A501DF02B77BAD76B1B
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:low
                                                                        Has exited:false

                                                                        Disassembly

                                                                        Reset < >

                                                                          Execution Graph

                                                                          Execution Coverage:4.4%
                                                                          Dynamic/Decrypted Code Coverage:4.5%
                                                                          Signature Coverage:36.5%
                                                                          Total number of Nodes:2000
                                                                          Total number of Limit Nodes:36
                                                                          execution_graph 73465 18cd0a57c70 73473 18cd09d4e90 73465->73473 73467 18cd0a57c96 CreateToolhelp32Snapshot 73468 18cd0a57cb2 73467->73468 73469 18cd0a57d07 Process32NextW 73468->73469 73470 18cd0a57cb9 73468->73470 73469->73470 73472 18cd0a57d2d Concurrency::details::WorkQueue::IsStructuredEmpty 73469->73472 73471 18cd0a57e60 Process32NextW 73471->73470 73471->73472 73472->73471 73474 18cd09d4eb2 collate 73473->73474 73474->73467 73475 18cd0a0f230 73476 18cd0a0f24b 73475->73476 73479 18cd0a134e0 73476->73479 73478 18cd0a0f260 73482 18cd0a0efd0 73479->73482 73481 18cd0a13510 73481->73478 73483 18cd0a0effc 73482->73483 73486 18cd0a0ee50 73483->73486 73485 18cd0a0f040 73485->73481 73487 18cd0a0ee77 Concurrency::details::WorkQueue::IsStructuredEmpty Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock Concurrency::details::FreeThreadProxyFactory::Retire 73486->73487 73491 18cd0a0eea9 _Bitmask_includes 73487->73491 73492 18cd0a0db20 73487->73492 73491->73485 73496 18cd0a7694c 73492->73496 73495 18cd0a0ee00 FindNextFileW 73495->73491 73497 18cd0a7697e FindFirstFileExW 73496->73497 73499 18cd0a7696a 73496->73499 73498 18cd0a0db4a 73497->73498 73498->73491 73498->73495 73499->73497 73500 18cd0a0f730 73504 18cd09dc100 73500->73504 73502 18cd0a0f743 GetFileAttributesA 73503 18cd0a0f757 73502->73503 73505 18cd09dc116 Concurrency::details::WorkQueue::IsStructuredEmpty 73504->73505 73505->73502 73506 18cd0a7690c FindNextFileW 73507 18cd0a7691a 73506->73507 73508 7ff7b9d223a0 73510 7ff7b9d223b6 73508->73510 73509 7ff7b9d223fb QueryPerformanceFrequency 73511 7ff7b9d2262e 73509->73511 73512 7ff7b9d22411 QueryPerformanceCounter 73509->73512 73510->73509 73512->73511 73513 7ff7b9d22427 73512->73513 73514 7ff7b9d224cc GetKeyboardLayout GetLocaleInfoA 73513->73514 73517 7ff7b9d22536 73514->73517 73515 7ff7b9d225c0 LoadLibraryA 73516 7ff7b9d225ef GetProcAddress GetProcAddress 73515->73516 73515->73517 73517->73515 73518 7ff7b9d225dc 73517->73518 73519 18cd09d6bc0 73520 18cd09d6be1 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock std::_Fac_node::_Fac_node 73519->73520 73521 18cd09d719c CreateToolhelp32Snapshot 73520->73521 73522 18cd09d7213 Process32FirstW 73521->73522 73525 18cd09d71b7 73521->73525 73524 18cd09d7239 73522->73524 73522->73525 73523 18cd09d737d Process32NextW 73523->73524 73523->73525 73524->73523 73524->73525 73526 7ff7b9d3f8a0 73527 7ff7b9d3f8dd 73526->73527 73528 7ff7b9d3f9aa PostQuitMessage 73527->73528 73529 7ff7b9d3f902 73527->73529 73531 7ff7b9d3f8e2 73527->73531 73528->73531 73530 7ff7b9d3f934 73529->73530 73532 7ff7b9d3f909 73529->73532 73530->73531 73540 7ff7b9d3f830 73530->73540 73533 7ff7b9d3f9ce 73532->73533 73537 7ff7b9d3f921 73532->73537 73533->73531 73536 7ff7b9d3f9dd GetWindowRect 73533->73536 73535 7ff7b9d3fac1 NtdllDefWindowProc_A 73535->73531 73536->73531 73538 7ff7b9d3fa61 73536->73538 73537->73531 73537->73535 73538->73531 73539 7ff7b9d3fa86 SetWindowPos 73538->73539 73539->73531 73541 7ff7b9d3f839 73540->73541 73544 7ff7b9d22230 73541->73544 73545 7ff7b9d22240 73544->73545 73547 7ff7b9d22257 73544->73547 73545->73547 73548 7ff7b9d21ef0 73545->73548 73547->73531 73549 7ff7b9d21f13 73548->73549 73554 7ff7b9d04370 73549->73554 73551 7ff7b9d22183 73551->73547 73552 7ff7b9d2217a 00007FF8C610F020 73552->73551 73553 7ff7b9d21f6a 73553->73551 73553->73552 73555 7ff7b9d043a6 73554->73555 73556 7ff7b9d0450a 73554->73556 73555->73556 73558 7ff7b9d04db0 73555->73558 73556->73553 73559 7ff7b9d04de2 73558->73559 73563 7ff7b9d04ac0 00007FF8C610F020 00007FF8C610F020 00007FF8C610F020 00007FF8C610F020 73559->73563 73562 7ff7b9d04ef3 00007FF8C610F020 73562->73556 73563->73562 73564 7ff7b9d3d8a0 73567 7ff7b9d3d93c 73564->73567 73565 7ff7b9d3dbff 73566 7ff7b9d3dacb LoadLibraryA 73566->73567 73567->73565 73567->73566 73568 18cd0a45180 73569 18cd0a4519b std::_Facet_Register 73568->73569 73571 18cd0a451db 73569->73571 73572 18cd0a44f30 73569->73572 73573 18cd0a44f55 Concurrency::details::WorkQueue::IsStructuredEmpty 73572->73573 73574 18cd0a44fc8 CreateFileA 73573->73574 73576 18cd0a45003 73574->73576 73575 18cd0a45017 73575->73571 73576->73575 73577 18cd0a450f3 ReadFile 73576->73577 73577->73575 73578 18cd0a05b00 73579 18cd0a05b54 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock 73578->73579 73580 18cd0a05c3c CryptUnprotectData 73579->73580 73581 18cd0a05c7d 73580->73581 73582 7ff7b9d4030c 73583 7ff7b9d4033c 73582->73583 73585 7ff7b9d403bd 73583->73585 73628 7ff7b9d3e3d0 73583->73628 73586 7ff7b9d40464 SHBrowseForFolder 73585->73586 73589 7ff7b9d405b1 73585->73589 73587 7ff7b9d404c6 SHGetPathFromIDList 73586->73587 73586->73589 73588 7ff7b9d405a2 CoTaskMemFree 73587->73588 73593 7ff7b9d404e4 73587->73593 73588->73589 73705 7ff7b9d4d850 73589->73705 73591 7ff7b9d40603 73709 7ff7b9d49280 73591->73709 73593->73588 73594 7ff7b9d40611 73713 7ff7b9d02ea0 00007FF8C610F020 00007FF8C610F020 00007FF8C610F020 73594->73713 73596 7ff7b9d4075c 73714 7ff7b9d02ea0 00007FF8C610F020 00007FF8C610F020 00007FF8C610F020 73596->73714 73598 7ff7b9d40841 73715 7ff7b9d02ea0 00007FF8C610F020 00007FF8C610F020 00007FF8C610F020 73598->73715 73600 7ff7b9d40913 73716 7ff7b9d02ea0 00007FF8C610F020 00007FF8C610F020 00007FF8C610F020 73600->73716 73602 7ff7b9d409e5 73717 7ff7b9d02ea0 00007FF8C610F020 00007FF8C610F020 00007FF8C610F020 73602->73717 73604 7ff7b9d40abc 73718 7ff7b9cebee0 00007FF8C610F020 73604->73718 73606 7ff7b9d40af5 73719 7ff7b9d12180 00007FF8C610F020 00007FF8C610F020 00007FF8C610F020 00007FF8C610F020 __swprintf_l 73606->73719 73608 7ff7b9d40b01 73720 7ff7b9cebf90 23 API calls 73608->73720 73610 7ff7b9d40b06 73721 7ff7b9cebee0 00007FF8C610F020 73610->73721 73612 7ff7b9d40b3f 73722 7ff7b9d15ed0 27 API calls 73612->73722 73614 7ff7b9d40b70 73723 7ff7b9cebf90 23 API calls 73614->73723 73616 7ff7b9d40b75 73724 7ff7b9cebee0 00007FF8C610F020 73616->73724 73618 7ff7b9d40bae 73725 7ff7b9cebf90 23 API calls 73618->73725 73620 7ff7b9d40bb3 73621 7ff7b9d40d0d 73620->73621 73622 7ff7b9d40c1b RemoveDirectoryA CreateDirectoryA 73620->73622 73624 7ff7b9d49280 00007FF8C610F020 73621->73624 73623 7ff7b9d40c3c MessageBoxA 73622->73623 73623->73621 73625 7ff7b9d40d1a 73624->73625 73726 7ff7b9ce57a0 23 API calls 73625->73726 73627 7ff7b9d41418 73629 7ff7b9d3e3f5 73628->73629 73704 7ff7b9d3e3ee 73628->73704 73727 7ff7b9d3eff0 73629->73727 73631 7ff7b9d3e4b4 73731 7ff7b9d3eed0 73631->73731 73633 7ff7b9d3e4eb 73634 7ff7b9d3e515 GetModuleHandleA 73633->73634 73635 7ff7b9d3e541 73634->73635 73636 7ff7b9d3e575 73634->73636 73637 7ff7b9d49280 00007FF8C610F020 73635->73637 73639 7ff7b9d3e582 GetProcAddress 73636->73639 73638 7ff7b9d3e557 73637->73638 73640 7ff7b9d49280 00007FF8C610F020 73638->73640 73641 7ff7b9d49280 00007FF8C610F020 73639->73641 73645 7ff7b9d3e562 73640->73645 73642 7ff7b9d3e5c5 73641->73642 73643 7ff7b9d49280 00007FF8C610F020 73642->73643 73644 7ff7b9d3e5d0 73643->73644 73644->73645 73735 7ff7b9d3de60 73645->73735 73648 7ff7b9d49280 00007FF8C610F020 73649 7ff7b9d3e69a VirtualAlloc 73648->73649 73651 7ff7b9d3e879 73649->73651 73652 7ff7b9d3e85c 73649->73652 73749 7ff7b9d3f230 73651->73749 73653 7ff7b9d482f0 00007FF8C610F020 73652->73653 73653->73704 73655 7ff7b9d3e8d9 73753 7ff7b9d3f110 73655->73753 73657 7ff7b9d3e913 73658 7ff7b9d3e943 GetModuleHandleA 73657->73658 73659 7ff7b9d3e96f 73658->73659 73661 7ff7b9d3e9a9 73658->73661 73660 7ff7b9d49280 00007FF8C610F020 73659->73660 73662 7ff7b9d3e988 73660->73662 73663 7ff7b9d3e9b9 GetProcAddress 73661->73663 73664 7ff7b9d49280 00007FF8C610F020 73662->73664 73665 7ff7b9d49280 00007FF8C610F020 73663->73665 73666 7ff7b9d3e996 73664->73666 73667 7ff7b9d3e9ff 73665->73667 73757 7ff7b9d3f470 73666->73757 73668 7ff7b9d49280 00007FF8C610F020 73667->73668 73670 7ff7b9d3ea0d 73668->73670 73670->73666 73671 7ff7b9d3ea7a 73761 7ff7b9d3f350 73671->73761 73673 7ff7b9d3eab4 73674 7ff7b9d3eae4 GetModuleHandleA 73673->73674 73675 7ff7b9d3eb4a 73674->73675 73676 7ff7b9d3eb10 73674->73676 73679 7ff7b9d3eb5a GetProcAddress 73675->73679 73677 7ff7b9d49280 00007FF8C610F020 73676->73677 73678 7ff7b9d3eb29 73677->73678 73680 7ff7b9d49280 00007FF8C610F020 73678->73680 73681 7ff7b9d49280 00007FF8C610F020 73679->73681 73685 7ff7b9d3eb37 73680->73685 73682 7ff7b9d3eba0 73681->73682 73683 7ff7b9d49280 00007FF8C610F020 73682->73683 73684 7ff7b9d3ebae 73683->73684 73684->73685 73765 7ff7b9d3f6c0 73685->73765 73687 7ff7b9d3ed24 73769 7ff7b9d3f5a0 73687->73769 73689 7ff7b9d3ed5e 73690 7ff7b9d3ed8e GetModuleHandleA 73689->73690 73691 7ff7b9d3edba 73690->73691 73692 7ff7b9d3edf4 73690->73692 73693 7ff7b9d49280 00007FF8C610F020 73691->73693 73695 7ff7b9d3ee04 GetProcAddress 73692->73695 73694 7ff7b9d3edd3 73693->73694 73696 7ff7b9d49280 00007FF8C610F020 73694->73696 73697 7ff7b9d49280 00007FF8C610F020 73695->73697 73698 7ff7b9d3ede1 73696->73698 73699 7ff7b9d3ee4a 73697->73699 73700 7ff7b9d3ee69 CreateThread 73698->73700 73701 7ff7b9d49280 00007FF8C610F020 73699->73701 73773 7ff7b9d482f0 73700->73773 73702 7ff7b9d3ee58 73701->73702 73702->73700 73704->73585 73706 7ff7b9d4d881 73705->73706 73706->73706 73804 7ff7b9d495f0 73706->73804 73708 7ff7b9d4d8c4 73708->73591 73710 7ff7b9d492a0 shared_ptr 73709->73710 73711 7ff7b9d74e6c 00007FF8C610F020 73710->73711 73712 7ff7b9d49351 73710->73712 73711->73712 73712->73594 73713->73596 73714->73598 73715->73600 73716->73602 73717->73604 73718->73606 73719->73608 73720->73610 73721->73612 73722->73614 73723->73616 73724->73618 73725->73620 73726->73627 73728 7ff7b9d3f06f 73727->73728 73730 7ff7b9d3f07b 73727->73730 73777 7ff7b9d74ee0 RtlAcquireSRWLockExclusive SleepConditionVariableSRW RtlReleaseSRWLockExclusive 73728->73777 73730->73631 73732 7ff7b9d3ef4f 73731->73732 73734 7ff7b9d3ef5b 73731->73734 73778 7ff7b9d74ee0 RtlAcquireSRWLockExclusive SleepConditionVariableSRW RtlReleaseSRWLockExclusive 73732->73778 73734->73633 73739 7ff7b9d3decb shared_ptr 73735->73739 73736 7ff7b9d49280 00007FF8C610F020 73737 7ff7b9d3dfe7 73736->73737 73779 7ff7b9d47440 73737->73779 73739->73736 73740 7ff7b9d3e01c 73741 7ff7b9d49280 00007FF8C610F020 73740->73741 73747 7ff7b9d3e029 73741->73747 73742 7ff7b9d3e384 73743 7ff7b9d482f0 00007FF8C610F020 73742->73743 73744 7ff7b9d3e3b1 73743->73744 73744->73648 73745 7ff7b9d3e23c 73745->73742 73746 7ff7b9d4ed50 00007FF8C610F020 73745->73746 73746->73745 73747->73745 73783 7ff7b9d4ed50 73747->73783 73750 7ff7b9d3f2af 73749->73750 73752 7ff7b9d3f2bb 73749->73752 73798 7ff7b9d74ee0 RtlAcquireSRWLockExclusive SleepConditionVariableSRW RtlReleaseSRWLockExclusive 73750->73798 73752->73655 73754 7ff7b9d3f18f 73753->73754 73756 7ff7b9d3f19b 73753->73756 73799 7ff7b9d74ee0 RtlAcquireSRWLockExclusive SleepConditionVariableSRW RtlReleaseSRWLockExclusive 73754->73799 73756->73657 73758 7ff7b9d3f4f9 73757->73758 73760 7ff7b9d3f505 73757->73760 73800 7ff7b9d74ee0 RtlAcquireSRWLockExclusive SleepConditionVariableSRW RtlReleaseSRWLockExclusive 73758->73800 73760->73671 73762 7ff7b9d3f3cf 73761->73762 73764 7ff7b9d3f3db 73761->73764 73801 7ff7b9d74ee0 RtlAcquireSRWLockExclusive SleepConditionVariableSRW RtlReleaseSRWLockExclusive 73762->73801 73764->73673 73766 7ff7b9d3f73f 73765->73766 73768 7ff7b9d3f74b 73765->73768 73802 7ff7b9d74ee0 RtlAcquireSRWLockExclusive SleepConditionVariableSRW RtlReleaseSRWLockExclusive 73766->73802 73768->73687 73770 7ff7b9d3f61f 73769->73770 73772 7ff7b9d3f62b 73769->73772 73803 7ff7b9d74ee0 RtlAcquireSRWLockExclusive SleepConditionVariableSRW RtlReleaseSRWLockExclusive 73770->73803 73772->73689 73774 7ff7b9d4835a shared_ptr 73773->73774 73775 7ff7b9d74e6c 00007FF8C610F020 73774->73775 73776 7ff7b9d483ea 73774->73776 73775->73776 73776->73704 73780 7ff7b9d4746b 73779->73780 73782 7ff7b9d47464 73779->73782 73781 7ff7b9d49280 00007FF8C610F020 73780->73781 73781->73782 73782->73740 73784 7ff7b9d4eda7 73783->73784 73786 7ff7b9d4ed89 73783->73786 73787 7ff7b9d58e10 73784->73787 73786->73747 73788 7ff7b9d58f1b 73787->73788 73791 7ff7b9d5c460 73788->73791 73793 7ff7b9d5c4d9 shared_ptr 73791->73793 73792 7ff7b9d59113 73792->73786 73793->73792 73795 7ff7b9d74e6c 73793->73795 73796 7ff7b9d75808 00007FF8C610F020 73795->73796 73805 7ff7b9d496a8 73804->73805 73806 7ff7b9d4962a 73804->73806 73808 7ff7b9d51b60 00007FF8C610F020 shared_ptr 73805->73808 73806->73708 73808->73806 73809 18cd0a30aa0 73810 18cd09dc100 Concurrency::details::WorkQueue::IsStructuredEmpty 73809->73810 73811 18cd0a30ac5 CreateFileA 73810->73811 73812 18cd0a30b05 73811->73812 73815 18cd0a300b0 73812->73815 73814 18cd0a30b39 73816 18cd0a300d2 Concurrency::details::WorkQueue::IsStructuredEmpty type_info::_name_internal_method 73815->73816 73817 18cd0a301bb CreateFileA 73816->73817 73818 18cd0a301f3 73817->73818 73818->73814 73819 18cd0a30c20 73820 18cd0a30c40 Concurrency::details::WorkQueue::IsStructuredEmpty 73819->73820 73821 18cd0a30c6b CreateFileA ReadFile 73820->73821 73822 18cd0a30cd5 73821->73822 73823 7ff7b9d757a8 73862 7ff7b9d759b8 GetModuleHandleW 73823->73862 73825 7ff7b9d756df 73827 7ff7b9d7582c 6 API calls 73828 7ff7b9d75680 _RTC_Initialize __scrt_acquire_startup_lock __scrt_release_startup_lock 73827->73828 73828->73825 73828->73827 73831 7ff7b9d759b8 GetModuleHandleW 73828->73831 73832 7ff7b9d75974 73828->73832 73835 7ff7b9d425f0 73828->73835 73864 7ff7b9d75ab8 73828->73864 73831->73828 73833 7ff7b9d76346 73832->73833 73834 7ff7b9d7598b GetStartupInfoW 73833->73834 73834->73828 73838 7ff7b9d4261f 73835->73838 73836 7ff7b9d49280 00007FF8C610F020 73837 7ff7b9d42735 73836->73837 73867 7ff7b9d3faf0 7 API calls 73837->73867 73838->73836 73840 7ff7b9d42762 73841 7ff7b9d49280 00007FF8C610F020 73840->73841 73842 7ff7b9d4276f 73841->73842 73843 7ff7b9d49280 00007FF8C610F020 73842->73843 73844 7ff7b9d4277d 73843->73844 73868 7ff7b9d3fc80 00007FF8A8DA5F50 73844->73868 73848 7ff7b9d42788 73879 7ff7b9d41680 GetModuleFileNameA 73848->73879 73850 7ff7b9d428a4 73985 7ff7b9d3fe90 90 API calls 73850->73985 73853 7ff7b9d428a9 73986 7ff7b9d3fc50 DestroyWindow UnregisterClassA 73853->73986 73856 7ff7b9d428b3 73856->73828 73857 7ff7b9d4d850 00007FF8C610F020 73860 7ff7b9d4278d 73857->73860 73858 7ff7b9d42838 MessageBoxA 73859 7ff7b9d49280 00007FF8C610F020 73858->73859 73859->73860 73860->73850 73860->73857 73860->73858 73861 7ff7b9d49280 00007FF8C610F020 73860->73861 73969 7ff7b9d3feb0 73860->73969 73978 7ff7b9d3ff40 73860->73978 73861->73860 73863 7ff7b9d759c9 73862->73863 73863->73828 73865 7ff7b9d75adb GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 73864->73865 73866 7ff7b9d75b4f 73864->73866 73865->73866 73866->73828 73867->73840 73869 7ff7b9d3fca9 73868->73869 73871 7ff7b9d3fca2 73868->73871 73987 7ff7b9d4dbf0 73869->73987 73874 7ff7b9d3fe10 73871->73874 73872 7ff7b9d3fd26 00007FF8C6120A60 73872->73871 73873 7ff7b9d3fcfd 73872->73873 73873->73871 73873->73872 77284 7ff7b9cea860 00007FF8C6125630 73874->77284 73876 7ff7b9d3fe4c 77287 7ff7b9cd87e0 73876->77287 73878 7ff7b9d3fe53 73878->73848 73881 7ff7b9d416d1 73879->73881 73880 7ff7b9d49280 00007FF8C610F020 73897 7ff7b9d417ea 73880->73897 73881->73880 73882 7ff7b9d41a48 73884 7ff7b9d41a66 73882->73884 73885 7ff7b9d49280 00007FF8C610F020 73882->73885 73883 7ff7b9d49280 00007FF8C610F020 73883->73882 73886 7ff7b9d41a84 73884->73886 73887 7ff7b9d49280 00007FF8C610F020 73884->73887 73885->73884 73888 7ff7b9d41aa2 73886->73888 73889 7ff7b9d49280 00007FF8C610F020 73886->73889 73887->73886 73890 7ff7b9d41f76 73888->73890 73907 7ff7b9d41ab0 73888->73907 73889->73888 73891 7ff7b9d41fba 73890->73891 73892 7ff7b9d421c1 73890->73892 77309 7ff7b9d472f0 00007FF8C610F020 73891->77309 73896 7ff7b9d47440 00007FF8C610F020 73892->73896 73894 7ff7b9d41fce 77310 7ff7b9d472f0 00007FF8C610F020 73894->77310 73895 7ff7b9d49280 00007FF8C610F020 73899 7ff7b9d4199f 73895->73899 73900 7ff7b9d42244 73896->73900 73897->73895 73897->73899 73899->73882 73899->73883 73901 7ff7b9d49280 00007FF8C610F020 73900->73901 73902 7ff7b9d42251 73901->73902 77312 7ff7b9d46cf0 00007FF8B9F61210 73902->77312 73904 7ff7b9d49280 00007FF8C610F020 73906 7ff7b9d41bf4 73904->73906 73905 7ff7b9d42304 77313 7ff7b9d472f0 00007FF8C610F020 73905->77313 73908 7ff7b9d47440 00007FF8C610F020 73906->73908 73907->73904 73912 7ff7b9d41c29 73908->73912 73910 7ff7b9d42319 77314 7ff7b9d472f0 00007FF8C610F020 73910->77314 73911 7ff7b9d42269 73911->73905 73914 7ff7b9d47440 00007FF8C610F020 73911->73914 73915 7ff7b9d49280 00007FF8C610F020 73912->73915 73917 7ff7b9d422f7 73914->73917 73916 7ff7b9d41c36 73915->73916 73918 7ff7b9d49280 00007FF8C610F020 73916->73918 73919 7ff7b9d49280 00007FF8C610F020 73917->73919 73935 7ff7b9d41c44 73918->73935 73919->73905 73920 7ff7b9d49280 00007FF8C610F020 73922 7ff7b9d42128 73920->73922 73921 7ff7b9d41fe2 73921->73920 77311 7ff7b9d4daa0 00007FF8C610F020 73922->77311 73924 7ff7b9d42176 73925 7ff7b9d47440 00007FF8C610F020 73924->73925 73926 7ff7b9d42192 73925->73926 73927 7ff7b9d49280 00007FF8C610F020 73926->73927 73928 7ff7b9d4219f 73927->73928 73929 7ff7b9d49280 00007FF8C610F020 73928->73929 73932 7ff7b9d421ad 73929->73932 73930 7ff7b9d4232d 73931 7ff7b9d49280 00007FF8C610F020 73930->73931 73933 7ff7b9d42473 73931->73933 73934 7ff7b9d49280 00007FF8C610F020 73932->73934 77315 7ff7b9d4daa0 00007FF8C610F020 73933->77315 73938 7ff7b9d421bb 73934->73938 73936 7ff7b9d49280 00007FF8C610F020 73935->73936 73939 7ff7b9d41d8a 73936->73939 73941 7ff7b9d49280 00007FF8C610F020 73938->73941 73942 7ff7b9d47440 00007FF8C610F020 73939->73942 73940 7ff7b9d424c1 73943 7ff7b9d47440 00007FF8C610F020 73940->73943 73944 7ff7b9d41f70 73941->73944 73945 7ff7b9d41dbf 73942->73945 73946 7ff7b9d424dd 73943->73946 73950 7ff7b9d4dbf0 96 API calls 73944->73950 73948 7ff7b9d49280 00007FF8C610F020 73945->73948 73947 7ff7b9d49280 00007FF8C610F020 73946->73947 73949 7ff7b9d424ea 73947->73949 73951 7ff7b9d41dcc 73948->73951 73953 7ff7b9d49280 00007FF8C610F020 73949->73953 73954 7ff7b9d4251a 73950->73954 73952 7ff7b9d49280 00007FF8C610F020 73951->73952 73962 7ff7b9d41dda 73952->73962 73955 7ff7b9d424f8 73953->73955 73956 7ff7b9d4254d GetCurrentDirectoryA 73954->73956 73957 7ff7b9d42521 00007FF8C6120A60 73954->73957 73958 7ff7b9d49280 00007FF8C610F020 73955->73958 73960 7ff7b9d42535 73956->73960 73959 7ff7b9d4253a 73957->73959 73957->73960 73958->73938 73959->73956 73960->73860 73961 7ff7b9d49280 00007FF8C610F020 73963 7ff7b9d41f20 73961->73963 73962->73961 73964 7ff7b9d47440 00007FF8C610F020 73963->73964 73965 7ff7b9d41f55 73964->73965 73966 7ff7b9d49280 00007FF8C610F020 73965->73966 73967 7ff7b9d41f62 73966->73967 73968 7ff7b9d49280 00007FF8C610F020 73967->73968 73968->73944 73970 7ff7b9d3feb4 PeekMessageA 73969->73970 73971 7ff7b9d3ff1d 73970->73971 73972 7ff7b9d3fed3 TranslateMessage DispatchMessageA 73970->73972 77316 7ff7b9d22f30 73971->77316 73973 7ff7b9d3ff1b 73972->73973 73975 7ff7b9d3fef1 73972->73975 73973->73970 73975->73860 77431 7ff7b9cde850 73978->77431 73982 7ff7b9d40082 73982->73860 73983 7ff7b9d40007 73983->73982 73984 7ff7b9d3f830 6 API calls 73983->73984 73984->73982 73985->73853 73986->73856 73992 7ff7b9d586a0 73987->73992 73991 7ff7b9d4dc0a 73991->73873 73993 7ff7b9d4dbfe 73992->73993 73994 7ff7b9d586d9 shared_ptr 73992->73994 73996 7ff7b9d3d3c0 73993->73996 74004 7ff7b9d3d290 00007FF8B9F61210 73994->74004 73998 7ff7b9d3d3ed bool_ 73996->73998 73997 7ff7b9d46370 95 API calls 74003 7ff7b9d3d56b 73997->74003 74000 7ff7b9d3d5e7 73998->74000 73998->74003 74005 7ff7b9d46370 73998->74005 74009 7ff7b9d44550 00007FF8C610F020 73998->74009 74000->73991 74003->73997 74003->74000 74010 7ff7b9d44550 00007FF8C610F020 74003->74010 74004->73993 74006 7ff7b9d4639a 74005->74006 74011 7ff7b9d5c100 74006->74011 74007 7ff7b9d463f9 74007->73998 74009->73998 74010->74003 74024 7ff7b9d5c111 74011->74024 74029 7ff7b9d2b100 74011->74029 74046 7ff7b9d2bb20 GetCurrentProcess OpenProcessToken 74011->74046 74055 7ff7b9d29860 GlobalMemoryStatusEx 74011->74055 74057 7ff7b9d3be40 BuildCommDCBAndTimeoutsA 74011->74057 74059 7ff7b9d2c0a0 SetLastError CreateMutexA GetLastError 74011->74059 74073 7ff7b9d3cc55 74011->74073 74085 7ff7b9d2af10 74011->74085 74100 7ff7b9d2a790 74011->74100 74143 7ff7b9d2c470 74011->74143 76059 7ff7b9d3c810 74011->76059 76072 7ff7b9d298d0 FindWindowA FindWindowA 74011->76072 76074 7ff7b9d3d230 74011->76074 76081 7ff7b9d3b530 74011->76081 76098 7ff7b9d292c0 GetDiskFreeSpaceExW 74011->76098 76107 7ff7b9d294c0 74011->76107 76114 7ff7b9d2a000 CoInitialize 74011->76114 74024->74007 76119 7ff7b9d271b0 RegOpenKeyExA 74029->76119 74031 7ff7b9d2b11e 74045 7ff7b9d2b12d 74031->74045 76154 7ff7b9d4adf0 00007FF8C610F020 type_info::_name_internal_method 74031->76154 74033 7ff7b9d2b15e 76155 7ff7b9d4b290 00007FF8B9F61210 type_info::_name_internal_method 74033->76155 74035 7ff7b9d2b207 74035->74024 74037 7ff7b9d2b16f 76156 7ff7b9d4b290 00007FF8B9F61210 type_info::_name_internal_method 74037->76156 74039 7ff7b9d2b183 76157 7ff7b9d4b290 00007FF8B9F61210 type_info::_name_internal_method 74039->76157 74041 7ff7b9d2b197 76158 7ff7b9d4b290 00007FF8B9F61210 type_info::_name_internal_method 74041->76158 74043 7ff7b9d2b1ab 76159 7ff7b9d4b290 00007FF8B9F61210 type_info::_name_internal_method 74043->76159 76160 7ff7b9d47420 00007FF8C610F020 74045->76160 74047 7ff7b9d2bb52 GetTokenInformation 74046->74047 74048 7ff7b9d2bc10 CloseHandle 74046->74048 74047->74048 74050 7ff7b9d2bb7e GetLastError 74047->74050 74049 7ff7b9d2bc1f 74048->74049 74049->74024 74050->74048 74051 7ff7b9d2bb8d 74050->74051 74051->74048 74052 7ff7b9d2bb9f GetTokenInformation 74051->74052 74053 7ff7b9d2bc07 00007FF8C610F020 74052->74053 74054 7ff7b9d2bbc5 GetSidSubAuthorityCount GetSidSubAuthority GetSidSubAuthorityCount GetSidSubAuthority 74052->74054 74053->74048 74054->74053 74056 7ff7b9d2989f 74055->74056 74056->74024 74058 7ff7b9d3be7b 74057->74058 74058->74024 74060 7ff7b9d2c0dc 74059->74060 74061 7ff7b9d2c0d3 CloseHandle 74059->74061 74062 7ff7b9d2c0e8 SetLastError CreateMutexA GetLastError 74060->74062 74063 7ff7b9d2c1d2 74060->74063 74061->74060 74064 7ff7b9d2c11a 74062->74064 74065 7ff7b9d2c111 CloseHandle 74062->74065 74063->74024 74064->74063 74066 7ff7b9d2c126 SetLastError CreateMutexA GetLastError 74064->74066 74065->74064 74067 7ff7b9d2c158 74066->74067 74068 7ff7b9d2c14f CloseHandle 74066->74068 74069 7ff7b9d2c18c SetLastError CreateMutexA GetLastError 74067->74069 74070 7ff7b9d2c160 74067->74070 74068->74067 74071 7ff7b9d2c1be 74069->74071 74072 7ff7b9d2c1b5 CloseHandle 74069->74072 74070->74024 74071->74024 74072->74071 74074 7ff7b9d3cc7f 74073->74074 76167 7ff7b9d43200 74074->76167 74076 7ff7b9d3cc91 74077 7ff7b9d3cc9b K32EnumDeviceDrivers 74076->74077 74083 7ff7b9d3ccb5 74077->74083 74084 7ff7b9d3ccc1 74077->74084 74079 7ff7b9d3cced K32GetDeviceDriverBaseNameA 74081 7ff7b9d3cd09 00007FF8C6125630 74079->74081 74079->74083 74080 7ff7b9d3cda0 74080->74024 74082 7ff7b9d3cd1e 00007FF8C6125630 74081->74082 74081->74083 74082->74083 74082->74084 76170 7ff7b9d431e0 00007FF8C610F020 74083->76170 74084->74079 74084->74083 76176 7ff7b9d4cc00 74085->76176 74087 7ff7b9d2af26 76182 7ff7b9d43430 00007FF8C610F020 74087->76182 74089 7ff7b9d2af44 74099 7ff7b9d2af78 74089->74099 76183 7ff7b9d4adf0 00007FF8C610F020 type_info::_name_internal_method 74089->76183 74092 7ff7b9d2b021 76187 7ff7b9d43430 00007FF8C610F020 74092->76187 74094 7ff7b9d2b02f 74094->74024 74095 7ff7b9d2af9d 74098 7ff7b9d2b002 74095->74098 76184 7ff7b9d4b290 00007FF8B9F61210 type_info::_name_internal_method 74095->76184 76185 7ff7b9d47420 00007FF8C610F020 74098->76185 76186 7ff7b9d47420 00007FF8C610F020 74099->76186 74101 7ff7b9d4cc00 2 API calls 74100->74101 74102 7ff7b9d2a7b4 74101->74102 76192 7ff7b9d43430 00007FF8C610F020 74102->76192 74104 7ff7b9d2a7ca 76193 7ff7b9d4adf0 00007FF8C610F020 type_info::_name_internal_method 74104->76193 74106 7ff7b9d2a7f0 76194 7ff7b9d4adf0 00007FF8C610F020 type_info::_name_internal_method 74106->76194 74108 7ff7b9d2a816 76195 7ff7b9d4adf0 00007FF8C610F020 type_info::_name_internal_method 74108->76195 74110 7ff7b9d2a83c 76196 7ff7b9d4adf0 00007FF8C610F020 type_info::_name_internal_method 74110->76196 74112 7ff7b9d2a865 76197 7ff7b9d4adf0 00007FF8C610F020 type_info::_name_internal_method 74112->76197 74114 7ff7b9d2a88e 76198 7ff7b9d47420 00007FF8C610F020 74114->76198 74116 7ff7b9d2a8bd 74118 7ff7b9d2a8eb 74116->74118 76199 7ff7b9d4adf0 00007FF8C610F020 type_info::_name_internal_method 74116->76199 76200 7ff7b9d47420 00007FF8C610F020 74118->76200 74120 7ff7b9d2a91d 74121 7ff7b9d2a94e 74120->74121 76201 7ff7b9d4adf0 00007FF8C610F020 type_info::_name_internal_method 74120->76201 76202 7ff7b9d44d60 74121->76202 74126 7ff7b9d2aa65 74127 7ff7b9d2aa78 74126->74127 76212 7ff7b9d47420 00007FF8C610F020 74126->76212 74134 7ff7b9d2aa88 74127->74134 76213 7ff7b9d47420 00007FF8C610F020 74127->76213 74128 7ff7b9d2a998 74132 7ff7b9d44d60 3 API calls 74128->74132 74142 7ff7b9d2aa41 74128->74142 74133 7ff7b9d2a9de 74132->74133 76209 7ff7b9d4cd80 00007FF8B9F61210 00007FF8C610F020 74133->76209 76214 7ff7b9d43430 00007FF8C610F020 74134->76214 74137 7ff7b9d2aab1 74137->74024 74138 7ff7b9d2a9ef 74139 7ff7b9d44d60 3 API calls 74138->74139 74138->74142 74140 7ff7b9d2aa30 74139->74140 76210 7ff7b9d4cd80 00007FF8B9F61210 00007FF8C610F020 74140->76210 74142->74126 76211 7ff7b9d47420 00007FF8C610F020 74142->76211 74144 7ff7b9d2c485 74143->74144 74145 7ff7b9d3a2cd 74144->74145 74146 7ff7b9d2c4f5 GetSystemInfo 74144->74146 74147 7ff7b9d2c514 74144->74147 74145->74024 74146->74145 74146->74147 76237 7ff7b9d253d0 74147->76237 74150 7ff7b9d2c53b 74152 7ff7b9d2c54e 74150->74152 76252 7ff7b9d4adf0 00007FF8C610F020 type_info::_name_internal_method 74152->76252 74153 7ff7b9d3a2c0 74153->74024 74155 7ff7b9d2c55d 76253 7ff7b9d4ced0 00007FF8C610F020 std::_Facet_Register 74155->76253 74157 7ff7b9d2c569 76254 7ff7b9d43360 00007FF8C610F020 74157->76254 74159 7ff7b9d2c583 76255 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74159->76255 74161 7ff7b9d2c5bf 76256 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74161->76256 74163 7ff7b9d2c5fb 76257 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74163->76257 74165 7ff7b9d2c637 76258 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74165->76258 74167 7ff7b9d2c673 76259 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74167->76259 74169 7ff7b9d2c6af 76260 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74169->76260 74171 7ff7b9d2c6e7 76261 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74171->76261 74173 7ff7b9d2c71f 76262 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74173->76262 74175 7ff7b9d2c757 76263 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74175->76263 74177 7ff7b9d2c78f 76264 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74177->76264 74179 7ff7b9d2c7c7 76265 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74179->76265 74181 7ff7b9d2c7ff 76266 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74181->76266 74183 7ff7b9d2c837 76267 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74183->76267 74185 7ff7b9d2c86f 76268 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74185->76268 74187 7ff7b9d2c8a7 76269 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74187->76269 74189 7ff7b9d2c8df 76270 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74189->76270 74191 7ff7b9d2c917 76271 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74191->76271 74193 7ff7b9d2c94d 76272 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74193->76272 74195 7ff7b9d2c983 76273 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74195->76273 74197 7ff7b9d2c9b9 76274 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74197->76274 74199 7ff7b9d2c9ef 76275 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74199->76275 74201 7ff7b9d2ca25 76276 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74201->76276 74203 7ff7b9d2ca5b 76277 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74203->76277 74205 7ff7b9d2ca91 76278 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74205->76278 74207 7ff7b9d2cac7 76279 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74207->76279 74209 7ff7b9d2cafd 76280 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74209->76280 74211 7ff7b9d2cb33 76281 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74211->76281 74213 7ff7b9d2cb69 76282 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74213->76282 74215 7ff7b9d2cb9f 76283 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74215->76283 74217 7ff7b9d2cbd5 76284 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74217->76284 74219 7ff7b9d2cc0b 76285 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74219->76285 74221 7ff7b9d2cc41 76286 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74221->76286 74223 7ff7b9d2cc77 76287 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74223->76287 74225 7ff7b9d2ccad 76288 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74225->76288 74227 7ff7b9d2cce3 76289 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74227->76289 74229 7ff7b9d2cd19 76290 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74229->76290 74231 7ff7b9d2cd4f 76291 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74231->76291 74233 7ff7b9d2cd85 76292 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74233->76292 74235 7ff7b9d2cdbb 76293 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74235->76293 74237 7ff7b9d2cdf1 76294 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74237->76294 74239 7ff7b9d2ce27 76295 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74239->76295 74241 7ff7b9d2ce5d 76296 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74241->76296 74243 7ff7b9d2ce93 76297 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74243->76297 74245 7ff7b9d2cec9 76298 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74245->76298 74247 7ff7b9d2ceff 76299 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74247->76299 74249 7ff7b9d2cf35 76300 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74249->76300 74251 7ff7b9d2cf6b 76301 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74251->76301 74253 7ff7b9d2cfa1 76302 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74253->76302 74255 7ff7b9d2cfd7 76303 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74255->76303 74257 7ff7b9d2d013 76304 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74257->76304 74259 7ff7b9d2d04f 76305 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74259->76305 74261 7ff7b9d2d08b 76306 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74261->76306 74263 7ff7b9d2d0c7 76307 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74263->76307 74265 7ff7b9d2d103 76308 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74265->76308 74267 7ff7b9d2d13f 76309 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74267->76309 74269 7ff7b9d2d17b 76310 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74269->76310 74271 7ff7b9d2d1b7 76311 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74271->76311 74273 7ff7b9d2d1f3 76312 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74273->76312 74275 7ff7b9d2d22f 76313 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74275->76313 74277 7ff7b9d2d26b 76314 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74277->76314 74279 7ff7b9d2d2a7 76315 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74279->76315 74281 7ff7b9d2d2e3 76316 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74281->76316 74283 7ff7b9d2d31f 76317 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74283->76317 74285 7ff7b9d2d35b 76318 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74285->76318 74287 7ff7b9d2d397 76319 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74287->76319 74289 7ff7b9d2d3d3 76320 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74289->76320 74291 7ff7b9d2d40f 76321 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74291->76321 74293 7ff7b9d2d44b 76322 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74293->76322 74295 7ff7b9d2d487 76323 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74295->76323 74297 7ff7b9d2d4c3 76324 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74297->76324 74299 7ff7b9d2d4ff 76325 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74299->76325 74301 7ff7b9d2d53b 76326 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74301->76326 74303 7ff7b9d2d577 76327 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74303->76327 74305 7ff7b9d2d5b3 76328 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74305->76328 74307 7ff7b9d2d5ef 76329 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74307->76329 74309 7ff7b9d2d62b 76330 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74309->76330 74311 7ff7b9d2d667 76331 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74311->76331 74313 7ff7b9d2d6a3 76332 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74313->76332 74315 7ff7b9d2d6df 76333 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74315->76333 74317 7ff7b9d2d71b 76334 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74317->76334 74319 7ff7b9d2d757 76335 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74319->76335 74321 7ff7b9d2d793 76336 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74321->76336 74323 7ff7b9d2d7cf 76337 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74323->76337 74325 7ff7b9d2d80b 76338 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74325->76338 74327 7ff7b9d2d847 76339 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74327->76339 74329 7ff7b9d2d883 76340 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74329->76340 74331 7ff7b9d2d8bf 76341 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74331->76341 74333 7ff7b9d2d8fb 76342 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74333->76342 74335 7ff7b9d2d937 76343 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74335->76343 74337 7ff7b9d2d973 76344 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74337->76344 74339 7ff7b9d2d9af 76345 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74339->76345 74341 7ff7b9d2d9eb 76346 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74341->76346 74343 7ff7b9d2da27 76347 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74343->76347 74345 7ff7b9d2da63 76348 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74345->76348 74347 7ff7b9d2da9f 76349 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74347->76349 74349 7ff7b9d2dadb 76350 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74349->76350 74351 7ff7b9d2db17 76351 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74351->76351 74353 7ff7b9d2db53 76352 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74353->76352 74355 7ff7b9d2db8f 76353 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74355->76353 74357 7ff7b9d2dbcb 76354 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74357->76354 74359 7ff7b9d2dc07 76355 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74359->76355 74361 7ff7b9d2dc43 76356 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74361->76356 74363 7ff7b9d2dc7f 76357 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74363->76357 74365 7ff7b9d2dcbb 76358 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74365->76358 74367 7ff7b9d2dcf7 76359 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74367->76359 74369 7ff7b9d2dd33 76360 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74369->76360 74371 7ff7b9d2dd6f 76361 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74371->76361 74373 7ff7b9d2ddab 76362 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74373->76362 74375 7ff7b9d2dde7 76363 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74375->76363 74377 7ff7b9d2de23 76364 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74377->76364 74379 7ff7b9d2de5f 76365 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74379->76365 74381 7ff7b9d2de9b 76366 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74381->76366 74383 7ff7b9d2ded7 76367 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74383->76367 74385 7ff7b9d2df13 76368 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74385->76368 74387 7ff7b9d2df4f 76369 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74387->76369 74389 7ff7b9d2df8b 76370 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74389->76370 74391 7ff7b9d2dfc7 76371 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74391->76371 74393 7ff7b9d2e003 76372 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74393->76372 74395 7ff7b9d2e03f 76373 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74395->76373 74397 7ff7b9d2e07b 76374 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74397->76374 74399 7ff7b9d2e0b7 76375 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74399->76375 74401 7ff7b9d2e0f3 76376 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74401->76376 74403 7ff7b9d2e12f 76377 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74403->76377 74405 7ff7b9d2e16b 76378 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74405->76378 74407 7ff7b9d2e1a7 76379 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74407->76379 74409 7ff7b9d2e1e3 76380 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74409->76380 74411 7ff7b9d2e21f 76381 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74411->76381 74413 7ff7b9d2e25b 76382 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74413->76382 74415 7ff7b9d2e297 76383 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74415->76383 74417 7ff7b9d2e2d3 76384 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74417->76384 74419 7ff7b9d2e30f 76385 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74419->76385 74421 7ff7b9d2e34b 76386 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74421->76386 74423 7ff7b9d2e387 76387 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74423->76387 74425 7ff7b9d2e3c3 76388 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74425->76388 74427 7ff7b9d2e3ff 76389 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74427->76389 74429 7ff7b9d2e43b 76390 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74429->76390 74431 7ff7b9d2e477 76391 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74431->76391 74433 7ff7b9d2e4b3 76392 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74433->76392 74435 7ff7b9d2e4ef 76393 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74435->76393 74437 7ff7b9d2e52b 76394 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74437->76394 74439 7ff7b9d2e567 76395 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74439->76395 74441 7ff7b9d2e5a3 76396 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74441->76396 74443 7ff7b9d2e5df 76397 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74443->76397 74445 7ff7b9d2e61b 76398 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74445->76398 74447 7ff7b9d2e657 76399 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74447->76399 74449 7ff7b9d2e693 76400 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74449->76400 74451 7ff7b9d2e6cf 76401 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74451->76401 74453 7ff7b9d2e70b 76402 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74453->76402 74455 7ff7b9d2e747 76403 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74455->76403 74457 7ff7b9d2e783 76404 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74457->76404 74459 7ff7b9d2e7bf 76405 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74459->76405 74461 7ff7b9d2e7fb 76406 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74461->76406 74463 7ff7b9d2e837 76407 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74463->76407 74465 7ff7b9d2e873 76408 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74465->76408 74467 7ff7b9d2e8af 76409 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74467->76409 74469 7ff7b9d2e8eb 76410 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74469->76410 74471 7ff7b9d2e927 76411 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74471->76411 74473 7ff7b9d2e963 76412 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74473->76412 74475 7ff7b9d2e99f 76413 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74475->76413 74477 7ff7b9d2e9db 76414 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74477->76414 74479 7ff7b9d2ea17 76415 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74479->76415 74481 7ff7b9d2ea53 76416 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74481->76416 74483 7ff7b9d2ea8f 76417 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74483->76417 74485 7ff7b9d2eacb 76418 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74485->76418 74487 7ff7b9d2eb07 76419 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74487->76419 74489 7ff7b9d2eb43 76420 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74489->76420 74491 7ff7b9d2eb7f 76421 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74491->76421 74493 7ff7b9d2ebbb 76422 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74493->76422 74495 7ff7b9d2ebf7 76423 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74495->76423 74497 7ff7b9d2ec33 76424 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74497->76424 74499 7ff7b9d2ec6f 76425 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74499->76425 74501 7ff7b9d2ecab 76426 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74501->76426 74503 7ff7b9d2ece7 76427 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74503->76427 74505 7ff7b9d2ed23 76428 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74505->76428 74507 7ff7b9d2ed5f 76429 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74507->76429 74509 7ff7b9d2ed9b 76430 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74509->76430 74511 7ff7b9d2edd7 76431 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74511->76431 74513 7ff7b9d2ee13 76432 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74513->76432 74515 7ff7b9d2ee4f 76433 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74515->76433 74517 7ff7b9d2ee8b 76434 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74517->76434 74519 7ff7b9d2eec7 76435 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74519->76435 74521 7ff7b9d2ef03 76436 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74521->76436 74523 7ff7b9d2ef3f 76437 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74523->76437 74525 7ff7b9d2ef7b 76438 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74525->76438 74527 7ff7b9d2efb7 76439 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74527->76439 74529 7ff7b9d2eff3 76440 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74529->76440 74531 7ff7b9d2f02f 76441 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74531->76441 74533 7ff7b9d2f06b 76442 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74533->76442 74535 7ff7b9d2f0a7 76443 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74535->76443 74537 7ff7b9d2f0e3 76444 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74537->76444 74539 7ff7b9d2f11f 76445 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74539->76445 74541 7ff7b9d2f15b 76446 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74541->76446 74543 7ff7b9d2f197 76447 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74543->76447 74545 7ff7b9d2f1d3 76448 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74545->76448 74547 7ff7b9d2f20f 76449 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74547->76449 74549 7ff7b9d2f24b 76450 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74549->76450 74551 7ff7b9d2f287 76451 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74551->76451 74553 7ff7b9d2f2c3 76452 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74553->76452 74555 7ff7b9d2f2ff 76453 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74555->76453 74557 7ff7b9d2f33b 76454 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74557->76454 74559 7ff7b9d2f377 76455 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74559->76455 74561 7ff7b9d2f3b3 76456 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74561->76456 74563 7ff7b9d2f3ef 76457 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74563->76457 74565 7ff7b9d2f42b 76458 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74565->76458 74567 7ff7b9d2f467 76459 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74567->76459 74569 7ff7b9d2f4a3 76460 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74569->76460 74571 7ff7b9d2f4df 76461 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74571->76461 74573 7ff7b9d2f51b 76462 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74573->76462 74575 7ff7b9d2f557 76463 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74575->76463 74577 7ff7b9d2f593 76464 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74577->76464 74579 7ff7b9d2f5cf 76465 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74579->76465 74581 7ff7b9d2f60b 76466 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74581->76466 74583 7ff7b9d2f647 76467 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74583->76467 74585 7ff7b9d2f683 76468 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74585->76468 74587 7ff7b9d2f6bf 76469 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74587->76469 74589 7ff7b9d2f6fb 76470 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74589->76470 74591 7ff7b9d2f737 76471 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74591->76471 74593 7ff7b9d2f773 76472 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74593->76472 74595 7ff7b9d2f7af 76473 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74595->76473 74597 7ff7b9d2f7eb 76474 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74597->76474 74599 7ff7b9d2f827 76475 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74599->76475 74601 7ff7b9d2f863 76476 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74601->76476 74603 7ff7b9d2f89f 76477 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74603->76477 74605 7ff7b9d2f8db 76478 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74605->76478 74607 7ff7b9d2f917 76479 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74607->76479 74609 7ff7b9d2f953 76480 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74609->76480 74611 7ff7b9d2f98f 76481 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74611->76481 74613 7ff7b9d2f9cb 76482 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74613->76482 74615 7ff7b9d2fa07 76483 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74615->76483 74617 7ff7b9d2fa43 76484 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74617->76484 74619 7ff7b9d2fa7f 76485 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74619->76485 74621 7ff7b9d2fabb 76486 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74621->76486 74623 7ff7b9d2faf7 76487 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74623->76487 74625 7ff7b9d2fb33 76488 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74625->76488 74627 7ff7b9d2fb6f 76489 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74627->76489 74629 7ff7b9d2fbab 76490 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74629->76490 74631 7ff7b9d2fbe7 76491 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74631->76491 74633 7ff7b9d2fc23 76492 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74633->76492 74635 7ff7b9d2fc5f 76493 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74635->76493 74637 7ff7b9d2fc9b 76494 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74637->76494 74639 7ff7b9d2fcd7 76495 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74639->76495 74641 7ff7b9d2fd13 76496 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74641->76496 74643 7ff7b9d2fd4f 76497 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74643->76497 74645 7ff7b9d2fd8b 76498 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74645->76498 74647 7ff7b9d2fdc7 76499 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74647->76499 74649 7ff7b9d2fe03 76500 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74649->76500 74651 7ff7b9d2fe3f 76501 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74651->76501 74653 7ff7b9d2fe7b 76502 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74653->76502 74655 7ff7b9d2feb7 76503 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74655->76503 74657 7ff7b9d2fef3 76504 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74657->76504 74659 7ff7b9d2ff2f 76505 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74659->76505 74661 7ff7b9d2ff6b 76506 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74661->76506 74663 7ff7b9d2ffa7 76507 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74663->76507 74665 7ff7b9d2ffe3 76508 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74665->76508 74667 7ff7b9d3001f 76509 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74667->76509 74669 7ff7b9d3005b 76510 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74669->76510 74671 7ff7b9d30097 76511 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74671->76511 74673 7ff7b9d300d3 76512 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74673->76512 74675 7ff7b9d3010f 76513 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74675->76513 74677 7ff7b9d3014b 76514 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74677->76514 74679 7ff7b9d30187 76515 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74679->76515 74681 7ff7b9d301c3 76516 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74681->76516 74683 7ff7b9d301ff 76517 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74683->76517 74685 7ff7b9d3023b 76518 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74685->76518 74687 7ff7b9d30277 76519 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74687->76519 74689 7ff7b9d302b3 76520 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74689->76520 74691 7ff7b9d302ef 76521 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74691->76521 74693 7ff7b9d3032b 76522 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74693->76522 74695 7ff7b9d30367 76523 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74695->76523 74697 7ff7b9d303a3 76524 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74697->76524 74699 7ff7b9d303df 76525 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74699->76525 74701 7ff7b9d3041b 76526 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74701->76526 74703 7ff7b9d30457 76527 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74703->76527 74705 7ff7b9d30493 76528 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74705->76528 74707 7ff7b9d304cf 76529 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74707->76529 74709 7ff7b9d3050b 76530 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74709->76530 74711 7ff7b9d30547 76531 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74711->76531 74713 7ff7b9d30583 76532 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74713->76532 74715 7ff7b9d305bf 76533 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74715->76533 74717 7ff7b9d305fb 76534 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74717->76534 74719 7ff7b9d30637 76535 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74719->76535 74721 7ff7b9d30673 76536 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74721->76536 74723 7ff7b9d306af 76537 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74723->76537 74725 7ff7b9d306eb 76538 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74725->76538 74727 7ff7b9d30727 76539 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74727->76539 74729 7ff7b9d30763 76540 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74729->76540 74731 7ff7b9d3079f 76541 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74731->76541 74733 7ff7b9d307db 76542 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74733->76542 74735 7ff7b9d30817 76543 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74735->76543 74737 7ff7b9d30853 76544 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74737->76544 74739 7ff7b9d3088f 76545 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74739->76545 74741 7ff7b9d308cb 76546 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74741->76546 74743 7ff7b9d30907 76547 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74743->76547 74745 7ff7b9d30943 76548 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74745->76548 74747 7ff7b9d3097f 76549 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74747->76549 74749 7ff7b9d309bb 76550 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74749->76550 74751 7ff7b9d309f7 76551 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74751->76551 74753 7ff7b9d30a33 76552 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74753->76552 74755 7ff7b9d30a6f 76553 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74755->76553 74757 7ff7b9d30aab 76554 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74757->76554 74759 7ff7b9d30ae7 76555 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74759->76555 74761 7ff7b9d30b23 76556 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74761->76556 74763 7ff7b9d30b5f 76557 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74763->76557 74765 7ff7b9d30b9b 76558 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74765->76558 74767 7ff7b9d30bd7 76559 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74767->76559 74769 7ff7b9d30c13 76560 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74769->76560 74771 7ff7b9d30c4f 76561 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74771->76561 74773 7ff7b9d30c8b 76562 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74773->76562 74775 7ff7b9d30cc7 76563 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74775->76563 74777 7ff7b9d30d03 76564 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74777->76564 74779 7ff7b9d30d3f 76565 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74779->76565 74781 7ff7b9d30d7b 76566 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74781->76566 74783 7ff7b9d30db7 76567 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74783->76567 74785 7ff7b9d30df3 76568 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74785->76568 74787 7ff7b9d30e2f 76569 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74787->76569 74789 7ff7b9d30e6b 76570 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74789->76570 74791 7ff7b9d30ea7 76571 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74791->76571 74793 7ff7b9d30ee3 76572 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74793->76572 74795 7ff7b9d30f1f 76573 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74795->76573 74797 7ff7b9d30f5b 76574 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74797->76574 74799 7ff7b9d30f97 76575 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74799->76575 74801 7ff7b9d30fd3 76576 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74801->76576 74803 7ff7b9d3100f 76577 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74803->76577 74805 7ff7b9d3104b 76578 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74805->76578 74807 7ff7b9d31087 76579 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74807->76579 74809 7ff7b9d310c3 76580 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74809->76580 74811 7ff7b9d310ff 76581 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74811->76581 74813 7ff7b9d3113b 76582 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74813->76582 74815 7ff7b9d31177 76583 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74815->76583 74817 7ff7b9d311b3 76584 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74817->76584 74819 7ff7b9d311ef 76585 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74819->76585 74821 7ff7b9d3122b 76586 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74821->76586 74823 7ff7b9d31267 76587 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74823->76587 74825 7ff7b9d312a3 76588 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74825->76588 74827 7ff7b9d312df 76589 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74827->76589 74829 7ff7b9d3131b 76590 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74829->76590 74831 7ff7b9d31357 76591 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74831->76591 74833 7ff7b9d31393 76592 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74833->76592 74835 7ff7b9d313cf 76593 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74835->76593 74837 7ff7b9d3140b 76594 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74837->76594 74839 7ff7b9d31447 76595 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74839->76595 74841 7ff7b9d31483 76596 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74841->76596 74843 7ff7b9d314bf 76597 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74843->76597 74845 7ff7b9d314fb 76598 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74845->76598 74847 7ff7b9d31537 76599 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74847->76599 74849 7ff7b9d31573 76600 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74849->76600 74851 7ff7b9d315af 76601 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74851->76601 74853 7ff7b9d315eb 76602 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74853->76602 74855 7ff7b9d31627 76603 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74855->76603 74857 7ff7b9d31663 76604 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74857->76604 74859 7ff7b9d3169f 76605 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74859->76605 74861 7ff7b9d316db 76606 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74861->76606 74863 7ff7b9d31717 76607 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74863->76607 74865 7ff7b9d31753 76608 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74865->76608 74867 7ff7b9d3178f 76609 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74867->76609 74869 7ff7b9d317cb 76610 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74869->76610 74871 7ff7b9d31807 76611 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74871->76611 74873 7ff7b9d31843 76612 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74873->76612 74875 7ff7b9d3187f 76613 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74875->76613 74877 7ff7b9d318bb 76614 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74877->76614 74879 7ff7b9d318f7 76615 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74879->76615 74881 7ff7b9d31933 76616 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74881->76616 74883 7ff7b9d3196f 76617 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74883->76617 74885 7ff7b9d319ab 76618 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74885->76618 74887 7ff7b9d319e7 76619 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74887->76619 74889 7ff7b9d31a23 76620 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74889->76620 74891 7ff7b9d31a5f 76621 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74891->76621 74893 7ff7b9d31a9b 76622 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74893->76622 74895 7ff7b9d31ad7 76623 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74895->76623 74897 7ff7b9d31b13 76624 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74897->76624 74899 7ff7b9d31b4f 76625 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74899->76625 74901 7ff7b9d31b8b 76626 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74901->76626 74903 7ff7b9d31bc7 76627 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74903->76627 74905 7ff7b9d31c03 76628 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74905->76628 74907 7ff7b9d31c3f 76629 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74907->76629 74909 7ff7b9d31c7b 76630 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74909->76630 74911 7ff7b9d31cb7 76631 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74911->76631 74913 7ff7b9d31cf3 76632 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74913->76632 74915 7ff7b9d31d2f 76633 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74915->76633 74917 7ff7b9d31d6b 76634 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74917->76634 74919 7ff7b9d31da7 76635 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74919->76635 74921 7ff7b9d31de3 76636 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74921->76636 74923 7ff7b9d31e1f 76637 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74923->76637 74925 7ff7b9d31e5b 76638 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74925->76638 74927 7ff7b9d31e97 76639 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74927->76639 74929 7ff7b9d31ed3 76640 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74929->76640 74931 7ff7b9d31f0f 76641 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74931->76641 74933 7ff7b9d31f4b 76642 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74933->76642 74935 7ff7b9d31f87 76643 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74935->76643 74937 7ff7b9d31fc3 76644 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74937->76644 74939 7ff7b9d31fff 76645 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74939->76645 74941 7ff7b9d3203b 76646 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74941->76646 74943 7ff7b9d32077 76647 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74943->76647 74945 7ff7b9d320b3 76648 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74945->76648 74947 7ff7b9d320ef 76649 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74947->76649 74949 7ff7b9d3212b 76650 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74949->76650 74951 7ff7b9d32167 76651 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74951->76651 74953 7ff7b9d321a3 76652 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74953->76652 74955 7ff7b9d321df 76653 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74955->76653 74957 7ff7b9d3221b 76654 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74957->76654 74959 7ff7b9d32257 76655 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74959->76655 74961 7ff7b9d32293 76656 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74961->76656 74963 7ff7b9d322cf 76657 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74963->76657 74965 7ff7b9d3230b 76658 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74965->76658 74967 7ff7b9d32347 76659 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74967->76659 74969 7ff7b9d32383 76660 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74969->76660 74971 7ff7b9d323bf 76661 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74971->76661 74973 7ff7b9d323fb 76662 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74973->76662 74975 7ff7b9d32437 76663 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74975->76663 74977 7ff7b9d32473 76664 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74977->76664 74979 7ff7b9d324af 76665 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74979->76665 74981 7ff7b9d324eb 76666 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74981->76666 74983 7ff7b9d32527 76667 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74983->76667 74985 7ff7b9d32563 76668 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74985->76668 74987 7ff7b9d3259f 76669 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74987->76669 74989 7ff7b9d325db 76670 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74989->76670 74991 7ff7b9d32617 76671 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74991->76671 74993 7ff7b9d32653 76672 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74993->76672 74995 7ff7b9d3268f 76673 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74995->76673 74997 7ff7b9d326cb 76674 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74997->76674 74999 7ff7b9d32707 76675 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 74999->76675 75001 7ff7b9d32743 76676 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75001->76676 75003 7ff7b9d3277f 76677 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75003->76677 75005 7ff7b9d327bb 76678 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75005->76678 75007 7ff7b9d327f7 76679 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75007->76679 75009 7ff7b9d32833 76680 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75009->76680 75011 7ff7b9d3286f 76681 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75011->76681 75013 7ff7b9d328ab 76682 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75013->76682 75015 7ff7b9d328e7 76683 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75015->76683 75017 7ff7b9d32923 76684 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75017->76684 75019 7ff7b9d3295f 76685 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75019->76685 75021 7ff7b9d3299b 76686 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75021->76686 75023 7ff7b9d329d7 76687 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75023->76687 75025 7ff7b9d32a13 76688 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75025->76688 75027 7ff7b9d32a4f 76689 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75027->76689 75029 7ff7b9d32a8b 76690 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75029->76690 75031 7ff7b9d32ac7 76691 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75031->76691 75033 7ff7b9d32b03 76692 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75033->76692 75035 7ff7b9d32b3f 76693 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75035->76693 75037 7ff7b9d32b7b 76694 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75037->76694 75039 7ff7b9d32bb7 76695 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75039->76695 75041 7ff7b9d32bf3 76696 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75041->76696 75043 7ff7b9d32c2f 76697 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75043->76697 75045 7ff7b9d32c6b 76698 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75045->76698 75047 7ff7b9d32ca7 76699 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75047->76699 75049 7ff7b9d32ce3 76700 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75049->76700 75051 7ff7b9d32d1f 76701 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75051->76701 75053 7ff7b9d32d5b 76702 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75053->76702 75055 7ff7b9d32d97 76703 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75055->76703 75057 7ff7b9d32dd3 76704 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75057->76704 75059 7ff7b9d32e0f 76705 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75059->76705 75061 7ff7b9d32e4b 76706 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75061->76706 75063 7ff7b9d32e87 76707 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75063->76707 75065 7ff7b9d32ec3 76708 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75065->76708 75067 7ff7b9d32eff 76709 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75067->76709 75069 7ff7b9d32f3b 76710 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75069->76710 75071 7ff7b9d32f77 76711 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75071->76711 75073 7ff7b9d32fb3 76712 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75073->76712 75075 7ff7b9d32fef 76713 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75075->76713 75077 7ff7b9d3302b 76714 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75077->76714 75079 7ff7b9d33067 76715 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75079->76715 75081 7ff7b9d330a3 76716 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75081->76716 75083 7ff7b9d330df 76717 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75083->76717 75085 7ff7b9d3311b 76718 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75085->76718 75087 7ff7b9d33157 76719 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75087->76719 75089 7ff7b9d33193 76720 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75089->76720 75091 7ff7b9d331cf 76721 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75091->76721 75093 7ff7b9d3320b 76722 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75093->76722 75095 7ff7b9d33247 76723 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75095->76723 75097 7ff7b9d33283 76724 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75097->76724 75099 7ff7b9d332bf 76725 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75099->76725 75101 7ff7b9d332fb 76726 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75101->76726 75103 7ff7b9d33337 76727 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75103->76727 75105 7ff7b9d33373 76728 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75105->76728 75107 7ff7b9d333af 76729 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75107->76729 75109 7ff7b9d333eb 76730 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75109->76730 75111 7ff7b9d33427 76731 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75111->76731 75113 7ff7b9d33463 76732 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75113->76732 75115 7ff7b9d3349f 76733 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75115->76733 75117 7ff7b9d334db 76734 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75117->76734 75119 7ff7b9d33517 76735 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75119->76735 75121 7ff7b9d33553 76736 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75121->76736 75123 7ff7b9d3358f 76737 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75123->76737 75125 7ff7b9d335cb 76738 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75125->76738 75127 7ff7b9d33607 76739 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75127->76739 75129 7ff7b9d33643 76740 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75129->76740 75131 7ff7b9d3367f 76741 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75131->76741 75133 7ff7b9d336bb 76742 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75133->76742 75135 7ff7b9d336f7 76743 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75135->76743 75137 7ff7b9d33733 76744 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75137->76744 75139 7ff7b9d3376f 76745 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75139->76745 75141 7ff7b9d337ab 76746 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75141->76746 75143 7ff7b9d337e7 76747 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75143->76747 75145 7ff7b9d33823 76748 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75145->76748 75147 7ff7b9d3385f 76749 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75147->76749 75149 7ff7b9d3389b 76750 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75149->76750 75151 7ff7b9d338d7 76751 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75151->76751 75153 7ff7b9d33913 76752 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75153->76752 75155 7ff7b9d3394f 76753 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75155->76753 75157 7ff7b9d3398b 76754 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75157->76754 75159 7ff7b9d339c7 76755 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75159->76755 75161 7ff7b9d33a03 76756 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75161->76756 75163 7ff7b9d33a3f 76757 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75163->76757 75165 7ff7b9d33a7b 76758 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75165->76758 75167 7ff7b9d33ab7 76759 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75167->76759 75169 7ff7b9d33af3 76760 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75169->76760 75171 7ff7b9d33b2f 76761 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75171->76761 75173 7ff7b9d33b6b 76762 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75173->76762 75175 7ff7b9d33ba7 76763 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75175->76763 75177 7ff7b9d33be3 76764 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75177->76764 75179 7ff7b9d33c1f 76765 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75179->76765 75181 7ff7b9d33c5b 76766 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75181->76766 75183 7ff7b9d33c97 76767 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75183->76767 75185 7ff7b9d33cd3 76768 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75185->76768 75187 7ff7b9d33d0f 76769 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75187->76769 75189 7ff7b9d33d4b 76770 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75189->76770 75191 7ff7b9d33d87 76771 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75191->76771 75193 7ff7b9d33dc3 76772 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75193->76772 75195 7ff7b9d33dff 76773 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75195->76773 75197 7ff7b9d33e3b 76774 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75197->76774 75199 7ff7b9d33e77 76775 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75199->76775 75201 7ff7b9d33eb3 76776 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75201->76776 75203 7ff7b9d33eef 76777 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75203->76777 75205 7ff7b9d33f2b 76778 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75205->76778 75207 7ff7b9d33f67 76779 7ff7b9d4cfc0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 75207->76779 76057 7ff7b9d3a2b0 77204 7ff7b9d47420 00007FF8C610F020 76057->77204 76060 7ff7b9d4cc00 2 API calls 76059->76060 76061 7ff7b9d3c820 76060->76061 77255 7ff7b9d43430 00007FF8C610F020 76061->77255 76063 7ff7b9d3c838 77256 7ff7b9d46cf0 00007FF8B9F61210 76063->77256 76065 7ff7b9d3c864 76069 7ff7b9d3c86a 76065->76069 77257 7ff7b9d46cf0 00007FF8B9F61210 76065->77257 76068 7ff7b9d3c8d6 77259 7ff7b9d43430 00007FF8C610F020 76068->77259 77258 7ff7b9d47420 00007FF8C610F020 76069->77258 76071 7ff7b9d3c8e1 76071->74024 76073 7ff7b9d298fc 76072->76073 76073->74024 77260 7ff7b9d27660 RegOpenKeyExA 76074->77260 76076 7ff7b9d3d240 77279 7ff7b9d4b290 00007FF8B9F61210 type_info::_name_internal_method 76076->77279 76078 7ff7b9d3d24f 77280 7ff7b9d47420 00007FF8C610F020 76078->77280 76080 7ff7b9d3d25c 76080->74024 76082 7ff7b9d3b5c0 76081->76082 76083 7ff7b9d3b5da RegOpenKeyW 76082->76083 76084 7ff7b9d3ba5e GetLastError 76083->76084 76085 7ff7b9d3b613 RegQueryValueExW 76083->76085 76086 7ff7b9d3ba46 76084->76086 76087 7ff7b9d3ba4f GetLastError 76085->76087 76089 7ff7b9d3b64d 76085->76089 76086->74024 76087->76086 76088 7ff7b9d3b656 RegQueryValueExA 76088->76089 76089->76086 76089->76088 76090 7ff7b9d3b708 RegOpenKeyW 76089->76090 76091 7ff7b9d3b741 GetLastError 76090->76091 76092 7ff7b9d3b764 RegQueryValueExW 76090->76092 76096 7ff7b9d3b75f 76091->76096 76093 7ff7b9d3b79a GetLastError 76092->76093 76092->76096 76093->76096 76094 7ff7b9d3b7c6 RegQueryValueExA 76094->76096 76095 7ff7b9d3b864 00007FF8C610F020 76095->76096 76096->76082 76096->76094 76096->76095 76097 7ff7b9d3b8d3 76096->76097 76097->76086 76099 7ff7b9d292ed 76098->76099 76100 7ff7b9d29371 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 76099->76100 76101 7ff7b9d293dc GetPhysicallyInstalledSystemMemory 76100->76101 76102 7ff7b9d29408 76100->76102 76101->76102 76103 7ff7b9d29430 76102->76103 76105 7ff7b9d294a0 76102->76105 77283 7ff7b9d26e00 5 API calls std::_Fac_node::_Fac_node 76103->77283 76105->74024 76106 7ff7b9d29435 76106->74024 76106->76105 76108 7ff7b9d246f0 76107->76108 76109 7ff7b9d294d8 WNetGetProviderNameA 76108->76109 76110 7ff7b9d29502 76109->76110 76111 7ff7b9d294f2 lstrcmpi 76109->76111 76112 7ff7b9d74e6c 00007FF8C610F020 76110->76112 76111->76110 76113 7ff7b9d2950a 76112->76113 76113->74024 76115 7ff7b9d2a021 CoCreateInstance 76114->76115 76118 7ff7b9d2a0b5 76114->76118 76116 7ff7b9d2a05a 76115->76116 76115->76118 76117 7ff7b9d2a07e CoCreateInstance 76116->76117 76116->76118 76117->76118 76118->74024 76120 7ff7b9d27220 RegQueryValueExA 76119->76120 76127 7ff7b9d27200 76119->76127 76121 7ff7b9d2727c 76120->76121 76122 7ff7b9d27252 RegCloseKey 76120->76122 76123 7ff7b9d272ad LocalAlloc 76121->76123 76124 7ff7b9d27283 RegCloseKey 76121->76124 76122->76127 76125 7ff7b9d272cb RegCloseKey 76123->76125 76126 7ff7b9d272f1 RegQueryValueExA 76123->76126 76124->76127 76125->76127 76128 7ff7b9d27317 LocalFree RegCloseKey 76126->76128 76133 7ff7b9d2734a 76126->76133 76127->74031 76128->76127 76129 7ff7b9d27501 76132 7ff7b9d27536 76129->76132 76136 7ff7b9d47440 00007FF8C610F020 76129->76136 76130 7ff7b9d275a0 76131 7ff7b9d275f7 LocalFree RegCloseKey 76130->76131 76139 7ff7b9d275a5 76130->76139 76153 7ff7b9d275f5 76131->76153 76134 7ff7b9d2756b 76132->76134 76140 7ff7b9d47440 00007FF8C610F020 76132->76140 76133->76129 76133->76131 76135 7ff7b9d47440 00007FF8C610F020 76133->76135 76134->76130 76143 7ff7b9d47440 00007FF8C610F020 76134->76143 76137 7ff7b9d274f8 76135->76137 76138 7ff7b9d2752d 76136->76138 76161 7ff7b9d47420 00007FF8C610F020 76137->76161 76162 7ff7b9d47420 00007FF8C610F020 76138->76162 76146 7ff7b9d47440 00007FF8C610F020 76139->76146 76145 7ff7b9d27562 76140->76145 76148 7ff7b9d27597 76143->76148 76163 7ff7b9d47420 00007FF8C610F020 76145->76163 76149 7ff7b9d275cc 76146->76149 76164 7ff7b9d47420 00007FF8C610F020 76148->76164 76165 7ff7b9d47420 00007FF8C610F020 76149->76165 76152 7ff7b9d275d5 LocalFree RegCloseKey 76152->76153 76166 7ff7b9d47420 00007FF8C610F020 76153->76166 76154->74033 76155->74037 76156->74039 76157->74041 76158->74043 76159->74045 76160->74035 76161->76129 76162->76132 76163->76134 76164->76130 76165->76152 76166->76127 76171 7ff7b9d4e7a0 76167->76171 76169 7ff7b9d4325c 76169->74076 76170->74080 76172 7ff7b9d4e7f6 76171->76172 76173 7ff7b9d4e853 shared_ptr 76172->76173 76175 7ff7b9d47d50 00007FF8C610F020 shared_ptr 76172->76175 76173->76169 76175->76173 76177 7ff7b9d4cc1b std::_Facet_Register 76176->76177 76179 7ff7b9d4cc32 76177->76179 76188 7ff7b9d26d10 76177->76188 76191 7ff7b9d43430 00007FF8C610F020 76179->76191 76181 7ff7b9d4ccb5 76181->74087 76182->74089 76183->74095 76184->74098 76185->74099 76186->74092 76187->74094 76189 7ff7b9d26d1e 76188->76189 76190 7ff7b9d26d63 GetSystemFirmwareTable 76189->76190 76190->76179 76191->76181 76192->74104 76193->74106 76194->74108 76195->74110 76196->74112 76197->74114 76198->74116 76199->74118 76200->74120 76201->74121 76203 7ff7b9d44d9e 76202->76203 76215 7ff7b9d4a570 76203->76215 76205 7ff7b9d44da9 76218 7ff7b9d4fcd0 76205->76218 76208 7ff7b9d4cd80 00007FF8B9F61210 00007FF8C610F020 76208->74128 76209->74138 76210->74142 76211->74126 76212->74127 76213->74134 76214->74137 76225 7ff7b9d52520 76215->76225 76217 7ff7b9d4a58a 76217->76205 76229 7ff7b9d5abe0 76218->76229 76220 7ff7b9d4fd1f 76232 7ff7b9d5adf0 76220->76232 76222 7ff7b9d4fd2a 76236 7ff7b9d55ec0 00007FF8C610F020 shared_ptr 76222->76236 76224 7ff7b9d2a987 76224->76208 76226 7ff7b9d52541 76225->76226 76227 7ff7b9d53a60 00007FF8C610F020 76226->76227 76228 7ff7b9d5258b Concurrency::cancel_current_task std::_Facet_Register 76226->76228 76227->76228 76228->76217 76230 7ff7b9d5e4b0 00007FF8B9F61210 00007FF8C610F020 76229->76230 76231 7ff7b9d5ac78 76230->76231 76231->76220 76233 7ff7b9d5ae2d 76232->76233 76234 7ff7b9d609d0 00007FF8B9F61210 00007FF8B9F61210 00007FF8C610F020 76233->76234 76235 7ff7b9d5ae3c 76234->76235 76235->76222 76236->76224 77205 7ff7b9d25180 76237->77205 76239 7ff7b9d25457 76243 7ff7b9d25530 4 API calls 76239->76243 76244 7ff7b9d2549c 76239->76244 76240 7ff7b9d25401 76240->76239 77215 7ff7b9d25530 76240->77215 76242 7ff7b9d25453 76242->76239 76245 7ff7b9d25530 4 API calls 76242->76245 76243->76244 77237 7ff7b9d47420 00007FF8C610F020 76244->77237 76245->76239 76247 7ff7b9d254f5 77238 7ff7b9d47420 00007FF8C610F020 76247->77238 76249 7ff7b9d254ff 77239 7ff7b9d47420 00007FF8C610F020 76249->77239 76251 7ff7b9d25509 76251->74150 76251->76057 76252->74155 76253->74157 76254->74159 76255->74161 76256->74163 76257->74165 76258->74167 76259->74169 76260->74171 76261->74173 76262->74175 76263->74177 76264->74179 76265->74181 76266->74183 76267->74185 76268->74187 76269->74189 76270->74191 76271->74193 76272->74195 76273->74197 76274->74199 76275->74201 76276->74203 76277->74205 76278->74207 76279->74209 76280->74211 76281->74213 76282->74215 76283->74217 76284->74219 76285->74221 76286->74223 76287->74225 76288->74227 76289->74229 76290->74231 76291->74233 76292->74235 76293->74237 76294->74239 76295->74241 76296->74243 76297->74245 76298->74247 76299->74249 76300->74251 76301->74253 76302->74255 76303->74257 76304->74259 76305->74261 76306->74263 76307->74265 76308->74267 76309->74269 76310->74271 76311->74273 76312->74275 76313->74277 76314->74279 76315->74281 76316->74283 76317->74285 76318->74287 76319->74289 76320->74291 76321->74293 76322->74295 76323->74297 76324->74299 76325->74301 76326->74303 76327->74305 76328->74307 76329->74309 76330->74311 76331->74313 76332->74315 76333->74317 76334->74319 76335->74321 76336->74323 76337->74325 76338->74327 76339->74329 76340->74331 76341->74333 76342->74335 76343->74337 76344->74339 76345->74341 76346->74343 76347->74345 76348->74347 76349->74349 76350->74351 76351->74353 76352->74355 76353->74357 76354->74359 76355->74361 76356->74363 76357->74365 76358->74367 76359->74369 76360->74371 76361->74373 76362->74375 76363->74377 76364->74379 76365->74381 76366->74383 76367->74385 76368->74387 76369->74389 76370->74391 76371->74393 76372->74395 76373->74397 76374->74399 76375->74401 76376->74403 76377->74405 76378->74407 76379->74409 76380->74411 76381->74413 76382->74415 76383->74417 76384->74419 76385->74421 76386->74423 76387->74425 76388->74427 76389->74429 76390->74431 76391->74433 76392->74435 76393->74437 76394->74439 76395->74441 76396->74443 76397->74445 76398->74447 76399->74449 76400->74451 76401->74453 76402->74455 76403->74457 76404->74459 76405->74461 76406->74463 76407->74465 76408->74467 76409->74469 76410->74471 76411->74473 76412->74475 76413->74477 76414->74479 76415->74481 76416->74483 76417->74485 76418->74487 76419->74489 76420->74491 76421->74493 76422->74495 76423->74497 76424->74499 76425->74501 76426->74503 76427->74505 76428->74507 76429->74509 76430->74511 76431->74513 76432->74515 76433->74517 76434->74519 76435->74521 76436->74523 76437->74525 76438->74527 76439->74529 76440->74531 76441->74533 76442->74535 76443->74537 76444->74539 76445->74541 76446->74543 76447->74545 76448->74547 76449->74549 76450->74551 76451->74553 76452->74555 76453->74557 76454->74559 76455->74561 76456->74563 76457->74565 76458->74567 76459->74569 76460->74571 76461->74573 76462->74575 76463->74577 76464->74579 76465->74581 76466->74583 76467->74585 76468->74587 76469->74589 76470->74591 76471->74593 76472->74595 76473->74597 76474->74599 76475->74601 76476->74603 76477->74605 76478->74607 76479->74609 76480->74611 76481->74613 76482->74615 76483->74617 76484->74619 76485->74621 76486->74623 76487->74625 76488->74627 76489->74629 76490->74631 76491->74633 76492->74635 76493->74637 76494->74639 76495->74641 76496->74643 76497->74645 76498->74647 76499->74649 76500->74651 76501->74653 76502->74655 76503->74657 76504->74659 76505->74661 76506->74663 76507->74665 76508->74667 76509->74669 76510->74671 76511->74673 76512->74675 76513->74677 76514->74679 76515->74681 76516->74683 76517->74685 76518->74687 76519->74689 76520->74691 76521->74693 76522->74695 76523->74697 76524->74699 76525->74701 76526->74703 76527->74705 76528->74707 76529->74709 76530->74711 76531->74713 76532->74715 76533->74717 76534->74719 76535->74721 76536->74723 76537->74725 76538->74727 76539->74729 76540->74731 76541->74733 76542->74735 76543->74737 76544->74739 76545->74741 76546->74743 76547->74745 76548->74747 76549->74749 76550->74751 76551->74753 76552->74755 76553->74757 76554->74759 76555->74761 76556->74763 76557->74765 76558->74767 76559->74769 76560->74771 76561->74773 76562->74775 76563->74777 76564->74779 76565->74781 76566->74783 76567->74785 76568->74787 76569->74789 76570->74791 76571->74793 76572->74795 76573->74797 76574->74799 76575->74801 76576->74803 76577->74805 76578->74807 76579->74809 76580->74811 76581->74813 76582->74815 76583->74817 76584->74819 76585->74821 76586->74823 76587->74825 76588->74827 76589->74829 76590->74831 76591->74833 76592->74835 76593->74837 76594->74839 76595->74841 76596->74843 76597->74845 76598->74847 76599->74849 76600->74851 76601->74853 76602->74855 76603->74857 76604->74859 76605->74861 76606->74863 76607->74865 76608->74867 76609->74869 76610->74871 76611->74873 76612->74875 76613->74877 76614->74879 76615->74881 76616->74883 76617->74885 76618->74887 76619->74889 76620->74891 76621->74893 76622->74895 76623->74897 76624->74899 76625->74901 76626->74903 76627->74905 76628->74907 76629->74909 76630->74911 76631->74913 76632->74915 76633->74917 76634->74919 76635->74921 76636->74923 76637->74925 76638->74927 76639->74929 76640->74931 76641->74933 76642->74935 76643->74937 76644->74939 76645->74941 76646->74943 76647->74945 76648->74947 76649->74949 76650->74951 76651->74953 76652->74955 76653->74957 76654->74959 76655->74961 76656->74963 76657->74965 76658->74967 76659->74969 76660->74971 76661->74973 76662->74975 76663->74977 76664->74979 76665->74981 76666->74983 76667->74985 76668->74987 76669->74989 76670->74991 76671->74993 76672->74995 76673->74997 76674->74999 76675->75001 76676->75003 76677->75005 76678->75007 76679->75009 76680->75011 76681->75013 76682->75015 76683->75017 76684->75019 76685->75021 76686->75023 76687->75025 76688->75027 76689->75029 76690->75031 76691->75033 76692->75035 76693->75037 76694->75039 76695->75041 76696->75043 76697->75045 76698->75047 76699->75049 76700->75051 76701->75053 76702->75055 76703->75057 76704->75059 76705->75061 76706->75063 76707->75065 76708->75067 76709->75069 76710->75071 76711->75073 76712->75075 76713->75077 76714->75079 76715->75081 76716->75083 76717->75085 76718->75087 76719->75089 76720->75091 76721->75093 76722->75095 76723->75097 76724->75099 76725->75101 76726->75103 76727->75105 76728->75107 76729->75109 76730->75111 76731->75113 76732->75115 76733->75117 76734->75119 76735->75121 76736->75123 76737->75125 76738->75127 76739->75129 76740->75131 76741->75133 76742->75135 76743->75137 76744->75139 76745->75141 76746->75143 76747->75145 76748->75147 76749->75149 76750->75151 76751->75153 76752->75155 76753->75157 76754->75159 76755->75161 76756->75163 76757->75165 76758->75167 76759->75169 76760->75171 76761->75173 76762->75175 76763->75177 76764->75179 76765->75181 76766->75183 76767->75185 76768->75187 76769->75189 76770->75191 76771->75193 76772->75195 76773->75197 76774->75199 76775->75201 76776->75203 76777->75205 76778->75207 77204->74153 77207 7ff7b9d251b3 77205->77207 77206 7ff7b9d251b7 77206->76240 77207->77206 77208 7ff7b9d2530e 77207->77208 77240 7ff7b9d47240 00007FF8C610F020 77207->77240 77241 7ff7b9d4acc0 00007FF8C610F020 type_info::_name_internal_method 77208->77241 77210 7ff7b9d25331 77242 7ff7b9d472f0 00007FF8C610F020 77210->77242 77212 7ff7b9d25341 77243 7ff7b9d47420 00007FF8C610F020 77212->77243 77216 7ff7b9d44d60 3 API calls 77215->77216 77217 7ff7b9d2555f 77216->77217 77244 7ff7b9d44aa0 00007FF8B9F61210 00007FF8C610F020 shared_ptr 77217->77244 77219 7ff7b9d2559f 77245 7ff7b9d446d0 00007FF8C610F020 77219->77245 77221 7ff7b9d255ee 77246 7ff7b9d44a60 00007FF8B9F61210 Concurrency::details::HardwareAffinity::operator!= 77221->77246 77223 7ff7b9d25705 77252 7ff7b9d446b0 00007FF8C610F020 77223->77252 77225 7ff7b9d2570f 77253 7ff7b9d446b0 00007FF8C610F020 77225->77253 77228 7ff7b9d2572a 77254 7ff7b9d446b0 00007FF8C610F020 77228->77254 77230 7ff7b9d47440 00007FF8C610F020 77234 7ff7b9d25636 77230->77234 77231 7ff7b9d25734 77231->76242 77234->77223 77234->77230 77247 7ff7b9d446d0 00007FF8C610F020 77234->77247 77248 7ff7b9d47420 00007FF8C610F020 77234->77248 77249 7ff7b9d446b0 00007FF8C610F020 77234->77249 77250 7ff7b9d447a0 00007FF8B9F61210 00007FF8C610F020 77234->77250 77251 7ff7b9d44a60 00007FF8B9F61210 Concurrency::details::HardwareAffinity::operator!= 77234->77251 77237->76247 77238->76249 77239->76251 77240->77207 77241->77210 77242->77212 77243->77206 77244->77219 77245->77221 77246->77234 77247->77234 77248->77234 77249->77234 77250->77234 77251->77234 77252->77225 77253->77228 77254->77231 77255->76063 77256->76065 77257->76069 77258->76068 77259->76071 77261 7ff7b9d276ca RegQueryValueExA 77260->77261 77269 7ff7b9d276aa 77260->77269 77262 7ff7b9d276fc RegCloseKey 77261->77262 77263 7ff7b9d27726 77261->77263 77262->77269 77264 7ff7b9d27757 LocalAlloc 77263->77264 77265 7ff7b9d2772d RegCloseKey 77263->77265 77266 7ff7b9d27797 RegQueryValueExA 77264->77266 77267 7ff7b9d27771 RegCloseKey 77264->77267 77265->77269 77268 7ff7b9d277bd LocalFree RegCloseKey 77266->77268 77270 7ff7b9d277f0 77266->77270 77267->77269 77268->77269 77269->76076 77271 7ff7b9d278c4 LocalFree RegCloseKey 77270->77271 77273 7ff7b9d27873 77270->77273 77272 7ff7b9d278c2 77271->77272 77282 7ff7b9d47420 00007FF8C610F020 77272->77282 77275 7ff7b9d47440 00007FF8C610F020 77273->77275 77276 7ff7b9d2789a 77275->77276 77281 7ff7b9d47420 00007FF8C610F020 77276->77281 77278 7ff7b9d278a3 LocalFree RegCloseKey 77278->77272 77279->76078 77280->76080 77281->77278 77282->77269 77283->76106 77285 7ff7b9cea898 00007FF8C6125630 77284->77285 77286 7ff7b9cea8ad 77284->77286 77285->77286 77286->73876 77288 7ff7b9cd87fd 77287->77288 77291 7ff7b9cd8891 77288->77291 77303 7ff7b9cd8990 00007FF8C610F020 77288->77303 77293 7ff7b9cd98b0 77291->77293 77292 7ff7b9cd88a0 77292->73878 77294 7ff7b9cd98da 77293->77294 77304 7ff7b9cf52b0 77294->77304 77296 7ff7b9cd9a3e 77297 7ff7b9cf52b0 00007FF8C610F020 77296->77297 77302 7ff7b9cd9b6c 77297->77302 77298 7ff7b9cd9e2d 77300 7ff7b9cd9e8a 77298->77300 77308 7ff7b9cf6500 00007FF8C610F020 77298->77308 77300->77292 77301 7ff7b9cd9e24 00007FF8C610F020 77301->77298 77302->77298 77302->77301 77303->77291 77305 7ff7b9cf53ac 77304->77305 77307 7ff7b9cf52d2 77304->77307 77305->77296 77306 7ff7b9cf53a3 00007FF8C610F020 77306->77305 77307->77305 77307->77306 77308->77300 77309->73894 77310->73921 77311->73924 77312->73911 77313->73910 77314->73930 77315->73940 77317 7ff7b9d22f44 77316->77317 77318 7ff7b9d22f9b GetClientRect QueryPerformanceCounter 77317->77318 77319 7ff7b9d2302b 77318->77319 77320 7ff7b9d23045 GetForegroundWindow 77318->77320 77319->77320 77321 7ff7b9d23057 77320->77321 77322 7ff7b9d230df 77320->77322 77324 7ff7b9d23060 ClientToScreen 77321->77324 77327 7ff7b9d23095 77321->77327 77323 7ff7b9d23126 77322->77323 77325 7ff7b9d230f8 GetKeyState 77322->77325 77329 7ff7b9d2316d 77323->77329 77333 7ff7b9d2313f GetKeyState 77323->77333 77326 7ff7b9d23087 SetCursorPos 77324->77326 77324->77327 77325->77323 77332 7ff7b9d2310a 77325->77332 77326->77327 77327->77322 77328 7ff7b9d230a4 GetCursorPos 77327->77328 77328->77322 77331 7ff7b9d230b3 ScreenToClient 77328->77331 77330 7ff7b9d231b4 77329->77330 77334 7ff7b9d23186 GetKeyState 77329->77334 77339 7ff7b9d231cd GetKeyState 77330->77339 77344 7ff7b9d231fb 77330->77344 77331->77322 77335 7ff7b9d230c5 77331->77335 77332->77323 77402 7ff7b9cd4b90 00007FF8C610F020 77332->77402 77333->77329 77336 7ff7b9d23151 77333->77336 77334->77330 77337 7ff7b9d23198 77334->77337 77401 7ff7b9cd4e60 00007FF8C610F020 77335->77401 77336->77329 77403 7ff7b9cd4b90 00007FF8C610F020 77336->77403 77337->77330 77404 7ff7b9cd4b90 00007FF8C610F020 77337->77404 77341 7ff7b9d231df 77339->77341 77339->77344 77341->77344 77405 7ff7b9cd4b90 00007FF8C610F020 77341->77405 77345 7ff7b9d23225 77344->77345 77406 7ff7b9d22770 LoadCursorA SetCursor SetCursor 77344->77406 77351 7ff7b9d228e0 77345->77351 77350 7ff7b9cdca10 43 API calls 77350->73975 77353 7ff7b9d22907 77351->77353 77352 7ff7b9d22f01 77352->77350 77353->77352 77355 7ff7b9d229d3 77353->77355 77407 7ff7b9cd4b90 00007FF8C610F020 77353->77407 77356 7ff7b9d22a0a 77355->77356 77408 7ff7b9cd4b90 00007FF8C610F020 77355->77408 77359 7ff7b9d22a41 77356->77359 77409 7ff7b9cd4b90 00007FF8C610F020 77356->77409 77360 7ff7b9d22a79 77359->77360 77410 7ff7b9cd4b90 00007FF8C610F020 77359->77410 77363 7ff7b9d22aae 77360->77363 77411 7ff7b9cd4b90 00007FF8C610F020 77360->77411 77365 7ff7b9d22ae6 77363->77365 77412 7ff7b9cd4b90 00007FF8C610F020 77363->77412 77366 7ff7b9d22b1c 77365->77366 77413 7ff7b9cd4b90 00007FF8C610F020 77365->77413 77369 7ff7b9d22b53 77366->77369 77414 7ff7b9cd4b90 00007FF8C610F020 77366->77414 77370 7ff7b9d22b86 77369->77370 77415 7ff7b9cd4b90 00007FF8C610F020 77369->77415 77374 7ff7b9d22bbc 77370->77374 77416 7ff7b9cd4b90 00007FF8C610F020 77370->77416 77372 7ff7b9d22c25 77419 7ff7b9cd4b90 00007FF8C610F020 77372->77419 77375 7ff7b9d22bf8 77374->77375 77417 7ff7b9cd4b90 00007FF8C610F020 77374->77417 77375->77372 77418 7ff7b9cd4b90 00007FF8C610F020 77375->77418 77379 7ff7b9d22c70 77420 7ff7b9cd4b90 00007FF8C610F020 77379->77420 77381 7ff7b9d22ca9 77384 7ff7b9d22cdd 77381->77384 77421 7ff7b9cd4b90 00007FF8C610F020 77381->77421 77382 7ff7b9d22d0d 77423 7ff7b9cd4b90 00007FF8C610F020 77382->77423 77384->77382 77422 7ff7b9cd4b90 00007FF8C610F020 77384->77422 77387 7ff7b9d22d51 77424 7ff7b9cd4b90 00007FF8C610F020 77387->77424 77389 7ff7b9d22d95 77425 7ff7b9cd4b90 00007FF8C610F020 77389->77425 77391 7ff7b9d22dd0 77426 7ff7b9cd4b90 00007FF8C610F020 77391->77426 77393 7ff7b9d22e0b 77427 7ff7b9cd4b90 00007FF8C610F020 77393->77427 77395 7ff7b9d22e46 77428 7ff7b9cd4b90 00007FF8C610F020 77395->77428 77397 7ff7b9d22e81 77429 7ff7b9cd4b90 00007FF8C610F020 77397->77429 77399 7ff7b9d22ec2 77430 7ff7b9cd4b90 00007FF8C610F020 77399->77430 77401->77322 77402->77323 77403->77329 77404->77330 77405->77344 77406->77345 77407->77355 77408->77356 77409->77359 77410->77360 77411->77363 77412->77365 77413->77366 77414->77369 77415->77370 77416->77374 77417->77375 77418->77372 77419->77379 77420->77381 77421->77384 77422->77382 77423->77387 77424->77389 77425->77391 77426->77393 77427->77395 77428->77397 77429->77399 77430->77352 77435 7ff7b9cde862 77431->77435 77432 7ff7b9cde9b5 77438 7ff7b9cde9c8 77432->77438 77485 7ff7b9ceacd0 23 API calls 77432->77485 77434 7ff7b9ceb1b0 23 API calls 77434->77435 77435->77432 77435->77434 77435->77438 77456 7ff7b9cdedec 77435->77456 77483 7ff7b9cdf970 23 API calls 77435->77483 77484 7ff7b9ce57a0 23 API calls 77435->77484 77486 7ff7b9ceb3d0 26 API calls 77438->77486 77440 7ff7b9cdeacf 77444 7ff7b9cdeb2e 77440->77444 77487 7ff7b9cf4b40 00007FF8C610F020 00007FF8C610F020 printf 77440->77487 77442 7ff7b9cdeb96 77450 7ff7b9cdebae 77442->77450 77489 7ff7b9cf3100 23 API calls 77442->77489 77488 7ff7b9ce57a0 23 API calls 77444->77488 77446 7ff7b9cdec76 77492 7ff7b9cdc0d0 00007FF8C610F020 00007FF8C610F020 00007FF8C610F020 00007FF8C610F020 77446->77492 77448 7ff7b9cdec95 77449 7ff7b9cdecbc 77448->77449 77493 7ff7b9cf6000 00007FF8C610F020 77448->77493 77494 7ff7b9cf6000 00007FF8C610F020 77449->77494 77450->77446 77455 7ff7b9cdec41 77450->77455 77490 7ff7b9cf34d0 00007FF8C610F020 00007FF8C610F020 00007FF8C610F020 77450->77490 77454 7ff7b9cded1a 77454->77456 77496 7ff7b9cf65e0 00007FF8C610F020 77454->77496 77455->77446 77491 7ff7b9ced380 23 API calls 77455->77491 77456->73983 77461 7ff7b9cdee40 77456->77461 77457 7ff7b9cdecd5 77457->77454 77495 7ff7b9cdde00 00007FF8C610F020 77457->77495 77462 7ff7b9cdee54 77461->77462 77463 7ff7b9cde850 27 API calls 77462->77463 77466 7ff7b9cdee83 77462->77466 77463->77466 77464 7ff7b9cdf014 77499 7ff7b9cde450 6 API calls 77464->77499 77466->77464 77467 7ff7b9cf6000 00007FF8C610F020 77466->77467 77478 7ff7b9cdf2ba 77466->77478 77497 7ff7b9cdbe80 8 API calls 77466->77497 77498 7ff7b9d03a30 00007FF8C610F020 77466->77498 77467->77466 77470 7ff7b9cdf0fc 77482 7ff7b9cdf124 77470->77482 77503 7ff7b9cd83a0 9 API calls 77470->77503 77471 7ff7b9cdf0ac 77472 7ff7b9cdf0d4 77471->77472 77501 7ff7b9cddf10 00007FF8C610F020 00007FF8C610F020 00007FF8C610F020 00007FF8B9F61210 00007FF8B9F61210 77471->77501 77472->77470 77502 7ff7b9cddf10 00007FF8C610F020 00007FF8C610F020 00007FF8C610F020 00007FF8B9F61210 00007FF8B9F61210 77472->77502 77476 7ff7b9cdf019 77476->77471 77500 7ff7b9cddf10 00007FF8C610F020 00007FF8C610F020 00007FF8C610F020 00007FF8B9F61210 00007FF8B9F61210 77476->77500 77478->73983 77480 7ff7b9cf6000 00007FF8C610F020 77480->77482 77482->77478 77482->77480 77504 7ff7b9cdbe80 8 API calls 77482->77504 77505 7ff7b9d03a30 00007FF8C610F020 77482->77505 77483->77435 77484->77435 77485->77438 77486->77440 77487->77444 77488->77442 77489->77450 77490->77455 77491->77446 77492->77448 77493->77449 77494->77457 77495->77457 77496->77456 77497->77466 77498->77466 77499->77476 77500->77476 77501->77472 77502->77470 77503->77482 77504->77482 77505->77482 77506 18cd09e44b3 77507 18cd09dc100 Concurrency::details::WorkQueue::IsStructuredEmpty 77506->77507 77508 18cd09e44c0 FindFirstFileA 77507->77508 77509 18cd09e4528 77508->77509 77517 18cd09e44de type_info::_name_internal_method 77508->77517 77511 18cd09e4592 77509->77511 77524 18cd09e4c50 CreateToolhelp32Snapshot Process32NextW Process32NextW 77509->77524 77518 18cd0a62520 77511->77518 77513 18cd09e4623 77513->77517 77525 18cd0a08880 4 API calls 3 library calls 77513->77525 77515 18cd09e472a type_info::_name_internal_method 77515->77517 77526 18cd0a08e90 7 API calls 3 library calls 77515->77526 77519 18cd0a62550 77518->77519 77520 18cd0a300b0 CreateFileA 77519->77520 77521 18cd0a62560 std::_Facet_Register 77520->77521 77522 18cd0a62577 77521->77522 77527 18cd0a5e2d0 77521->77527 77522->77513 77524->77511 77525->77515 77526->77517 77528 18cd0a5e2fe Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock std::_Fac_node::_Fac_node 77527->77528 77529 18cd0a300b0 CreateFileA 77528->77529 77530 18cd0a5e413 77529->77530 77532 18cd0a5e420 77530->77532 77533 18cd0a30b80 77530->77533 77532->77522 77534 18cd09dc100 Concurrency::details::WorkQueue::IsStructuredEmpty 77533->77534 77535 18cd0a30bac CreateFileA ReadFile 77534->77535 77536 18cd0a30c0f 77535->77536 77536->77532

                                                                          Executed Functions

                                                                          Function 00007FF7B9D2C470 Relevance: 1665.1, APIs: 1, Strings: 945, Instructions: 9553COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 0 7ff7b9d2c470-7ff7b9d2c4bc call 7ff7b9d764b0 3 7ff7b9d3a2cd-7ff7b9d3a2d8 0->3 4 7ff7b9d2c4c2-7ff7b9d2c4f3 0->4 5 7ff7b9d2c4f5-7ff7b9d2c50e GetSystemInfo 4->5 6 7ff7b9d2c514-7ff7b9d2c51b call 7ff7b9d253d0 4->6 5->3 5->6 8 7ff7b9d2c520-7ff7b9d2c528 6->8 9 7ff7b9d2c52e-7ff7b9d2c535 8->9 10 7ff7b9d3a2b2 8->10 9->10 12 7ff7b9d2c53b-7ff7b9d36866 call 7ff7b9d47650 call 7ff7b9d4adf0 call 7ff7b9d4ced0 call 7ff7b9d4ccd0 call 7ff7b9d43360 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 9->12 11 7ff7b9d3a2b4-7ff7b9d3a2cc call 7ff7b9d47420 10->11 2820 7ff7b9d3686b-7ff7b9d3a26b call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4cfc0 call 7ff7b9d43350 call 7ff7b9d4d340 12->2820 3813 7ff7b9d3a26d-7ff7b9d3a26f 2820->3813 3814 7ff7b9d3a271-7ff7b9d3a2a3 call 7ff7b9d43350 call 7ff7b9d432d0 call 7ff7b9d4ac20 call 7ff7b9d7a400 2820->3814 3815 7ff7b9d3a2a6-7ff7b9d3a2b0 call 7ff7b9d43360 3813->3815 3814->3815 3815->11
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: InfoSystem
                                                                          • String ID: INTEL_THREAD_MISMATCH: CPU model = $INTEL_THREAD_MISMATCH: thread in database = $i3-1000G1$i3-1000G4$i3-1000NG4$i3-1005G1$i3-10100$i3-10100E$i3-10100F$i3-10100T$i3-10100TE$i3-10100Y$i3-10105$i3-10105F$i3-10105T$i3-10110U$i3-10110Y$i3-10300$i3-10300T$i3-10305$i3-10305T$i3-10320$i3-10325$i3-11100B$i3-11100HE$i3-1110G4$i3-1115G4E$i3-1115GRE$i3-1120G4$i3-12100$i3-12100F$i3-12100T$i3-1210U$i3-1215U$i3-1215UE$i3-1215UL$i3-12300$i3-12300T$i3-13100$i3-13100F$i3-13100T$i3-1315U$i3-1315UE$i3-14100$i3-14100F$i3-14100T$i3-2100$i3-2100T$i3-2102$i3-2105$i3-2120$i3-2120T$i3-2125$i3-2130$i3-2308M$i3-2310E$i3-2310M$i3-2312M$i3-2328M$i3-2330E$i3-2330M$i3-2332M$i3-2340UE$i3-2348M$i3-2350LM$i3-2350M$i3-2355M$i3-2357M$i3-2365M$i3-2367M$i3-2370LM$i3-2370M$i3-2375M$i3-2377M$i3-2390M$i3-2393M$i3-2394M$i3-2395M$i3-2397M$i3-3110M$i3-3115C$i3-3120M$i3-3120ME$i3-3130M$i3-3210$i3-3217U$i3-3217UE$i3-3220$i3-3220T$i3-3225$i3-3227U$i3-3229Y$i3-3240$i3-3240T$i3-3245$i3-3250$i3-3250T$i3-330E$i3-330M$i3-330UM$i3-350M$i3-370M$i3-380M$i3-380UM$i3-390M$i3-4000M$i3-4005U$i3-4010M$i3-4010U$i3-4010Y$i3-4012Y$i3-4020Y$i3-4025U$i3-4030U$i3-4030Y$i3-4100E$i3-4100M$i3-4100U$i3-4102E$i3-4110E$i3-4110M$i3-4112E$i3-4120U$i3-4130$i3-4130T$i3-4150$i3-4150T$i3-4158U$i3-4160$i3-4160T$i3-4170$i3-4170T$i3-4330$i3-4330T$i3-4330TE$i3-4340$i3-4340TE$i3-4350$i3-4350T$i3-4360$i3-4360T$i3-4370$i3-4370T$i3-5005U$i3-5010U$i3-5015U$i3-5020U$i3-5157U$i3-530$i3-540$i3-550$i3-560$i3-6006U$i3-6098P$i3-6100$i3-6100E$i3-6100H$i3-6100T$i3-6100TE$i3-6100U$i3-6102E$i3-6120T$i3-6157U$i3-6167U$i3-6300$i3-6300T$i3-6320$i3-6320T$i3-7007U$i3-7020U$i3-7100$i3-7100E$i3-7100H$i3-7100T$i3-7100U$i3-7101E$i3-7101TE$i3-7102E$i3-7110U$i3-7120$i3-7120T$i3-7130U$i3-7167U$i3-7300$i3-7300T$i3-7310T$i3-7310U$i3-7320$i3-7320T$i3-7340$i3-7350K$i3-8000$i3-8000T$i3-8020$i3-8020T$i3-8100$i3-8100B$i3-8100F$i3-8100H$i3-8100T$i3-8109U$i3-8120$i3-8120T$i3-8121U$i3-8130U$i3-8140U$i3-8145U$i3-8145UE$i3-8300$i3-8300T$i3-8320$i3-8320T$i3-8350K$i3-9100$i3-9100E$i3-9100F$i3-9100HL$i3-9100T$i3-9100TE$i3-9300$i3-9300T$i3-9320$i3-9350K$i3-9350KF$i3-N300$i3-N305$i5-10200H$i5-10210U$i5-10210Y$i5-10300H$i5-1030G4$i5-1030G7$i5-1030NG7$i5-10310U$i5-10310Y$i5-1035G1$i5-1035G4$i5-1035G7$i5-1038NG7$i5-10400$i5-10400F$i5-10400H$i5-10400T$i5-10500$i5-10500E$i5-10500H$i5-10500T$i5-10500TE$i5-10505$i5-10600$i5-10600K$i5-10600KF$i5-10600T$i5-1115G4$i5-1125G4$i5-11260H$i5-11300H$i5-1130G7$i5-11320H$i5-1135G7$i5-11400$i5-11400F$i5-11400H$i5-11400T$i5-1140G7$i5-1145G7$i5-1145G7E$i5-1145GRE$i5-11500$i5-11500B$i5-11500H$i5-11500HE$i5-11500T$i5-1155G7$i5-11600$i5-11600K$i5-11600KF$i5-11600T$i5-1230U$i5-1235U$i5-12400$i5-12400F$i5-12400T$i5-1240P$i5-1240U$i5-1245U$i5-12490F$i5-12500$i5-12500H$i5-12500HL$i5-12500T$i5-1250P$i5-1250PE$i5-12600$i5-12600H$i5-12600HE$i5-12600HL$i5-12600HX$i5-12600K$i5-12600KF$i5-12600T$i5-13400$i5-13400F$i5-13400T$i5-1340P$i5-1340PE$i5-13490F$i5-13500$i5-13500H$i5-13500T$i5-13505H$i5-1350P$i5-1350PE$i5-13600$i5-13600H$i5-13600HE$i5-13600K$i5-13600KF$i5-13600T$i5-2300$i5-2310$i5-2320$i5-2380P$i5-2390T$i5-2400$i5-2400S$i5-2405S$i5-2410M$i5-2415M$i5-2430M$i5-2435M$i5-2450M$i5-2450P$i5-2467M$i5-2475M$i5-2477M$i5-2487M$i5-2490M$i5-2497M$i5-2500$i5-2500K$i5-2500S$i5-2500T$i5-2510E$i5-2515E$i5-2520M$i5-2537M$i5-2540LM$i5-2540M$i5-2547M$i5-2550K$i5-2557M$i5-2560LM$i5-2560M$i5-2580M$i5-3210M$i5-3230M$i5-3317U$i5-3320M$i5-3330$i5-3330S$i5-3335S$i5-3337U$i5-3339Y$i5-3340$i5-3340M$i5-3340S$i5-3350P$i5-3360M$i5-3380M$i5-3427U$i5-3437U$i5-3439Y$i5-3450$i5-3450S$i5-3470$i5-3470S$i5-3470T$i5-3475S$i5-3550$i5-3550S$i5-3570$i5-3570K$i5-3570S$i5-3570T$i5-3610ME$i5-4200H$i5-4200M$i5-4200U$i5-4200Y$i5-4202Y$i5-4210H$i5-4210M$i5-4210U$i5-4210Y$i5-4220Y$i5-4250U$i5-4258U$i5-4260U$i5-4278U$i5-4288U$i5-4300M$i5-4300U$i5-4300Y$i5-4302Y$i5-4308U$i5-430M$i5-430UM$i5-4310M$i5-4310U$i5-4330M$i5-4340M$i5-4350U$i5-4360U$i5-4400E$i5-4402E$i5-4402EC$i5-4410E$i5-4422E$i5-4430$i5-4430S$i5-4440$i5-4440S$i5-4460$i5-4460S$i5-4460T$i5-4470$i5-450M$i5-4570$i5-4570R$i5-4570S$i5-4570T$i5-4570TE$i5-4590$i5-4590S$i5-4590T$i5-460M$i5-4670$i5-4670K$i5-4670R$i5-4670S$i5-4670T$i5-4690$i5-4690K$i5-4690S$i5-4690T$i5-470UM$i5-480M$i5-5200U$i5-520E$i5-520M$i5-520UM$i5-5250U$i5-5257U$i5-5287U$i5-5300U$i5-5350H$i5-5350U$i5-540M$i5-540UM$i5-5575R$i5-560M$i5-560UM$i5-5675C$i5-5675R$i5-580M$i5-6198DU$i5-6200U$i5-6260U$i5-6267U$i5-6287U$i5-6300HQ$i5-6300U$i5-6350HQ$i5-6360U$i5-6400$i5-6400T$i5-6402P$i5-6440EQ$i5-6440HQ$i5-6442EQ$i5-650$i5-6500$i5-6500T$i5-6500TE$i5-655K$i5-6585R$i5-660$i5-6600$i5-6600K$i5-6600T$i5-661$i5-6685R$i5-670$i5-680$i5-7200U$i5-7210U$i5-7260U$i5-7267U$i5-7287U$i5-7300HQ$i5-7300U$i5-7360U$i5-7400$i5-7400T$i5-7440EQ$i5-7440HQ$i5-7442EQ$i5-750$i5-7500$i5-7500T$i5-750S$i5-760$i5-7600$i5-7600K$i5-7600T$i5-7640X$i5-7Y54$i5-7Y57$i5-8200Y$i5-8210Y$i5-8250U$i5-8257U$i5-8259U$i5-8260U$i5-8265U$i5-8269U$i5-8279U$i5-8300H$i5-8305G$i5-8310Y$i5-8350U$i5-8365U$i5-8365UE$i5-8400$i5-8400B$i5-8400H$i5-8400T$i5-8420$i5-8420T$i5-8500$i5-8500B$i5-8500T$i5-8550$i5-8600$i5-8600K$i5-8600T$i5-8650$i5-9300H$i5-9300HF$i5-9400$i5-9400F$i5-9400H$i5-9400T$i5-9500$i5-9500E$i5-9500F$i5-9500T$i5-9500TE$i5-9600$i5-9600K$i5-9600KF$i5-9600T$i7-10510U$i7-10510Y$i7-1060G7$i7-10610U$i7-1065G7$i7-1068G7$i7-1068NG7$i7-10700$i7-10700E$i7-10700F$i7-10700K$i7-10700KF$i7-10700T$i7-10700TE$i7-10710U$i7-10750H$i7-10810U$i7-10850H$i7-10870H$i7-10875H$i7-11370H$i7-11375H$i7-11390H$i7-11600H$i7-1160G7$i7-1165G7$i7-11700$i7-11700B$i7-11700F$i7-11700K$i7-11700KF$i7-11700T$i7-11800H$i7-1180G7$i7-11850H$i7-11850HE$i7-1185G7$i7-1185G7E$i7-1185GRE$i7-1195G7$i7-1250U$i7-1255U$i7-1260P$i7-1260U$i7-1265U$i7-12700$i7-12700F$i7-12700KF$i7-12700T$i7-1270P$i7-1270PE$i7-1360P$i7-13700$i7-13700F$i7-13700K$i7-13700KF$i7-13700T$i7-13790F$i7-2535QM$i7-2570QM$i7-2600$i7-2600K$i7-2600S$i7-2610UE$i7-2617M$i7-2620M$i7-2627M$i7-2629M$i7-2630QM$i7-2635QM$i7-2637M$i7-2640M$i7-2649M$i7-2655LE$i7-2655QM$i7-2657M$i7-2660M$i7-2667M$i7-2669M$i7-2670QM$i7-2675QM$i7-2677M$i7-2685QM$i7-2689M$i7-2700K$i7-2710QE$i7-2715QE$i7-2720QM$i7-2740QM$i7-2760QM$i7-2820QM$i7-2840QM$i7-2860QM$i7-2920XM$i7-2960XM$i7-3517U$i7-3517UE$i7-3520M$i7-3537U$i7-3540M$i7-3555LE$i7-3610QE$i7-3610QM$i7-3612QE$i7-3612QM$i7-3615QE$i7-3615QM$i7-3630QM$i7-3632QM$i7-3635QM$i7-3667U$i7-3687U$i7-3689Y$i7-3720QM$i7-3740QM$i7-3770$i7-3770K$i7-3770S$i7-3770T$i7-3820$i7-3820QM$i7-3840QM$i7-3920XM$i7-3930K$i7-3940XM$i7-3960X$i7-3970X$i7-4500U$i7-4510U$i7-4550U$i7-4558U$i7-4578U$i7-4600M$i7-4600U$i7-4610M$i7-4610Y$i7-4650U$i7-4700EC$i7-4700EQ$i7-4700HQ$i7-4700MQ$i7-4701EQ$i7-4702EC$i7-4702HQ$i7-4702MQ$i7-4710HQ$i7-4710MQ$i7-4712HQ$i7-4712MQ$i7-4720HQ$i7-4722HQ$i7-4750HQ$i7-4760HQ$i7-4765T$i7-4770$i7-4770HQ$i7-4770K$i7-4770R$i7-4770S$i7-4770T$i7-4770TE$i7-4771$i7-4785T$i7-4790$i7-4790K$i7-4790S$i7-4790T$i7-4800MQ$i7-4810MQ$i7-4820K$i7-4850EQ$i7-4850HQ$i7-4860EQ$i7-4860HQ$i7-4870HQ$i7-4900MQ$i7-4910MQ$i7-4930K$i7-4930MX$i7-4940MX$i7-4950HQ$i7-4960HQ$i7-4960X$i7-4980HQ$i7-5500U$i7-5550U$i7-5557U$i7-5600U$i7-5650U$i7-5700EQ$i7-5700HQ$i7-5750HQ$i7-5775C$i7-5775R$i7-5820K$i7-5850EQ$i7-5850HQ$i7-5930K$i7-5950HQ$i7-5960X$i7-610E$i7-620LE$i7-620LM$i7-620M$i7-620UE$i7-620UM$i7-640LM$i7-640M$i7-640UM$i7-6498DU$i7-6500U$i7-6560U$i7-6567U$i7-6600U$i7-660LM$i7-660UE$i7-660UM$i7-6650U$i7-6660U$i7-6700$i7-6700HQ$i7-6700K$i7-6700T$i7-6700TE$i7-6770HQ$i7-6785R$i7-6800K$i7-680UM$i7-6820EQ$i7-6820HK$i7-6820HQ$i7-6822EQ$i7-6850K$i7-6870HQ$i7-6900K$i7-6920HQ$i7-6950X$i7-6970HQ$i7-720QM$i7-740QM$i7-7500U$i7-7510U$i7-7560U$i7-7567U$i7-7600U$i7-7660U$i7-7700$i7-7700HQ$i7-7700K$i7-7700T$i7-7740X$i7-7800X$i7-7820EQ$i7-7820HK$i7-7820HQ$i7-7820X$i7-7920HQ$i7-7Y75$i7-8086K$i7-820QM$i7-840QM$i7-8500Y$i7-8550U$i7-8557U$i7-8559U$i7-8565U$i7-8569U$i7-860$i7-860S$i7-8650U$i7-8665U$i7-8665UE$i7-8670$i7-8670T$i7-870$i7-8700$i7-8700B$i7-8700K$i7-8700T$i7-8705G$i7-8706G$i7-8709G$i7-870S$i7-8750H$i7-875K$i7-880$i7-8809G$i7-8850H$i7-920$i7-920XM$i7-930$i7-940$i7-940XM$i7-950$i7-960$i7-965$i7-970$i7-9700$i7-9700E$i7-9700F$i7-9700K$i7-9700KF$i7-9700T$i7-9700TE$i7-975$i7-9750H$i7-9750HF$i7-980$i7-9800X$i7-980X$i7-9850H$i7-9850HE$i7-9850HL$i7-990X$i9-10850K$i9-10885H$i9-10900$i9-10900E$i9-10900F $i9-10900K$i9-10900KF$i9-10900T$i9-10900TE$i9-10900X$i9-10910$i9-10920X$i9-10940X$i9-10980HK$i9-10980XE$i9-11900$i9-11900F$i9-11900H$i9-11900K$i9-11900KB$i9-11900KF$i9-11900T$i9-11950H$i9-11980HK$i9-12900$i9-12900F$i9-12900K$i9-12900KF$i9-12900KS$i9-12900T$i9-13900$i9-13900E$i9-13900F$i9-13900HX$i9-13900K$i9-13900KF$i9-13900KS$i9-13900T$i9-13900TE$i9-13950HX$i9-13980HX$i9-14900$i9-14900F$i9-14900HX$i9-14900K$i9-14900KF$i9-14900KS$i9-14900T$i9-7900X$i9-7920X$i9-7940X$i9-7960X$i9-7980XE$i9-8950HK$i9-9820X$i9-9880H$i9-9900$i9-9900K$i9-9900KF$i9-9900KS$i9-9900T$i9-9900X$i9-9920X$i9-9940X$i9-9960X$i9-9980HK$i9-9980XE$i9-9990XE
                                                                          • API String ID: 31276548-3532574369
                                                                          • Opcode ID: 26273d34f2e1964aaa2b671129edb9b6a78f06b02724a089fd0c747b47b128c4
                                                                          • Instruction ID: 53a6480ab32f3936ba7fcee081ec178b060efa4d9f38284ad801291a624f1635
                                                                          • Opcode Fuzzy Hash: 26273d34f2e1964aaa2b671129edb9b6a78f06b02724a089fd0c747b47b128c4
                                                                          • Instruction Fuzzy Hash: 9E54E662509AC6A8DB31EF69D8441EAB374FB5134CFC00176E75D0AA6EDF389349C7A0
                                                                          Function 00007FF7B9D2C0A0 Relevance: 38.6, APIs: 16, Strings: 6, Instructions: 89synchronizationCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$CloseCreateHandleMutex
                                                                          • String ID: Frz_State$MicrosoftVirtualPC7UserServiceMakeSureWe'reTheOnlyOneMutex$SBIE_BOXED_ServiceInitComplete_Mutex1$Sandboxie$Sandboxie_SingleInstanceMutex_Control$Virtual PC
                                                                          • API String ID: 3777024946-2155102297
                                                                          • Opcode ID: 27b00dbb08ddb40b86d5f533a0947734df896d575dc76daad9bb050b0e5fb976
                                                                          • Instruction ID: 0c8c501a6d7216c516300b8b2c58b48d3e97e82abea50419ebfa241179f57590
                                                                          • Opcode Fuzzy Hash: 27b00dbb08ddb40b86d5f533a0947734df896d575dc76daad9bb050b0e5fb976
                                                                          • Instruction Fuzzy Hash: 7E313121A08A4382FB55AF2AE5450B9F371AFA6751FC94435DB2F0666DDF3CD489C320
                                                                          Function 00007FF7B9D223A0 Relevance: 36.9, APIs: 7, Strings: 14, Instructions: 150libraryloaderCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: AddressPerformanceProcQuery$CounterFrequencyInfoKeyboardLayoutLibraryLoadLocale
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$XInputGetCapabilities$XInputGetState$i >= 0 && i < Size$imgui_impl_win32$io.BackendPlatformUserData == nullptr && "Already initialized a platform backend!"$xinput1_1.dll$xinput1_2.dll$xinput1_3.dll$xinput1_4.dll$xinput9_1_0.dll
                                                                          • API String ID: 2839060773-805143068
                                                                          • Opcode ID: d01679f2044470887c6f6f794e798d5041f9b7315f37bd5cac1d6eb523e7c933
                                                                          • Instruction ID: ee9b25a565b17a58f653f966cdfadab44d237bed9e51cf69b5cf959a2d4d6e73
                                                                          • Opcode Fuzzy Hash: d01679f2044470887c6f6f794e798d5041f9b7315f37bd5cac1d6eb523e7c933
                                                                          • Instruction Fuzzy Hash: FF719F32A08F8286D714AF1AE9842A9F3B4FB66784F845136DB9D43769EF3CE055C710
                                                                          Function 00007FF7B9D4030C Relevance: 31.9, APIs: 6, Strings: 12, Instructions: 442windowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 4164 7ff7b9d4030c-7ff7b9d40398 call 7ff7b9cd3c80 * 2 call 7ff7b9ce6ca0 call 7ff7b9cd3c80 call 7ff7b9ce6d30 4175 7ff7b9d4039a-7ff7b9d403a3 4164->4175 4176 7ff7b9d403be-7ff7b9d4045e call 7ff7b9d49af0 call 7ff7b9ce2f40 call 7ff7b9cd3c80 call 7ff7b9cebe40 call 7ff7b9cd3c80 call 7ff7b9d130f0 4164->4176 4175->4176 4177 7ff7b9d403a5-7ff7b9d403b8 call 7ff7b9d3e3d0 4175->4177 4193 7ff7b9d405b1-7ff7b9d40c15 call 7ff7b9ce6db0 call 7ff7b9d47650 call 7ff7b9d4d850 call 7ff7b9d49280 call 7ff7b9d49af0 call 7ff7b9cdf320 call 7ff7b9d49af0 call 7ff7b9cf7630 call 7ff7b9cf7650 call 7ff7b9cd3c80 call 7ff7b9ce6de0 call 7ff7b9d02ea0 call 7ff7b9d49af0 call 7ff7b9cf7630 call 7ff7b9cf7650 call 7ff7b9cd3c80 call 7ff7b9ce6de0 call 7ff7b9d02ea0 call 7ff7b9d46e20 call 7ff7b9cf7630 call 7ff7b9cf7650 call 7ff7b9cd3c80 call 7ff7b9ce6de0 call 7ff7b9d02ea0 call 7ff7b9d46e20 call 7ff7b9cf7630 call 7ff7b9cf7650 call 7ff7b9cd3c80 call 7ff7b9ce6de0 call 7ff7b9d02ea0 call 7ff7b9d46e20 call 7ff7b9cf7630 call 7ff7b9cf7650 call 7ff7b9cd3c80 call 7ff7b9ce6de0 call 7ff7b9d02ea0 call 7ff7b9cd3c80 call 7ff7b9cebe40 call 7ff7b9cebee0 call 7ff7b9d12180 call 7ff7b9cebf90 call 7ff7b9cd3c80 call 7ff7b9cebe40 call 7ff7b9cebee0 call 7ff7b9d15ed0 call 7ff7b9cebf90 call 7ff7b9cd3c80 call 7ff7b9cebe40 call 7ff7b9cebee0 call 7ff7b9cebf90 call 7ff7b9cd3c80 call 7ff7b9cebe40 call 7ff7b9cd3c80 call 7ff7b9d130f0 4176->4193 4194 7ff7b9d40464-7ff7b9d404c0 SHBrowseForFolder 4176->4194 4182 7ff7b9d403bd 4177->4182 4182->4176 4313 7ff7b9d40d0d-7ff7b9d41422 call 7ff7b9d49280 call 7ff7b9ce57a0 4193->4313 4314 7ff7b9d40c1b-7ff7b9d40c5e RemoveDirectoryA CreateDirectoryA MessageBoxA 4193->4314 4194->4193 4196 7ff7b9d404c6-7ff7b9d404de SHGetPathFromIDList 4194->4196 4198 7ff7b9d405a2-7ff7b9d405b0 CoTaskMemFree 4196->4198 4199 7ff7b9d404e4-7ff7b9d4051f 4196->4199 4198->4193 4201 7ff7b9d40524-7ff7b9d40531 4199->4201 4201->4201 4202 7ff7b9d40533-7ff7b9d40577 call 7ff7b9d49af0 4201->4202 4208 7ff7b9d4057c-7ff7b9d40589 4202->4208 4208->4208 4210 7ff7b9d4058b-7ff7b9d40590 4208->4210 4213 7ff7b9d40592-7ff7b9d405a0 4210->4213 4213->4198 4213->4213 4314->4313
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Directory$BrowseCreateFolderFreeFromListMessagePathRemoveTask
                                                                          • String ID: Loader$...$C:\Users\user\Desktop\Fortexternal$Fail$Failed to create setup directory$Fortexternal$Fortexternal$Install$P$choose install folder$destinatinal folder$-d
                                                                          • API String ID: 4103403243-590595139
                                                                          • Opcode ID: 6f603ba20749aa914c1cea6a61e7e423d9026db803c61033dc8e04d9030ed907
                                                                          • Instruction ID: fab0086651e4c197916d06b6964d316de236aca325a58e5509f3bda981e6cf0e
                                                                          • Opcode Fuzzy Hash: 6f603ba20749aa914c1cea6a61e7e423d9026db803c61033dc8e04d9030ed907
                                                                          • Instruction Fuzzy Hash: 4D32333190D68695D661FF2BE4953AAF370FFAA344F804231EB9D526A9DF2CE144CB10
                                                                          Function 00007FF7B9D22F30 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 182keyboardCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 4321 7ff7b9d22f30-7ff7b9d22f42 4322 7ff7b9d22f52 4321->4322 4323 7ff7b9d22f44-7ff7b9d22f4e 4321->4323 4326 7ff7b9d22f54-7ff7b9d22f6e call 7ff7b9d7a838 4322->4326 4324 7ff7b9d22f50 4323->4324 4325 7ff7b9d22f75-7ff7b9d22f78 4323->4325 4324->4326 4328 7ff7b9d22f7a-7ff7b9d22f94 call 7ff7b9d7a838 4325->4328 4329 7ff7b9d22f9b-7ff7b9d23029 GetClientRect QueryPerformanceCounter 4325->4329 4326->4325 4328->4329 4332 7ff7b9d2302b-7ff7b9d2303f call 7ff7b9d7a838 4329->4332 4333 7ff7b9d23045-7ff7b9d23051 GetForegroundWindow 4329->4333 4332->4333 4336 7ff7b9d23057-7ff7b9d2305e 4333->4336 4337 7ff7b9d230df-7ff7b9d230ed 4333->4337 4340 7ff7b9d2309e-7ff7b9d230a2 4336->4340 4341 7ff7b9d23060-7ff7b9d23085 ClientToScreen 4336->4341 4338 7ff7b9d230ef-7ff7b9d230f6 4337->4338 4339 7ff7b9d23126-7ff7b9d23134 4337->4339 4338->4339 4342 7ff7b9d230f8-7ff7b9d23108 GetKeyState 4338->4342 4343 7ff7b9d2316d-7ff7b9d2317b 4339->4343 4344 7ff7b9d23136-7ff7b9d2313d 4339->4344 4340->4337 4347 7ff7b9d230a4-7ff7b9d230b1 GetCursorPos 4340->4347 4345 7ff7b9d23087-7ff7b9d2308f SetCursorPos 4341->4345 4346 7ff7b9d23095-7ff7b9d2309c 4341->4346 4342->4339 4351 7ff7b9d2310a-7ff7b9d23111 4342->4351 4348 7ff7b9d2317d-7ff7b9d23184 4343->4348 4349 7ff7b9d231b4-7ff7b9d231c2 4343->4349 4344->4343 4352 7ff7b9d2313f-7ff7b9d2314f GetKeyState 4344->4352 4345->4346 4346->4337 4346->4340 4347->4337 4350 7ff7b9d230b3-7ff7b9d230c3 ScreenToClient 4347->4350 4348->4349 4353 7ff7b9d23186-7ff7b9d23196 GetKeyState 4348->4353 4355 7ff7b9d231fb-7ff7b9d231ff 4349->4355 4356 7ff7b9d231c4-7ff7b9d231cb 4349->4356 4350->4337 4354 7ff7b9d230c5-7ff7b9d230da call 7ff7b9cd4e60 4350->4354 4351->4339 4357 7ff7b9d23113-7ff7b9d23121 call 7ff7b9cd4b90 4351->4357 4352->4343 4358 7ff7b9d23151-7ff7b9d23158 4352->4358 4353->4349 4359 7ff7b9d23198-7ff7b9d2319f 4353->4359 4354->4337 4363 7ff7b9d23208-7ff7b9d2320f 4355->4363 4364 7ff7b9d23201-7ff7b9d23206 4355->4364 4356->4355 4361 7ff7b9d231cd-7ff7b9d231dd GetKeyState 4356->4361 4357->4339 4358->4343 4365 7ff7b9d2315a-7ff7b9d23168 call 7ff7b9cd4b90 4358->4365 4359->4349 4366 7ff7b9d231a1-7ff7b9d231af call 7ff7b9cd4b90 4359->4366 4361->4355 4367 7ff7b9d231df-7ff7b9d231e6 4361->4367 4368 7ff7b9d23215-7ff7b9d23218 4363->4368 4364->4368 4365->4343 4366->4349 4367->4355 4371 7ff7b9d231e8-7ff7b9d231f6 call 7ff7b9cd4b90 4367->4371 4372 7ff7b9d2321a-7ff7b9d23220 call 7ff7b9d22770 4368->4372 4373 7ff7b9d23225-7ff7b9d23228 call 7ff7b9d228e0 4368->4373 4371->4355 4372->4373 4377 7ff7b9d2322d-7ff7b9d23234 4373->4377
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: State$Client$CursorScreen$CounterForegroundPerformanceQueryRectWindow
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$bd != nullptr && "Context or backend not initialized? Did you call ImGui_ImplWin32_Init()?"$bd->hWnd != 0
                                                                          • API String ID: 1576454153-990843061
                                                                          • Opcode ID: 1a851b407499fdf4f0adc91023c1835da07401580244c1beda1895c94ec5f366
                                                                          • Instruction ID: 60bd5ecab215ea104e96b7756cc46dc706c5135de4ee21d10dbb6cf185a739a9
                                                                          • Opcode Fuzzy Hash: 1a851b407499fdf4f0adc91023c1835da07401580244c1beda1895c94ec5f366
                                                                          • Instruction Fuzzy Hash: 99916321A0868646F711AF3ED5443B9F7B1EFA6B84F848131DB6D0659DDF6CE484CB20
                                                                          Function 00007FF7B9D292C0 Relevance: 28.1, APIs: 6, Strings: 10, Instructions: 117COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: ConditionMask$DiskFreeInfoInstalledMemoryPhysicallySpaceSystemVerifyVersion
                                                                          • String ID: VBOX_DEFAULT: disk = $VBOX_DEFAULT: less than windows 10 detected$VBOX_DEFAULT: ram = $VBOX_DEFAULT: returned false due to lack of precondition spec comparisons$VBOX_DEFAULT: windows 10 detected$VBOX_DEFAULT: windows 11 detected$disk size = $failed to fetch size in GB$private util::get_disk_size( function: $util::get_disk_size(:
                                                                          • API String ID: 4053933355-2927710238
                                                                          • Opcode ID: 444f4b3d8dfc6f5bdb356be75933f179318a91f7f8d5d026a69a314893e1cd55
                                                                          • Instruction ID: 86e4c50d1d760b76767c3b0d72098a7b1d3090faf79a3494a6148c33bac6a34a
                                                                          • Opcode Fuzzy Hash: 444f4b3d8dfc6f5bdb356be75933f179318a91f7f8d5d026a69a314893e1cd55
                                                                          • Instruction Fuzzy Hash: 91519F31A0C94681EA60AF2AE9943F9F371AFB6744FC50131D72D4769EDE2CE546C720
                                                                          Function 00007FF7B9D3CC55 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 86COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C6125630Device$BaseDriverDriversEnumName
                                                                          • String ID: Failed to enumerate device drivers$Failed to retrieve driver name$VBoxGuest$VBoxMouse$VBoxSF$VirtualBox
                                                                          • API String ID: 3567762800-3078892907
                                                                          • Opcode ID: 90a3e4c33f94c635e720873c97f934764c488f4557d138a16aabaae0a6f2359e
                                                                          • Instruction ID: 19b534efe878f95454014c66e43ab68f42edf5180f78834c5bbf57e18d9b6684
                                                                          • Opcode Fuzzy Hash: 90a3e4c33f94c635e720873c97f934764c488f4557d138a16aabaae0a6f2359e
                                                                          • Instruction Fuzzy Hash: 7E31862161CA4291E620BF2AE8402FAF770FBA6781FD44132EB6D4769DDF2CD505C760
                                                                          Function 00007FF7B9D3F8A0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126nativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: NtdllProc_Window
                                                                          • String ID: E
                                                                          • API String ID: 4255912815-3568589458
                                                                          • Opcode ID: 1ad859f8c57e6c78a272c00c503d588111b95484246697c7da939e1954086c46
                                                                          • Instruction ID: 8d05f828c2e5996c8ec9bb64112e9bf2818af829136c194851457e8c2c322fab
                                                                          • Opcode Fuzzy Hash: 1ad859f8c57e6c78a272c00c503d588111b95484246697c7da939e1954086c46
                                                                          • Instruction Fuzzy Hash: DF516032A1C6858AE760AF1DE44037AB6B1EB96752F600536E7AD827ACDF3CD444CB11
                                                                          Function 00007FF7B9D298D0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: FindWindow
                                                                          • String ID: VBoxTrayToolWnd$VBoxTrayToolWndClass$VirtualBox
                                                                          • API String ID: 134000473-3809131585
                                                                          • Opcode ID: 3c25875c7485bb330419359499db5cac49334f68e8649cfc72c9f1c8758dc657
                                                                          • Instruction ID: b412702c0b65099c80083835e88c64686ed04ae0a7718e037bcde23a69f8bb1f
                                                                          • Opcode Fuzzy Hash: 3c25875c7485bb330419359499db5cac49334f68e8649cfc72c9f1c8758dc657
                                                                          • Instruction Fuzzy Hash: 1FF09061E19A0681EF057F1AE8802B8F370BF79350FC91032C62E0536AAE2CD255C720
                                                                          Function 00007FF7B9D21EF0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 215COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C610F020
                                                                          • String ID: $C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"
                                                                          • API String ID: 1173767890-1764846569
                                                                          • Opcode ID: 14a1451ba78aab33cfd0f593b19aab8bdf8ff21bda43410788da136f7ce55d94
                                                                          • Instruction ID: c4e47a7e389e26d1e5e896fff7f694511fdee2c6ed921b4eabaffe1cdb2c18b6
                                                                          • Opcode Fuzzy Hash: 14a1451ba78aab33cfd0f593b19aab8bdf8ff21bda43410788da136f7ce55d94
                                                                          • Instruction Fuzzy Hash: 15916C32705A8586EB149F2AD4907ADB7B1FB96B88F848136EF5E43B68DF38D445C310
                                                                          Function 00007FF7B9D2A000 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124comCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: CreateInstance$Initialize
                                                                          • String ID: audio_device_random_name
                                                                          • API String ID: 1108742289-3294949786
                                                                          • Opcode ID: fedb208af53d85e8c6c1e999e092dbade612422bdc59ea04c8a6dfe3d800c9d2
                                                                          • Instruction ID: d10f85e8499c150c6c1381cc6b955455f71c7785ec65c6fb69989477ca9f2bd8
                                                                          • Opcode Fuzzy Hash: fedb208af53d85e8c6c1e999e092dbade612422bdc59ea04c8a6dfe3d800c9d2
                                                                          • Instruction Fuzzy Hash: ED516E32704A8189EB619F2AD8403E97374FB95BA8F854132DB6D47B98DF39D689C310
                                                                          Function 0000018CD09D6BC0 Relevance: 6.7, APIs: 4, Instructions: 693processCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Process32$CreateFac_nodeFac_node::_FirstNextSnapshotToolhelp32char_traitsstd::_
                                                                          • String ID:
                                                                          • API String ID: 4114415025-0
                                                                          • Opcode ID: 0e28d821a7523c60772c4aee17a231d3837b35d2e31c4f8f5b205ac97deacb30
                                                                          • Instruction ID: 1e142295141c2f50026800315a9b26343578cd67c5f5fdfd902713a986de0f04
                                                                          • Opcode Fuzzy Hash: 0e28d821a7523c60772c4aee17a231d3837b35d2e31c4f8f5b205ac97deacb30
                                                                          • Instruction Fuzzy Hash: E13253312689484FE755FB7CC4657EBB2D2FB98341F808A3A604AC31D2ED719A45C7E1
                                                                          Function 0000018CD09E44B3 Relevance: 6.4, APIs: 4, Instructions: 371fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Concurrency::details::EmptyFileFindFirstQueue::StructuredWork
                                                                          • String ID:
                                                                          • API String ID: 552646416-0
                                                                          • Opcode ID: 7b1fa44f4a88086dce291a085c1b898288ff1f4fcbe6db60c2b4e76e7d46c797
                                                                          • Instruction ID: 68e7f257e9082b1ad46e7201db979c30f30904e15a9bf62f0d8187f852f0428e
                                                                          • Opcode Fuzzy Hash: 7b1fa44f4a88086dce291a085c1b898288ff1f4fcbe6db60c2b4e76e7d46c797
                                                                          • Instruction Fuzzy Hash: C0E1C131159A488FE7A5FB68C4557DFB3E1FB99341F408A2DA08EC3192DE309A45CBD2
                                                                          Function 00007FF7B9D3C810 Relevance: 5.1, Strings: 4, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: VMW$VMware$VMware Fusion$VMware-
                                                                          • API String ID: 0-2166300588
                                                                          • Opcode ID: d399dcbddb338200642cf53888f6994871618082e4c106394048f9f6e84efd4c
                                                                          • Instruction ID: 818ee8a8c86ada2cbf5316750fcd619f68052a5b06b249b99d2ce3ec52b13de1
                                                                          • Opcode Fuzzy Hash: d399dcbddb338200642cf53888f6994871618082e4c106394048f9f6e84efd4c
                                                                          • Instruction Fuzzy Hash: AB21212261C94291EA10BF6AD4500B9F330FFA2364BC05332E67E466FEDE5CD605C720
                                                                          Function 0000018CD0A05B00 Relevance: 4.7, APIs: 3, Instructions: 164encryptionCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000018CD0A05B96
                                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000018CD0A05C14
                                                                          • CryptUnprotectData.CRYPT32 ref: 0000018CD0A05C6D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$CryptDataUnprotect
                                                                          • String ID:
                                                                          • API String ID: 3418212865-0
                                                                          • Opcode ID: cd13dd898b514859b615aacead6fd89a882e7807fe1a6e13c5a8fa8d01e1d26e
                                                                          • Instruction ID: e1049a451a5cf6dba7587542c7f1ec3191f712d28437e6b1dfb248ff8b6d8069
                                                                          • Opcode Fuzzy Hash: cd13dd898b514859b615aacead6fd89a882e7807fe1a6e13c5a8fa8d01e1d26e
                                                                          • Instruction Fuzzy Hash: 29519B70558B888FE7A4EF68C4497DEB7E1FB99341F40892DA08DC3261DF749984CB92
                                                                          Function 00007FF7B9D21660 Relevance: 2.9, Strings: 2, Instructions: 374COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
                                                                          • API String ID: 0-1817040388
                                                                          • Opcode ID: a4772ff7831cf6c1a17793acfc865a631a73c3e4e2c2ab5072f563c7e195b329
                                                                          • Instruction ID: 649140b8b16fc48cb8900bfa3a1284769fd1dde109798d66998595cfe78116e7
                                                                          • Opcode Fuzzy Hash: a4772ff7831cf6c1a17793acfc865a631a73c3e4e2c2ab5072f563c7e195b329
                                                                          • Instruction Fuzzy Hash: FA026736604B9586DB20DF2AD4846AEB7B4FB89B88F828232DF5D57758CF38D545CB00
                                                                          Function 00007FF7B9D28330 Relevance: 2.5, Strings: 2, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: THREADCOUNT: $threads =
                                                                          • API String ID: 0-3051102645
                                                                          • Opcode ID: cc5bfb0b2930e7841634c32bbbf54cbc33499b5c790ca7d8d408d8ead483724a
                                                                          • Instruction ID: d61e7556af45ef00e13095bb2aabe91470ef1d49ef89457020146966355c6eaa
                                                                          • Opcode Fuzzy Hash: cc5bfb0b2930e7841634c32bbbf54cbc33499b5c790ca7d8d408d8ead483724a
                                                                          • Instruction Fuzzy Hash: BA01F925B1410343FB313B2AC804779B2A0AF72701FD01070CA2DC6AD6EE1EE5819760
                                                                          Function 00007FF7B9D228E0 Relevance: .4, Instructions: 439COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 738a0b8ec5ca8bc5cbd8091cb8aa9a4d90ed87dbe06c7893d721e284d2ef8229
                                                                          • Instruction ID: 25355140da1cb9ae8dc318853ec57c9d6600781b45bb687e7072d2d660b3b949
                                                                          • Opcode Fuzzy Hash: 738a0b8ec5ca8bc5cbd8091cb8aa9a4d90ed87dbe06c7893d721e284d2ef8229
                                                                          • Instruction Fuzzy Hash: 71021C12D1867681F716AE3A94413F9B3A18F7B344F588732FF69369DDDB1C64828220
                                                                          Function 00007FF7B9D3B530 Relevance: 56.4, APIs: 11, Strings: 21, Instructions: 365registryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 3826 7ff7b9d3b530-7ff7b9d3b5b7 3827 7ff7b9d3b5c0-7ff7b9d3b60d call 7ff7b9d4d440 RegOpenKeyW 3826->3827 3830 7ff7b9d3ba5e-7ff7b9d3ba64 GetLastError 3827->3830 3831 7ff7b9d3b613-7ff7b9d3b647 RegQueryValueExW 3827->3831 3832 7ff7b9d3ba6b-7ff7b9d3ba77 call 7ff7b9d4d3c0 3830->3832 3833 7ff7b9d3b64d-7ff7b9d3b680 call 7ff7b9d7a790 RegQueryValueExA 3831->3833 3834 7ff7b9d3ba4f-7ff7b9d3ba5c GetLastError 3831->3834 3838 7ff7b9d3ba7c 3832->3838 3839 7ff7b9d3b682-7ff7b9d3b68a 3833->3839 3840 7ff7b9d3b6e4-7ff7b9d3b6e6 3833->3840 3834->3832 3841 7ff7b9d3ba83-7ff7b9d3ba88 call 7ff7b9d4b500 3838->3841 3842 7ff7b9d3b6dc-7ff7b9d3b6e2 3839->3842 3843 7ff7b9d3b68c-7ff7b9d3b69b 3839->3843 3840->3838 3845 7ff7b9d3b6ec-7ff7b9d3b702 call 7ff7b9d7a790 3840->3845 3851 7ff7b9d3ba8a-7ff7b9d3ba9d 3841->3851 3842->3839 3842->3840 3846 7ff7b9d3b6a0-7ff7b9d3b6b2 3843->3846 3855 7ff7b9d3b708-7ff7b9d3b73f RegOpenKeyW 3845->3855 3856 7ff7b9d3ba46-7ff7b9d3ba4d 3845->3856 3849 7ff7b9d3b6d2-7ff7b9d3b6da 3846->3849 3850 7ff7b9d3b6b4-7ff7b9d3b6b7 3846->3850 3849->3842 3849->3846 3853 7ff7b9d3b6b9-7ff7b9d3b6cd 3850->3853 3854 7ff7b9d3b6d0 3850->3854 3853->3854 3854->3849 3857 7ff7b9d3b741-7ff7b9d3b75f GetLastError call 7ff7b9d4d3c0 3855->3857 3858 7ff7b9d3b764-7ff7b9d3b798 RegQueryValueExW 3855->3858 3856->3841 3865 7ff7b9d3b858-7ff7b9d3b871 call 7ff7b9d4b500 00007FF8C610F020 3857->3865 3859 7ff7b9d3b79a-7ff7b9d3b7b8 GetLastError call 7ff7b9d4d3c0 3858->3859 3860 7ff7b9d3b7bd-7ff7b9d3b7f0 call 7ff7b9d7a790 RegQueryValueExA 3858->3860 3859->3865 3869 7ff7b9d3b7f2-7ff7b9d3b7fa 3860->3869 3870 7ff7b9d3b854-7ff7b9d3b856 3860->3870 3875 7ff7b9d3b8a9-7ff7b9d3b8cd 3865->3875 3873 7ff7b9d3b84c-7ff7b9d3b852 3869->3873 3874 7ff7b9d3b7fc-7ff7b9d3b80b 3869->3874 3870->3865 3871 7ff7b9d3b873-7ff7b9d3b87e 3870->3871 3876 7ff7b9d3b880-7ff7b9d3b8a7 call 7ff7b9d4d4c0 3871->3876 3873->3869 3873->3870 3877 7ff7b9d3b810-7ff7b9d3b822 3874->3877 3875->3827 3879 7ff7b9d3b8d3-7ff7b9d3b8da 3875->3879 3876->3875 3880 7ff7b9d3b842-7ff7b9d3b84a 3877->3880 3881 7ff7b9d3b824-7ff7b9d3b827 3877->3881 3883 7ff7b9d3b938-7ff7b9d3b93f 3879->3883 3884 7ff7b9d3b8dc-7ff7b9d3b8e2 3879->3884 3880->3873 3880->3877 3885 7ff7b9d3b829-7ff7b9d3b83d 3881->3885 3886 7ff7b9d3b840 3881->3886 3883->3841 3884->3883 3887 7ff7b9d3b8e4-7ff7b9d3b8ea 3884->3887 3885->3886 3886->3880 3887->3883 3888 7ff7b9d3b8ec-7ff7b9d3b8f3 3887->3888 3888->3883 3889 7ff7b9d3b8f5-7ff7b9d3b8fc 3888->3889 3889->3883 3890 7ff7b9d3b8fe-7ff7b9d3b905 3889->3890 3890->3883 3891 7ff7b9d3b907-7ff7b9d3b90f 3890->3891 3891->3883 3892 7ff7b9d3b911-7ff7b9d3b918 3891->3892 3893 7ff7b9d3b920-7ff7b9d3b927 3892->3893 3894 7ff7b9d3b929-7ff7b9d3b936 3893->3894 3895 7ff7b9d3b944-7ff7b9d3b954 3893->3895 3894->3883 3894->3893 3895->3883 3896 7ff7b9d3b956-7ff7b9d3b95b 3895->3896 3896->3883 3897 7ff7b9d3b95d-7ff7b9d3b960 3896->3897 3898 7ff7b9d3b964-7ff7b9d3b967 3897->3898 3899 7ff7b9d3b969-7ff7b9d3b976 3898->3899 3900 7ff7b9d3b984-7ff7b9d3b994 3898->3900 3899->3898 3901 7ff7b9d3b978-7ff7b9d3b97f 3899->3901 3900->3883 3902 7ff7b9d3b996-7ff7b9d3b999 3900->3902 3901->3841 3903 7ff7b9d3b9a7-7ff7b9d3b9aa 3902->3903 3904 7ff7b9d3b99b-7ff7b9d3b9a2 3902->3904 3905 7ff7b9d3b9d9-7ff7b9d3b9e7 call 7ff7b9d4b500 3903->3905 3906 7ff7b9d3b9ac 3903->3906 3904->3841 3905->3851 3908 7ff7b9d3b9b0-7ff7b9d3b9b8 3906->3908 3909 7ff7b9d3b9ba-7ff7b9d3b9c3 3908->3909 3910 7ff7b9d3b9cd-7ff7b9d3b9d7 3908->3910 3912 7ff7b9d3ba19-7ff7b9d3ba44 call 7ff7b9d4b500 call 7ff7b9d43040 3909->3912 3913 7ff7b9d3b9c5-7ff7b9d3b9cb 3909->3913 3910->3905 3910->3908 3912->3851 3913->3910 3914 7ff7b9d3b9ec-7ff7b9d3ba17 call 7ff7b9d4b500 call 7ff7b9d43040 3913->3914 3914->3851
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastQueryValue$Open$00007C610F020
                                                                          • String ID: - $ / $.Raw$.Translated$Hardware\ResourceMap\System Resources\Loader Reserved$Hardware\ResourceMap\System Resources\Physical Memory$Hardware\ResourceMap\System Resources\Reserved$Microsoft Hyper-V$NETTITUDE_VM_MEMORY: --> Memory region found: $NETTITUDE_VM_MEMORY: Could not find memory region, returning 0.$NETTITUDE_VM_MEMORY: Could not get reg key: $NETTITUDE_VM_MEMORY: Could not query hardware key: $NETTITUDE_VM_MEMORY: Hyper-V detected$NETTITUDE_VM_MEMORY: Memory allocation failed for regions[i].$NETTITUDE_VM_MEMORY: No regions parsed, freeing allocated memory.$NETTITUDE_VM_MEMORY: Reading data from $NETTITUDE_VM_MEMORY: Vbox detected$NETTITUDE_VM_MEMORY: no VM detected$NETTITUDE_VM_MEMORY: unknown brand, but likely VM (returned true)$NETTITUDE_VM_MEMORY: unknown error, returned false$VirtualBox
                                                                          • API String ID: 3145750536-3801651236
                                                                          • Opcode ID: b6dfc162a5adb2757c6c38429e54f5d4930d2c041717ae3a57232a86bf0d82c5
                                                                          • Instruction ID: 07d9c607134ba4d18e21eb5d7b76708e75963506417380f270cd5e0c2c9f2fdc
                                                                          • Opcode Fuzzy Hash: b6dfc162a5adb2757c6c38429e54f5d4930d2c041717ae3a57232a86bf0d82c5
                                                                          • Instruction Fuzzy Hash: B2F17032A18A4286E710AF3AE8406BCB3B4FB66749F844231DB6D57B58DF3CE555C360
                                                                          Function 00007FF7B9D271B0 Relevance: 56.3, APIs: 13, Strings: 19, Instructions: 299registryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 3923 7ff7b9d271b0-7ff7b9d271fe RegOpenKeyExA 3924 7ff7b9d27220-7ff7b9d27250 RegQueryValueExA 3923->3924 3925 7ff7b9d27200-7ff7b9d2721b call 7ff7b9d4b500 call 7ff7b9d47590 3923->3925 3926 7ff7b9d2727c-7ff7b9d27281 3924->3926 3927 7ff7b9d27252-7ff7b9d27277 RegCloseKey call 7ff7b9d4b500 call 7ff7b9d47590 3924->3927 3945 7ff7b9d27636-7ff7b9d27653 3925->3945 3931 7ff7b9d272ad-7ff7b9d272c9 LocalAlloc 3926->3931 3932 7ff7b9d27283-7ff7b9d272a8 RegCloseKey call 7ff7b9d4b500 call 7ff7b9d47590 3926->3932 3927->3945 3933 7ff7b9d272cb-7ff7b9d272ec RegCloseKey call 7ff7b9d4b500 call 7ff7b9d47590 3931->3933 3934 7ff7b9d272f1-7ff7b9d27315 RegQueryValueExA 3931->3934 3932->3945 3933->3945 3940 7ff7b9d27317-7ff7b9d27345 LocalFree RegCloseKey call 7ff7b9d4b500 call 7ff7b9d47590 3934->3940 3941 7ff7b9d2734a-7ff7b9d27351 3934->3941 3940->3945 3948 7ff7b9d2736e-7ff7b9d2737d 3941->3948 3949 7ff7b9d27353 3941->3949 3951 7ff7b9d27380-7ff7b9d27398 call 7ff7b9d7a938 3948->3951 3954 7ff7b9d27356-7ff7b9d27369 call 7ff7b9d7a930 3949->3954 3964 7ff7b9d2739a-7ff7b9d273a4 3951->3964 3965 7ff7b9d273a9-7ff7b9d273b7 3951->3965 3963 7ff7b9d2736b 3954->3963 3963->3948 3964->3951 3966 7ff7b9d273a6 3964->3966 3967 7ff7b9d273c0-7ff7b9d273d8 call 7ff7b9d7a938 3965->3967 3966->3965 3970 7ff7b9d273da-7ff7b9d273e4 3967->3970 3971 7ff7b9d273e9-7ff7b9d273ec 3967->3971 3970->3967 3972 7ff7b9d273e6 3970->3972 3973 7ff7b9d273f0-7ff7b9d27408 call 7ff7b9d7a938 3971->3973 3972->3971 3976 7ff7b9d2740a-7ff7b9d27414 3973->3976 3977 7ff7b9d27419-7ff7b9d27428 3973->3977 3976->3973 3978 7ff7b9d27416 3976->3978 3979 7ff7b9d27430-7ff7b9d27448 call 7ff7b9d7a938 3977->3979 3978->3977 3982 7ff7b9d2745a-7ff7b9d27469 3979->3982 3983 7ff7b9d2744a-7ff7b9d27455 3979->3983 3985 7ff7b9d27470-7ff7b9d27488 call 7ff7b9d7a938 3982->3985 3983->3979 3984 7ff7b9d27457 3983->3984 3984->3982 3988 7ff7b9d2749a-7ff7b9d274b0 call 7ff7b9d47590 3985->3988 3989 7ff7b9d2748a-7ff7b9d27495 3985->3989 3993 7ff7b9d274ca-7ff7b9d274cf 3988->3993 3994 7ff7b9d274b2-7ff7b9d274b5 3988->3994 3989->3985 3991 7ff7b9d27497 3989->3991 3991->3988 3996 7ff7b9d27501-7ff7b9d27504 3993->3996 3997 7ff7b9d274d1-7ff7b9d274fc call 7ff7b9d4b580 call 7ff7b9d47590 call 7ff7b9d47440 call 7ff7b9d47420 3993->3997 3994->3993 3995 7ff7b9d274b7-7ff7b9d274ba 3994->3995 3995->3993 4000 7ff7b9d274bc-7ff7b9d274bf 3995->4000 3998 7ff7b9d27536-7ff7b9d27539 3996->3998 3999 7ff7b9d27506-7ff7b9d27531 call 7ff7b9d4b580 call 7ff7b9d47590 call 7ff7b9d47440 call 7ff7b9d47420 3996->3999 3997->3996 4004 7ff7b9d2756b-7ff7b9d2756e 3998->4004 4005 7ff7b9d2753b-7ff7b9d27566 call 7ff7b9d4b580 call 7ff7b9d47590 call 7ff7b9d47440 call 7ff7b9d47420 3998->4005 3999->3998 4000->3993 4003 7ff7b9d274c1-7ff7b9d274c4 4000->4003 4003->3993 4010 7ff7b9d275f7-7ff7b9d2760d LocalFree RegCloseKey 4003->4010 4008 7ff7b9d275a0-7ff7b9d275a3 4004->4008 4009 7ff7b9d27570-7ff7b9d2759b call 7ff7b9d4b580 call 7ff7b9d47590 call 7ff7b9d47440 call 7ff7b9d47420 4004->4009 4005->4004 4008->4010 4017 7ff7b9d275a5-7ff7b9d275f5 call 7ff7b9d4b580 call 7ff7b9d47590 call 7ff7b9d47440 call 7ff7b9d47420 LocalFree RegCloseKey call 7ff7b9d474e0 4008->4017 4009->4008 4015 7ff7b9d2761d-7ff7b9d2762c call 7ff7b9d47590 4010->4015 4016 7ff7b9d2760f-7ff7b9d2761b call 7ff7b9d474e0 4010->4016 4036 7ff7b9d2762d-7ff7b9d27631 call 7ff7b9d47420 4015->4036 4016->4036 4017->4036 4036->3945
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: CloseOpenQueryValue
                                                                          • String ID: Apple VZ$INNOTEK GMBH$KVM$SMBIOS: x1 = $SMBIOS: x2 = $SMBIOS: x3 = $SMBIOS: x4 = $SMBIOS: x5 = $SMBIOS_string(): length = 0$SMBIOS_string(): p = nullptr$SMBIOS_string(): ret = error$SMBIOS_string(): ret = error 2$SMBIOS_string(): ret = error 3$SMBiosData$SUN MICROSYSTEMS$SYSTEM\CurrentControlSet\Services\mssmbios\Data$VBOXVER$VIRTUAL MACHINE$VIRTUALBOX
                                                                          • API String ID: 3677997916-3307376029
                                                                          • Opcode ID: a9bc8dadc612e16e6fdf3cde058f2e6fcd6038ae532abe61841d0cd3c05ff1f7
                                                                          • Instruction ID: 5d679307f20d52a1485ca9d59bdeb5ab44ea8c2a9ba1f1e1e3717f32140c3fbf
                                                                          • Opcode Fuzzy Hash: a9bc8dadc612e16e6fdf3cde058f2e6fcd6038ae532abe61841d0cd3c05ff1f7
                                                                          • Instruction Fuzzy Hash: A2D11C21B0990295EB10BF6BD5802FDB3B0AF66B84FC10571DE2D57AADEE2CE505C760
                                                                          Function 00007FF7B9D27660 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 165registryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 4054 7ff7b9d27660-7ff7b9d276a8 RegOpenKeyExA 4055 7ff7b9d276ca-7ff7b9d276fa RegQueryValueExA 4054->4055 4056 7ff7b9d276aa-7ff7b9d276c5 call 7ff7b9d4b500 call 7ff7b9d47590 4054->4056 4058 7ff7b9d276fc-7ff7b9d27721 RegCloseKey call 7ff7b9d4b500 call 7ff7b9d47590 4055->4058 4059 7ff7b9d27726-7ff7b9d2772b 4055->4059 4077 7ff7b9d278f0-7ff7b9d27909 4056->4077 4058->4077 4062 7ff7b9d27757-7ff7b9d2776f LocalAlloc 4059->4062 4063 7ff7b9d2772d-7ff7b9d27752 RegCloseKey call 7ff7b9d4b500 call 7ff7b9d47590 4059->4063 4064 7ff7b9d27797-7ff7b9d277bb RegQueryValueExA 4062->4064 4065 7ff7b9d27771-7ff7b9d27792 RegCloseKey call 7ff7b9d4b500 call 7ff7b9d47590 4062->4065 4063->4077 4071 7ff7b9d277bd-7ff7b9d277eb LocalFree RegCloseKey call 7ff7b9d4b500 call 7ff7b9d47590 4064->4071 4072 7ff7b9d277f0-7ff7b9d277f7 4064->4072 4065->4077 4071->4077 4080 7ff7b9d27818-7ff7b9d27825 4072->4080 4081 7ff7b9d277f9-7ff7b9d277fc 4072->4081 4084 7ff7b9d27830-7ff7b9d27848 call 7ff7b9d7a938 4080->4084 4082 7ff7b9d27800-7ff7b9d27813 call 7ff7b9d7a930 4081->4082 4094 7ff7b9d27815 4082->4094 4095 7ff7b9d2785a 4084->4095 4096 7ff7b9d2784a-7ff7b9d27856 4084->4096 4094->4080 4098 7ff7b9d2785d-7ff7b9d27871 call 7ff7b9d47590 4095->4098 4096->4084 4097 7ff7b9d27858 4096->4097 4097->4098 4101 7ff7b9d278c4-7ff7b9d278e1 LocalFree RegCloseKey call 7ff7b9d47590 4098->4101 4102 7ff7b9d27873-7ff7b9d278c2 call 7ff7b9d4b580 call 7ff7b9d47590 call 7ff7b9d47440 call 7ff7b9d47420 LocalFree RegCloseKey call 7ff7b9d474e0 4098->4102 4106 7ff7b9d278e6 4101->4106 4108 7ff7b9d278e7-7ff7b9d278eb call 7ff7b9d47420 4102->4108 4106->4108 4108->4077
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: CloseOpenQueryValue
                                                                          • String ID: AcpiData$AcpiData: x1 = $AcpiData_string(): length = 0$AcpiData_string(): p = nullptr$AcpiData_string(): ret = error$AcpiData_string(): ret = error 2$AcpiData_string(): ret = error 3$KVM$SYSTEM\CurrentControlSet\Services\mssmbios\Data$VRTUAL MICROSFT
                                                                          • API String ID: 3677997916-3042907882
                                                                          • Opcode ID: 20ec5670a66950e12626a9c13c278c8c0255b12ade70cd0f0768e6a0fc490ebb
                                                                          • Instruction ID: 302513e583754a19833f6d66ea6268724b82871990f4036febbfaae7894b0ff4
                                                                          • Opcode Fuzzy Hash: 20ec5670a66950e12626a9c13c278c8c0255b12ade70cd0f0768e6a0fc490ebb
                                                                          • Instruction Fuzzy Hash: 51713C21A0860295EB10BF3BD9802B9F770BF66784FC50531DB2E46AADEE3CE445C760
                                                                          Function 00007FF7B9D2B100 Relevance: 22.8, APIs: 5, Strings: 8, Instructions: 71COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: type_info::_name_internal_method$Open
                                                                          • String ID: INNOTEK GMBH$MSSMBIOS: empty, returned false$MSSMBIOS: string = $SUN MICROSYSTEMS$VBOXVER$VIRTUAL MACHINE$VIRTUALBOX$VirtualBox
                                                                          • API String ID: 1080555486-4127251607
                                                                          • Opcode ID: 9ec9407c6f65c8af4d10c59307482d27e90b1076899fe592d823de57c343396b
                                                                          • Instruction ID: ca4a24f2904540cc6355d1edc7f5ef5792c9914f4203030d8f79fc06098a6604
                                                                          • Opcode Fuzzy Hash: 9ec9407c6f65c8af4d10c59307482d27e90b1076899fe592d823de57c343396b
                                                                          • Instruction Fuzzy Hash: 7C31052190864691EA10BF2AE4910FAF370FF76784FC10276E79D476AEDE6CE505C760
                                                                          Function 00007FF7B9D2BB20 Relevance: 16.6, APIs: 11, Instructions: 76COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Authority$Token$CountInformationProcess$00007C610CloseCurrentErrorF020HandleLastOpen
                                                                          • String ID:
                                                                          • API String ID: 4236439666-0
                                                                          • Opcode ID: 0e9de6c67c5272300d538b00a48be2e9738f150e2bddf2c2297e410be8e05af5
                                                                          • Instruction ID: 5b9243543afec56e6a439661d7a6e4f47bf708e8a891f83ff4ebed3e63b33487
                                                                          • Opcode Fuzzy Hash: 0e9de6c67c5272300d538b00a48be2e9738f150e2bddf2c2297e410be8e05af5
                                                                          • Instruction Fuzzy Hash: F8314436608A4182EB10AF2AF450279B3B0FBE6B85F954435DB9D4376CDE7DD848DB20
                                                                          Function 00007FF7B9D3E3D0 Relevance: 15.5, APIs: 10, Instructions: 516COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 4497 7ff7b9d3e3d0-7ff7b9d3e3ec 4498 7ff7b9d3e3ee-7ff7b9d3e3f0 4497->4498 4499 7ff7b9d3e3f5-7ff7b9d3e427 4497->4499 4500 7ff7b9d3eebd-7ff7b9d3eec6 4498->4500 4501 7ff7b9d3e433-7ff7b9d3e440 4499->4501 4502 7ff7b9d3e468-7ff7b9d3e53f call 7ff7b9d3eff0 call 7ff7b9d42b00 call 7ff7b9d47590 call 7ff7b9d3eed0 call 7ff7b9d42b00 call 7ff7b9d47590 call 7ff7b9d49af0 GetModuleHandleA 4501->4502 4503 7ff7b9d3e442-7ff7b9d3e466 4501->4503 4519 7ff7b9d3e541-7ff7b9d3e573 call 7ff7b9d49280 * 2 4502->4519 4520 7ff7b9d3e575-7ff7b9d3e5d9 call 7ff7b9d49af0 GetProcAddress call 7ff7b9d49280 * 2 4502->4520 4503->4501 4530 7ff7b9d3e5e1-7ff7b9d3e6a3 call 7ff7b9d246f0 call 7ff7b9d50790 call 7ff7b9d507f0 call 7ff7b9d3de60 call 7ff7b9d49280 4519->4530 4520->4530 4542 7ff7b9d3e6af-7ff7b9d3e6f1 4530->4542 4543 7ff7b9d3e74e-7ff7b9d3e85a VirtualAlloc 4542->4543 4544 7ff7b9d3e6f3-7ff7b9d3e749 4542->4544 4546 7ff7b9d3e879-7ff7b9d3e96d call 7ff7b9d3f230 call 7ff7b9d42a70 call 7ff7b9d47590 call 7ff7b9d3f110 call 7ff7b9d42a70 call 7ff7b9d47590 call 7ff7b9d49af0 GetModuleHandleA 4543->4546 4547 7ff7b9d3e85c-7ff7b9d3e874 call 7ff7b9d482f0 4543->4547 4544->4542 4564 7ff7b9d3e9a9-7ff7b9d3ea16 call 7ff7b9d49af0 GetProcAddress call 7ff7b9d49280 * 2 4546->4564 4565 7ff7b9d3e96f-7ff7b9d3e9a7 call 7ff7b9d49280 * 2 4546->4565 4547->4500 4574 7ff7b9d3ea1e-7ff7b9d3eb0e call 7ff7b9d3f470 call 7ff7b9d42950 call 7ff7b9d47590 call 7ff7b9d3f350 call 7ff7b9d429e0 call 7ff7b9d47590 call 7ff7b9d49af0 GetModuleHandleA 4564->4574 4565->4574 4591 7ff7b9d3eb4a-7ff7b9d3ebb7 call 7ff7b9d49af0 GetProcAddress call 7ff7b9d49280 * 2 4574->4591 4592 7ff7b9d3eb10-7ff7b9d3eb48 call 7ff7b9d49280 * 2 4574->4592 4601 7ff7b9d3ebbf-7ff7b9d3ec1b 4591->4601 4592->4601 4604 7ff7b9d3ec35-7ff7b9d3ec45 4601->4604 4605 7ff7b9d3ec47-7ff7b9d3ec50 4604->4605 4606 7ff7b9d3ec8f-7ff7b9d3edb8 call 7ff7b9d43b50 call 7ff7b9d3f6c0 call 7ff7b9d428c0 call 7ff7b9d47590 call 7ff7b9d3f5a0 call 7ff7b9d428c0 call 7ff7b9d47590 call 7ff7b9d49af0 GetModuleHandleA 4604->4606 4608 7ff7b9d3ec8d 4605->4608 4609 7ff7b9d3ec52-7ff7b9d3ec8b 4605->4609 4626 7ff7b9d3edba-7ff7b9d3edf2 call 7ff7b9d49280 * 2 4606->4626 4627 7ff7b9d3edf4-7ff7b9d3ee61 call 7ff7b9d49af0 GetProcAddress call 7ff7b9d49280 * 2 4606->4627 4608->4604 4609->4608 4636 7ff7b9d3ee69-7ff7b9d3eeb2 CreateThread call 7ff7b9d482f0 4626->4636 4627->4636 4640 7ff7b9d3eeb7-7ff7b9d3eeb8 4636->4640 4640->4500
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: HandleModule
                                                                          • String ID:
                                                                          • API String ID: 4139908857-0
                                                                          • Opcode ID: 57846c25743a0b82caa57dc460932768b05ec52e152d084034ccb2339f9c4b20
                                                                          • Instruction ID: 63d62befe80d23c6ac97f0a4fb02c76ed5906e94ced818428513cbb21c9a0838
                                                                          • Opcode Fuzzy Hash: 57846c25743a0b82caa57dc460932768b05ec52e152d084034ccb2339f9c4b20
                                                                          • Instruction Fuzzy Hash: C842B236609BC585DAA0EB1AE4943EAB3A4F7D9B80F404536DB9D83B69DF3CD054CB10
                                                                          Function 00007FF7B9D3FAF0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59registryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Window$MetricsSystem$ClassCreateHandleModuleRegisterShowUpdate
                                                                          • String ID: class001
                                                                          • API String ID: 3666473625-3656631403
                                                                          • Opcode ID: 45c8efa166face23d994d3120d950bd694bc15de08feefc70920a91f998e5cdb
                                                                          • Instruction ID: ff16720713136b6e335ddc526123f7bf9719c6566c56e7548af612a82df283d7
                                                                          • Opcode Fuzzy Hash: 45c8efa166face23d994d3120d950bd694bc15de08feefc70920a91f998e5cdb
                                                                          • Instruction Fuzzy Hash: EC312470908B4289F340EF18F854319BBB1FB66326F900139E69E46A78DF7DE048C761
                                                                          Function 00007FF7B9D425F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 151windowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Message
                                                                          • String ID: v2.1.1 Setup$ v2.1.1 Setup!Before starting the installation, select the folder where the files will be installed$A$Fortexternal$FrghcZrah$Welcome to
                                                                          • API String ID: 2030045667-1735258037
                                                                          • Opcode ID: 502e21ed95d8edbbd08a0e21f9844908fc788f407ae1fdbb593d33140f28ae37
                                                                          • Instruction ID: 5686775359f12e829b5e0de6c5274f4ee1d965338e0451218270b0b712ec50ce
                                                                          • Opcode Fuzzy Hash: 502e21ed95d8edbbd08a0e21f9844908fc788f407ae1fdbb593d33140f28ae37
                                                                          • Instruction Fuzzy Hash: A071442160DB8681E660FF1AE4912AEF770EBA6740F804575E7DD4376EDE2CD154CB20
                                                                          Function 0000018CD0A57C70 Relevance: 7.7, APIs: 5, Instructions: 166processCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Concurrency::details::EmptyNextProcess32Queue::StructuredWork$CreateSnapshotToolhelp32
                                                                          • String ID:
                                                                          • API String ID: 2993956496-0
                                                                          • Opcode ID: cda064d539c10c29528c2b050225b0f33b3c6188d9bddf336ad214a47eda79a8
                                                                          • Instruction ID: 0dbd5a67a1b61314119bbc41e9f78141e4531219eec71b23e7a17a14290bb408
                                                                          • Opcode Fuzzy Hash: cda064d539c10c29528c2b050225b0f33b3c6188d9bddf336ad214a47eda79a8
                                                                          • Instruction Fuzzy Hash: 4851F030118B888FE3A5FB68C4597DEB7E1FB94341F408A2DA48ED3191DE749A45CBD2
                                                                          Function 0000018CD0A0C10B Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 275COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 0000018CD09D9D50: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09D9D6D
                                                                            • Part of subcall function 0000018CD09D9CF0: char_traits.LIBCPMTD ref: 0000018CD09D9D1D
                                                                          • type_info::_name_internal_method.LIBCMTD ref: 0000018CD0A0C197
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Concurrency::details::EmptyQueue::StructuredWorkchar_traitstype_info::_name_internal_method
                                                                          • String ID: $($6
                                                                          • API String ID: 3658640466-549421847
                                                                          • Opcode ID: b273bf499dd8d0ebcba23f5732f8c2a60209c198f2955c00c5a6569d793ba4f8
                                                                          • Instruction ID: e7f654c2a2aa8152281ac1a3eb0be8c70268547d50f19c1963fd580ea501d4be
                                                                          • Opcode Fuzzy Hash: b273bf499dd8d0ebcba23f5732f8c2a60209c198f2955c00c5a6569d793ba4f8
                                                                          • Instruction Fuzzy Hash: 32B10E705187888FE7A4EF28D45879AB7E1FBD8301F10892DE48ED3261DF749985CB42
                                                                          Function 00007FF7B9D29860 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: GlobalMemoryStatus
                                                                          • String ID: @$MEMORY: minimum ram size (GB) = $MEMORY: ram size (GB) =
                                                                          • API String ID: 1890195054-3825315669
                                                                          • Opcode ID: cb95737e2131167ce7c116ff6f5570ef34a38f14c5e268c17c826d7782230c28
                                                                          • Instruction ID: d4eadaa35327fd992133a36df3e54fcffba3e6cf0dde7f3e55b967d9df03fa82
                                                                          • Opcode Fuzzy Hash: cb95737e2131167ce7c116ff6f5570ef34a38f14c5e268c17c826d7782230c28
                                                                          • Instruction Fuzzy Hash: F3F01D12D2868182E620EB25E4513AAA320FBF9308F915335E78D1156A9F7CD294CB04
                                                                          Function 00007FF7B9D3FC80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007$C6120
                                                                          • String ID: @
                                                                          • API String ID: 1426610437-2766056989
                                                                          • Opcode ID: 991ffe63f21f85b24b5298cd2c75ca9fb1720fe7d4a8edb26be3e52ca2e0c382
                                                                          • Instruction ID: 7daf679317ad8e2610b44c2b21493669c7b6750720b03669b506932f5ee8da50
                                                                          • Opcode Fuzzy Hash: 991ffe63f21f85b24b5298cd2c75ca9fb1720fe7d4a8edb26be3e52ca2e0c382
                                                                          • Instruction Fuzzy Hash: DD31693090C6468AF640AF19F844375BBB1BB26366FD00436E76E876A8DF7DE0148B21
                                                                          Function 00007FF7B9D3BE40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: BuildCommTimeouts
                                                                          • String ID: DEVICE_STRING: BuildCommDCBAndTimeouts failed$jhl46745fghb
                                                                          • API String ID: 767211813-2821685329
                                                                          • Opcode ID: b9c1969fa602e22e9fa53414d89f50a7e380734bfafa6d15187410cb725ead4d
                                                                          • Instruction ID: a6155f83c4833885669161f768d5107db6b3af4ecf957b4dc693caa00ddb3bab
                                                                          • Opcode Fuzzy Hash: b9c1969fa602e22e9fa53414d89f50a7e380734bfafa6d15187410cb725ead4d
                                                                          • Instruction Fuzzy Hash: CFF05462D1868192D750AF25E8410A6B370FBF6304FD01336E7DD41518EF2CD294CB10
                                                                          Function 00007FF7B9D294C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21stringshareCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: NameProviderlstrcmpi
                                                                          • String ID: VirtualBox Shared Folders
                                                                          • API String ID: 764303764-2247368375
                                                                          • Opcode ID: 9666dd2d35de983f44a068dfddf259965da6d4e777f6586b3461f0ca28601bb3
                                                                          • Instruction ID: 03896649d486d73002f879f414585211ac2e1ac46af6330ea0a8917ac34fe953
                                                                          • Opcode Fuzzy Hash: 9666dd2d35de983f44a068dfddf259965da6d4e777f6586b3461f0ca28601bb3
                                                                          • Instruction Fuzzy Hash: 08E06D60B1824242EB446F66A8542B6B3619F6A782F842034DA6E0639ADE2CD0888660
                                                                          Function 0000018CD0A300B0 Relevance: 4.7, APIs: 3, Instructions: 233fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • type_info::_name_internal_method.LIBCMTD ref: 0000018CD0A30150
                                                                            • Part of subcall function 0000018CD09E6960: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09E698B
                                                                            • Part of subcall function 0000018CD09E6960: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09E699A
                                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD0A301B6
                                                                          • CreateFileA.KERNEL32 ref: 0000018CD0A301E2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFiletype_info::_name_internal_method
                                                                          • String ID:
                                                                          • API String ID: 645652700-0
                                                                          • Opcode ID: e248a6b82cf4aec8662e0933d984d0cfbcd3271811f0d44bcce99a8d166e2ec9
                                                                          • Instruction ID: ea6bdb1a55cc647f5245e0c0583334443953b0d412348f9b643c733bb49c982c
                                                                          • Opcode Fuzzy Hash: e248a6b82cf4aec8662e0933d984d0cfbcd3271811f0d44bcce99a8d166e2ec9
                                                                          • Instruction Fuzzy Hash: B9813F30219A488FE7A4FB6CC855BDAB6E1FB99350F408B6DA08DC32D1DE78D941C791
                                                                          Function 0000018CD0A44F30 Relevance: 4.7, APIs: 3, Instructions: 168fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: File$Concurrency::details::CreateEmptyQueue::ReadStructuredWork
                                                                          • String ID:
                                                                          • API String ID: 586831839-0
                                                                          • Opcode ID: 8022de37f145b5f9bb6a0e8e3bf41ff14ad3d21cfc4c3bdd9297373e77cd7af7
                                                                          • Instruction ID: 65fcd22cf3b4031f7565db21093ecfcf352e8ddfda35395406f6b8a612be4ff3
                                                                          • Opcode Fuzzy Hash: 8022de37f145b5f9bb6a0e8e3bf41ff14ad3d21cfc4c3bdd9297373e77cd7af7
                                                                          • Instruction Fuzzy Hash: 22514E34218A488FD7A4FB7CC448B9AB7E1FB99315F404A6DE09DC32A2CB74D841CB52
                                                                          Function 00007FF7B9D75666 Relevance: 4.6, APIs: 3, Instructions: 108COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: __scrt_acquire_startup_lock__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                          • String ID:
                                                                          • API String ID: 1152625263-0
                                                                          • Opcode ID: 9c9967786d22e20120ddc5396a9452d7846eb8e5bf762a6f8b1123a6b460551d
                                                                          • Instruction ID: 64883bc54c66f34983068ca54186fbd9c1bebd25b31938395143f682918200a5
                                                                          • Opcode Fuzzy Hash: 9c9967786d22e20120ddc5396a9452d7846eb8e5bf762a6f8b1123a6b460551d
                                                                          • Instruction Fuzzy Hash: E2412925E0820796FA14BF6E94516B9B2B19F63384FC44435EB3D0B2DBDE6CE8058372
                                                                          Function 0000018CD09D4320 Relevance: 4.6, APIs: 3, Instructions: 80COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09D434C
                                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09D435E
                                                                            • Part of subcall function 0000018CD09D4FA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09D4FBD
                                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09D439B
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Concurrency::details::EmptyQueue::StructuredWork
                                                                          • String ID:
                                                                          • API String ID: 1865873047-0
                                                                          • Opcode ID: bef93216a5cdc46df89385e4b30e3914c4be7f6043964fe147bc280cc6ba4d5d
                                                                          • Instruction ID: 7f207ca27bcadd4ba02be41f0eb460b60b9ab40248a6268743a7eb419b9d2a73
                                                                          • Opcode Fuzzy Hash: bef93216a5cdc46df89385e4b30e3914c4be7f6043964fe147bc280cc6ba4d5d
                                                                          • Instruction Fuzzy Hash: 8F31EC30558B889FD794FF58D495B9AB7E1FB95341F408A2EB08AC32A1DF309544CB92
                                                                          Function 0000018CD0A30C20 Relevance: 4.6, APIs: 3, Instructions: 80fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: File$Concurrency::details::CreateEmptyQueue::ReadStructuredWork
                                                                          • String ID:
                                                                          • API String ID: 586831839-0
                                                                          • Opcode ID: 6c2901cf9fae4a6ee5c2c46fe4ed0039bd8d4d1fe78faa1283bd7f7b9a450a4e
                                                                          • Instruction ID: fc1f2cd3060f0dc3d716b7e1d8250ae3d29e13863b6c54b15d1ee2cf45e829ba
                                                                          • Opcode Fuzzy Hash: 6c2901cf9fae4a6ee5c2c46fe4ed0039bd8d4d1fe78faa1283bd7f7b9a450a4e
                                                                          • Instruction Fuzzy Hash: E821F670618B488FDB94EF5CC498B9ABBE0FB99345F50892DE089C3361DB75D944CB82
                                                                          Function 0000018CD0A30B80 Relevance: 4.5, APIs: 3, Instructions: 48fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: File$Concurrency::details::CreateEmptyQueue::ReadStructuredWork
                                                                          • String ID:
                                                                          • API String ID: 586831839-0
                                                                          • Opcode ID: 30b54bdd398c5e0e108ebc44df4760cb55c0c9a6a79d4b406b6f7accacbe0ef0
                                                                          • Instruction ID: 89a142275c10d3a9bed9c9aacf0fc0dcc95519f6517623906b3c3e47e17d6504
                                                                          • Opcode Fuzzy Hash: 30b54bdd398c5e0e108ebc44df4760cb55c0c9a6a79d4b406b6f7accacbe0ef0
                                                                          • Instruction Fuzzy Hash: E1011374618B498FD744EF28C45875ABBE0FB99344F50092CF18AC32A0CB79D945CB82
                                                                          Function 00007FF7B9D3FEB0 Relevance: 4.5, APIs: 3, Instructions: 32windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Message$DispatchPeekTranslate
                                                                          • String ID:
                                                                          • API String ID: 4217535847-0
                                                                          • Opcode ID: 53c80a60326bf4277902b5ba57e075ee2f45383e5c27a6bacf064c3df014f86e
                                                                          • Instruction ID: 6f91fc57465a334385e812a926949f9bfde998f4f142ec2eaf782fcacba97607
                                                                          • Opcode Fuzzy Hash: 53c80a60326bf4277902b5ba57e075ee2f45383e5c27a6bacf064c3df014f86e
                                                                          • Instruction Fuzzy Hash: 5201712292C09282F3507F2EA400679BA70AFB3342FE05031F7AE4159DCF2CD4088B20
                                                                          Function 00007FF7B9D04DB0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C610F020
                                                                          • String ID: gfff
                                                                          • API String ID: 1173767890-1553575800
                                                                          • Opcode ID: 7fefd649bd36ccc6316c0ddbd6f5b51fba6c1e4e566970a254f26842b6cc1820
                                                                          • Instruction ID: 36d84ff06f350d7dc9613a4e0dd33340b3a393710242a3f2ac979d3694b146fe
                                                                          • Opcode Fuzzy Hash: 7fefd649bd36ccc6316c0ddbd6f5b51fba6c1e4e566970a254f26842b6cc1820
                                                                          • Instruction Fuzzy Hash: 67518623708A8586D7059F3D99112ADFBB2FB99B80F898236DB5883799DB3CD151C700
                                                                          Function 00007FF7B9D2AF10 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: type_info::_name_internal_method
                                                                          • String ID: BIOS_SERIAL:
                                                                          • API String ID: 3713626258-1489451444
                                                                          • Opcode ID: 44a71360ac8d893b8848fb34471b87a8009112b1bcacbd30c2d0b8509466b465
                                                                          • Instruction ID: 5dbe21c6f6d11836e471ce62c141c58a5919e75dbe1b83e3bda1ed454a00a3fd
                                                                          • Opcode Fuzzy Hash: 44a71360ac8d893b8848fb34471b87a8009112b1bcacbd30c2d0b8509466b465
                                                                          • Instruction Fuzzy Hash: 24313C2261848291DA60BF2AD4512EAF331EFA3354FC05672E7BD476EEEE1CD508C760
                                                                          Function 00007FF7B9D26D10 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: FirmwareSystemTable
                                                                          • String ID: BMSR
                                                                          • API String ID: 3847969577-2095607670
                                                                          • Opcode ID: 763e229d690b17c50dfee65e3deef3462a3de6819e9c59d9d29a4c6483e7faf9
                                                                          • Instruction ID: fd3163827311e2e3d6b7f1e21c0c5cbd34ba2350df16888c848ee8f8f05a5755
                                                                          • Opcode Fuzzy Hash: 763e229d690b17c50dfee65e3deef3462a3de6819e9c59d9d29a4c6483e7faf9
                                                                          • Instruction Fuzzy Hash: 76F03015A5540162E700BFBEC8526E97270EFB7705FC62870DB5D863BA9D18D974C330
                                                                          Function 00007FF7B9D3D230 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Opentype_info::_name_internal_method
                                                                          • String ID: VRTUAL MICROSFT
                                                                          • API String ID: 2371418967-238242141
                                                                          • Opcode ID: 1a0dc0d8de081a98e062db0fba3825bcadd818b63835f4682ed62964f601ee65
                                                                          • Instruction ID: 7c3fa93c17b2d34869d9ce74a6573f80ff1d652acffa5bf7baf817b2bf1cfab0
                                                                          • Opcode Fuzzy Hash: 1a0dc0d8de081a98e062db0fba3825bcadd818b63835f4682ed62964f601ee65
                                                                          • Instruction Fuzzy Hash: 50D05B41E1465551E910FB2AA4510B9B3B47B75341FC00171EAAD4539A5E1CD1589630
                                                                          Function 00007FF7B9D25530 Relevance: 3.1, APIs: 2, Instructions: 122COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00007FF7B9D25631
                                                                          • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00007FF7B9D256F8
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Affinity::operator!=Concurrency::details::Hardware
                                                                          • String ID:
                                                                          • API String ID: 264382594-0
                                                                          • Opcode ID: 915c349a786ca2335b097b90c917e13e1d2de0ea33939b1e0949c16fa7b5d77b
                                                                          • Instruction ID: b1ae93b243956833f991ad93f7d2f3a4cc3e40e7acb58a31c0a3774fc23879c9
                                                                          • Opcode Fuzzy Hash: 915c349a786ca2335b097b90c917e13e1d2de0ea33939b1e0949c16fa7b5d77b
                                                                          • Instruction Fuzzy Hash: A9518E22A18AC489E711EF39D8512ED7370FBAA388F805132EB5D5BA5EDF24D684C750
                                                                          Function 0000018CD0A30AA0 Relevance: 3.1, APIs: 2, Instructions: 56fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD0A30AC0
                                                                          • CreateFileA.KERNEL32 ref: 0000018CD0A30AEF
                                                                            • Part of subcall function 0000018CD09D9D50: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09D9D6D
                                                                            • Part of subcall function 0000018CD0A300B0: type_info::_name_internal_method.LIBCMTD ref: 0000018CD0A30150
                                                                            • Part of subcall function 0000018CD0A300B0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD0A301B6
                                                                            • Part of subcall function 0000018CD0A300B0: CreateFileA.KERNEL32 ref: 0000018CD0A301E2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFile$type_info::_name_internal_method
                                                                          • String ID:
                                                                          • API String ID: 2627539804-0
                                                                          • Opcode ID: 66dc4352644fb39c41e32687cb154f41af14c51800980190c7ef5b3828ae6510
                                                                          • Instruction ID: 2ef8188aa6f0e32d6bdd763da8f57b2c0175329b645007c394f0cbb4d2d2153b
                                                                          • Opcode Fuzzy Hash: 66dc4352644fb39c41e32687cb154f41af14c51800980190c7ef5b3828ae6510
                                                                          • Instruction Fuzzy Hash: B3115E70518B498FE794EF6CC44876AB7E1FB99341F40892DA08DC3261CF78C9458B42
                                                                          Function 0000018CD0A0F730 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD0A0F73E
                                                                          • GetFileAttributesA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,0000018CD09EA822), ref: 0000018CD0A0F746
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AttributesConcurrency::details::EmptyFileQueue::StructuredWork
                                                                          • String ID:
                                                                          • API String ID: 2598825241-0
                                                                          • Opcode ID: 2f5f73432490f0b7bb0ee4a828737b59b857389238a0ee4c57c708ff50b01084
                                                                          • Instruction ID: 080c04fe6e79028c53ed6c1b2bb43f39fdc28f66edeeaa5a9890829e6f4b836b
                                                                          • Opcode Fuzzy Hash: 2f5f73432490f0b7bb0ee4a828737b59b857389238a0ee4c57c708ff50b01084
                                                                          • Instruction Fuzzy Hash: 4DF06D3441C7848BD304EB69C50435ABBE0AB88399F044B6DF4CCE22E1CA38CA40CBA7
                                                                          Function 00007FF7B9D75268 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                          • String ID:
                                                                          • API String ID: 1173176844-0
                                                                          • Opcode ID: 4bf44a644cbdaa5e12bb263f9c12021ee5affa79afd5f6ded76c6f993f72c016
                                                                          • Instruction ID: 3d9d76d67d9c518e931e1a9c799c4c8e8e25dc24f73243104f52e3cce9dacfdf
                                                                          • Opcode Fuzzy Hash: 4bf44a644cbdaa5e12bb263f9c12021ee5affa79afd5f6ded76c6f993f72c016
                                                                          • Instruction Fuzzy Hash: E2E0BD40E0920B15FD683AAB14060B8B2600F3B3B1E9C1B30AF7D052CBAE1CF4958272
                                                                          Function 00007FF7B9D3D8A0 Relevance: 1.7, APIs: 1, Instructions: 199libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: LibraryLoad
                                                                          • String ID:
                                                                          • API String ID: 1029625771-0
                                                                          • Opcode ID: 0687a482410035a8978432453c5d728bbb6bc986c65ef01f96900fa291c08832
                                                                          • Instruction ID: a919241730823e1b7e0de777e489b40152dae234ab15e72e1e760a4fe31e87f4
                                                                          • Opcode Fuzzy Hash: 0687a482410035a8978432453c5d728bbb6bc986c65ef01f96900fa291c08832
                                                                          • Instruction Fuzzy Hash: 69A1A336619B8486DA60CF1EE49032AB7B4F7C9B94F504126EB8E87B68DF3CD454CB10
                                                                          Function 00007FF7B9D3D3C0 Relevance: 1.7, APIs: 1, Instructions: 184COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: bool_
                                                                          • String ID:
                                                                          • API String ID: 931319990-0
                                                                          • Opcode ID: 4808edcfb64220a5ceca033581b3eb4bd5ab40c4be1c6dc991171f04a6153b90
                                                                          • Instruction ID: eec3ec4cd6a9454794213fe4017ad5e34da7e638804d2f85c2f34110a8f32af2
                                                                          • Opcode Fuzzy Hash: 4808edcfb64220a5ceca033581b3eb4bd5ab40c4be1c6dc991171f04a6153b90
                                                                          • Instruction Fuzzy Hash: A2718202A0C19254EB00BF6A84501F9BB72AF73399FC44472EB6D476AEDE2CE545C730
                                                                          Function 0000018CD0A76E8C Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                                          • String ID:
                                                                          • API String ID: 680105476-0
                                                                          • Opcode ID: f48cfa7930f0ddce42e58cf789f45ebcf1c87a0612e1877a4db9259442bbaab9
                                                                          • Instruction ID: bbca68a1504601c9c6f1de39b0f1926f0ace813f7f60d082a278eb6a3517951f
                                                                          • Opcode Fuzzy Hash: f48cfa7930f0ddce42e58cf789f45ebcf1c87a0612e1877a4db9259442bbaab9
                                                                          • Instruction Fuzzy Hash: 6E014B342219094AFAD8B3FD89D57F931D5ABC83C2F54C638942EC65D2ED748A4483F0
                                                                          Function 00007FF7B9D5B8F0 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Concurrency::cancel_current_task
                                                                          • String ID:
                                                                          • API String ID: 118556049-0
                                                                          • Opcode ID: 324b028164ce659bd4321cdfed0d5a05db046116a268a26fbb4cf24176ffb005
                                                                          • Instruction ID: 73a493c99669f2e21e3bcc9c4d76a31abe46fdfeebfd9e628d9652e1eea0348b
                                                                          • Opcode Fuzzy Hash: 324b028164ce659bd4321cdfed0d5a05db046116a268a26fbb4cf24176ffb005
                                                                          • Instruction Fuzzy Hash: 85010062619F4681DA60AF2EE44032AF3B4FB99798F801331EAED4279CDF2CD5518B14
                                                                          Function 0000018CD0A7690C Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • FindNextFileW.KERNELBASE(?,?,?,?,?,?,?,?,?,0000018CD0A0EE2E), ref: 0000018CD0A76910
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FileFindNext
                                                                          • String ID:
                                                                          • API String ID: 2029273394-0
                                                                          • Opcode ID: 2151f04ad4f3028fd56626963d94714cc72099908dd723b388d2c0e007f8948f
                                                                          • Instruction ID: cce09a252f698750fe000f85c55629cee26cc31baaa818e605636d318cb77cbe
                                                                          • Opcode Fuzzy Hash: 2151f04ad4f3028fd56626963d94714cc72099908dd723b388d2c0e007f8948f
                                                                          • Instruction Fuzzy Hash: 90C08C20A2280A8AEA443BBA4C4926136D0A348242F88C024C80CC0150FD2E82E083A6

                                                                          Non-executed Functions

                                                                          Function 00007FF7B9D289A0 Relevance: 75.2, Strings: 60, Instructions: 215COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharMultiProcessWide$CloseCurrentOpenWow64
                                                                          • String ID: HKCU\SOFTWARE\VMware, Inc.\VMware Tools$HKCU\SOFTWARE\Wine$HKLM\HARDWARE\ACPI\DSDT\VBOX__$HKLM\HARDWARE\ACPI\DSDT\xen$HKLM\HARDWARE\ACPI\FADT\VBOX__$HKLM\HARDWARE\ACPI\FADT\xen$HKLM\HARDWARE\ACPI\RSDT\VBOX__$HKLM\HARDWARE\ACPI\RSDT\xen$HKLM\SOFTWARE\Microsoft\Hyper-V$HKLM\SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters$HKLM\SOFTWARE\Microsoft\VirtualMachine$HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie$HKLM\SOFTWARE\Oracle\VirtualBox Guest Additions$HKLM\SOFTWARE\VMware, Inc.\VMware Tools$HKLM\SOFTWARE\Wine$HKLM\SYSTEM\ControlSet001\Services\VBoxGuest$HKLM\SYSTEM\ControlSet001\Services\VBoxMouse$HKLM\SYSTEM\ControlSet001\Services\VBoxSF$HKLM\SYSTEM\ControlSet001\Services\VBoxService$HKLM\SYSTEM\ControlSet001\Services\VBoxVideo$HKLM\SYSTEM\ControlSet001\Services\VMMEMCTL$HKLM\SYSTEM\ControlSet001\Services\VMTools$HKLM\SYSTEM\ControlSet001\Services\msvmmouf$HKLM\SYSTEM\ControlSet001\Services\vmci$HKLM\SYSTEM\ControlSet001\Services\vmdebug$HKLM\SYSTEM\ControlSet001\Services\vmicexchange$HKLM\SYSTEM\ControlSet001\Services\vmicheartbeat$HKLM\SYSTEM\ControlSet001\Services\vmicshutdown$HKLM\SYSTEM\ControlSet001\Services\vmicvss$HKLM\SYSTEM\ControlSet001\Services\vmmouse$HKLM\SYSTEM\ControlSet001\Services\vmware$HKLM\SYSTEM\ControlSet001\Services\vmx86$HKLM\SYSTEM\ControlSet001\Services\vpc-s3$HKLM\SYSTEM\ControlSet001\Services\vpcbus$HKLM\SYSTEM\ControlSet001\Services\vpcuhub$HKLM\SYSTEM\ControlSet001\Services\xenevtchn$HKLM\SYSTEM\ControlSet001\Services\xennet$HKLM\SYSTEM\ControlSet001\Services\xennet6$HKLM\SYSTEM\ControlSet001\Services\xensvc$HKLM\SYSTEM\ControlSet001\Services\xenvdb$HKLM\SYSTEM\CurrentControlSet\Enum\IDE\CdRomNECVMWar_VMware_IDE_CD*$HKLM\SYSTEM\CurrentControlSet\Enum\IDE\CdRomNECVMWar_VMware_SATA_CD*$HKLM\SYSTEM\CurrentControlSet\Enum\IDE\DiskVMware_Virtual_IDE_Hard_Drive*$HKLM\SYSTEM\CurrentControlSet\Enum\IDE\DiskVMware_Virtual_SATA_Hard_Drive*$HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_15AD*$HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_1AB8*$HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_5333*$HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_80EE*$HKLM\SYSTEM\CurrentControlSet\Services\SbieDrv$HKLM\Software\Classes\Folder\shell\sandbox$Microsoft Hyper-V$Parallels$REGISTRY: $Sandboxie$VMware$Virtual PC$VirtualBox$Wine$Xen HVM$score =
                                                                          • API String ID: 2040592378-2191361335
                                                                          • Opcode ID: e85c2424b1ab99701af1e4dab88bfcfa493d5b91f49b8bc877289667c10c0c82
                                                                          • Instruction ID: a19593c8d40bb16393f399d359540589bf1b6071ee8c63bc0eb170ccc879ed6e
                                                                          • Opcode Fuzzy Hash: e85c2424b1ab99701af1e4dab88bfcfa493d5b91f49b8bc877289667c10c0c82
                                                                          • Instruction Fuzzy Hash: 16D19451918A5BA4EA00FF6AD8850F4F735EB32348BC05572E22D164AFDE7CE15EC3A0
                                                                          Function 00007FF7B9D2B220 Relevance: 72.9, Strings: 58, Instructions: 361COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Close$OpenQueryValue
                                                                          • String ID: *vmx*$55274-640-2673064-23950$76487-337-8429955-22614$76487-644-3177037-23510$Anubis$BOCHS$Bochs$CWSandbox$CoInstallers32$Device Description$DeviceDesc$DisplayName$DriverDesc$FriendlyName$HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0$HARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0$HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0$HARDWARE\Description\System$HARDWARE\Description\System\BIOS$INTEL - 6040000$Identifier$InfSection$JoeBox$PARALLELS$Parallels$ProductID$ProviderName$QEMU$SOFTWARE\Microsoft\Windows NT\CurrentVersion$SOFTWARE\Microsoft\Windows\CurrentVersion$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000$SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\Settings$SYSTEM\ControlSet001\Services\Disk\Enum$SYSTEM\ControlSet002\Services\Disk\Enum$SYSTEM\ControlSet003\Services\Disk\Enum$SYSTEM\CurrentControlSet\Control\SystemInformation$SYSTEM\CurrentControlSet\Control\Video\{GUID}\0000$SYSTEM\CurrentControlSet\Control\Video\{GUID}\Video$Service$SystemBiosVersion$SystemManufacturer$SystemProductName$VBOX$VIRTUAL$VIRTUALBOX$VMWARE$VMware$VMware SVGA*$VMware*$VideoBiosVersion$VirtualBox$Xen$Xen HVM$vm3dmp$vmware tools$vmx*$vmx_svga
                                                                          • API String ID: 1607946009-4064539418
                                                                          • Opcode ID: 97abb3deae978862e83e7b7f832f591df8230e406a9332269c8b4cb15a5ce5ba
                                                                          • Instruction ID: 4c47ae5dcc103285ac6cfcd0d6061bb1f9169ee91df0c2982da324e07c225825
                                                                          • Opcode Fuzzy Hash: 97abb3deae978862e83e7b7f832f591df8230e406a9332269c8b4cb15a5ce5ba
                                                                          • Instruction Fuzzy Hash: 8622A465518A47E0E710FF6AE8940E4F374FB66748BC51237E66C429AE9F3CE249C360
                                                                          Function 00007FF7B9D29000 Relevance: 64.9, APIs: 4, Strings: 33, Instructions: 158COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: AttributesErrorFileLast
                                                                          • String ID: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\agent.pyw$C:\windows\System32\Drivers\VBoxGuest.sys$C:\windows\System32\Drivers\VBoxMouse.sys$C:\windows\System32\Drivers\VBoxSF.sys$C:\windows\System32\Drivers\VBoxVideo.sys$C:\windows\System32\Drivers\VMToolsHook.dll$C:\windows\System32\Drivers\VmGuestLibJava.dll$C:\windows\System32\Drivers\Vmmouse.sys$C:\windows\System32\Drivers\vm3dgl.dll$C:\windows\System32\Drivers\vm3dver.dll$C:\windows\System32\Drivers\vmGuestLib.dll$C:\windows\System32\Drivers\vmdum.dll$C:\windows\System32\Drivers\vmhgfs.dll$C:\windows\System32\Drivers\vmtray.dll$C:\windows\System32\VBoxControl.exe$C:\windows\System32\vboxdisp.dll$C:\windows\System32\vboxhook.dll$C:\windows\System32\vboxmrxnp.dll$C:\windows\System32\vboxogl.dll$C:\windows\System32\vboxoglcrutil.dll$C:\windows\System32\vboxoglerrorspu.dll$C:\windows\System32\vboxoglfeedbackspu.dll$C:\windows\System32\vboxoglpackspu.dll$C:\windows\System32\vboxoglpassthroughspu.dll$C:\windows\System32\vboxservice.exe$C:\windows\System32\vboxtray.exe$Cuckoo$VM_FILES: vbox score: $VM_FILES: vmware score: $VMware$VirtualBox$c:\windows\system32\vboxoglarrayspu.dll$vbox
                                                                          • API String ID: 1799206407-1685961488
                                                                          • Opcode ID: 0290174d5ff5d2f8cfe651e3e3c6f03ece69e05dce5d414d17742285d3968f14
                                                                          • Instruction ID: 473ae50fc34038b06127b5df9c5a9bc328566d2760db313910d466b8b469c708
                                                                          • Opcode Fuzzy Hash: 0290174d5ff5d2f8cfe651e3e3c6f03ece69e05dce5d414d17742285d3968f14
                                                                          • Instruction Fuzzy Hash: 23811035909B0595EA11AF2AE8841FAF3B4FF66354BD00236DA6D1276EEF3CD544C360
                                                                          Function 00007FF7B9D18C90 Relevance: 51.2, APIs: 1, Strings: 26, Instructions: 3919COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: __swprintf_l
                                                                          • String ID: !((flags & ImGuiInputTextFlags_CallbackCompletion) && (flags & ImGuiInputTextFlags_AllowTabInput))$!((flags & ImGuiInputTextFlags_CallbackHistory) && (flags & ImGuiInputTextFlags_Multiline))$#SCROLLY$%*s%.*s$@$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease)))$apply_new_text_length <= buf_size$apply_new_text_length >= 0$buf != 0 && buf_size >= 0$buf[0] != 0$callback != 0$callback_data.Buf == callback_buf$callback_data.BufSize == state->BufCapacity$callback_data.BufTextLen == (int)strlen(callback_data.Buf)$callback_data.Flags == flags$font->ContainerAtlas->TexID == _CmdHeader.TextureId$g.DragDropActive || g.ActiveId == id || g.ActiveId == 0 || g.ActiveIdPreviousFrame == id || (g.CurrentMultiSelect != 0 && g.BoxSel$i >= 0 && i < Size$idx <= obj->TextLen$password_font->Glyphs.empty() && password_font->IndexAdvanceX.empty() && password_font->IndexLookup.empty()$state != 0$state && state->ID == id
                                                                          • API String ID: 1488884202-4266151527
                                                                          • Opcode ID: 82cd260ef1dabcd9373d28b51aedf79a5ac843dbdd558c274ca8d5a90aca09bf
                                                                          • Instruction ID: 298112eaf0b1188ce00e933027080a071dbff54ee82b05e3f81ccb53772c945d
                                                                          • Opcode Fuzzy Hash: 82cd260ef1dabcd9373d28b51aedf79a5ac843dbdd558c274ca8d5a90aca09bf
                                                                          • Instruction Fuzzy Hash: AB93D133A08695CAE710EF3AD0447B9B7B0EF66748F858235DB6857699CB3CE445CB20
                                                                          Function 00007FF7B9CDCA10 Relevance: 46.5, APIs: 1, Strings: 25, Instructions: 1049COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C610F020
                                                                          • String ID: (Debug Log: Auto-disabled some ImGuiDebugLogFlags after 2 frames)$333?$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$Click %s Button to break in debugger! (remap w/ Ctrl+Shift)$Debug##Default$GImGui != 0$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$GetCurrentWindowRead()->Flags & ImGuiWindowFlags_Tooltip$HoveredId: 0x%08X$Left$Middle$NewFrame(): ClearActiveID() because it isn't marked alive anymore!$Press ESC to abort picking.$Remap w/ Ctrl+Shift: click anywhere to select new mouse button.$Right$Size > 0$g.CurrentWindow->IsFallbackWindow == true$g.Font->IsLoaded()$g.MovingWindow && g.MovingWindow->RootWindow$g.Viewports.Size == 1$g.WindowsFocusOrder.Size <= g.Windows.Size$gfff$i >= 0 && i < Size$it >= Data && it < Data + Size
                                                                          • API String ID: 1173767890-8291574
                                                                          • Opcode ID: f02d1fda5102dd22a55de268a6e8f6e89d39165ce032e9aadadad75d88d34809
                                                                          • Instruction ID: b7d750656ef8890873e97b15ae349ac8c40b1d7d37e6186c85c8ff07e7a86099
                                                                          • Opcode Fuzzy Hash: f02d1fda5102dd22a55de268a6e8f6e89d39165ce032e9aadadad75d88d34809
                                                                          • Instruction Fuzzy Hash: 18C29332A046C689E721EF39C8482E8B7B1EF66748F844235DB1D5BA9DDF38E545C720
                                                                          Function 00007FF7B9D27A80 Relevance: 44.1, APIs: 18, Strings: 7, Instructions: 304windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFormatFreeLastLocalMessage
                                                                          • String ID: . Error: $Apple VZ$EvtNext failed. Error: $EvtRender failed. Error: $Failed to open event log: $Failed to query event log: $KVM
                                                                          • API String ID: 1365068426-3889524599
                                                                          • Opcode ID: dcca9dbbbcdbbf84783423117cc8c4eb3f99a4f042ec37c8c2d0e3c348cfd4fc
                                                                          • Instruction ID: 1c4afd9e9b609f4944e9af5208c104ab27356cbc851bc9da54d7f94048c8b5ca
                                                                          • Opcode Fuzzy Hash: dcca9dbbbcdbbf84783423117cc8c4eb3f99a4f042ec37c8c2d0e3c348cfd4fc
                                                                          • Instruction Fuzzy Hash: B5D16421B1860296EB10BF7AE4501EDB3B1BFA6788F801135DE1E57BADDE3CD5088760
                                                                          Function 00007FF7B9D051F0 Relevance: 41.9, APIs: 9, Strings: 14, Instructions: 1603COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C610F020
                                                                          • String ID: 0 && "stbtt_InitFont(): failed to parse FontData. It is correct and complete? Check FontDataSize."$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$atlas->ConfigData.Size > 0$cfg.DstFont && (!cfg.DstFont->IsLoaded() || cfg.DstFont->ContainerAtlas == atlas)$font->ConfigData == font_config$font_offset >= 0 && "FontData is incorrect, or FontNo cannot be found."$glyph_index_in_font != 0$i >= 0 && i < Size$n < (Storage.Size << 5)$src_range[0] <= src_range[1] && "Invalid range: is your glyph range array persistent? it is zero-terminated?"$src_tmp.DstIndex != -1$src_tmp.GlyphsList.Size == src_tmp.GlyphsCount
                                                                          • API String ID: 1173767890-2192739418
                                                                          • Opcode ID: 96b0dfe9140b930bccd7aed212bd33166b950b9ed14a6fa3c5e2e89d2cd8041f
                                                                          • Instruction ID: 2aa06d9b793701a55e14f18333292ea12498c5c9aad2a7b42517ffef845efa89
                                                                          • Opcode Fuzzy Hash: 96b0dfe9140b930bccd7aed212bd33166b950b9ed14a6fa3c5e2e89d2cd8041f
                                                                          • Instruction Fuzzy Hash: E2F20332B04A8586E754EF3AD4942BDB7B0FB6A784F848236CB5D53698DF38E485C710
                                                                          Function 00007FF7B9D26290 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 162COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Initialize
                                                                          • String ID: ROOT\CIMV2$wmi: Could not connect to WMI server. Error code = $wmi: Could not set proxy blanket. Error code = $wmi: Failed to create IWbemLocator object. Error code = $wmi: Failed to initialize COM library. Error code = $wmi: Failed to initialize security. Error code =
                                                                          • API String ID: 2538663250-3651282067
                                                                          • Opcode ID: 07aabd199c2f918b609de0f2fd532f7c939ce648409a3e1c3c300f98da9fab6d
                                                                          • Instruction ID: 27a81353caf9398dad64809226a73406e50f7fb79609ac6f1188bd5a8111b326
                                                                          • Opcode Fuzzy Hash: 07aabd199c2f918b609de0f2fd532f7c939ce648409a3e1c3c300f98da9fab6d
                                                                          • Instruction Fuzzy Hash: 9B719021A0C74286FB10AF2AE844279B7B1BFA2714FD54136D76E436ADDF3CE4548321
                                                                          Function 00007FF7B9CD9F90 Relevance: 26.8, APIs: 10, Strings: 5, Instructions: 530COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C610F020
                                                                          • String ID: (g.IO.BackendPlatformUserData == 0) && "Forgot to shutdown Platform backend?"$(g.IO.BackendRendererUserData == 0) && "Forgot to shutdown Renderer backend?"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Forgot to shutdown Platform backend?$Forgot to shutdown Renderer backend?
                                                                          • API String ID: 1173767890-2716422499
                                                                          • Opcode ID: e710cf4975665eba8ef502011303f7698251cc1cabcda06ac13f65d1524e8938
                                                                          • Instruction ID: add41b62743457ca9a8c5c11239714f9ead8290d29b38379439f9840cc85c58d
                                                                          • Opcode Fuzzy Hash: e710cf4975665eba8ef502011303f7698251cc1cabcda06ac13f65d1524e8938
                                                                          • Instruction Fuzzy Hash: 4E427132604A9292D709EF38D5981FCB3B5FB65B88F884136DB2D47668DF38E566C310
                                                                          Function 00007FF7B9D0C3F0 Relevance: 24.4, Strings: 19, Instructions: 617COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (inner_window->IDStack.back() == table_instance->TableInstanceID) && "Mismatching PushID/PopID!"$(outer_window->DC.ItemWidthStack.Size >= temp_data->HostBackupItemWidthStackSize) && "Too many PopItemWidth!"$(table->Flags & ImGuiTableFlags_ScrollX) == 0$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$Calling PopStyleColor() too many times!$Mismatching PushID/PopID!$Size > 0$Too many PopItemWidth!$g.CurrentWindow == outer_window && g.CurrentTable == table$g.TablesTempDataStacked > 0$i >= 0 && i < Size$inner_window == g.CurrentWindow$outer_window == inner_window || outer_window == inner_window->ParentWindow$p >= Buf.Data && p < Buf.Data + Buf.Size$p >= Data && p < DataEnd$table != 0 && "Only call EndTable() if BeginTable() returns true!"$table->RowPosY2 == inner_window->DC.CursorPos.y
                                                                          • API String ID: 0-2342475368
                                                                          • Opcode ID: 45c77d2f516a469fa9ef2d4cb687c748369bd6c669e9bcc41d1548d532d9591b
                                                                          • Instruction ID: 0bd69ce5d775911961261ff842fc27769054282dcca4a8be888566938c427b96
                                                                          • Opcode Fuzzy Hash: 45c77d2f516a469fa9ef2d4cb687c748369bd6c669e9bcc41d1548d532d9591b
                                                                          • Instruction Fuzzy Hash: A572A132A0868696E755EF3BC4943B9B370FF26744FC48632DB29121A9DF38B595C720
                                                                          Function 00007FF7B9D23902 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 232keyboardCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: State
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$ImGui::IsNamedKey(key)
                                                                          • API String ID: 1649606143-1336968070
                                                                          • Opcode ID: bd2f05e04a2c8d0c8861a65a94c17d306ba4c5702b3adbb7328accb9aa38bf8d
                                                                          • Instruction ID: 5c4606c38133d4d392e61aedc58195479b576d0cb41f4df07a4fbef4fe59a301
                                                                          • Opcode Fuzzy Hash: bd2f05e04a2c8d0c8861a65a94c17d306ba4c5702b3adbb7328accb9aa38bf8d
                                                                          • Instruction Fuzzy Hash: F791F610E5C6A602FA60AF3FD4053F9F2A19F73B44F9A0235DF7A165DD8E1DA4828270
                                                                          Function 00007FF7B9D27FA0 Relevance: 20.1, Strings: 16, Instructions: 125COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: BRAND_KEYWORDS: $QEMU$bhyve$hvisor$hyperv$hypervisor$kvm$match = $matches: $monitor$parallels$qemu$vbox$virtual$virtualbox$vmware
                                                                          • API String ID: 0-1897347801
                                                                          • Opcode ID: 1b1cd338fb0eb8f71c49efb816668da34af78be018e59446d354a8d81aa3f5c4
                                                                          • Instruction ID: aac09a3f75f05a2c426c4691656b9a36f0860c136e3f81cb67eab84c9021174a
                                                                          • Opcode Fuzzy Hash: 1b1cd338fb0eb8f71c49efb816668da34af78be018e59446d354a8d81aa3f5c4
                                                                          • Instruction Fuzzy Hash: C0512632B05A0299FB10FF29E5901EDB374AF62348FC04172DB1D567AEEE28E559C360
                                                                          Function 00007FF7B9D2AD10 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: type_info::_name_internal_method
                                                                          • String ID: Intel(R) Pentium(R) 4 CPU $AMD Athlon(tm) processor$BOCHS_CPU: neither AMD or Intel detected, returned false$BOCHS_CPU: technique 1 found$BOCHS_CPU: technique 2 found$Bochs$CPUID function: highest leaf = $cAMD$cAMD
                                                                          • API String ID: 3713626258-514869974
                                                                          • Opcode ID: c4f6ddda1db51a852bd7bf5d3f9ccb1d72ed558d5744552a8d700ab699f6a0aa
                                                                          • Instruction ID: 4cad73d1ea1aa086caae9c775e3cf3f5ac38541280646b4ea778b35ed14520cb
                                                                          • Opcode Fuzzy Hash: c4f6ddda1db51a852bd7bf5d3f9ccb1d72ed558d5744552a8d700ab699f6a0aa
                                                                          • Instruction Fuzzy Hash: 05418521B1860745FB60AF2ED4502FDB2B1EF72304FC54672D72D466EEEE2CE8018220
                                                                          Function 00007FF7B9D2A200 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: PathProcess$AttributesCombineCurrentEnvironmentErrorExpandFileFolderLastSpecialStringsWow64
                                                                          • String ID: %ProgramW6432%$QEMU$SPICE Guest Tools$qemu-ga
                                                                          • API String ID: 1711094772-2663136182
                                                                          • Opcode ID: eda1ff3d653b8ee62d53a4540f86061dcf81ef4d56883ac6fc837417efba449d
                                                                          • Instruction ID: 4d41dd5fa57e2ba9ef111daef1356d0463dd9dbbb110f818c09b42d412958e62
                                                                          • Opcode Fuzzy Hash: eda1ff3d653b8ee62d53a4540f86061dcf81ef4d56883ac6fc837417efba449d
                                                                          • Instruction Fuzzy Hash: 7B312D31A0CA8281EB60AF1AF5843EAF371FFA6745F811232D76D426A9DF2DD549C710
                                                                          Function 00007FF7B9D2A350 Relevance: 18.8, Strings: 15, Instructions: 88COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: CloseHandle$00007BaseEnumModuleNameOpenProcessProcesses
                                                                          • String ID: JoeBox$Parallels$Virtual PC$VirtualBox$Xen HVM$joeboxcontrol.exe$joeboxserver.exe$prl_cc.exe$prl_tools.exe$vboxservice.exe$vboxtray.exe$vmsrvc.exe$vmusrvc.exe$xenservice.exe$xsvc_depriv.exe
                                                                          • API String ID: 1600142199-990303504
                                                                          • Opcode ID: e0ee4f88ed984b301cbc6ee641c30ef5083f2e35460fcdc7db1eba79355223ff
                                                                          • Instruction ID: ba0ac2dc08136bfb313ffeac3e6ea1e8943b9519c71d602ccbb2fd92e1b740cd
                                                                          • Opcode Fuzzy Hash: e0ee4f88ed984b301cbc6ee641c30ef5083f2e35460fcdc7db1eba79355223ff
                                                                          • Instruction Fuzzy Hash: 3041EA61918A0295EA40BF1EE9850E4F370FFB2344FC11072E76E176AEAE1DE54BD721
                                                                          Function 00007FF7B9D283C0 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 178COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007AdaptersC610F020Info
                                                                          • String ID: :XX:XX:XX$MAC: $Parallels$VMware$VirtualBox$Xen HVM
                                                                          • API String ID: 338110142-3565230121
                                                                          • Opcode ID: 08fbcd48aac4b610eda1f0c05757de4d93a9f00e16efd355253b407467908370
                                                                          • Instruction ID: 798173df3add370ad53000af4448f324545931a5c74832287b037d8fe927f42a
                                                                          • Opcode Fuzzy Hash: 08fbcd48aac4b610eda1f0c05757de4d93a9f00e16efd355253b407467908370
                                                                          • Instruction Fuzzy Hash: C9816431A0C64285FA61BF2AD9442FAF270AF76792FC01132DB6D062ADDE7CE445C660
                                                                          Function 00007FF7B9D3CA00 Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 154COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Fac_nodeFac_node::_std::_
                                                                          • String ID: Failed to initialize WMI.$Microsoft Hyper-V$SELECT * FROM Win32_VideoController$VMware$VideoProcessor$VirtualBox$hyper-v$virtualbox$vmware
                                                                          • API String ID: 1114552684-2253898243
                                                                          • Opcode ID: bdf1193b327a63dce10e523defad2de63e158b277271f13fc74a341a1459cbd1
                                                                          • Instruction ID: 659c1e874ee145c515d97d19888a77b572badb6ee08cedc2b88e7c9071f3b2b0
                                                                          • Opcode Fuzzy Hash: bdf1193b327a63dce10e523defad2de63e158b277271f13fc74a341a1459cbd1
                                                                          • Instruction Fuzzy Hash: 97615421B0994299EB10BF79D4512FCB330AB62358FC05572DB2D566EEEE28E549C360
                                                                          Function 00007FF7B9CF4970 Relevance: 15.0, APIs: 10, Instructions: 50clipboardmemoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: ClipboardGlobal$ByteCharMultiWide$AllocCloseDataEmptyFreeLockOpenUnlock
                                                                          • String ID:
                                                                          • API String ID: 1965520120-0
                                                                          • Opcode ID: ddac952bdf465bc812f978c303b5201274ca128694e58479c887ede966713472
                                                                          • Instruction ID: c670dedf43f7a10593d192dc3cd99130518afee39ca2f065c22c282dd9889dff
                                                                          • Opcode Fuzzy Hash: ddac952bdf465bc812f978c303b5201274ca128694e58479c887ede966713472
                                                                          • Instruction Fuzzy Hash: D8118120A08A4242E7147F2AB958229B3B1EF6AFD2F494139DB6D477ACEE3DD0044310
                                                                          Function 00007FF7B9CE9AC0 Relevance: 14.3, Strings: 11, Instructions: 524COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 0 && "Unknown event!"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$Processed$Remaining$button >= 0 && button < ImGuiMouseButton_COUNT$i >= 0 && i < Size$it >= Data && it < Data + Size && it_last >= it && it_last <= Data + Size$key != ImGuiKey_None$n >= 0 && n < BITCOUNT
                                                                          • API String ID: 0-1923509833
                                                                          • Opcode ID: bff4301216f3b10055755607e284237826dbdeccc18815828e82c50d498f34c4
                                                                          • Instruction ID: 94fbd0a58c5181a408e38e244f19cca5614ebfb1403b6009c926554b21bfc88b
                                                                          • Opcode Fuzzy Hash: bff4301216f3b10055755607e284237826dbdeccc18815828e82c50d498f34c4
                                                                          • Instruction Fuzzy Hash: 1C42F822B086C296EB28AF3995543B9B7B0FB23744F944035DBAE47689DB3CF454D710
                                                                          Function 00007FF7B9D0A8E0 Relevance: 13.8, Strings: 10, Instructions: 1289COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: !is_visible$#ContextMenu$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$column->IndexWithinEnabledSet <= column->DisplayOrder$i >= 0 && i < Size$p >= Data && p < DataEnd$table->IsLayoutLocked == false$table->LeftMostEnabledColumn >= 0 && table->RightMostEnabledColumn >= 0
                                                                          • API String ID: 0-1387518580
                                                                          • Opcode ID: 63af59109a4f8b4c60df7e6cb6873a884d23e3046744a99c53ee0ca69ab41881
                                                                          • Instruction ID: 0286eaad7603de1152bfa34501d47d3650fba4125e31140edaf243c805e883c5
                                                                          • Opcode Fuzzy Hash: 63af59109a4f8b4c60df7e6cb6873a884d23e3046744a99c53ee0ca69ab41881
                                                                          • Instruction Fuzzy Hash: DEE2D132A0868596E755AF3BC1553B8B771FF6A744F888331DB28235A9DB2CF4A4C710
                                                                          Function 00007FF7B9D286C0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 37sleepCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Cursor$Sleep
                                                                          • String ID: CURSOR: pos1.x = $CURSOR: pos1.y = $CURSOR: pos2.x = $CURSOR: pos2.y =
                                                                          • API String ID: 1847515627-2191314906
                                                                          • Opcode ID: f4b1383c65662a2307b205bd194011208cdb1f174e64e2adece3044991d442c0
                                                                          • Instruction ID: 4e006a27a93bd1ca39edc05672b95c1b817afe5527a6cde1ed50fd670ef70e21
                                                                          • Opcode Fuzzy Hash: f4b1383c65662a2307b205bd194011208cdb1f174e64e2adece3044991d442c0
                                                                          • Instruction Fuzzy Hash: 3311BC21B2854786EA40FF56E88046AF331EBB1701FC15171F26F4266DDE6CE9468B50
                                                                          Function 00007FF7B9CF0DC0 Relevance: 10.5, Strings: 8, Instructions: 475COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: !scoring_rect.IsInverted()$<NULL>$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$[nav] NavInitRequest: from move, window "%s", layer=%d$[nav] NavMoveRequest: clamp NavRectRel for gamepad move$[nav] NavMoveRequestForward %d$g.NavMoveDir != ImGuiDir_None && g.NavMoveClipDir != ImGuiDir_None$g.NavMoveFlags & ImGuiNavMoveFlags_Forwarded
                                                                          • API String ID: 0-1751011103
                                                                          • Opcode ID: 0a0fe391b60e8c2522fd3ad116b7e5731f51a08326d4deb65e0f9ea16ad04866
                                                                          • Instruction ID: 0ef05ec1760961929b33c2cef967ed4b0e903f3bfd792cfae7e94c51fc44fef3
                                                                          • Opcode Fuzzy Hash: 0a0fe391b60e8c2522fd3ad116b7e5731f51a08326d4deb65e0f9ea16ad04866
                                                                          • Instruction Fuzzy Hash: 9332C722D18AC942E352AF3A80553F8B370EF7B794F589731DF64261E9EF2871958710
                                                                          Function 00007FF7B9CFC2B0 Relevance: 10.4, Strings: 8, Instructions: 438COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$dx >= 0$dy >= 0$e->ey >= y_top$e->sy <= y_bottom && e->ey >= y_top$fabsf(area) <= 1.01f$sy1 > y_final-0.01f$x >= 0 && x < len
                                                                          • API String ID: 0-3568222241
                                                                          • Opcode ID: 2e6a8859283b3d3cd8d11c8571f10789304f4235f4396e56a555a3f3518eb24d
                                                                          • Instruction ID: e03800be6f20d8a2a4d376fc56be6e7040c3e96ccf35fa71fad4e4dfb9ad1bc3
                                                                          • Opcode Fuzzy Hash: 2e6a8859283b3d3cd8d11c8571f10789304f4235f4396e56a555a3f3518eb24d
                                                                          • Instruction Fuzzy Hash: 2F120A22E18B8D81E212AF3754861B5F270AF7F3C4F589732FB58715B6EF2871859610
                                                                          Function 00007FF7B9D0F9D0 Relevance: 9.0, Strings: 7, Instructions: 237COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (0) && "Calling PopItemFlag() too many times!"$*Missing Text*$<Unknown>$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$Calling PopItemFlag() too many times!$p >= Data && p < DataEnd
                                                                          • API String ID: 0-3275063505
                                                                          • Opcode ID: 64f8e874fa66ce1179747330a39de5691e524e97183f20bb34d8ecf4e9c5c960
                                                                          • Instruction ID: 09f051288d0b8e4b524abfa5e140f00aeee80e13a3dd3c84315f2788d00a4eeb
                                                                          • Opcode Fuzzy Hash: 64f8e874fa66ce1179747330a39de5691e524e97183f20bb34d8ecf4e9c5c960
                                                                          • Instruction Fuzzy Hash: 1AB1B432A0864281EB94AF1ED5656A9BBB1FB62784FA40035CF6D0369DDF3CE455C720
                                                                          Function 00007FF7B9D3D0B0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 88COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF7B9D3D0F3
                                                                            • Part of subcall function 00007FF7B9D26540: SysAllocString.OLEAUT32 ref: 00007FF7B9D265B1
                                                                            • Part of subcall function 00007FF7B9D26540: SysAllocString.OLEAUT32 ref: 00007FF7B9D26602
                                                                            • Part of subcall function 00007FF7B9D26540: SysFreeString.OLEAUT32 ref: 00007FF7B9D2666A
                                                                            • Part of subcall function 00007FF7B9D26540: SysFreeString.OLEAUT32 ref: 00007FF7B9D266AA
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: String$AllocFree$Fac_nodeFac_node::_std::_
                                                                          • String ID: Model$QEMU$QEMU_HDD: model = $SELECT Model FROM Win32_DiskDrive
                                                                          • API String ID: 535470966-302833579
                                                                          • Opcode ID: 67da60177cdbf4f65368f33503cefdb6f4b06a15d5e39991f963891d9950ee15
                                                                          • Instruction ID: fabfd2ebc630152705965bbedcc8fe1af3e22a657f368c6356f476460b2b114a
                                                                          • Opcode Fuzzy Hash: 67da60177cdbf4f65368f33503cefdb6f4b06a15d5e39991f963891d9950ee15
                                                                          • Instruction Fuzzy Hash: CD41642260D58251EA20BF2AD4513F9F370EBA2344FC44532E76D466EEEE2CD949CB60
                                                                          Function 00007FF7B9CF0220 Relevance: 8.1, Strings: 6, Instructions: 635COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$[nav] NavInitRequest: ApplyResult: NavID 0x%08X in Layer %d Window "%s"$g.NavActivateDownId == g.NavActivateId$g.NavLayer == ImGuiNavLayer_Main || g.NavLayer == ImGuiNavLayer_Menu$g.NavMoveDir == ImGuiDir_None$g.NavWindow != 0
                                                                          • API String ID: 0-2167808928
                                                                          • Opcode ID: 730fbb488950118501c7b1eccb123621c722712a2f79662ab0aa810ea15e7909
                                                                          • Instruction ID: 96f318e8c424c56ac9818fbb2b572fe9a24cbf34844c4e217efc0ef69c91d13c
                                                                          • Opcode Fuzzy Hash: 730fbb488950118501c7b1eccb123621c722712a2f79662ab0aa810ea15e7909
                                                                          • Instruction Fuzzy Hash: 0372D732D086C149F795EF39C0583B9A7B1EB67F48F984235CB68072D9EB786489C721
                                                                          Function 00007FF7B9D125E0 Relevance: 8.0, Strings: 6, Instructions: 493COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$button >= 0 && button < ((int)(sizeof(g.IO.MouseDown) / sizeof(*(g.IO.MouseDown))))$button >= 0 && button < ImGuiMouseButton_COUNT$id != 0
                                                                          • API String ID: 0-2768765550
                                                                          • Opcode ID: bb6ddeecd25b92e5f7e364dd3b79bfc53df98904499643741cfc3f907409a507
                                                                          • Instruction ID: ae46c32a60bb06ff933b8ef939b719fc942754ae916e88c1c5115684b22d66f9
                                                                          • Opcode Fuzzy Hash: bb6ddeecd25b92e5f7e364dd3b79bfc53df98904499643741cfc3f907409a507
                                                                          • Instruction Fuzzy Hash: 6222E233E0829686EA65AE3E91443B9F6B1AF63344F844135DF79172DDCF2EB4918720
                                                                          Function 00007FF7B9CE0BB0 Relevance: 7.2, Strings: 5, Instructions: 977COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: #RESIZE$5$6$C:\Users\55yar\Desktop\imgui-master\imgui.h$idx == 0 || idx == 1
                                                                          • API String ID: 0-650503096
                                                                          • Opcode ID: 741f8bda65aad3a9c9b5dc4ed83b082e9bb0bc5be9c0013f7e0179b5161037e5
                                                                          • Instruction ID: 0424ed1b39e4a1c9c3f547e99f5badc24528bc80557d1eada478c9538a4e1865
                                                                          • Opcode Fuzzy Hash: 741f8bda65aad3a9c9b5dc4ed83b082e9bb0bc5be9c0013f7e0179b5161037e5
                                                                          • Instruction Fuzzy Hash: 8BB21832D08A8985E352EF3B94492B9B370EF6B344F58D731EB59235A9DB38B094D710
                                                                          Function 00007FF7B9D10130 Relevance: 6.4, Strings: 5, Instructions: 140COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$p >= begin() && p < end()$settings->ColumnsCount == table->ColumnsCount && settings->ColumnsCountMax >= settings->ColumnsCount$settings->ID == table->ID
                                                                          • API String ID: 0-2168725360
                                                                          • Opcode ID: 9adbc2c648a18549cea2c583e776e9c5202d2ad48166e75ee436596c5d349f57
                                                                          • Instruction ID: 7c728c3066551a0bd0ec8cae2532bed8b08524ae67267e9f7febd15283f7d8c3
                                                                          • Opcode Fuzzy Hash: 9adbc2c648a18549cea2c583e776e9c5202d2ad48166e75ee436596c5d349f57
                                                                          • Instruction Fuzzy Hash: 8661F233908681C6D751EF2AE4852A9B7B0FB23744F84C836DB99472A9DB3CE549C710
                                                                          Function 00007FF7B9D75AB8 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                          • String ID:
                                                                          • API String ID: 2933794660-0
                                                                          • Opcode ID: dc113855c5987b390799b8814ac2335886f250b2a85423b1ced125c36652f311
                                                                          • Instruction ID: 3e91e8ed9b6e3f939a7683b9bf5a86366dbe07754a2e8837940aaa63f716ba5e
                                                                          • Opcode Fuzzy Hash: dc113855c5987b390799b8814ac2335886f250b2a85423b1ced125c36652f311
                                                                          • Instruction Fuzzy Hash: 44114826B18B058AEB009F65E8442B873B4FB2A758F840A35DB2D867A8DF3CD1648350
                                                                          Function 00007FF7B9CF2600 Relevance: 5.6, Strings: 4, Instructions: 628COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ##NavUpdateWindowing$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0$shared_mods != 0
                                                                          • API String ID: 0-1670481530
                                                                          • Opcode ID: c526906264538ce628bf3dec74475090834308bf39a31140afb304da841db08e
                                                                          • Instruction ID: 11af95ac5e9bee86e4dda43f26a47fe6a255e33ec40566f7b0690b2633fae1cd
                                                                          • Opcode Fuzzy Hash: c526906264538ce628bf3dec74475090834308bf39a31140afb304da841db08e
                                                                          • Instruction Fuzzy Hash: 5462D632A0878656F759AF3981583B9A6B0FF66744F884135CB6D132D9EF3CB498C720
                                                                          Function 00007FF7B9D139E0 Relevance: 5.4, Strings: 4, Instructions: 420COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$ImMax(size_contents_v, size_visible_v) > 0.0f$idx == 0 || idx == 1
                                                                          • API String ID: 0-3128625980
                                                                          • Opcode ID: 8e625ba1bd8d6d3cc11652240c30ecf25a4db8a1435511de9599326dab57ea7e
                                                                          • Instruction ID: 6dbdefd6b650d667f0022a37d86638b7101676f9acbce03e070bfa0b56290b3d
                                                                          • Opcode Fuzzy Hash: 8e625ba1bd8d6d3cc11652240c30ecf25a4db8a1435511de9599326dab57ea7e
                                                                          • Instruction Fuzzy Hash: 6812D823D187D986E212AA3B94412B5F360AF7F784F5CC732FE6832569DB29B4C18610
                                                                          Function 00007FF7B9D15600 Relevance: 5.3, Strings: 4, Instructions: 302COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ##v$#ComboPopup$C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
                                                                          • API String ID: 0-2429816084
                                                                          • Opcode ID: 61090898f7784bd1a5068f51309e07eba19288cc8d7907dc8844e8ee1049ceb3
                                                                          • Instruction ID: 34b460d6719f74a7768c02f66f6988ec1fa7c75585da18001026ac3e747cf48a
                                                                          • Opcode Fuzzy Hash: 61090898f7784bd1a5068f51309e07eba19288cc8d7907dc8844e8ee1049ceb3
                                                                          • Instruction Fuzzy Hash: A2E1B433A147998AE711EF3B94402E9B370FF6A348F949732EB18365A9DF38A055D710
                                                                          Function 00007FF7B9D2BC60 Relevance: 5.0, Strings: 4, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: BaseCloseEnumHandleModuleNameOpenProcessProcesses
                                                                          • String ID: QEMU$qemu-ga.exe$vdagent.exe$vdservice.exe
                                                                          • API String ID: 747937883-2473040482
                                                                          • Opcode ID: 2157efd84984ff52bcd16b679f8b32bd26c1ad4b9833d70dd2479d6b20a8e465
                                                                          • Instruction ID: 80c1b3c9dd4604fec4ac546763c3415d13e633ff964bc8e3f1842a889e4e85a5
                                                                          • Opcode Fuzzy Hash: 2157efd84984ff52bcd16b679f8b32bd26c1ad4b9833d70dd2479d6b20a8e465
                                                                          • Instruction Fuzzy Hash: 7B012122608A4185EE11AF2AF5400EAF370FFA6794BC40236DB9D0776AEF6CD554C720
                                                                          Function 00007FF7B9D1EF10 Relevance: 4.1, Strings: 3, Instructions: 301COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (0) && "Calling PopItemFlag() too many times!"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Calling PopItemFlag() too many times!
                                                                          • API String ID: 0-102052167
                                                                          • Opcode ID: b3bfc9296a2d6e4074767208fffc206923f82dee4f2b72aabca544986ee9bf7e
                                                                          • Instruction ID: a0c1d51f0f6122073dd94cfb9ab4ed89b56cba20f03e0b99f102f1bf92f46fa8
                                                                          • Opcode Fuzzy Hash: b3bfc9296a2d6e4074767208fffc206923f82dee4f2b72aabca544986ee9bf7e
                                                                          • Instruction Fuzzy Hash: F0E1D9329186D985E326AF3A90413F9B370FF6A344F548332EB59271A9DF3DA495C710
                                                                          Function 00007FF7B9CFDDE0 Relevance: 3.3, APIs: 2, Instructions: 255COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C610F020
                                                                          • String ID:
                                                                          • API String ID: 1173767890-0
                                                                          • Opcode ID: 7d0dd63dcc4704c500bbbdd7d2277ab7569ffe89a62477874b5941f220371acf
                                                                          • Instruction ID: 5c347515d2ef75bdf37e948ad1c991e94958ad497680c4cd52df35fd18d7b0cb
                                                                          • Opcode Fuzzy Hash: 7d0dd63dcc4704c500bbbdd7d2277ab7569ffe89a62477874b5941f220371acf
                                                                          • Instruction Fuzzy Hash: 05B1D433A14AD585D321EF3990442BEF7B4FFA9B84F449332EB9552658EB38E486C710
                                                                          Function 00007FF7B9D23C5B Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: InfoKeyboardLayoutLocale
                                                                          • String ID:
                                                                          • API String ID: 1218629382-0
                                                                          • Opcode ID: 77b21d223f33af8884a9fe161841b75ec4699f18136ec8b9ac9846f8f905dde7
                                                                          • Instruction ID: e134cfd704acf5fc3a49e3892ec131b1613b8d58ddf998e5502a9be57ff205ab
                                                                          • Opcode Fuzzy Hash: 77b21d223f33af8884a9fe161841b75ec4699f18136ec8b9ac9846f8f905dde7
                                                                          • Instruction Fuzzy Hash: 92F0A022618A8186E7629F2BA4002EAB3A4FB58794F914033CF9D53714DE3DD483C710
                                                                          Function 00007FF7B9CEEE50 Relevance: 2.8, Strings: 2, Instructions: 281COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • (window->ChildFlags | g.NavWindow->ChildFlags) & ImGuiChildFlags_NavFlattened, xrefs: 00007FF7B9CEEEE4
                                                                          • C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7B9CEEEDD
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (window->ChildFlags | g.NavWindow->ChildFlags) & ImGuiChildFlags_NavFlattened$C:\Users\55yar\Desktop\imgui-master\imgui.cpp
                                                                          • API String ID: 0-3836044477
                                                                          • Opcode ID: 0c51ceab6ca626247bb3e66dd72cad57c8acf5dae3556ffec34a963b390b0164
                                                                          • Instruction ID: 20d39eede64e93cac3f95934d449cc88c7bdb908ac3be45733ef2f991545d196
                                                                          • Opcode Fuzzy Hash: 0c51ceab6ca626247bb3e66dd72cad57c8acf5dae3556ffec34a963b390b0164
                                                                          • Instruction Fuzzy Hash: 30D1F923D08E8E81E2227B3B80460B5F3B09F7F385FA99732EF6D725A6CB1875855510
                                                                          Function 00007FF7B9CFAAF0 Relevance: 2.7, Strings: 2, Instructions: 225COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: !(o > b->size || o < 0)$C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h
                                                                          • API String ID: 0-2013812653
                                                                          • Opcode ID: 61d3691e49be1f84e0150b5e846e2aed5a41793a3269af067d7af8f9fc16d968
                                                                          • Instruction ID: 7d0349b0ea6497d8e80b1ba31811a949cfef135b41a2a89320e30f8f043e50b6
                                                                          • Opcode Fuzzy Hash: 61d3691e49be1f84e0150b5e846e2aed5a41793a3269af067d7af8f9fc16d968
                                                                          • Instruction Fuzzy Hash: B1B1D333A08AC48AE701DF7E90452BDB7B0FBA9345F545335DF5922679EB38A585CB00
                                                                          Function 00007FF7B9CFEBC0 Relevance: 2.7, Strings: 2, Instructions: 203COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$pixels[i*stride_in_bytes] == 0
                                                                          • API String ID: 0-15633718
                                                                          • Opcode ID: fcba2ce47abafcc763f1f8dc80c6d1a7adae2ab53a85f6e205cdd6f8cec78d60
                                                                          • Instruction ID: 1394209e9351e043cd6588e70fac4a3baeb3cb36753d17e788f3d8f40ef3fa5e
                                                                          • Opcode Fuzzy Hash: fcba2ce47abafcc763f1f8dc80c6d1a7adae2ab53a85f6e205cdd6f8cec78d60
                                                                          • Instruction Fuzzy Hash: 8271136360C2A647E3265B3CA85536EEEF1F79A340F9C4234EAD983F49DA2CD504CA50
                                                                          Function 00007FF7B9CFE910 Relevance: 2.7, Strings: 2, Instructions: 196COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$pixels[i] == 0
                                                                          • API String ID: 0-2060079458
                                                                          • Opcode ID: 491ba8c0cdad3bcee9af0565b12dc5f143dba6e6e313ecbd5b1507d7f33f2637
                                                                          • Instruction ID: 5cf484b704be9822dcd6b571fcb1b9bd700b9a9c17c43e96119eb40063bf0f18
                                                                          • Opcode Fuzzy Hash: 491ba8c0cdad3bcee9af0565b12dc5f143dba6e6e313ecbd5b1507d7f33f2637
                                                                          • Instruction Fuzzy Hash: F171E06361C6E286C3218F3D985977EBEB1E796304F984275DB9983B88DB3DD118C710
                                                                          Function 00007FF7B9D085E0 Relevance: 2.6, Strings: 2, Instructions: 124COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$text_end != 0
                                                                          • API String ID: 0-48455972
                                                                          • Opcode ID: 3002515a1ab3bdc51a7f6a3506bfed08d6a2eb409b93287ee4929966dd13d4c3
                                                                          • Instruction ID: 5b832d3ea7f6f579e26edc7e28efa44cc4601450f8a9392bc39bb4d3af3ebf5d
                                                                          • Opcode Fuzzy Hash: 3002515a1ab3bdc51a7f6a3506bfed08d6a2eb409b93287ee4929966dd13d4c3
                                                                          • Instruction Fuzzy Hash: EE413821F0C24946E961EF2B9050179F661AFB7780FD98732EE6C17A9CDB3DE4818710
                                                                          Function 00007FF7B9CE72F0 Relevance: 2.6, Strings: 2, Instructions: 79COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
                                                                          • API String ID: 0-1180621679
                                                                          • Opcode ID: 9eaacf2246e783dded85e65fbf1ba08c608659f31188253d760be90e0a045a89
                                                                          • Instruction ID: bbdfe1aabcf39c8d63a6e3c5e0699ce80f526189cbd00d5700e1fce98ad1e78c
                                                                          • Opcode Fuzzy Hash: 9eaacf2246e783dded85e65fbf1ba08c608659f31188253d760be90e0a045a89
                                                                          • Instruction Fuzzy Hash: 8631CE72B101E58BEB84CF66A864F7D7B60E3D6742B896121EF8017A48C63CD111CB60
                                                                          Function 00007FF7B9CE7220 Relevance: 2.6, Strings: 2, Instructions: 52COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
                                                                          • API String ID: 0-1180621679
                                                                          • Opcode ID: bb452d0373826b3bfde3a80130145f850f008f808f24efa226c10a0c1ad71441
                                                                          • Instruction ID: a5fbdbb0a8131020c88bb97a5712d82b24897fb2f9a3ae48936e6b137eb776ee
                                                                          • Opcode Fuzzy Hash: bb452d0373826b3bfde3a80130145f850f008f808f24efa226c10a0c1ad71441
                                                                          • Instruction Fuzzy Hash: DE110A7160569186EB08CF66E4E40BAB7B0F796782F851037EBDA07649DE3CD181C720
                                                                          Function 00007FF7B9D2AC70 Relevance: 2.5, Strings: 2, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: QEMU$QEMU Virtual CPU
                                                                          • API String ID: 0-1421318364
                                                                          • Opcode ID: dac9ac4cbb93561339592773e8785ddf914f9d1ee7c6d026dc8a084fac90d451
                                                                          • Instruction ID: 70a7ffb3ee4f691f642bbc09b2587b0f29fddfd473d8cca0cd6ecc7ad669bb9f
                                                                          • Opcode Fuzzy Hash: dac9ac4cbb93561339592773e8785ddf914f9d1ee7c6d026dc8a084fac90d451
                                                                          • Instruction Fuzzy Hash: E8016162A1854695EB20BF29E4502F9F370FBA3301FD41072D7AD466AE9E1CD589C720
                                                                          Function 00007FF7B9D282B0 Relevance: 2.5, APIs: 2, Instructions: 40memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: CloseHandleHeapProcess
                                                                          • String ID:
                                                                          • API String ID: 3728050799-0
                                                                          • Opcode ID: 6295d9721a27f4245d2f893d2c2d70af50f7c948f5cdc31f0155e9e82bda42bf
                                                                          • Instruction ID: 6956cd618d5a2df752ae1cbe836dadc827bec59d148119ef7caee41c204ad4b2
                                                                          • Opcode Fuzzy Hash: 6295d9721a27f4245d2f893d2c2d70af50f7c948f5cdc31f0155e9e82bda42bf
                                                                          • Instruction Fuzzy Hash: 1FF0F631F18A9146EF549BB7B68916A7621EB99BC4B58A030EF6E5370CCE3CD0D1C710
                                                                          Function 0000018CD0A769C0 Relevance: 1.8, APIs: 1, Instructions: 298COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 058fe484ba31c3fcbeb7b1ed2503814a888c2b2876d3fe363face192ce8f9d9f
                                                                          • Instruction ID: 2b448e8f8540dd54a04740df28ea1a0421183c6bcea4b0d37e40f25535b81ed5
                                                                          • Opcode Fuzzy Hash: 058fe484ba31c3fcbeb7b1ed2503814a888c2b2876d3fe363face192ce8f9d9f
                                                                          • Instruction Fuzzy Hash: 5CA16C30218A044BE769BB6C98593A933E5EBD93A6F54C73CE49EC32D1DE34DA0187D1
                                                                          Function 0000018CD0A3B080 Relevance: 1.7, Strings: 1, Instructions: 412COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @
                                                                          • API String ID: 0-2766056989
                                                                          • Opcode ID: 6f9e5161a3611f1e4bccd8dd5d1371ccbd673557d68f10357e32b22705c5483a
                                                                          • Instruction ID: 6ba374687b0fdecd1a01abf4be6f309d8e6a5b76c2692c08aca7765546be5bcf
                                                                          • Opcode Fuzzy Hash: 6f9e5161a3611f1e4bccd8dd5d1371ccbd673557d68f10357e32b22705c5483a
                                                                          • Instruction Fuzzy Hash: 49E1FF7421CA888FE7A4EF58C45876AB7E1FB99345F108A2DE18EC3260DF74D885CB45
                                                                          Function 00007FF7B9CF80F0 Relevance: 1.4, Strings: 1, Instructions: 183COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h
                                                                          • API String ID: 0-2705777111
                                                                          • Opcode ID: d4e523a57a7578c31a210f5ed15a645ba85c93ba7444a5218b22de89a018d3eb
                                                                          • Instruction ID: 892745a3d515f0470796957bf9035bb8000c9f195011631aeac1821212224232
                                                                          • Opcode Fuzzy Hash: d4e523a57a7578c31a210f5ed15a645ba85c93ba7444a5218b22de89a018d3eb
                                                                          • Instruction Fuzzy Hash: E65169A6B244B183DB209F3EC8D56BC77E0E74A742FD48576D36982F95D22DC10A9F20
                                                                          Function 00007FF7B9D6F900 Relevance: .8, Instructions: 760COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 711c75c16e04f05930c4c7f8d7961871963e911d2240806723824b8214e1113c
                                                                          • Instruction ID: 6a6d768201a1fed5343df6999fea9a7881c481c6636b64bd271f7d1a65fb931f
                                                                          • Opcode Fuzzy Hash: 711c75c16e04f05930c4c7f8d7961871963e911d2240806723824b8214e1113c
                                                                          • Instruction Fuzzy Hash: 8D829036219AC48AD774CF5AE4907AAB7A0F3C9B94F544126EA9D83B68CF3CD544CF10
                                                                          Function 00007FF7B9CD8990 Relevance: .6, Instructions: 579COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bb1ea35e3b431f82f4f12a4b396f153b0a848afeb2d775deb7f7c878e429036a
                                                                          • Instruction ID: 96b16d10dadc85cc5dc03ab2f2fef415900363758a4026eb3f7ad893a9644422
                                                                          • Opcode Fuzzy Hash: bb1ea35e3b431f82f4f12a4b396f153b0a848afeb2d775deb7f7c878e429036a
                                                                          • Instruction Fuzzy Hash: FB829E73815BC187D328CF34B9981DAB7A8FB55340F105219DBF622A61DB78E1A6E708
                                                                          Function 00007FF7B9D1CF70 Relevance: .4, Instructions: 439COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9a4a449293a40cbfe98e5d7827f8691eb49733b783b1ea7de53bf4c27f441732
                                                                          • Instruction ID: 0cac8432c34f8fa36db158369dc0d242b611ddeef7ef7ee2cbfad91c4f3a0e62
                                                                          • Opcode Fuzzy Hash: 9a4a449293a40cbfe98e5d7827f8691eb49733b783b1ea7de53bf4c27f441732
                                                                          • Instruction Fuzzy Hash: 3022C533E08695CAE715DF7A90403BDF7B0EB6A348F444735EF58265A9CB38A454CB20
                                                                          Function 00007FF7B9CFEE70 Relevance: .4, Instructions: 405COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8666f2393c9b8f7fb7cdd93b58903e41ae95174a75f1733205bcbb53e83308ca
                                                                          • Instruction ID: 744756cdfb9117c1a94fea332fcafdf9b2239667a3f1c6d831fce862b8aa29ea
                                                                          • Opcode Fuzzy Hash: 8666f2393c9b8f7fb7cdd93b58903e41ae95174a75f1733205bcbb53e83308ca
                                                                          • Instruction Fuzzy Hash: 6B021532A186C086D325CF3A9041779F7B0FF6E784F148326EB9963659EB38E591CB10
                                                                          Function 00007FF7B9D1E680 Relevance: .4, Instructions: 362COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 60134fdaf79148bc3aed8ca8cda4530990a9437e8335a5391703faa725201ef3
                                                                          • Instruction ID: 42b1d62bf7770a1bdfb8452f129a4c3df8a6409c0895e77ee3ab18960567bb55
                                                                          • Opcode Fuzzy Hash: 60134fdaf79148bc3aed8ca8cda4530990a9437e8335a5391703faa725201ef3
                                                                          • Instruction Fuzzy Hash: 9BF1A83390C291C6E761AE3A91443B9BBB0EB66754F484139DFAA076D9DB39E444C730
                                                                          Function 00007FF7B9CDC330 Relevance: .3, Instructions: 301COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e259183aa3cff67cceae918c74b9f2fe90d859c801d5e6c82e25a49c6e2c3e1d
                                                                          • Instruction ID: 9c4ce03825e9671011ad34791ed49043b32f7a877606e145da8b5670d808b4c7
                                                                          • Opcode Fuzzy Hash: e259183aa3cff67cceae918c74b9f2fe90d859c801d5e6c82e25a49c6e2c3e1d
                                                                          • Instruction Fuzzy Hash: 98D1826298D6C245EB65AE3D40182B9B7F1AF33748F984135EF691A5CFDF3CA8419230
                                                                          Function 00007FF7B9D211B0 Relevance: .3, Instructions: 275COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a6853595c4b8d4732684ae615c1043c40102c10e0b8c6e6ca77a3e418a474b5e
                                                                          • Instruction ID: 565cd9aa1216a95b57991b7fc08f408ba099503e1d46b1f1653795ca397c4d96
                                                                          • Opcode Fuzzy Hash: a6853595c4b8d4732684ae615c1043c40102c10e0b8c6e6ca77a3e418a474b5e
                                                                          • Instruction Fuzzy Hash: 57C12B36750B8982EB159F3BD454BAD6771EB9AF88F09D231CE0A17B68DF3AC1458700
                                                                          Function 00007FF7B9CFD940 Relevance: .3, Instructions: 254COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d9ba8da47b8908073ce420befe1b0d6dc1da6f7031fe5efb319df8529ff22dd0
                                                                          • Instruction ID: 1e49e25f49fa8b506a0899006df9ff3b53241fe01efc9a81bb62494e06296153
                                                                          • Opcode Fuzzy Hash: d9ba8da47b8908073ce420befe1b0d6dc1da6f7031fe5efb319df8529ff22dd0
                                                                          • Instruction Fuzzy Hash: E0B1B922E38BCC41E213AA3750821F9E260AFBF3C5F6DDB23FE94756B6AB1461D15510
                                                                          Function 00007FF7B9CE8630 Relevance: .3, Instructions: 251COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bac0945ec1b59e01bc3937df9c1899bef4ef3bfbc1e5e78a99121b0f70271fc8
                                                                          • Instruction ID: 80c83e4ba204e41931eb61f24989a182cd1d954b6fb7ef7a115d81cd371c1af7
                                                                          • Opcode Fuzzy Hash: bac0945ec1b59e01bc3937df9c1899bef4ef3bfbc1e5e78a99121b0f70271fc8
                                                                          • Instruction Fuzzy Hash: F4D1F422D0A7C189E3519F3954007F87BF4FB77B48F4D827ADB991765ACB286011AB31
                                                                          Function 00007FF7B9CF1E50 Relevance: .2, Instructions: 185COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0907db7d99f817ccf87f979c67bf6fa07c3d54fa26eaabc26dc2d5595c3a1437
                                                                          • Instruction ID: a60f5348395a2013342b396eabdd9b2f0a43b646f2efab54e833c117966cf73e
                                                                          • Opcode Fuzzy Hash: 0907db7d99f817ccf87f979c67bf6fa07c3d54fa26eaabc26dc2d5595c3a1437
                                                                          • Instruction Fuzzy Hash: 6F913A3291868587E355AF3A80183F9B3B0FF26758F58D335DB69161D9EB3875888B10
                                                                          Function 00007FF7B9D2AAD0 Relevance: .1, Instructions: 138COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 75347e420e246316dc48f9152a43aacf056808c60e0f7064dc43329542e8c729
                                                                          • Instruction ID: 4fe7a4dbf5c385882646a2e13903d323328ecc0b3294f7e272c13de61e82670b
                                                                          • Opcode Fuzzy Hash: 75347e420e246316dc48f9152a43aacf056808c60e0f7064dc43329542e8c729
                                                                          • Instruction Fuzzy Hash: A0314BF1B72B960FEF6843F267463F10D83578D7C4E10E9348A2D9BB4AE83C62A04255
                                                                          Function 00007FF7B9D7A088 Relevance: .0, Instructions: 6COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f618a298c6e42848bd26529225843dfb3be44d53d8b94e0dddf4a7216d6b172d
                                                                          • Instruction ID: c3449bb1b69c8d9c9d5744daa7c6087e5d350599ed3b1bc2ba89e1c4f3db3d48
                                                                          • Opcode Fuzzy Hash: f618a298c6e42848bd26529225843dfb3be44d53d8b94e0dddf4a7216d6b172d
                                                                          • Instruction Fuzzy Hash: 9490025211E3D005CB034A7414609093F705043C003896087D280861838448045C8312
                                                                          Function 00007FF7B9D7A1C0 Relevance: .0, Instructions: 5COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0ffb9348e867d741892279679cf464c9aedaf3e6810820d71bb5eab8be5ba2b9
                                                                          • Instruction ID: a769ea24b85c7bc2aa8efcb6eece902450031447dd1405de71fe679e1a37919b
                                                                          • Opcode Fuzzy Hash: 0ffb9348e867d741892279679cf464c9aedaf3e6810820d71bb5eab8be5ba2b9
                                                                          • Instruction Fuzzy Hash: A4B01287C0C68080E143152849152C037E14F138B076A03294E30410E6294B0C018650
                                                                          Function 00007FF7B9D75A0C Relevance: .0, Instructions: 2COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9ae5a87b9dd38dd311fd93f2a90222b4c5ac6b764f614e41fb0d48fb702329ef
                                                                          • Instruction ID: f622351fb2ae67666f185a4c6811b4f56e584b090d065d306cf9d043db506f3f
                                                                          • Opcode Fuzzy Hash: 9ae5a87b9dd38dd311fd93f2a90222b4c5ac6b764f614e41fb0d48fb702329ef
                                                                          • Instruction Fuzzy Hash: 56A0012291880290E604AF0AA8A0424B330AB62300B824072C62D614689E2DE401C221
                                                                          Function 00007FF7B9D7A260 Relevance: .0, Instructions: 2COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cbb0fd7929c574f81d366f737796e663298c908b94ddf0231a142351a2c27a93
                                                                          • Instruction ID: c0e9bc86d497d7104583adf69ba05f194d461dcd845eeed6fe332642fce6be0d
                                                                          • Opcode Fuzzy Hash: cbb0fd7929c574f81d366f737796e663298c908b94ddf0231a142351a2c27a93
                                                                          • Instruction Fuzzy Hash:
                                                                          Function 00007FF7B9D269A0 Relevance: 40.5, APIs: 3, Strings: 20, Instructions: 218COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: type_info::_name_internal_method
                                                                          • String ID: HYPER_X: ACPI string = $HYPER_X: ACPI string returned true$HYPER_X: SMBIOS string = $HYPER_X: SMBIOS string returned true$HYPER_X: added Hyper-V artifact VM$HYPER_X: added Hyper-V real VM$HYPER_X: cached$HYPER_X: eax = $HYPER_X: event log returned true$HYPER_X: motherboard string match = $HYPER_X: none detected$HYPER_X: returned from cache$HYPER_X: root partition returned true$Hyper-V artifact (not an actual VM)$Microsoft Hyper-V$Microsoft-Windows-Kernel-PnP/Configuration$VIRTUAL MACHINE$VMBUS$VRTUAL MICROSFT$Virtual_Machine
                                                                          • API String ID: 3713626258-2448001203
                                                                          • Opcode ID: 8b7b6656389692ea00c31a3d5d4a5023c0e5e1630d65ec86167a23a47167b22f
                                                                          • Instruction ID: 4ee876286dac8b07b42d26ae2828bca4c6a67cd78a1167bcee9c98e3631db6fb
                                                                          • Opcode Fuzzy Hash: 8b7b6656389692ea00c31a3d5d4a5023c0e5e1630d65ec86167a23a47167b22f
                                                                          • Instruction Fuzzy Hash: BAA14721E0864795FB10BF7ED4902F8B771AF72344FC00172D72D526AAEE2CE94A9360
                                                                          Function 00007FF7B9D2A5B0 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 107registryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C610CloseF020HandleModuleOpenQueryValue
                                                                          • String ID: 55274-640-2673064-23950$76487-337-8429955-22614$76487-644-3177037-23510$Anubis$CWSandbox$JoeBox$ProductId$Sandboxie$SbieDll.dll$Software\Microsoft\Windows\CurrentVersion
                                                                          • API String ID: 1666721718-3157568840
                                                                          • Opcode ID: 2170bf1ed5f06515697651022f5147bfc605e4c509faaa76d2d22398ac2f2ba3
                                                                          • Instruction ID: 24cba52d4a9321139e4f57f771ccca9543fb543b8ec265cfaf24c77d415676ad
                                                                          • Opcode Fuzzy Hash: 2170bf1ed5f06515697651022f5147bfc605e4c509faaa76d2d22398ac2f2ba3
                                                                          • Instruction Fuzzy Hash: 2D413E65A08A0292EB00AF1AE8441B9F370FFA6755FC51131DB6D476BDEF6CE189C720
                                                                          Function 0000018CD09D4430 Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 159COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 0000018CD09D4F40: _WChar_traits.LIBCPMTD ref: 0000018CD09D4F6D
                                                                            • Part of subcall function 0000018CD09D4680: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09D46B0
                                                                            • Part of subcall function 0000018CD09D4680: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000018CD09D470F
                                                                            • Part of subcall function 0000018CD09D4680: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09D4721
                                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000018CD09D4498
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Concurrency::details::Concurrency::details::_CriticalEmptyLock::_Queue::ReentrantScoped_lockScoped_lock::~_StructuredWork$Char_traits
                                                                          • String ID: $ $ $B$D$K$KDBM$M$a$a$a$b$c$e$g$i$l$o$t$y
                                                                          • API String ID: 1777712374-1292890139
                                                                          • Opcode ID: b161acf0dfb75114682398f380b33548e679f35f6de65db894371fe5c39b2e0f
                                                                          • Instruction ID: 74f1763125e77c20b6bbefc31536d7d3d0ab748c74f5c8c82171b63f36aa8e6e
                                                                          • Opcode Fuzzy Hash: b161acf0dfb75114682398f380b33548e679f35f6de65db894371fe5c39b2e0f
                                                                          • Instruction Fuzzy Hash: 8561D87060CB848FE761EB68C448B9ABBE1FBA9305F04491DE4C9C7361DBB99448CB53
                                                                          Function 00007FF7B9D29CF0 Relevance: 35.1, APIs: 10, Strings: 10, Instructions: 100COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Wow64$Process$CurrentRedirection$AttributesCombineDirectoryDisableErrorFileLastPathRevertWindows
                                                                          • String ID: System32\drivers\balloon.sys$System32\drivers\netkvm.sys$System32\drivers\pvpanic.sys$System32\drivers\viofs.sys$System32\drivers\viogpudo.sys$System32\drivers\vioinput.sys$System32\drivers\viorng.sys$System32\drivers\vioscsi.sys$System32\drivers\vioser.sys$System32\drivers\viostor.sys
                                                                          • API String ID: 2243082510-1126929258
                                                                          • Opcode ID: b5e55b07b8024bf2d530526a59092f3bc797311b75eefa4fd3510bbae19e66cb
                                                                          • Instruction ID: d01008ea90c5aff56487abf9198bc44c12075abd57778b6ce843b12d53364293
                                                                          • Opcode Fuzzy Hash: b5e55b07b8024bf2d530526a59092f3bc797311b75eefa4fd3510bbae19e66cb
                                                                          • Instruction Fuzzy Hash: FF511031A09A8585E720AF2AE8843E9F3B4FB66754FD40136C79D466ADEF3CD544C720
                                                                          Function 00007FF7B9D26E00 Relevance: 29.9, APIs: 3, Strings: 14, Instructions: 187libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: AddressFac_nodeFac_node::_HandleModuleProcstd::_
                                                                          • String ID: $$$98$RtlGetVersion$Z)$aJ$bJ$cE$cJaJ$dJ$eJ$ntdll.dll$B
                                                                          • API String ID: 4198870135-1259080596
                                                                          • Opcode ID: 0bf612e41e4d69a7b70ddce33710d6c6f3135ff56e96c1bcb78225d191d14954
                                                                          • Instruction ID: 1d53b28b2522ded028413ff6196bffcb9a10e626cecc515b0514a579ee43db96
                                                                          • Opcode Fuzzy Hash: 0bf612e41e4d69a7b70ddce33710d6c6f3135ff56e96c1bcb78225d191d14954
                                                                          • Instruction Fuzzy Hash: 02A1626260C68699EB21EF79D4402DEBB70E7A130CF804122E79C57A9DDF7CD609CB91
                                                                          Function 00007FF7B9D2BF70 Relevance: 22.8, APIs: 2, Strings: 11, Instructions: 67COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: AttributesErrorFileLast
                                                                          • String ID: Parallels$Virtual PC$c:\windows\system32\drivers\prl_paravirt_32.sys$c:\windows\system32\drivers\prl_pv32.sys$c:\windows\system32\drivers\prleth.sys$c:\windows\system32\drivers\prlfs.sys$c:\windows\system32\drivers\prlmouse.sys$c:\windows\system32\drivers\prltime.sys$c:\windows\system32\drivers\prlvideo.sys$c:\windows\system32\drivers\vmsrvc.sys$c:\windows\system32\drivers\vpc-s3.sys
                                                                          • API String ID: 1799206407-3874332415
                                                                          • Opcode ID: e6794cf4ebca42abbc4b3945c9655d6db326a41356ca59b303e2935e99c5ada4
                                                                          • Instruction ID: f6c6736039bc26ab1ba20f9dd973f95c59a2ca749577fd65696c43ec1a1fc59a
                                                                          • Opcode Fuzzy Hash: e6794cf4ebca42abbc4b3945c9655d6db326a41356ca59b303e2935e99c5ada4
                                                                          • Instruction Fuzzy Hash: CA31F732609B41C4DB10AF19F9882A9B3B4FB55790FC10236C7AC46769EF38D958C350
                                                                          Function 00007FF7B9D3BCA0 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: type_info::_name_internal_method$ComputerName
                                                                          • String ID: ClonePC$Cuckoo$Maltest$Malware$Sandbox$malsand
                                                                          • API String ID: 760624270-3400526147
                                                                          • Opcode ID: b7a5d295f5ed5fae910fab376fb48368a987b4ca17d7c2a5b950987ec20f4101
                                                                          • Instruction ID: b2a5e4eb474da48124298d62e08238aca8d90407c600516885111464ac1e3d7e
                                                                          • Opcode Fuzzy Hash: b7a5d295f5ed5fae910fab376fb48368a987b4ca17d7c2a5b950987ec20f4101
                                                                          • Instruction Fuzzy Hash: D4210E61A2C94A91FE40BF2AE8410F9B331EFB2745FC01171E7AD465AE9E2CE509C760
                                                                          Function 00007FF7B9D26540 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 236memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: String$AllocFreeVariant$ClearInitUninitialize
                                                                          • String ID: Apple VZ$KVM$WMI has been cleaned$WQL$wmi: ExecQuery failed. Error code =
                                                                          • API String ID: 3571656907-266999952
                                                                          • Opcode ID: b51ad44348a2fc26c7cc0133e51fee188fb8e3ad63b6bb99d1f46de18fa4a91d
                                                                          • Instruction ID: 25d5f9d0394a67b9fe75138dd04e09479964f13b83d8b3fac11f0b45c9eb1195
                                                                          • Opcode Fuzzy Hash: b51ad44348a2fc26c7cc0133e51fee188fb8e3ad63b6bb99d1f46de18fa4a91d
                                                                          • Instruction Fuzzy Hash: F6A17E21B09B0285EB14AF6AD4506B8B3B0BF66B98FD44536DF2E47B99DF3CD4448321
                                                                          Function 00007FF7B9D29930 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 143COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Fac_nodeFac_node::_HandleModulestd::_
                                                                          • String ID: api_log.dll$cmdvrt32.dll$cmdvrt64.dll$dir_watch.dll$pstorec.dll$sbiedll.dll$snxhk.dll$vmcheck.dll$wpespy.dll
                                                                          • API String ID: 3326713076-2979618199
                                                                          • Opcode ID: e2d38b307eb48ec691f87414e97626e446f48edd522d218eef998ef7a95307a9
                                                                          • Instruction ID: 1044eab372e5dd1ca9fed8968c05ede942939a2a3a36b703d889af0ea6ec22d2
                                                                          • Opcode Fuzzy Hash: e2d38b307eb48ec691f87414e97626e446f48edd522d218eef998ef7a95307a9
                                                                          • Instruction Fuzzy Hash: F661EE62958987A5EB10FF69D8512E9B330FF62388FC05072D71D576AEEE2CD609C360
                                                                          Function 00007FF7B9D29BE0 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 57registryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: CloseOpen
                                                                          • String ID: KVM$SYSTEM\ControlSet001\Services\BALLOON$SYSTEM\ControlSet001\Services\BalloonService$SYSTEM\ControlSet001\Services\VirtIO-FS Service$SYSTEM\ControlSet001\Services\VirtioSerial$SYSTEM\ControlSet001\Services\netkvm$SYSTEM\ControlSet001\Services\vioscsi$SYSTEM\ControlSet001\Services\viostor
                                                                          • API String ID: 47109696-1580002752
                                                                          • Opcode ID: ae3d089ed190cb715739a4a78e65915f8cb0144a931b1901f093ce2b02a3e7e8
                                                                          • Instruction ID: 0bef9772388c113b187066551bd04ccb765ece3dc29a7b7bb8308b1aaa9dcc06
                                                                          • Opcode Fuzzy Hash: ae3d089ed190cb715739a4a78e65915f8cb0144a931b1901f093ce2b02a3e7e8
                                                                          • Instruction Fuzzy Hash: 8B213C31618E4194EB50AF1AF5842E9B3B4FB65B94FD44236CBAC037A9EF2CD544C760
                                                                          Function 00007FF7B9D29520 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 162COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: ComputerName
                                                                          • String ID: Anubis$COMPUTER_NAME: detected Anubis$COMPUTER_NAME: detected general (VM but unknown)$COMPUTER_NAME: fetched = $InsideTm$TU-4NH09SMCG1HC$klone_x64-pc$tequilaboomboom
                                                                          • API String ID: 3545744682-2521782763
                                                                          • Opcode ID: caa37cdf75694edc52c11af0e48dd78de0760814cdf720e1f3cf534533566bba
                                                                          • Instruction ID: 989404d24dc86bd64e540d7ecfdd985f0fc0d4ed5c66efccace48b6f9016c939
                                                                          • Opcode Fuzzy Hash: caa37cdf75694edc52c11af0e48dd78de0760814cdf720e1f3cf534533566bba
                                                                          • Instruction Fuzzy Hash: AC617321A0854648EB41BF7AC9543FCB6B1AF72388FD41175DB2E466EEEE2CD505C360
                                                                          Function 00007FF7B9D29EF0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: PathProcess$AttributesCombineCurrentEnvironmentErrorExpandFileFolderLastSpecialStringsWow64
                                                                          • String ID: %ProgramW6432%$in\
                                                                          • API String ID: 1711094772-3997613738
                                                                          • Opcode ID: a70cb524a3b089b1ed5d131733d3b8d8b3b0055cb2a3d3617fd46d3929119df5
                                                                          • Instruction ID: b82cbd91f7308a09589bb6a214f1bee9661649986d3b8f98f11588045e94464a
                                                                          • Opcode Fuzzy Hash: a70cb524a3b089b1ed5d131733d3b8d8b3b0055cb2a3d3617fd46d3929119df5
                                                                          • Instruction Fuzzy Hash: 8C215E61A0898692EB71AF2AE4443EAB370FBA6701FC00135D66D429ACDF3CD249CB10
                                                                          Function 00007FF7B9D10B40 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 114COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C610F020
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$i >= 0 && i < Size$p >= Buf.Data && p < Buf.Data + Buf.Size$p >= Data && p < DataEnd$table->MemoryCompacted == false
                                                                          • API String ID: 1173767890-1783795845
                                                                          • Opcode ID: deaac86c666f60603a0ab03538edd9ece8a877489638d9122b77b0a0e241bf59
                                                                          • Instruction ID: 49b69b57f60d2a58899a71c4dbf94d9a0a2b3e82e1913a46ff0b098833b07cde
                                                                          • Opcode Fuzzy Hash: deaac86c666f60603a0ab03538edd9ece8a877489638d9122b77b0a0e241bf59
                                                                          • Instruction Fuzzy Hash: E951A372A08A92C6DB10EF2AE8542E8B7B1FB66B48F844532CB5C47768DF3DD146C750
                                                                          Function 00007FF7B9D28E60 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 73registryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharMultiProcessWide$CloseCurrentOpenWow64
                                                                          • String ID: REGISTRY: $detected =
                                                                          • API String ID: 2040592378-3201242305
                                                                          • Opcode ID: ad6fc55fd5f3feca7ba9fe37accba806b699b1885a4d022cf14badd93844a452
                                                                          • Instruction ID: bea7df6d94080227a9d2c9f7ae9b5154beab39cb1711b377700a27fcdd88fbfe
                                                                          • Opcode Fuzzy Hash: ad6fc55fd5f3feca7ba9fe37accba806b699b1885a4d022cf14badd93844a452
                                                                          • Instruction Fuzzy Hash: 4E31627260CB8181E720AF16E4442AAB771FB96B94F844635EBAD47BADDF3CD148C710
                                                                          Function 00007FF7B9D3BAE0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 62fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: CreateDirectory$00007C619CloseErrorFileHandleLastRemove
                                                                          • String ID: C:\Cuckoo$Cuckoo
                                                                          • API String ID: 2311428884-1252002312
                                                                          • Opcode ID: 77ed7e829a3131f68bf2b4d93badf1fe1b3e431451209259daa3b5df27989d7e
                                                                          • Instruction ID: bb8ea4cfb9bbb5edb450e8c4becc7fed9f0172929a5bf28bd6ca9f50a889acda
                                                                          • Opcode Fuzzy Hash: 77ed7e829a3131f68bf2b4d93badf1fe1b3e431451209259daa3b5df27989d7e
                                                                          • Instruction Fuzzy Hash: FF212B21A1894282FA00BF2AE45427AB3B1EBB2751FD05231E76E476EDDF2CD549C760
                                                                          Function 00007FF7B9D2B050 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 47sharememorystringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Local$FreeNameProvider$Alloclstrcmpi
                                                                          • String ID: VirtualBox$VirtualBox Shared Folders
                                                                          • API String ID: 1777482205-1209410647
                                                                          • Opcode ID: cf5b927fb929961a78d070a9b53f84e37d11d585333aa85bd9ceb35592476e6e
                                                                          • Instruction ID: 9f243f40813ea9e842cff5d080fde5699196ef6423b526d9c61e30982866b489
                                                                          • Opcode Fuzzy Hash: cf5b927fb929961a78d070a9b53f84e37d11d585333aa85bd9ceb35592476e6e
                                                                          • Instruction Fuzzy Hash: C1118260A18A0282FB456F2BE9806B9B3B1BF67741FC46035DB2E06298EE2CD4448620
                                                                          Function 00007FF7B9D03450 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 322COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • 00007FF8B9F61210.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00000000,00007FF7B9CFFCB7), ref: 00007FF7B9D035EF
                                                                          • 00007FF8B9F61210.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00000000,00007FF7B9CFFCB7), ref: 00007FF7B9D038F1
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007F61210
                                                                          • String ID: $C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0$i >= 0 && i < Size$it >= Data && it < Data + Size
                                                                          • API String ID: 2512014792-669993125
                                                                          • Opcode ID: bb8098f0ec28934d46b752e51123f8fcaece127f484d79474833ff05b9a11b48
                                                                          • Instruction ID: b2c5d235caf58063ec6b02cc09f01a97be3c4eb890714949ab9d84047bffd27d
                                                                          • Opcode Fuzzy Hash: bb8098f0ec28934d46b752e51123f8fcaece127f484d79474833ff05b9a11b48
                                                                          • Instruction Fuzzy Hash: E9E1CE72A08A8287EB94EF1AD454369B3B0FB66B84F854135CB5E47758EF3CE441C714
                                                                          Function 00007FF7B9D06C20 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 216COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C610F020
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$i >= 0 && i < Size$pack_context != 0$pack_rects[i].w == user_rects[i].Width && pack_rects[i].h == user_rects[i].Height$user_rects.Size >= 1
                                                                          • API String ID: 1173767890-766226355
                                                                          • Opcode ID: ab5fb847ed008e76fb1a4452799997cefb5ed2ad386507e9b020e9c133a1405a
                                                                          • Instruction ID: f80ceceae121b4e527692f1dcaf6e780293881cf4271e0f6b818accfe28347dd
                                                                          • Opcode Fuzzy Hash: ab5fb847ed008e76fb1a4452799997cefb5ed2ad386507e9b020e9c133a1405a
                                                                          • Instruction Fuzzy Hash: 86A19D32A08A1296EB44AF1AD4541B8B7B0FB62B85FC08136DB6D4766CDF3CE546C760
                                                                          Function 00007FF7B9CF6FE0 Relevance: 12.4, APIs: 8, Instructions: 350COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C610F020
                                                                          • String ID:
                                                                          • API String ID: 1173767890-0
                                                                          • Opcode ID: dc091c0c2fd7f859c98354b9ae88de1060433860c9897d7aa7754a57c71dcdfe
                                                                          • Instruction ID: 7b5d17842c40d76c726e43960a6cefd018c451f0098cee3dce3361932c0cfc3a
                                                                          • Opcode Fuzzy Hash: dc091c0c2fd7f859c98354b9ae88de1060433860c9897d7aa7754a57c71dcdfe
                                                                          • Instruction Fuzzy Hash: 22025C3261998292CB09FF28D5691FCB375FB65B44B904132D72E832A5EF38E56AC350
                                                                          Function 00007FF7B9CFCA40 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 426COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$z != 0$z->direction$z->ey >= scan_y_top
                                                                          • API String ID: 0-479673919
                                                                          • Opcode ID: 4d8b9a479b37acfe9c944020e1a6a9c4196bf994dcff49c628cae36f939cba42
                                                                          • Instruction ID: 59c3f54d831e6a1fcf23b0a3f5a36c4a9149b134cd0bb0836d5ce8404b7432fe
                                                                          • Opcode Fuzzy Hash: 4d8b9a479b37acfe9c944020e1a6a9c4196bf994dcff49c628cae36f939cba42
                                                                          • Instruction Fuzzy Hash: 97122932A08BC586D352DF3AD0452A9F370FF69B84F588322DB5963669EF38E159C710
                                                                          Function 0000018CD0A0E310 Relevance: 10.7, APIs: 7, Instructions: 213COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: type_info::_name_internal_method$Concurrency::details::Concurrency::task_continuation_context::task_continuation_contextEmptyFac_nodeFac_node::_ListQueue::StructuredWork__std_fs_code_pagestd::_
                                                                          • String ID:
                                                                          • API String ID: 4010070106-0
                                                                          • Opcode ID: 38750d4eb1cf29f378788765fb515e49289ddfa89f0a1372fcd3b1c37b4e52a4
                                                                          • Instruction ID: 62c0f03c9ba0d73ebe1d37a72c0773e808f8296930950ad133602d849dafdb3b
                                                                          • Opcode Fuzzy Hash: 38750d4eb1cf29f378788765fb515e49289ddfa89f0a1372fcd3b1c37b4e52a4
                                                                          • Instruction Fuzzy Hash: 1371D131118B488BD765FB58C4557EBB7E1FBD8341F408A2EA48EC7291DE709A44C7D2
                                                                          Function 00007FF7B9CDAF80 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 164COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • 00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7B9CDB042
                                                                          • 00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7B9CDB0FA
                                                                          • 00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7B9CDB18A
                                                                            • Part of subcall function 00007FF7B9CDADE0: 00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7B9CDAE69
                                                                            • Part of subcall function 00007FF7B9CDADE0: 00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7B9CDAEE9
                                                                            • Part of subcall function 00007FF7B9CDADE0: 00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7B9CDAF6A
                                                                          • 00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7B9CDB224
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C610F020
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$DrawList == &DrawListInst
                                                                          • API String ID: 1173767890-20161693
                                                                          • Opcode ID: f61a8afc69b8efd00099b22ab65cfe891d3f9d6334ab943cd541b3ca409aa906
                                                                          • Instruction ID: fd6f72e249b3e3c02053a0c1642077c363c825ed58bef330899b8a9d51726e56
                                                                          • Opcode Fuzzy Hash: f61a8afc69b8efd00099b22ab65cfe891d3f9d6334ab943cd541b3ca409aa906
                                                                          • Instruction Fuzzy Hash: E171C272609A8286C745EF28D4991FCB3B5FB25B84F944237DB1D87268DF39D15AC340
                                                                          Function 00007FF7B9D3CE20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Fac_nodeFac_node::_std::_
                                                                          • String ID: HDD serial number: Failed to initialize WMI$SELECT SerialNumber FROM Win32_DiskDrive$SerialNumber$VBbd5bbffd-59166c24$VirtualBox
                                                                          • API String ID: 1114552684-1335786110
                                                                          • Opcode ID: 516ae901a69b1f1cac9966b1e868247d03072e4acffd53190d636664e9c603b9
                                                                          • Instruction ID: e755a49e473b16b329679603a7457b6b3621d59c83f472f621de12b0897aeca4
                                                                          • Opcode Fuzzy Hash: 516ae901a69b1f1cac9966b1e868247d03072e4acffd53190d636664e9c603b9
                                                                          • Instruction Fuzzy Hash: 1E413222A0D582A1EA20BF59E4413F9F370FFA2384FC45172D79D466AEEE2CD549C760
                                                                          Function 00007FF7B9D2BDE0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Fac_nodeFac_node::_std::_
                                                                          • String ID: Failed to initialize WMI.$Manufacturer$Microsoft Corporation Virtual Machine$Microsoft Hyper-V$SELECT * FROM Win32_BaseBoard
                                                                          • API String ID: 1114552684-2183059302
                                                                          • Opcode ID: dd3f05e064e776b369a932a11be2b602e47f78df37e4b81e87c83f45d12aa2f4
                                                                          • Instruction ID: d37b005b3712aeb521d41d988c79ba925757b14260b206ae3b1c56be35600e15
                                                                          • Opcode Fuzzy Hash: dd3f05e064e776b369a932a11be2b602e47f78df37e4b81e87c83f45d12aa2f4
                                                                          • Instruction Fuzzy Hash: 5A415221A0D58291EA60BF5AE4413F9F370FFA2384FC05132D39D466AEEE6CE549C720
                                                                          Function 00007FF7B9D2B9D0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 76registryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Close$OpenQueryValue
                                                                          • String ID: Failed to open registry key for "$Failed to query value for "
                                                                          • API String ID: 1607946009-1205367380
                                                                          • Opcode ID: e23d6cf29bcb4a1a0980a667c984250c2a6b7340e35bb65f1bb2d31dd5ab03d4
                                                                          • Instruction ID: d9f824414301ed7bd0a1aa6b996d0b8f3fedd353a36ee6db9378161dd2f0a191
                                                                          • Opcode Fuzzy Hash: e23d6cf29bcb4a1a0980a667c984250c2a6b7340e35bb65f1bb2d31dd5ab03d4
                                                                          • Instruction Fuzzy Hash: D531AE72618A8181E7109F26E4442AAF770FBA6780F804136EB6E53B6CDF7CD104C710
                                                                          Function 00007FF7B9D28910 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: HandleModule
                                                                          • String ID: DLL: $Ghofr.dll$LIB_INST detected true for false dll = $NetProjW.dll$fg122.dll
                                                                          • API String ID: 4139908857-4049422396
                                                                          • Opcode ID: 95dea0a3c11a30dcafb0d9b1fdcbe61328e5cd1fc921b03a5fe0ff9d35288540
                                                                          • Instruction ID: 37376089f2a3db52de39412be1b756bb1e6f0b268b7f5de408dcc3370e5d92e4
                                                                          • Opcode Fuzzy Hash: 95dea0a3c11a30dcafb0d9b1fdcbe61328e5cd1fc921b03a5fe0ff9d35288540
                                                                          • Instruction Fuzzy Hash: E0012862B0CB4295DE119F1AF5801A9F3B4FBA9784BC90631DBAD02B29EF6CD645C710
                                                                          Function 0000018CD0A0D680 Relevance: 9.2, APIs: 6, Instructions: 203COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: aea37f858869c0ee2bd0f7b5adcec34911b3012f2e42ab6534745184a15e4199
                                                                          • Instruction ID: bd5a1f83794214850d2eb49a372bb08fdbfd1d1cca210c44192ea4e3594ceeda
                                                                          • Opcode Fuzzy Hash: aea37f858869c0ee2bd0f7b5adcec34911b3012f2e42ab6534745184a15e4199
                                                                          • Instruction Fuzzy Hash: CF61AC3162890C8BE798EB6CC455BBA72D0FB99344FC0D529F08ACB2D5EA34D945C7D1
                                                                          Function 0000018CD0A0DB70 Relevance: 9.2, APIs: 6, Instructions: 200COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Concurrency::details::EmptyQueue::StructuredWork$task$Is_slash_oper::operatorstd::_
                                                                          • String ID:
                                                                          • API String ID: 486407804-0
                                                                          • Opcode ID: 13d526afbca65304c1c215c9590e9300ea953cbea8c1c428c27edecbe409f73f
                                                                          • Instruction ID: 004cd0b0e113bf969981c53947c84f80cbe0becf236b97079505ebc66487152a
                                                                          • Opcode Fuzzy Hash: 13d526afbca65304c1c215c9590e9300ea953cbea8c1c428c27edecbe409f73f
                                                                          • Instruction Fuzzy Hash: 1161E130618A4C9FDB94FB6CC444BAAB7E1FB98385F408A2DB48DC3295DE30D941C792
                                                                          Function 0000018CD0A0FED0 Relevance: 9.2, APIs: 6, Instructions: 191COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 0000018CD09D9D50: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09D9D6D
                                                                            • Part of subcall function 0000018CD0A0F730: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD0A0F73E
                                                                            • Part of subcall function 0000018CD0A0F730: GetFileAttributesA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,0000018CD09EA822), ref: 0000018CD0A0F746
                                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000018CD0A0FFE7
                                                                          • HandleT.LIBCPMTD ref: 0000018CD0A0FFF6
                                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD0A10036
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Concurrency::details::EmptyQueue::StructuredWork$AttributesConcurrency::details::_CriticalFileHandleLock::_ReentrantScoped_lockScoped_lock::~_
                                                                          • String ID:
                                                                          • API String ID: 3190666571-0
                                                                          • Opcode ID: a290ba903524b759902efc529f555de29b1e13d7dc93d95c08b0c05a6973c813
                                                                          • Instruction ID: bb8c8d66ac0764020e5b4bffa78587d35a5a51c4f6200b90b3ca1c44544a0ad9
                                                                          • Opcode Fuzzy Hash: a290ba903524b759902efc529f555de29b1e13d7dc93d95c08b0c05a6973c813
                                                                          • Instruction Fuzzy Hash: 15610630158A488FE795FB68C455BDFB7E1FB98341F408A2EA08EC31A2DE709545C7D2
                                                                          Function 00007FF7B9D2A4D0 Relevance: 9.1, APIs: 6, Instructions: 58COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: CloseHandle$00007BaseEnumModuleNameOpenProcessProcesses
                                                                          • String ID:
                                                                          • API String ID: 1600142199-0
                                                                          • Opcode ID: 62f49f3f388ba0b582254f6316f151dfc9292fb5ef00bf313e7f4c781eebdb8e
                                                                          • Instruction ID: ccbebc9d3a7fe9b6206df6fb28d0e3dfd3cc4b9b8c47c3d0499c2d84fc05f9d5
                                                                          • Opcode Fuzzy Hash: 62f49f3f388ba0b582254f6316f151dfc9292fb5ef00bf313e7f4c781eebdb8e
                                                                          • Instruction Fuzzy Hash: 57212131A0864186E620AF16E4442EAB3B4FBAABC5FC64131DFAD4779CDE3CD945C750
                                                                          Function 00007FF7B9D03FB0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 152COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          • C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF7B9D03FD3
                                                                          • !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!", xrefs: 00007FF7B9D03FDA
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C610F020
                                                                          • String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp
                                                                          • API String ID: 1173767890-3599239301
                                                                          • Opcode ID: c8afc1f3ba6d03622518ecddb6aeb890cacc16beb064410397940ac739d46223
                                                                          • Instruction ID: b14b3ebc8dd36eeca30ed1325cca616ffbcd913b72e12ef1dbbc879ccd20e745
                                                                          • Opcode Fuzzy Hash: c8afc1f3ba6d03622518ecddb6aeb890cacc16beb064410397940ac739d46223
                                                                          • Instruction Fuzzy Hash: 7E61E572A09A4196DB85EF19E1546BCB3B1FB25B84F948237C71D43368EF39D56AC300
                                                                          Function 00007FF7B9D0F690 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 147COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C610F020
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$column->SortOrder < table->SortSpecsCount$p >= Data && p < DataEnd
                                                                          • API String ID: 1173767890-2291414753
                                                                          • Opcode ID: 28738da86535f726680f27d0394537296504cfecf121a282e658290b9d83b3bf
                                                                          • Instruction ID: 0c70b129ae248dbd7733027d54dabe116dec7f82a5c5085a89ade5a910cfac1b
                                                                          • Opcode Fuzzy Hash: 28738da86535f726680f27d0394537296504cfecf121a282e658290b9d83b3bf
                                                                          • Instruction Fuzzy Hash: CE61D03660869292DB48EF2ED1955BCB7B0FB66B40FA40036DB6D83258DF38E596C350
                                                                          Function 00007FF7B9CD5A30 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 112COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007$C6118950$C610F020
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$filename && mode
                                                                          • API String ID: 3653100989-1878659873
                                                                          • Opcode ID: bba0ade7e3dfc7a379c6028fea06fb2b9aebc10f2a13c69682634570e4d2b126
                                                                          • Instruction ID: aa99f5f0e92a94a8e4dbca0a0e5b79e063b07375b4fb5cc84ac605bb1b4ce950
                                                                          • Opcode Fuzzy Hash: bba0ade7e3dfc7a379c6028fea06fb2b9aebc10f2a13c69682634570e4d2b126
                                                                          • Instruction Fuzzy Hash: E3419621A09A9241EA54BF2AA448178B3B0FF6AB95FD44231DB2E477DCDF3CD9468310
                                                                          Function 00007FF7B9D0DE10 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 112COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007F61210
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$p >= Data && p < DataEnd$table->BgClipRect.Min.y <= table->BgClipRect.Max.y
                                                                          • API String ID: 2512014792-3469508490
                                                                          • Opcode ID: 50cf5a6ab57d8c19a53fd3450b170c06f5e4f642d5f4c864c8681da9204b02b9
                                                                          • Instruction ID: 43e35129275d5e412d12f0ca3bf8b9e42d9d0beb71daed348f5dd7e2463980b5
                                                                          • Opcode Fuzzy Hash: 50cf5a6ab57d8c19a53fd3450b170c06f5e4f642d5f4c864c8681da9204b02b9
                                                                          • Instruction Fuzzy Hash: 4051F133A087C6D2D314AF2AD5942A9F7B0FB65744F844136DB6C43659EB38F1A5C720
                                                                          Function 00007FF7B9D27910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 82COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Fac_nodeFac_node::_std::_
                                                                          • String ID: Failed to initialize WMI.$Manufacturer$Microsoft Corporation$SELECT * FROM Win32_BaseBoard
                                                                          • API String ID: 1114552684-1757773434
                                                                          • Opcode ID: 6f142b6b0f40b3564236f0fd9e63b026c22f3c1abd80b5269be33910e51c04fe
                                                                          • Instruction ID: 101dffd233bc6827e8f028b4b46e3d946af1f69adbdf5567c75b39a410be985d
                                                                          • Opcode Fuzzy Hash: 6f142b6b0f40b3564236f0fd9e63b026c22f3c1abd80b5269be33910e51c04fe
                                                                          • Instruction Fuzzy Hash: 93315521A4D58291EA20BF5AE4413F9F370EFA2384FC05132D39D466AEDE6CE649C720
                                                                          Function 00007FF7B9D23FF9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 71windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Capture$ExtraInfoMessage
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
                                                                          • API String ID: 2172523684-3890275027
                                                                          • Opcode ID: fadbb218f598ac816963b6e9d3deab802f48b1676a20e7f2c042cf2f02a0acfb
                                                                          • Instruction ID: c8c0e058d073557ce2fae616c84b711e2ce578c3896211ea6fbb4f9f0b530039
                                                                          • Opcode Fuzzy Hash: fadbb218f598ac816963b6e9d3deab802f48b1676a20e7f2c042cf2f02a0acfb
                                                                          • Instruction Fuzzy Hash: C121F262609A4282E711DF2AE5046ADB3B0FB55BA4FC10132DF2E47398DF3DE4868750
                                                                          Function 00007FF7B9CF4B40 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: printf
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0$[%05d] $[%s] [%05d]
                                                                          • API String ID: 3524737521-3476604433
                                                                          • Opcode ID: e8239c56648bab4fa2b2f5e8b3dbc424be754bec813f2db0b6c8291fa3d70bbb
                                                                          • Instruction ID: 3d6da3a65651f12391b60d0bfef00ba08683cafd9d6f9a103f20e141d091f651
                                                                          • Opcode Fuzzy Hash: e8239c56648bab4fa2b2f5e8b3dbc424be754bec813f2db0b6c8291fa3d70bbb
                                                                          • Instruction Fuzzy Hash: A721CF72608A4686EA10AF2AF8886AAF7B0FF52B84F844031DB5953269DF3CE444C750
                                                                          Function 00007FF7B9D22650 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          • bd != nullptr && "No platform backend to shutdown, or already shutdown?", xrefs: 00007FF7B9D2268B
                                                                          • C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp, xrefs: 00007FF7B9D22684
                                                                          • C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7B9D226AA
                                                                          • GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF7B9D226B1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: FreeLibrary
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$bd != nullptr && "No platform backend to shutdown, or already shutdown?"
                                                                          • API String ID: 3664257935-1332676508
                                                                          • Opcode ID: 933e3e9d9e14cdf1fb685a928ada23f382910b15d4df5d7ee9841c57da70155e
                                                                          • Instruction ID: a091302fda23ad413920c812cacbdbc68434d0ddf1867625d2bd1b0fe6b010e6
                                                                          • Opcode Fuzzy Hash: 933e3e9d9e14cdf1fb685a928ada23f382910b15d4df5d7ee9841c57da70155e
                                                                          • Instruction Fuzzy Hash: 7D317432609A4282EB04AF19E9506B8B7B0FB26B85F848136DB6D47378DF3CE455C350
                                                                          Function 00007FF7B9D240F3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Capture$ExtraInfoMessageRelease
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
                                                                          • API String ID: 1767768705-3890275027
                                                                          • Opcode ID: 593d8df146e3c9bd604ee6194be82d3c1ba262c0eaed81b7b5b1f7e0063fb3b4
                                                                          • Instruction ID: 03b365c54b4257257a683cf0ed86bacdafd7ed7d6830c90e3e7f1a4681663156
                                                                          • Opcode Fuzzy Hash: 593d8df146e3c9bd604ee6194be82d3c1ba262c0eaed81b7b5b1f7e0063fb3b4
                                                                          • Instruction Fuzzy Hash: 2C21F521A19A4282F751AF6AD8002B9B2B1FB65BD4FC14031DF2E0779CDE3CE5468720
                                                                          Function 0000018CD0A0A4B0 Relevance: 7.8, APIs: 5, Instructions: 294COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: fpos
                                                                          • String ID:
                                                                          • API String ID: 1083263101-0
                                                                          • Opcode ID: 77ffe952fc4b999dcfd6abc97a3c4ffc9ab75299f3cc3bb578268549a1736f21
                                                                          • Instruction ID: a2854a3df5031ebb37d006c7505f165bfa26ed2e6d869b9287f629a91ee40870
                                                                          • Opcode Fuzzy Hash: 77ffe952fc4b999dcfd6abc97a3c4ffc9ab75299f3cc3bb578268549a1736f21
                                                                          • Instruction Fuzzy Hash: 2AB1FF30218B4C8FD7A4EB5CC45479AB7E0FBA8345F548A2DE08EC3295DB75D984CB92
                                                                          Function 0000018CD0A6D930 Relevance: 7.6, APIs: 5, Instructions: 148COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: char_traits$Concurrency::details::EmptyQueue::StructuredWork$Max_valueMin_valuewmemset
                                                                          • String ID:
                                                                          • API String ID: 1140703174-0
                                                                          • Opcode ID: 2c1beed089430c0d4b72a3be535a43a4126744fe2144d061b05a4d3dbc83a8f2
                                                                          • Instruction ID: c088950d23f8538ed4da7bbee7e276edb2b7c68ef80a9811f6bc9dc5e729bf83
                                                                          • Opcode Fuzzy Hash: 2c1beed089430c0d4b72a3be535a43a4126744fe2144d061b05a4d3dbc83a8f2
                                                                          • Instruction Fuzzy Hash: 8A51CD3055CB489FDB84FB6CC055A9AB7E1FF98391F504A2EB089D3261DE74DA40CB92
                                                                          Function 0000018CD0A21E30 Relevance: 7.6, APIs: 5, Instructions: 62COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: shared_ptr$allocator$Affinity::operator!=Concurrency::details::Hardware
                                                                          • String ID:
                                                                          • API String ID: 1053258265-0
                                                                          • Opcode ID: fac8cde274d0089e482a859526b6d9f7be0a55b830471d17c36861a35f3ded8e
                                                                          • Instruction ID: 6c32b2bd1337d67916f7729293fbe70826bb85f11dfa442ff52614703f059070
                                                                          • Opcode Fuzzy Hash: fac8cde274d0089e482a859526b6d9f7be0a55b830471d17c36861a35f3ded8e
                                                                          • Instruction Fuzzy Hash: AD11BC30518B485FD694FB68C445BEBB7E1FBD8351F408A6EA48DC3262DE309A4587D2
                                                                          Function 0000018CD09DE0F0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 341COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: type_info::_name_internal_method$char_traits
                                                                          • String ID:
                                                                          • API String ID: 2432257368-3916222277
                                                                          • Opcode ID: 58eada811cfc50bfa12ba2a5beeec2e254d07d8d36abfc2ff38303cef76b8389
                                                                          • Instruction ID: 4e08db1d3d37396090d2aedff976fcf4e5b1bc8cd53afd10fce4369920cd249c
                                                                          • Opcode Fuzzy Hash: 58eada811cfc50bfa12ba2a5beeec2e254d07d8d36abfc2ff38303cef76b8389
                                                                          • Instruction Fuzzy Hash: F4C1ED31168B488BD765FB68C455BDBB3E1FB98341F404B29A08EC3191EE74DA45CBA2
                                                                          Function 00007FF7B9D10D50 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 187COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C610F020
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$p < end()$p >= begin() && p < end()
                                                                          • API String ID: 1173767890-1901453082
                                                                          • Opcode ID: 4b0654cc6224b4accf271935946b73b0b684b1b90702a536bdc8a17d958ccb2f
                                                                          • Instruction ID: e0ada56c60e4cdde27040592b281134c9994fe4808b1a303380f418e12438c6d
                                                                          • Opcode Fuzzy Hash: 4b0654cc6224b4accf271935946b73b0b684b1b90702a536bdc8a17d958ccb2f
                                                                          • Instruction Fuzzy Hash: 3F811272B05A51C6EA14AF2AE9492A8F3B1FB12B81F884536CB2D47258EF3CE555C300
                                                                          Function 0000018CD09E40A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 145COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Subatomic
                                                                          • String ID: d
                                                                          • API String ID: 3648745215-2564639436
                                                                          • Opcode ID: 32f0f512572c5f2b876240f0d85275f7d0e3cd5f8e8d37a546adf0b366805964
                                                                          • Instruction ID: 9c63c7f7527ac06258b107f7e2a4a3504eb044ccc29d03245686ef6ffae7d3a2
                                                                          • Opcode Fuzzy Hash: 32f0f512572c5f2b876240f0d85275f7d0e3cd5f8e8d37a546adf0b366805964
                                                                          • Instruction Fuzzy Hash: 2241F470619F4C8FD794FF58C4497AAB7E2FBA9345F414A2EB08AD3260DA74D940CB42
                                                                          Function 00007FF7B9D23C91 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 119COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharMultiUnicodeWideWindow
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
                                                                          • API String ID: 3417139564-3890275027
                                                                          • Opcode ID: 2698e420990244abdd0969a0cf8ae2069bf7b9e182d94aa0280ce259b0bd08f2
                                                                          • Instruction ID: d77ccf59e65e07a76c6f6bf339a81515911db7a963104075dea06015ff2c036e
                                                                          • Opcode Fuzzy Hash: 2698e420990244abdd0969a0cf8ae2069bf7b9e182d94aa0280ce259b0bd08f2
                                                                          • Instruction Fuzzy Hash: 84519422A1865286E724AF2AD4402F9F3B0EF65B48F944136DF5D47A9DDF7CD8468320
                                                                          Function 00007FF7B9CF6DF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 115COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C610F020
                                                                          • String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp
                                                                          • API String ID: 1173767890-3599239301
                                                                          • Opcode ID: 1a74476acc9dd4e83879cfb7cc54077a521ab570961e410a8d4560091ccb2a23
                                                                          • Instruction ID: d5452436678c4f6279b947e8ed1ed88cc70acac52d3b507ccf84371d65ae68d1
                                                                          • Opcode Fuzzy Hash: 1a74476acc9dd4e83879cfb7cc54077a521ab570961e410a8d4560091ccb2a23
                                                                          • Instruction Fuzzy Hash: 1551E072608A8282DB00EF28E4681BCF3B4FB66B84BC44132DB5D43659DF3CD59AC350
                                                                          Function 0000018CD09D4680 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09D46B0
                                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000018CD09D470F
                                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09D4721
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
                                                                          • String ID:
                                                                          • API String ID: 991905282-3916222277
                                                                          • Opcode ID: 10d6b1d029f9ddb136135efc7a3ae6b877095ebec24af036911b0b436a0fe1a6
                                                                          • Instruction ID: 2b237bb87f9b3c8be045a8c8bd05a97804daaa430f40e56a53954d820e23ea91
                                                                          • Opcode Fuzzy Hash: 10d6b1d029f9ddb136135efc7a3ae6b877095ebec24af036911b0b436a0fe1a6
                                                                          • Instruction Fuzzy Hash: 5B411C30158B449FE394EF68C49579ABBE1FBD8341F909A2DB499C32A1CF70D941CB92
                                                                          Function 00007FF7B9D04220 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          • C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF7B9D04239
                                                                          • !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!", xrefs: 00007FF7B9D04240
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C610F020
                                                                          • String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp
                                                                          • API String ID: 1173767890-3599239301
                                                                          • Opcode ID: b31b5a46ae572bc5135d65714882fba757d099ca6e89907e2c117fa5ee8dcf9f
                                                                          • Instruction ID: 5ab7b43271fb6654f1ddde59173725d2fb4b0b9bdba3b7a77ed2ed2913ca0174
                                                                          • Opcode Fuzzy Hash: b31b5a46ae572bc5135d65714882fba757d099ca6e89907e2c117fa5ee8dcf9f
                                                                          • Instruction Fuzzy Hash: DC310573609A4286C745EF69D0954BCB3B5FB25B84B945233CB0D43268EF38C59AC340
                                                                          Function 00007FF7B9D3BDA0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Window$DesktopRect
                                                                          • String ID: , vertical = $SCREEN_RESOLUTION: horizontal =
                                                                          • API String ID: 3963079893-3686520795
                                                                          • Opcode ID: 7c90521360dbd55d769f0a94670be84a4f00dc0ae0e6f56376b6e2dcda020e26
                                                                          • Instruction ID: 0147f2b1c833f44fd11e6723086d40cfa6e72ac1e9670efcd8bfa52f0878a034
                                                                          • Opcode Fuzzy Hash: 7c90521360dbd55d769f0a94670be84a4f00dc0ae0e6f56376b6e2dcda020e26
                                                                          • Instruction Fuzzy Hash: 37017126F0C54246FBA16F1EF4801BDB370ABAA398F950631DB6C13699DD3CE5858660
                                                                          Function 00007FF7B9D26D90 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: AddressHandleModuleProc
                                                                          • String ID: RtlGetVersion$ntdll.dll
                                                                          • API String ID: 1646373207-1489217083
                                                                          • Opcode ID: a6f30f69d8c39dc3d55898ddf663d1d77849ff6904338cba7caa322b0fa43df5
                                                                          • Instruction ID: f622b7f517191d1d81c192a74571ae6f111635c6b5115f409719b4349c575234
                                                                          • Opcode Fuzzy Hash: a6f30f69d8c39dc3d55898ddf663d1d77849ff6904338cba7caa322b0fa43df5
                                                                          • Instruction Fuzzy Hash: 90F05824A0964281EF61AF1AE4803F8B3B0ABAA700FC80135C66D016A9DE2DD608CA20
                                                                          Function 00007FF7B9D28FB0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: AttributesErrorFileLast
                                                                          • String ID: C:\analysis$CWSandbox
                                                                          • API String ID: 1799206407-2896230626
                                                                          • Opcode ID: 62cbce53be5f319fe4b9640d7a7d66b11879ba64749fc1f2ba2d269f5d9b97ed
                                                                          • Instruction ID: 13f063c720f50b66edb5df645dc5a17f9856044b1f1df56f93805130dd3d3bb7
                                                                          • Opcode Fuzzy Hash: 62cbce53be5f319fe4b9640d7a7d66b11879ba64749fc1f2ba2d269f5d9b97ed
                                                                          • Instruction Fuzzy Hash: 07E03020E1894281EA407F1AD8800A5B371BB72711FD11631D32E512A9AE2CD58A9720
                                                                          Function 0000018CD09E2850 Relevance: 6.4, APIs: 4, Instructions: 351COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09E2882
                                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09E2A43
                                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09E2A58
                                                                            • Part of subcall function 0000018CD09DAD50: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09DAD5E
                                                                            • Part of subcall function 0000018CD09DAD50: _Max_value.LIBCPMTD ref: 0000018CD09DAD83
                                                                            • Part of subcall function 0000018CD09DAD50: _Min_value.LIBCPMTD ref: 0000018CD09DADB1
                                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09E2B97
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Concurrency::details::EmptyQueue::StructuredWork$Max_valueMin_value
                                                                          • String ID:
                                                                          • API String ID: 348937374-0
                                                                          • Opcode ID: f92b1f2ea4708790b626a08718b6c7f83935265edb5cf21cb82d565086118216
                                                                          • Instruction ID: 34ab813cb9b7cc45f4ea01a9fefa89af917399d0b055ebe184cc4b0f21e5fc2c
                                                                          • Opcode Fuzzy Hash: f92b1f2ea4708790b626a08718b6c7f83935265edb5cf21cb82d565086118216
                                                                          • Instruction Fuzzy Hash: 43D1BE3025CB888FD794FB6CC454BAAB7E1FBA9341F504A6DA08DD3261DE70D940CB92
                                                                          Function 0000018CD09FBE80 Relevance: 6.3, APIs: 4, Instructions: 300COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Affinity::operator!=Concurrency::details::Hardware$Concurrency::details::_Min_valueSchedulerScheduler::_shared_ptr
                                                                          • String ID:
                                                                          • API String ID: 122474871-0
                                                                          • Opcode ID: 1201105ad459e1b952de9e8ad781df7c7d1692dd5703cbbd9bfba7c6a4ae0dea
                                                                          • Instruction ID: bd823aa1f074ce9cd8d5112f478cc1ff614e5baf8b8d5561f9f07e22165b7b1c
                                                                          • Opcode Fuzzy Hash: 1201105ad459e1b952de9e8ad781df7c7d1692dd5703cbbd9bfba7c6a4ae0dea
                                                                          • Instruction Fuzzy Hash: F0B1BB70118B488FD794FB5CC454BAEB7E1FB98385F508A2DA08DC32A1DE74DA45CB92
                                                                          Function 0000018CD0A0A1C0 Relevance: 6.3, APIs: 4, Instructions: 263COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: fpos
                                                                          • String ID:
                                                                          • API String ID: 1083263101-0
                                                                          • Opcode ID: c87aca3121aa4d0a4ce99ffdd16e7fa188978e7a18dc08499405c2d6647252e4
                                                                          • Instruction ID: 8003e5b33eb44fc1cbac5ab0eaa5ec17dd5f89cdb2e063d43374290f521572ef
                                                                          • Opcode Fuzzy Hash: c87aca3121aa4d0a4ce99ffdd16e7fa188978e7a18dc08499405c2d6647252e4
                                                                          • Instruction Fuzzy Hash: A191583051CF488FE794EB6CC454B9AB7E0FBA8340F548A6DE09DC32A5CA75D941CB92
                                                                          Function 00007FF7B9D185A0 Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C610F020
                                                                          • String ID:
                                                                          • API String ID: 1173767890-0
                                                                          • Opcode ID: eab6b21905e51d3eff8d2a56197303495e713b7707be6fe1fdb7baa3d4a0f7aa
                                                                          • Instruction ID: 8e67b9714456856d7dde078eecc0752ba81bae284c930e029c8e3742b5e26df9
                                                                          • Opcode Fuzzy Hash: eab6b21905e51d3eff8d2a56197303495e713b7707be6fe1fdb7baa3d4a0f7aa
                                                                          • Instruction Fuzzy Hash: 1D519EB360995287CB49EF29D1950BCB3B1FB65B85B948233DB0E83264DF39D55AC340
                                                                          Function 0000018CD0A44760 Relevance: 6.1, APIs: 4, Instructions: 124COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 0000018CD09D9CF0: char_traits.LIBCPMTD ref: 0000018CD09D9D1D
                                                                          • type_info::_name_internal_method.LIBCMTD ref: 0000018CD0A4480A
                                                                          • Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 0000018CD0A44850
                                                                          • type_info::_name_internal_method.LIBCMTD ref: 0000018CD0A44870
                                                                          • Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 0000018CD0A44892
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Concurrency::task_continuation_context::task_continuation_contexttype_info::_name_internal_method$char_traits
                                                                          • String ID:
                                                                          • API String ID: 294693563-0
                                                                          • Opcode ID: 5449af506ff2c6661e5ebe4c5190aede9d5536acc63e24634385c8fb253b6741
                                                                          • Instruction ID: 325c108037b530cdc2791131362a5af33269e79af327689aa77031cc35e31a21
                                                                          • Opcode Fuzzy Hash: 5449af506ff2c6661e5ebe4c5190aede9d5536acc63e24634385c8fb253b6741
                                                                          • Instruction Fuzzy Hash: 15415330158A888BF344FB68C4956EE77E1FB95381F508A3EA18AC31A1DF30DA40CBD1
                                                                          Function 0000018CD0A25BC0 Relevance: 6.1, APIs: 4, Instructions: 120COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000018CD0A25C45
                                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000018CD0A25C6E
                                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000018CD0A25CA5
                                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000018CD0A25CCE
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
                                                                          • String ID:
                                                                          • API String ID: 2443641946-0
                                                                          • Opcode ID: 08be06c49c265cedc30954d8ca573b186e75b0be6c9493a00689574aaac4a2e3
                                                                          • Instruction ID: e5ef70b51d2c8c32cd099bc05ac2a975eb0efc9702b628924e9b52c99837d7f7
                                                                          • Opcode Fuzzy Hash: 08be06c49c265cedc30954d8ca573b186e75b0be6c9493a00689574aaac4a2e3
                                                                          • Instruction Fuzzy Hash: 4841E131558B488FE754FB68C455BEAB7E1FB98341F404A2EA08DC32A1DF709985CB92
                                                                          Function 00007FF7B9D76090 Relevance: 6.1, APIs: 4, Instructions: 107COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharErrorLastMultiWide
                                                                          • String ID:
                                                                          • API String ID: 203985260-0
                                                                          • Opcode ID: 8a8d35d71edf502955cb145adce672ea92072d8d1ba15ac3886262327fa40ceb
                                                                          • Instruction ID: 3ea2d4ec4d1bbbc6a9d1f62df7dc2ca931df8e90ee5854c137bc30088d5d08d4
                                                                          • Opcode Fuzzy Hash: 8a8d35d71edf502955cb145adce672ea92072d8d1ba15ac3886262327fa40ceb
                                                                          • Instruction Fuzzy Hash: 31319131A0878282EB14EF2AA44026AB3F0FB55B90F844634DFAE47B9DDF3CD5518720
                                                                          Function 0000018CD0A13030 Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: __std_fs_convert_wide_to_narrow$Concurrency::details::EmptyListQueue::StructuredWorkstd::make_error_code
                                                                          • String ID:
                                                                          • API String ID: 3856960188-0
                                                                          • Opcode ID: 8a099eaa64921c44599d0040a850ce8e1c1bd2e4b7851a4bed96735fbbed1df3
                                                                          • Instruction ID: 8982d03faa60e5bed3936085555d7009043a8119bd91b068effd2b14bb38d9ba
                                                                          • Opcode Fuzzy Hash: 8a099eaa64921c44599d0040a850ce8e1c1bd2e4b7851a4bed96735fbbed1df3
                                                                          • Instruction Fuzzy Hash: EF41BE705187884FD394FF68C4557AAB7E1FBD8345F408A2EA48DC3292DF309945CB92
                                                                          Function 0000018CD0A0D430 Relevance: 6.1, APIs: 4, Instructions: 99COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: __std_fs_convert_narrow_to_wide$Concurrency::details::EmptyListQueue::StructuredWorkstd::make_error_code
                                                                          • String ID:
                                                                          • API String ID: 108412505-0
                                                                          • Opcode ID: fa8212391b22175b04cd394b61bda241e1eb8c77ae00566b5bc9fef351543ef5
                                                                          • Instruction ID: 11e05f1a3941e51ab3c281adf5bdaf121c523437fa5129e00c4dd06fb94ac5ee
                                                                          • Opcode Fuzzy Hash: fa8212391b22175b04cd394b61bda241e1eb8c77ae00566b5bc9fef351543ef5
                                                                          • Instruction Fuzzy Hash: E331AB705187888FD394FB68C4557AAB7E2FBD8345F408A2DB48DC32A2DF709945CB92
                                                                          Function 0000018CD09D3920 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 321COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 0000018CD09D4F40: _WChar_traits.LIBCPMTD ref: 0000018CD09D4F6D
                                                                            • Part of subcall function 0000018CD09D4320: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09D434C
                                                                            • Part of subcall function 0000018CD09D4320: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09D435E
                                                                            • Part of subcall function 0000018CD09D4320: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000018CD09D439B
                                                                            • Part of subcall function 0000018CD09D4430: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000018CD09D4498
                                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000018CD09D3D0A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4472641830.0000018CD09D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000018CD09D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_18cd09d0000_Fortexternal.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Char_traits
                                                                          • String ID: $X
                                                                          • API String ID: 1626164810-1398056850
                                                                          • Opcode ID: 063eea553fc9bfca9b8aeafdc5da36c21b7422aabf87f839958f0c0d185b7b7b
                                                                          • Instruction ID: 8f9afad54333786f299ebd7dfad22c554a18486738aee0736e3f785678e1ed91
                                                                          • Opcode Fuzzy Hash: 063eea553fc9bfca9b8aeafdc5da36c21b7422aabf87f839958f0c0d185b7b7b
                                                                          • Instruction Fuzzy Hash: 24D1CD70518B888FE7A4EF68C489BDAB7E1FBD8341F50492EA48DC3251DF749584CB92
                                                                          Function 00007FF7B9CF3A40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C610F020
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$g.SettingsWindows.empty()
                                                                          • API String ID: 1173767890-1747592857
                                                                          • Opcode ID: 6f9cfb39adcd5c56d3518468b8e0a463255f7995024ad30cf357cc757fd9890d
                                                                          • Instruction ID: fef09612573289321f87fdf4a84461db44cf0cb97707f1cfc3c1d5abea88d799
                                                                          • Opcode Fuzzy Hash: 6f9cfb39adcd5c56d3518468b8e0a463255f7995024ad30cf357cc757fd9890d
                                                                          • Instruction Fuzzy Hash: E241D632A09A8286D741EF2AA4681B8B7B0FB66BC4F944136EB5D0775DEF3CD046C710
                                                                          Function 00007FF7B9CF5640 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C610F020
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
                                                                          • API String ID: 1173767890-1817040388
                                                                          • Opcode ID: a41b285bc25e57d281785609a2a3e9ae753a3fa7f6339038507393243173ec3d
                                                                          • Instruction ID: 7b1f3bcca0847cc2d69b5d6cee9b325dec8fdcdb661da0ea9e2b595424f46aec
                                                                          • Opcode Fuzzy Hash: a41b285bc25e57d281785609a2a3e9ae753a3fa7f6339038507393243173ec3d
                                                                          • Instruction Fuzzy Hash: 3041C232618A8282D704EF29E4941BCF3B0FB65784B944132DB6D477A8EF38E49AC350
                                                                          Function 00007FF7B9CF5410 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007C610F020
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
                                                                          • API String ID: 1173767890-1817040388
                                                                          • Opcode ID: 29671e0955e00863697dcf07175f39ff7db5bfdeec36a46dd3c528aa2a95441f
                                                                          • Instruction ID: 7fb76e30cb6b43545af14566162775281a6f19b1cf92a6f4f575b7217b3c6831
                                                                          • Opcode Fuzzy Hash: 29671e0955e00863697dcf07175f39ff7db5bfdeec36a46dd3c528aa2a95441f
                                                                          • Instruction Fuzzy Hash: 37310432608A9283D704EF28E4941BCB3B1FB55B89B904136DB5D43768EF3CD89AC320
                                                                          Function 00007FF7B9D000A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007F61210
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$curr_cmd->UserCallback == 0
                                                                          • API String ID: 2512014792-2009316668
                                                                          • Opcode ID: 6e7a8e398eaff1fe81df7f3b648a466a8ebad63a72cf65ac519ad0f569bc9051
                                                                          • Instruction ID: 5671fd54267d768bf5648f7e6565d94d01e02fa8d95653e0169c44339158b131
                                                                          • Opcode Fuzzy Hash: 6e7a8e398eaff1fe81df7f3b648a466a8ebad63a72cf65ac519ad0f569bc9051
                                                                          • Instruction Fuzzy Hash: 1F218B32A08A45D2FB909F1AE19836DB3B0FB27B88F940031DB2D47658DF39E891C750
                                                                          Function 00007FF7B9D3CFB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: Fac_nodeFac_node::_std::_
                                                                          • String ID: Caption$SELECT * FROM Win32_PortConnector
                                                                          • API String ID: 1114552684-572011918
                                                                          • Opcode ID: a42e56395c2c9a64211847b623019ba2976587ab08f69d5eb10aa7909c6d08f3
                                                                          • Instruction ID: b3b50868627c87a3df2ec3fd2f151ddc963bb29e653c8ce6f58de6aa6a76ce9d
                                                                          • Opcode Fuzzy Hash: a42e56395c2c9a64211847b623019ba2976587ab08f69d5eb10aa7909c6d08f3
                                                                          • Instruction Fuzzy Hash: FE214161919586A1EA10BF59E4413FAF330FFE2344FC05072E79D826AEEE2CD649C760
                                                                          Function 00007FF7B9D00180 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007F61210
                                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$curr_cmd->UserCallback == 0
                                                                          • API String ID: 2512014792-2009316668
                                                                          • Opcode ID: eb5f3a28026ed2ca0d43e1b56a900fcc3a92a86825cbedaab23c80ab9ca30375
                                                                          • Instruction ID: b597d4a2b7aa3a0d1bd063f61c032c4355bd833d9e7b32948e2b1f5878aeee84
                                                                          • Opcode Fuzzy Hash: eb5f3a28026ed2ca0d43e1b56a900fcc3a92a86825cbedaab23c80ab9ca30375
                                                                          • Instruction Fuzzy Hash: E7215C32B18A45D6E790EF1AE29036CB3B0F726784F901031DB2D53A98EF38D9A1C750
                                                                          Function 00007FF7B9D3BBE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: ComputerName
                                                                          • String ID: Microsoft Azure Hyper-V$fv-az\d+-\d+
                                                                          • API String ID: 3545744682-1765012764
                                                                          • Opcode ID: 1d66ef82b51d5d570c189cd524064f9134678dc810b58e97abaa004b3a677bb8
                                                                          • Instruction ID: 065ccfc8e8d68cc8807e0e3797fd4c7d4c45949e96704999fa2bd7533aaa22d1
                                                                          • Opcode Fuzzy Hash: 1d66ef82b51d5d570c189cd524064f9134678dc810b58e97abaa004b3a677bb8
                                                                          • Instruction Fuzzy Hash: D8118B2161854695EA20BF29E8503B9B330FFA2740FC05431E6AD066AADE6CE548CB20
                                                                          Function 00007FF7B9CF4A80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.4476689952.00007FF7B9CD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7B9CD0000, based on PE: true
                                                                          • Associated: 00000000.00000002.4476661249.00007FF7B9CD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7B9F89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA0CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4476689952.00007FF7BA23E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477028391.00007FF7BA241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.4477058649.00007FF7BA243000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7ff7b9cd0000_Fortexternal.jbxd
                                                                          Similarity
                                                                          • API ID: 00007
                                                                          • String ID: $@
                                                                          • API String ID: 3568877910-1077428164
                                                                          • Opcode ID: 47a04fc7440247f8fca85e83f76cdc011aee6d6f4263c5b710153db2b4e8f6e9
                                                                          • Instruction ID: e715289a0de5bdce1c3a47f6bf76a67716c6de52bcc943f68a6c75f5b910cc9a
                                                                          • Opcode Fuzzy Hash: 47a04fc7440247f8fca85e83f76cdc011aee6d6f4263c5b710153db2b4e8f6e9
                                                                          • Instruction Fuzzy Hash: F5110A7291878187DB25DF26F14422AB3B1FB9AB84F544235EB9907B18DB7CD984CF00