Edit tour

Windows Analysis Report
siveria.exe

Overview

General Information

Sample name:	siveria.exe
Analysis ID:	1565320
MD5:	ffcd6c4fe2661cfa22792cc0d68d21d2
SHA1:	ad42fc5c3916f11fc1313e9f97d70444181ed4e0
SHA256:	04ee4273c7d08c675451e0122ff01a5f9e7f701c451b8624c9c55d087fa4865b
Tags:	exeuser-aachum
Infos:

Detection

CredGrabber, Meduza Stealer

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected CredGrabber

Yara detected Meduza Stealer

AI detected suspicious sample

Found many strings related to Crypto-Wallets (likely being stolen)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to launch a program with higher privileges

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found evasive API chain checking for process token information

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

Queries the volume information (name, serial number etc) of a device

Queries time zone information

Suricata IDS alerts with low severity for network traffic

Terminates after testing mutex exists (may check infected machine status)

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

siveria.exe (PID: 3492 cmdline: "C:\Users\user\Desktop\siveria.exe" MD5: FFCD6C4FE2661CFA22792CC0D68D21D2)

cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "45.130.145.152", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt", "build_name": "Mazti", "links": "", "port": 15666}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2326177026.000001FE725B0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
Process Memory Space: siveria.exe PID: 3492	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
Process Memory Space: siveria.exe PID: 3492	JoeSecurity_CredGrabber	Yara detected CredGrabber	Joe Security
Process Memory Space: siveria.exe PID: 3492	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.siveria.exe.1fe723a0000.0.raw.unpack	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
0.2.siveria.exe.1fe723a0000.0.unpack	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security

Suricata Signatures

ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-29T16:04:04.527661+0100	2049441	1	A Network Trojan was detected	192.168.2.6	49707	45.130.145.152	15666	TCP

ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-29T16:04:04.527661+0100	2050806	1	A Network Trojan was detected	192.168.2.6	49707	45.130.145.152	15666	TCP
2024-11-29T16:04:04.647932+0100	2050806	1	A Network Trojan was detected	192.168.2.6	49707	45.130.145.152	15666	TCP

ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-29T16:04:04.527661+0100	2050807	1	A Network Trojan was detected	192.168.2.6	49707	45.130.145.152	15666	TCP
2024-11-29T16:04:04.647932+0100	2050807	1	A Network Trojan was detected	192.168.2.6	49707	45.130.145.152	15666	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 0.2.siveria.exe.1fe723a0000.0.raw.unpack

Malware Configuration Extractor: Meduza Stealer {"C2 url": "45.130.145.152", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt", "build_name": "Mazti", "links": "", "port": 15666}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72417BA0 CryptUnprotectData,LocalFree,	0_2_000001FE72417BA0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72418440 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,Concurrency::cancel_current_task,	0_2_000001FE72418440
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE724183C0 BCryptCloseAlgorithmProvider,	0_2_000001FE724183C0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723D3A30 BCryptDestroyKey,	0_2_000001FE723D3A30
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72475660 BCryptCloseAlgorithmProvider,	0_2_000001FE72475660
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72475670 BCryptDecrypt,	0_2_000001FE72475670
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72475678 BCryptDestroyKey,	0_2_000001FE72475678
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723D7C20 CryptUnprotectData,LocalFree,	0_2_000001FE723D7C20
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72475090 CryptUnprotectData,	0_2_000001FE72475090
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72475098 CryptProtectData,	0_2_000001FE72475098
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72417EC0 CryptProtectData,LocalFree,	0_2_000001FE72417EC0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72418020 BCryptDecrypt,BCryptDecrypt,	0_2_000001FE72418020

Source: unknown

HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.6:49708 version: TLS 1.2

Source: siveria.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7245B500 FindClose,FindFirstFileExW,GetLastError,	0_2_000001FE7245B500
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7245B5B0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	0_2_000001FE7245B5B0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72475100 FindFirstFileW,	0_2_000001FE72475100

Source: C:\Users\user\Desktop\siveria.exe

Code function: 0_2_000001FE724273F0 GetLogicalDriveStringsW,

0_2_000001FE724273F0

Source: C:\Users\user\Desktop\siveria.exe	File opened: D:\sources\migration\	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: D:\sources\replacementmanifests\	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: D:\sources\migration\wtr\	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: D:\sources\replacementmanifests\hwvid-migration-2\	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.6:49707 -> 45.130.145.152:15666
Source: Network traffic	Suricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.6:49707 -> 45.130.145.152:15666

Source: global traffic

TCP traffic: 192.168.2.6:49707 -> 45.130.145.152:15666

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 45.130.145.152 45.130.145.152

Source: Joe Sandbox View

ASN Name: ASBAXETNRU ASBAXETNRU

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: Network traffic

Suricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.6:49707 -> 45.130.145.152:15666

Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152
Source: unknown	TCP traffic detected without corresponding DNS query: 45.130.145.152

Source: C:\Users\user\Desktop\siveria.exe

Code function: 0_2_000001FE72425240 InternetOpenA,InternetOpenUrlA,HttpQueryInfoW,HttpQueryInfoW,InternetQueryDataAvailable,InternetReadFile,InternetQueryDataAvailable,InternetCloseHandle,Concurrency::cancel_current_task,

0_2_000001FE72425240

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache

Source: global traffic

DNS traffic detected: DNS query: api.ipify.org

Source: siveria.exe, 00000000.00000003.2325467018.000001FE737F4000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.2325381898.000001FE737F0000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.2325405776.000001FE737F0000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.2132752272.000001FE737E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.microsoft.t/Regi
Source: siveria.exe, 00000000.00000003.2134563050.000001FE72658000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: siveria.exe, 00000000.00000002.2326177026.000001FE725B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org
Source: siveria.exe, 00000000.00000003.2133302103.000001FE709F4000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000002.2326177026.000001FE725B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/
Source: siveria.exe, 00000000.00000002.2326177026.000001FE725B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org//
Source: siveria.exe, 00000000.00000002.2326177026.000001FE725B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/S
Source: siveria.exe, 00000000.00000003.2134563050.000001FE72658000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: siveria.exe, 00000000.00000003.2134563050.000001FE72658000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: siveria.exe, 00000000.00000003.2134563050.000001FE72658000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: siveria.exe, 00000000.00000003.2134563050.000001FE72658000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: siveria.exe, 00000000.00000003.2134563050.000001FE72658000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: siveria.exe, 00000000.00000003.2134563050.000001FE72658000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: siveria.exe, 00000000.00000003.2139107504.000001FE7345B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: siveria.exe, 00000000.00000003.2138899309.000001FE72790000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: siveria.exe, 00000000.00000003.2138899309.000001FE72790000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: siveria.exe, 00000000.00000003.2139257266.000001FE726D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
Source: siveria.exe, 00000000.00000003.2134563050.000001FE72658000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: siveria.exe, 00000000.00000003.2134563050.000001FE72658000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: siveria.exe, 00000000.00000003.2141748670.000001FE73E09000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.2139257266.000001FE726C8000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.2139523608.000001FE70AAD000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.2138899309.000001FE727DD000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.2139646186.000001FE726AA000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.2139107504.000001FE73463000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: siveria.exe, 00000000.00000003.2139107504.000001FE7345B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org#
Source: siveria.exe, 00000000.00000003.2138899309.000001FE72790000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: siveria.exe, 00000000.00000003.2138899309.000001FE72790000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: siveria.exe, 00000000.00000003.2138899309.000001FE72790000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708

Source: unknown

HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.6:49708 version: TLS 1.2

Source: C:\Users\user\Desktop\siveria.exe

Code function: 0_2_000001FE72425B70 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,

0_2_000001FE72425B70

Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7242A430 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,	0_2_000001FE7242A430
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72475728 NtAllocateVirtualMemory,	0_2_000001FE72475728
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE724756F8 NtQuerySystemInformation,	0_2_000001FE724756F8
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72429D30 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,	0_2_000001FE72429D30
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612B34C0 NtQueryVirtualMemory,NtProtectVirtualMemory,	0_2_00007FF6612B34C0

Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723D0450	0_2_000001FE723D0450
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723DD570	0_2_000001FE723DD570
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7245B5B0	0_2_000001FE7245B5B0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7242C5CB	0_2_000001FE7242C5CB
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723DE610	0_2_000001FE723DE610
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72425240	0_2_000001FE72425240
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723E5310	0_2_000001FE723E5310
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72406350	0_2_000001FE72406350
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72426860	0_2_000001FE72426860
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72405970	0_2_000001FE72405970
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723DCA10	0_2_000001FE723DCA10
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE724276A0	0_2_000001FE724276A0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72460658	0_2_000001FE72460658
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723CF730	0_2_000001FE723CF730
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723DECB0	0_2_000001FE723DECB0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723D2CA0	0_2_000001FE723D2CA0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72442E3C	0_2_000001FE72442E3C
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723CFE20	0_2_000001FE723CFE20
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723D4B70	0_2_000001FE723D4B70
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723D1B90	0_2_000001FE723D1B90
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72425B70	0_2_000001FE72425B70
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7240D080	0_2_000001FE7240D080
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723D20B0	0_2_000001FE723D20B0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7242D050	0_2_000001FE7242D050
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7243918C	0_2_000001FE7243918C
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723E9F80	0_2_000001FE723E9F80
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7241F020	0_2_000001FE7241F020
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72428030	0_2_000001FE72428030
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7244A44F	0_2_000001FE7244A44F
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723FB480	0_2_000001FE723FB480
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723C5520	0_2_000001FE723C5520
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE724414E4	0_2_000001FE724414E4
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723C6510	0_2_000001FE723C6510
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72435598	0_2_000001FE72435598
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72426540	0_2_000001FE72426540
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723A6610	0_2_000001FE723A6610
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE724102C0	0_2_000001FE724102C0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7241E2F0	0_2_000001FE7241E2F0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72435394	0_2_000001FE72435394
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE724163A6	0_2_000001FE724163A6
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723FC420	0_2_000001FE723FC420
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7241B420	0_2_000001FE7241B420
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723C83D0	0_2_000001FE723C83D0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7242A430	0_2_000001FE7242A430
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7244A3C8	0_2_000001FE7244A3C8
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7243A924	0_2_000001FE7243A924
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723D98CD	0_2_000001FE723D98CD
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7241C8E0	0_2_000001FE7241C8E0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723D3A30	0_2_000001FE723D3A30
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE724436A8	0_2_000001FE724436A8
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7243666C	0_2_000001FE7243666C
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72448674	0_2_000001FE72448674
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723F4720	0_2_000001FE723F4720
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE724446E4	0_2_000001FE724446E4
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7242A780	0_2_000001FE7242A780
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7243579C	0_2_000001FE7243579C
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72402750	0_2_000001FE72402750
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723FB780	0_2_000001FE723FB780
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7243F7E6	0_2_000001FE7243F7E6
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723F7CEB	0_2_000001FE723F7CEB
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72430D14	0_2_000001FE72430D14
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72414D40	0_2_000001FE72414D40
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723A5DB0	0_2_000001FE723A5DB0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72438D50	0_2_000001FE72438D50
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723FBDD0	0_2_000001FE723FBDD0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723DADD0	0_2_000001FE723DADD0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72415AB0	0_2_000001FE72415AB0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723FBAB0	0_2_000001FE723FBAB0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72446A68	0_2_000001FE72446A68
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723D0A80	0_2_000001FE723D0A80
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72418B00	0_2_000001FE72418B00
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723F1AF0	0_2_000001FE723F1AF0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72400AC0	0_2_000001FE72400AC0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7244BB90	0_2_000001FE7244BB90
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE724430B8	0_2_000001FE724430B8
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723FC0F0	0_2_000001FE723FC0F0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723A70E0	0_2_000001FE723A70E0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7244C128	0_2_000001FE7244C128
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7243F0D8	0_2_000001FE7243F0D8
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72433150	0_2_000001FE72433150
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72436164	0_2_000001FE72436164
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723A6180	0_2_000001FE723A6180
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72431220	0_2_000001FE72431220
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE724471D8	0_2_000001FE724471D8
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723D7E70	0_2_000001FE723D7E70
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72420E90	0_2_000001FE72420E90
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723D0E80	0_2_000001FE723D0E80
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72415EF0	0_2_000001FE72415EF0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7245FFBC	0_2_000001FE7245FFBC
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723DBF40	0_2_000001FE723DBF40
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612F02A8	0_2_00007FF6612F02A8
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612E22E8	0_2_00007FF6612E22E8
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612EA140	0_2_00007FF6612EA140
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612E81D0	0_2_00007FF6612E81D0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612FA448	0_2_00007FF6612FA448
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612F7358	0_2_00007FF6612F7358
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612F23EC	0_2_00007FF6612F23EC
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612C66E0	0_2_00007FF6612C66E0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612C6730	0_2_00007FF6612C6730
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612EC550	0_2_00007FF6612EC550
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612F6844	0_2_00007FF6612F6844
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612FC8B4	0_2_00007FF6612FC8B4
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6613028CC	0_2_00007FF6613028CC
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612F8758	0_2_00007FF6612F8758
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612F07B4	0_2_00007FF6612F07B4
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612D27B0	0_2_00007FF6612D27B0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612EF7EC	0_2_00007FF6612EF7EC
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612FFA90	0_2_00007FF6612FFA90
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612EF9F0	0_2_00007FF6612EF9F0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612C39E0	0_2_00007FF6612C39E0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612ECA20	0_2_00007FF6612ECA20
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612F6CD8	0_2_00007FF6612F6CD8
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612F9CD8	0_2_00007FF6612F9CD8
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612E2B97	0_2_00007FF6612E2B97
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612EFBF4	0_2_00007FF6612EFBF4
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612E8C30	0_2_00007FF6612E8C30
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612E4C30	0_2_00007FF6612E4C30
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612E9C10	0_2_00007FF6612E9C10
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612ECEB2	0_2_00007FF6612ECEB2
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612FFF2C	0_2_00007FF6612FFF2C
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF661313DA0	0_2_00007FF661313DA0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612D30B0	0_2_00007FF6612D30B0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF66130209C	0_2_00007FF66130209C
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612F4110	0_2_00007FF6612F4110
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612ECFA0	0_2_00007FF6612ECFA0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612E7F90	0_2_00007FF6612E7F90
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612EAF56	0_2_00007FF6612EAF56

Source: C:\Users\user\Desktop\siveria.exe	Code function: String function: 000001FE723CBA80 appears 32 times
Source: C:\Users\user\Desktop\siveria.exe	Code function: String function: 000001FE723CE1D0 appears 33 times
Source: C:\Users\user\Desktop\siveria.exe	Code function: String function: 00007FF6612C51F0 appears 69 times
Source: C:\Users\user\Desktop\siveria.exe	Code function: String function: 000001FE723D6940 appears 41 times
Source: C:\Users\user\Desktop\siveria.exe	Code function: String function: 000001FE72438254 appears 34 times
Source: C:\Users\user\Desktop\siveria.exe	Code function: String function: 000001FE723E86B0 appears 54 times

Source: classification engine

Classification label: mal92.troj.spyw.winEXE@1/0@1/2

Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7242B9B0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,		0_2_000001FE7242B9B0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72475008 AdjustTokenPrivileges,		0_2_000001FE72475008

Source: C:\Users\user\Desktop\siveria.exe

Code function: 0_2_000001FE723DE610 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_000001FE723DE610

Source: C:\Users\user\Desktop\siveria.exe

Code function: 0_2_000001FE72475748 CoCreateInstance,

0_2_000001FE72475748

Source: C:\Users\user\Desktop\siveria.exe

Mutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E69638583F808

Source: siveria.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\siveria.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: siveria.exe, 00000000.00000003.2138203332.000001FE726A4000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: C:\Users\user\Desktop\siveria.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Desktop\siveria.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\siveria.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: siveria.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: siveria.exe

Static file information: File size 3341824 > 1048576

Source: siveria.exe

Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x2bd800

Source: siveria.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: siveria.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: siveria.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: siveria.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: siveria.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: siveria.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: siveria.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: siveria.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: siveria.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: siveria.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: siveria.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: siveria.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: siveria.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\siveria.exe

Code function: 0_2_000001FE723DD570 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

0_2_000001FE723DD570

Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE723ECAB2 push rdi; retf 0004h	0_2_000001FE723ECAB5
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612ED2C0 push rcx; iretd	0_2_00007FF6612ED2C1
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612ED8A1 push rdi; ret	0_2_00007FF6612ED8A5
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612EDB93 push rcx; iretd	0_2_00007FF6612EDB94
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612EDB8C push rdi; ret	0_2_00007FF6612EDB90

Source: C:\Users\user\Desktop\siveria.exe

Code function: 0_2_000001FE7241C600 ExitProcess,OpenMutexA,ExitProcess,CreateMutexA,CreateMutexExA,ExitProcess,ReleaseMutex,CloseHandle,

0_2_000001FE7241C600

Source: C:\Users\user\Desktop\siveria.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_0-93057

Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7245B500 FindClose,FindFirstFileExW,GetLastError,	0_2_000001FE7245B500
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE7245B5B0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	0_2_000001FE7245B5B0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72475100 FindFirstFileW,	0_2_000001FE72475100

Source: C:\Users\user\Desktop\siveria.exe

Code function: 0_2_000001FE724273F0 GetLogicalDriveStringsW,

0_2_000001FE724273F0

Source: C:\Users\user\Desktop\siveria.exe

Code function: 0_2_000001FE72439038 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,

0_2_000001FE72439038

Source: C:\Users\user\Desktop\siveria.exe	File opened: D:\sources\migration\	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: D:\sources\replacementmanifests\	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: D:\sources\migration\wtr\	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: D:\sources\replacementmanifests\hwvid-migration-2\	Jump to behavior

Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696487552f
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: siveria.exe, 00000000.00000003.2133302103.000001FE709F4000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000002.2325773847.000001FE709D4000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000002.2326177026.000001FE725B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696487552
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696487552
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: siveria.exe, 00000000.00000003.2133302103.000001FE709F4000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000002.2325773847.000001FE709D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW^JH
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: siveria.exe, 00000000.00000003.2136215483.000001FE73454000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\Desktop\siveria.exe	API call chain: ExitProcess graph end node			graph_0-93008
Source: C:\Users\user\Desktop\siveria.exe	API call chain: ExitProcess graph end node			graph_0-93002

Source: C:\Users\user\Desktop\siveria.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\siveria.exe

Code function: 0_2_000001FE7242A430 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,

0_2_000001FE7242A430

Source: C:\Users\user\Desktop\siveria.exe

Code function: 0_2_000001FE7245D804 GetLastError,IsDebuggerPresent,OutputDebugStringW,

0_2_000001FE7245D804

Source: C:\Users\user\Desktop\siveria.exe

Code function: 0_2_000001FE7245D804 GetLastError,IsDebuggerPresent,OutputDebugStringW,

0_2_000001FE7245D804

Source: C:\Users\user\Desktop\siveria.exe

Code function: 0_2_000001FE723DD570 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

0_2_000001FE723DD570

Source: C:\Users\user\Desktop\siveria.exe

Code function: 0_2_000001FE72449EEC GetProcessHeap,

0_2_000001FE72449EEC

Source: C:\Users\user\Desktop\siveria.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE724752E0 SetUnhandledExceptionFilter,	0_2_000001FE724752E0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_000001FE72437F68 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_000001FE72437F68
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF661305AC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF661305AC0
Source: C:\Users\user\Desktop\siveria.exe	Code function: 0_2_00007FF6612F1E68 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF6612F1E68

Source: C:\Users\user\Desktop\siveria.exe

Code function: 0_2_000001FE7241B420 ShellExecuteW,

0_2_000001FE7241B420

Source: C:\Users\user\Desktop\siveria.exe

Code function: 0_2_00007FF6612F9AA0 cpuid

0_2_00007FF6612F9AA0

Source: C:\Users\user\Desktop\siveria.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_000001FE72449468
Source: C:\Users\user\Desktop\siveria.exe	Code function: GetLocaleInfoW,	0_2_000001FE72449518
Source: C:\Users\user\Desktop\siveria.exe	Code function: GetLocaleInfoW,	0_2_000001FE72449310
Source: C:\Users\user\Desktop\siveria.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_000001FE7244964C
Source: C:\Users\user\Desktop\siveria.exe	Code function: EnumSystemLocalesW,	0_2_000001FE7243DAE0
Source: C:\Users\user\Desktop\siveria.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_000001FE72448C04
Source: C:\Users\user\Desktop\siveria.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_000001FE724490C8
Source: C:\Users\user\Desktop\siveria.exe	Code function: GetLocaleInfoEx,FormatMessageA,	0_2_000001FE7245B170
Source: C:\Users\user\Desktop\siveria.exe	Code function: EnumSystemLocalesW,	0_2_000001FE72448F60
Source: C:\Users\user\Desktop\siveria.exe	Code function: GetLocaleInfoW,	0_2_000001FE7243E020
Source: C:\Users\user\Desktop\siveria.exe	Code function: EnumSystemLocalesW,	0_2_000001FE72449030
Source: C:\Users\user\Desktop\siveria.exe	Code function: EnumSystemLocalesW,	0_2_00007FF6612FD270
Source: C:\Users\user\Desktop\siveria.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_00007FF6612FD308
Source: C:\Users\user\Desktop\siveria.exe	Code function: EnumSystemLocalesW,	0_2_00007FF6612FD1A0
Source: C:\Users\user\Desktop\siveria.exe	Code function: GetLocaleInfoW,	0_2_00007FF6612F91E0
Source: C:\Users\user\Desktop\siveria.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00007FF6612FD6A8
Source: C:\Users\user\Desktop\siveria.exe	Code function: GetLocaleInfoW,	0_2_00007FF6612FD550
Source: C:\Users\user\Desktop\siveria.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00007FF6612FD88C
Source: C:\Users\user\Desktop\siveria.exe	Code function: GetLocaleInfoW,	0_2_00007FF6612FD758
Source: C:\Users\user\Desktop\siveria.exe	Code function: EnumSystemLocalesW,	0_2_00007FF6612F8E4C
Source: C:\Users\user\Desktop\siveria.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_00007FF6612FCE44

Source: C:\Users\user\Desktop\siveria.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\siveria.exe

Key value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyName

Jump to behavior

Source: C:\Users\user\Desktop\siveria.exe

Code function: 0_2_000001FE7243840C GetSystemTimeAsFileTime,

0_2_000001FE7243840C

Source: C:\Users\user\Desktop\siveria.exe

Code function: 0_2_000001FE72426150 GetUserNameW,

0_2_000001FE72426150

Source: C:\Users\user\Desktop\siveria.exe

Code function: 0_2_000001FE724276A0 GetTimeZoneInformation,

0_2_000001FE724276A0

Stealing of Sensitive Information

Yara detected CredGrabber

Source: Yara match

File source: Process Memory Space: siveria.exe PID: 3492, type: MEMORYSTR

Yara detected Meduza Stealer

Source: Yara match	File source: 0.2.siveria.exe.1fe723a0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.siveria.exe.1fe723a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2326177026.000001FE725B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: siveria.exe PID: 3492, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: siveria.exe, 00000000.00000002.2326177026.000001FE725B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Electrum-LTC\wallets
Source: siveria.exe, 00000000.00000002.2326177026.000001FE725B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ElectronCash\config
Source: siveria.exe, 00000000.00000003.2160724834.000001FE7583F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "software": "Ny1aaXAgMjMuMDEgKHg2NCkgWzIzLjAxXQpNb3ppbGxhIEZpcmVmb3ggKHg2NCBlbi1VUykgWzExOC4wLjFdCk1vemlsbGEgTWFpbnRlbmFuY2UgU2VydmljZSBbMTE4LjAuMV0KTWljcm9zb2Z0IE9mZmljZSBQcm9mZXNzaW9uYWwgUGx1cyAyMDE5IC0gZW4tdXMgWzE2LjAuMTY4MjcuMjAxMzBdCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMjIgWDY0IEFkZGl0aW9uYWwgUnVudGltZSAtIDE0LjM2LjMyNTMyIFsxNC4zNi4zMjUzMl0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBMaWNlbnNpbmcgQ29tcG9uZW50IFsxNi4wLjE2ODI3LjIwMTMwXQpPZmZpY2UgMTYgQ2xpY2stdG8tUnVuIEV4dGVuc2liaWxpdHkgQ29tcG9uZW50IDY0LWJpdCBSZWdpc3RyYXRpb24gWzE2LjAuMTY4MjcuMjAwNTZdCkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkgWzIzLjAwNi4yMDMyMF0KTWljcm9zb2Z0IFZpc3VhbCBDKysgMjAyMiBYNjQgTWluaW11bSBSdW50aW1lIC0gMTQuMzYuMzI1MzIgWzE0LjM2LjMyNTMyXQpHb29nbGUgQ2hyb21lIFsxMTcuMC41OTM4LjEzNF0KTWljcm9zb2Z0IEVkZ2UgWzExNy4wLjIwNDUuNTVdCk1pY3Jvc29mdCBFZGdlIFVwZGF0ZSBbMS4zLjE3Ny4xMV0KTWljcm9zb2Z0IEVkZ2UgV2ViVmlldzIgUnVudGltZSBbMTE3LjAuMjA0NS40N10KSmF2YSBBdXRvIFVwZGF0ZXIgWzIuOC4zODEuOV0KSmF2YSA4IFVwZGF0ZSAzODEgWzguMC4zODEwLjldCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMTUtMjAyMiBSZWRpc3RyaWJ1dGFibGUgKHg2NCkgLSAxNC4zNi4zMjUzMiBbMTQuMzYuMzI1MzIuMF0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBFeHRlbnNpYmlsaXR5IENvbXBvbmVudCBbMTYuMC4xNjgyNy4yMDEzMF0K",
Source: siveria.exe, 00000000.00000002.2326177026.000001FE725B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Exodus\exodus.wallet
Source: siveria.exe, 00000000.00000002.2326177026.000001FE725B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Ethereum\keystore
Source: siveria.exe, 00000000.00000002.2326177026.000001FE725B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Ethereum\keystore

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\siveria.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\siveria.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\siveria.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\siveria.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: Yara match

File source: Process Memory Space: siveria.exe PID: 3492, type: MEMORYSTR

Remote Access Functionality

Yara detected CredGrabber

Source: Yara match

File source: Process Memory Space: siveria.exe PID: 3492, type: MEMORYSTR

Yara detected Meduza Stealer

Source: Yara match	File source: 0.2.siveria.exe.1fe723a0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.siveria.exe.1fe723a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2326177026.000001FE725B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: siveria.exe PID: 3492, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Native API	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Access Token Manipulation	1 OS Credential Dumping	12 System Time Discovery	Remote Services	1 Screen Capture	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Access Token Manipulation	1 Deobfuscate/Decode Files or Information	LSASS Memory	31 Security Software Discovery	Remote Desktop Protocol	1 Email Collection	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	2 Obfuscated Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	1 Archive Collected Data	2 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	1 Account Discovery	Distributed Component Object Model	2 Data from Local System	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	1 System Owner/User Discovery	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	1 System Network Configuration Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	3 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	34 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api.ipify.org	104.26.12.205	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.ipify.org/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://ac.ecosia.org/autocomplete?q=	siveria.exe, 00000000.00000003.2134563050.000001FE72658000.00000004.00000020.00020000.00000000.sdmp	false	high
https://duckduckgo.com/chrome_newtab	siveria.exe, 00000000.00000003.2134563050.000001FE72658000.00000004.00000020.00020000.00000000.sdmp	false	high
https://api.ipify.org	siveria.exe, 00000000.00000002.2326177026.000001FE725B0000.00000004.00000020.00020000.00000000.sdmp	false	high
https://duckduckgo.com/ac/?q=	siveria.exe, 00000000.00000003.2134563050.000001FE72658000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	siveria.exe, 00000000.00000003.2134563050.000001FE72658000.00000004.00000020.00020000.00000000.sdmp	false	high
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt	siveria.exe, 00000000.00000003.2139257266.000001FE726D0000.00000004.00000020.00020000.00000000.sdmp	false	high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	siveria.exe, 00000000.00000003.2134563050.000001FE72658000.00000004.00000020.00020000.00000000.sdmp	false	high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	siveria.exe, 00000000.00000003.2134563050.000001FE72658000.00000004.00000020.00020000.00000000.sdmp	false	high
https://api.ipify.org//	siveria.exe, 00000000.00000002.2326177026.000001FE725B0000.00000004.00000020.00020000.00000000.sdmp	false	high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	siveria.exe, 00000000.00000003.2134563050.000001FE72658000.00000004.00000020.00020000.00000000.sdmp	false	high
https://support.mozilla.org	siveria.exe, 00000000.00000003.2139107504.000001FE7345B000.00000004.00000020.00020000.00000000.sdmp	false	high
https://api.ipify.org/S	siveria.exe, 00000000.00000002.2326177026.000001FE725B0000.00000004.00000020.00020000.00000000.sdmp	false	high
https://support.mozilla.org/products/firefoxgro.all	siveria.exe, 00000000.00000003.2138899309.000001FE72790000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.ecosia.org/newtab/	siveria.exe, 00000000.00000003.2134563050.000001FE72658000.00000004.00000020.00020000.00000000.sdmp	false	high
http://ns.microsoft.t/Regi	siveria.exe, 00000000.00000003.2325467018.000001FE737F4000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.2325381898.000001FE737F0000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.2325405776.000001FE737F0000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.2132752272.000001FE737E1000.00000004.00000020.00020000.00000000.sdmp	false	high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	siveria.exe, 00000000.00000003.2134563050.000001FE72658000.00000004.00000020.00020000.00000000.sdmp	false	high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	siveria.exe, 00000000.00000003.2138899309.000001FE72790000.00000004.00000020.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.26.12.205	api.ipify.org	United States		13335	CLOUDFLARENETUS	false
45.130.145.152	unknown	Russian Federation		49392	ASBAXETNRU	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1565320
Start date and time:	2024-11-29 16:03:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	siveria.exe
Detection:	MAL
Classification:	mal92.troj.spyw.winEXE@1/0@1/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 98% Number of executed functions: 105 Number of non-executed functions: 133
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: siveria.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.26.12.205	Ransomware Mallox.exe	Get hash	malicious	Targeted Ransomware	Browse	api.ipify.org/
	Yc9hcFC1ux.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	6706e721f2c06.exe	Get hash	malicious	Remcos	Browse	api.ipify.org/
	perfcc.elf	Get hash	malicious	Xmrig	Browse	api.ipify.org/
	SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exe	Get hash	malicious	RDPWrap Tool	Browse	api.ipify.org/
	SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exe	Get hash	malicious	RDPWrap Tool	Browse	api.ipify.org/
	hloRQZmlfg.exe	Get hash	malicious	RDPWrap Tool	Browse	api.ipify.org/
	file.exe	Get hash	malicious	RDPWrap Tool	Browse	api.ipify.org/
	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
45.130.145.152	chelentano.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	9RM52QaURq.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	HZ1BUCfTne.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	9RM52QaURq.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	bv2DbIiZeK.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	brozer.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	YU7jHNMJjG.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	6Ev0Nd7z2t.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	6HWYiong4s.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	btoRtc7o3v.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
api.ipify.org	https://google.lk/url?q=ernie.grue@nationalmi.com&nationalmi.com&sa=t&url=amp/s/i--iy.s3.us-east-1.amazonaws.com/vocabulary.html#ZXJuaWUuZ3J1ZUBuYXRpb25hbG1pLmNvbQ==	Get hash	malicious	Unknown	Browse	104.26.12.205
	Employee_Important_Message.pdf	Get hash	malicious	Unknown	Browse	104.26.12.205
	9arEd0o4IZ.exe	Get hash	malicious	Unknown	Browse	104.26.12.205
	IwSa5fjMWm.exe	Get hash	malicious	Unknown	Browse	172.67.74.152
	051qAVqlq9.exe	Get hash	malicious	Unknown	Browse	104.26.12.205
	rkGw58sHF5.exe	Get hash	malicious	Unknown	Browse	104.26.12.205
	Vr39ff92jh.exe	Get hash	malicious	Unknown	Browse	172.67.74.152
	LBswoftSFF.exe	Get hash	malicious	Unknown	Browse	104.26.12.205
	3lpDhNtVKt.exe	Get hash	malicious	Unknown	Browse	172.67.74.152
	dAkpFjNw3j.exe	Get hash	malicious	Unknown	Browse	104.26.13.205

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://google.lk/url?q=ernie.grue@nationalmi.com&nationalmi.com&sa=t&url=amp/s/i--iy.s3.us-east-1.amazonaws.com/vocabulary.html#ZXJuaWUuZ3J1ZUBuYXRpb25hbG1pLmNvbQ==	Get hash	malicious	Unknown	Browse	104.26.13.205
	file.ps1	Get hash	malicious	LummaC Stealer	Browse	172.67.170.85
	IMG_1205 #U2014 ThingLink.html	Get hash	malicious	Unknown	Browse	104.18.41.175
	bUAmCazc.ps1	Get hash	malicious	LummaC Stealer	Browse	172.67.170.85
	http://myhobbybuys.com	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://29112024red01kamcjduq.z33.web.core.windows.net	Get hash	malicious	TechSupportScam	Browse	104.17.25.14
	http://antena1.rtp.pt	Get hash	malicious	RATDispenser	Browse	104.22.62.150
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	https://herald-review.com/users/logout-success/?expire=1626371676&referer_url=http://209.159.152.50	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://michaelschwab.powerappsportals.com/	Get hash	malicious	Unknown	Browse	104.18.3.157
ASBAXETNRU	1732748284fd56a2da13edf4ae4b865c44fa6834581d27eb2edbfe3fc50ef131cb95db5639506.dat-decoded.exe	Get hash	malicious	Remcos	Browse	45.135.232.38
	mips.elf	Get hash	malicious	Unknown	Browse	212.192.15.158
	chelentano.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	m2.exe	Get hash	malicious	Xmrig	Browse	194.87.31.45
	9RM52QaURq.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	HZ1BUCfTne.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	9RM52QaURq.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	bv2DbIiZeK.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	brozer.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	YU7jHNMJjG.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	file.exe	Get hash	malicious	Clipboard Hijacker	Browse	104.26.12.205
	file.exe	Get hash	malicious	Clipboard Hijacker	Browse	104.26.12.205
	pPLD6OSn7O.exe	Get hash	malicious	Unknown	Browse	104.26.12.205
	pPLD6OSn7O.exe	Get hash	malicious	Unknown	Browse	104.26.12.205
	0b3SUiWz3y.exe	Get hash	malicious	Unknown	Browse	104.26.12.205
	ww7Oxm9pwx.exe	Get hash	malicious	Unknown	Browse	104.26.12.205
	file.exe	Get hash	malicious	Vidar	Browse	104.26.12.205
	0b3SUiWz3y.exe	Get hash	malicious	Unknown	Browse	104.26.12.205
	ww7Oxm9pwx.exe	Get hash	malicious	Unknown	Browse	104.26.12.205
	wqK2m8VmyD.exe	Get hash	malicious	CryptOne, Mofksys	Browse	104.26.12.205

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	4.228010521635314
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	siveria.exe
File size:	3'341'824 bytes
MD5:	ffcd6c4fe2661cfa22792cc0d68d21d2
SHA1:	ad42fc5c3916f11fc1313e9f97d70444181ed4e0
SHA256:	04ee4273c7d08c675451e0122ff01a5f9e7f701c451b8624c9c55d087fa4865b
SHA512:	9908ad32426188fdf06370265672b2c6ff8c71f226468412fa02342fde5310bc723bd5af48f4d041cef4771e863b6f2098ffa47f51d1d34703cb0428d764c9dc
SSDEEP:	24576:S/frmzI7lsX7Rh7lmXh0lhSMXlWuzohmrGTcigEbse6rFOJbmSt3:KfrmzI7OXBGuchfTaEgr0JS+
TLSH:	A9F5AD6BEE4064F3D874D13488A7076BBA767481C37183875B98662A1F527E43F3AF84
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N..f...5...5...5.x.4...5.x.4...5.x.4V..5A..4...5A..4...5A..4...52\|.4$..52\|.4...5By.4...5A..4...5...5...5Ay.4...5AyH5...5Ay.4...

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x140055a30
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x67451F50 [Tue Nov 26 01:07:28 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	de1751741e7d5e07ce98493d3f0130fc

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007FC9E4BBE72Ch
dec eax
add esp, 28h
jmp 00007FC9E4BBDAAFh
int3
int3
dec eax
sub esp, 28h
dec ebp
mov eax, dword ptr [ecx+38h]
dec eax
mov ecx, edx
dec ecx
mov edx, ecx
call 00007FC9E4BBDC42h
mov eax, 00000001h
dec eax
add esp, 28h
ret
int3
int3
int3
inc eax
push ebx
inc ebp
mov ebx, dword ptr [eax]
dec eax
mov ebx, edx
inc ecx
and ebx, FFFFFFF8h
dec esp
mov ecx, ecx
inc ecx
test byte ptr [eax], 00000004h
dec esp
mov edx, ecx
je 00007FC9E4BBDC45h
inc ecx
mov eax, dword ptr [eax+08h]
dec ebp
arpl word ptr [eax+04h], dx
neg eax
dec esp
add edx, ecx
dec eax
arpl ax, cx
dec esp
and edx, ecx
dec ecx
arpl bx, ax
dec edx
mov edx, dword ptr [eax+edx]
dec eax
mov eax, dword ptr [ebx+10h]
mov ecx, dword ptr [eax+08h]
dec eax
mov eax, dword ptr [ebx+08h]
test byte ptr [ecx+eax+03h], 0000000Fh
je 00007FC9E4BBDC3Dh
movzx eax, byte ptr [ecx+eax+03h]
and eax, FFFFFFF0h
dec esp
add ecx, eax
dec esp
xor ecx, edx
dec ecx
mov ecx, ecx
pop ebx
jmp 00007FC9E4BBD676h
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
xor ecx, ecx
call dword ptr [0001563Fh]
dec eax
mov ecx, ebx
call dword ptr [0001562Eh]
call dword ptr [000155B0h]
dec eax
mov ecx, eax
mov edx, C0000409h
dec eax
add esp, 20h
pop ebx
dec eax
jmp dword ptr [00015624h]
dec eax
mov dword ptr [esp+00h], ecx

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x327b9c	0x64	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x332000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x32c000	0x57e4	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x333000	0x1d38	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x320ef0	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x321100	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x320db0	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x6b000	0x330	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x692f0	0x69400	201d673c76ad9fae647f8cd6a278e333	False	0.4342200489904988	data	6.181155425260236	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x6b000	0x2bd696	0x2bd800	10bd6668708d89ff8ebaa36a6d959f29	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x329000	0x2f1c	0x1600	8e0cf2168d43982c322bc34eed94de2b	False	0.18980823863636365	data	3.2059756111359152	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x32c000	0x57e4	0x5800	4c0d14150dd6a4ac35b35408d7a8233d	False	0.47767223011363635	data	5.711183919097264	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x332000	0x1e0	0x200	0c1ab865bc43ec75ebd479502575ccef	False	0.525390625	data	4.700456763479242	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x333000	0x1d38	0x1e00	3d9cd06dc9d02c11c130514ad02ec0c5	False	0.6712239583333334	data	6.471011674882192	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x332060	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
ntdll.dll	RtlImageDirectoryEntryToData, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlCompareMemory, NtProtectVirtualMemory, RtlImageNtHeader, NtQueryVirtualMemory, RtlGetNtVersionNumbers
KERNEL32.dll	GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, FindNextFileW, FindFirstFileExW, FindClose, VirtualFree, VirtualAlloc, GetModuleHandleW, LoadLibraryA, ReadFile, WriteFile, CreateFileW, CloseHandle, GetProcAddress, GetCurrentProcess, VirtualQuery, EnterCriticalSection, GetModuleFileNameW, LeaveCriticalSection, MultiByteToWideChar, ExitProcess, WideCharToMultiByte, GetLastError, DeleteCriticalSection, SetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, GetSystemTimeAsFileTime, HeapAlloc, HeapFree, GetCurrentThreadId, GetStdHandle, GetFileType, FreeEnvironmentStringsW, RaiseException, HeapReAlloc, HeapSize, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, InitializeCriticalSectionAndSpinCount, FreeLibrary, LoadLibraryExW, LCMapStringW, GetLocaleInfoW, IsValidLocale, EnumSystemLocalesW, GetCPInfo, GetStringTypeW, IsValidCodePage, GetACP, GetOEMCP, GetModuleHandleExW, GetConsoleOutputCP, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, GetProcessHeap, SetStdHandle, ReadConsoleW, FlushFileBuffers, WriteConsoleW, QueryPerformanceCounter, GetCurrentProcessId, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, RtlUnwind, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetUserDefaultLCID, InitializeCriticalSectionEx, DecodePointer, LCMapStringEx
USER32.dll	LoadAcceleratorsA, LoadAcceleratorsW
ADVAPI32.dll	GetTokenInformation, OpenProcessToken

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-29T16:04:04.527661+0100	2049441	ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt	1	192.168.2.6	49707	45.130.145.152	15666	TCP
2024-11-29T16:04:04.527661+0100	2050806	ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2	1	192.168.2.6	49707	45.130.145.152	15666	TCP
2024-11-29T16:04:04.527661+0100	2050807	ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)	1	192.168.2.6	49707	45.130.145.152	15666	TCP
2024-11-29T16:04:04.647932+0100	2050806	ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2	1	192.168.2.6	49707	45.130.145.152	15666	TCP
2024-11-29T16:04:04.647932+0100	2050807	ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)	1	192.168.2.6	49707	45.130.145.152	15666	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 29, 2024 16:03:58.917109013 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:03:59.037187099 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:03:59.037280083 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:03:59.681173086 CET	49708	443	192.168.2.6	104.26.12.205
Nov 29, 2024 16:03:59.681211948 CET	443	49708	104.26.12.205	192.168.2.6
Nov 29, 2024 16:03:59.681317091 CET	49708	443	192.168.2.6	104.26.12.205
Nov 29, 2024 16:03:59.694152117 CET	49708	443	192.168.2.6	104.26.12.205
Nov 29, 2024 16:03:59.694169998 CET	443	49708	104.26.12.205	192.168.2.6
Nov 29, 2024 16:04:01.002680063 CET	443	49708	104.26.12.205	192.168.2.6
Nov 29, 2024 16:04:01.002768040 CET	49708	443	192.168.2.6	104.26.12.205
Nov 29, 2024 16:04:01.104165077 CET	49708	443	192.168.2.6	104.26.12.205
Nov 29, 2024 16:04:01.104182959 CET	443	49708	104.26.12.205	192.168.2.6
Nov 29, 2024 16:04:01.104399920 CET	443	49708	104.26.12.205	192.168.2.6
Nov 29, 2024 16:04:01.104461908 CET	49708	443	192.168.2.6	104.26.12.205
Nov 29, 2024 16:04:01.105912924 CET	49708	443	192.168.2.6	104.26.12.205
Nov 29, 2024 16:04:01.151328087 CET	443	49708	104.26.12.205	192.168.2.6
Nov 29, 2024 16:04:01.472770929 CET	443	49708	104.26.12.205	192.168.2.6
Nov 29, 2024 16:04:01.472830057 CET	443	49708	104.26.12.205	192.168.2.6
Nov 29, 2024 16:04:01.472879887 CET	49708	443	192.168.2.6	104.26.12.205
Nov 29, 2024 16:04:01.472906113 CET	49708	443	192.168.2.6	104.26.12.205
Nov 29, 2024 16:04:01.473274946 CET	49708	443	192.168.2.6	104.26.12.205
Nov 29, 2024 16:04:01.473290920 CET	443	49708	104.26.12.205	192.168.2.6
Nov 29, 2024 16:04:04.527661085 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.647717953 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.647749901 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.647794962 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.647823095 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.647882938 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.647907019 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.647932053 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.647952080 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.648042917 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.648056030 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.648097992 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.648147106 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.648196936 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.648204088 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.648257017 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.766510010 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.766526937 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.766697884 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.767873049 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.767929077 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.767957926 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.767997026 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.768007040 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.768040895 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.768156052 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.768178940 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.768205881 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.768225908 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.768301010 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.768348932 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.780328989 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.780412912 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.886696100 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.886791945 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.886931896 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.887964964 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.888020992 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.888134003 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.888190031 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.888236046 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.888288021 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.888315916 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.888341904 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.888370037 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.888403893 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.888405085 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.888454914 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.900402069 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.900456905 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.900473118 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.900626898 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.900819063 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.900827885 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.900882006 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.900943041 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.900994062 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.901010036 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.901058912 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.901062012 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.901109934 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.901150942 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.901182890 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.901196003 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.901221991 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.901468992 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.901485920 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.901519060 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.901526928 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:04.901539087 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:04.901571989 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.007144928 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.007178068 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.007220030 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.007261038 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.007318974 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.007343054 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.007371902 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.007388115 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.007500887 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.007569075 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.007580042 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.007617950 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.007692099 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.007738113 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.007793903 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.008347988 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.008392096 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.008449078 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.008625984 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.008635998 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.008712053 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.008742094 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.008763075 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.008769035 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.008805990 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.008842945 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.008897066 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.008946896 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.009083986 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.009156942 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.009212017 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.009259939 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.009325027 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.009378910 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.009413004 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.009422064 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.009475946 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.009502888 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.009537935 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.009593010 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.009624958 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.009691000 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.009738922 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.009824991 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.009836912 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.009881020 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.009974003 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.010015965 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.010070086 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.010144949 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.010183096 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.010255098 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.020431995 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.020468950 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.020487070 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.020509005 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.020549059 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.020572901 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.020596027 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.020605087 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.020617962 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.020646095 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.020656109 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.020705938 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.020705938 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.020781040 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.020787954 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.020800114 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.020852089 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.020893097 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.020908117 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.020956993 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.021009922 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.021018982 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.021071911 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.021104097 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.021115065 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.021148920 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.021176100 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.021186113 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.021198988 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.021270990 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.021311998 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.021322012 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.021378994 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.021426916 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.021435976 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.021481037 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.021492958 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.021497965 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.021533012 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.021615028 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.021625042 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.021656990 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.021681070 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.021688938 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.021706104 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.021768093 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.127417088 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.127429962 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.127494097 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.127537966 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.127593040 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.127649069 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.127696991 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.127712965 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.127732038 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.127748966 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.127763987 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.127763987 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.127783060 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.127799988 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.127970934 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.127980947 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.128024101 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.128123045 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.128133059 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.128180027 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.128284931 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.128321886 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.128331900 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.128364086 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.128402948 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.128418922 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.128465891 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.128489971 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.128526926 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.128592968 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.128602982 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.128619909 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.128638029 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.128671885 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.128778934 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.128820896 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.128864050 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.128875017 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.128886938 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.128932953 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.129070997 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.129080057 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.129101992 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.129126072 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.129137039 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.129173040 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.129271030 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.129333973 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.129363060 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.129400015 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.129425049 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.129435062 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.129476070 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.129493952 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.129538059 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.129579067 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.129590034 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.129632950 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.129672050 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.129692078 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.129719973 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.129736900 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.129820108 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.129831076 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.129865885 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.129914045 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.129951000 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.129966974 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.129967928 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.130022049 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.130064011 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.130131006 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.130140066 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.130188942 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.130234003 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.130259991 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.130307913 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.130345106 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.130354881 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.130394936 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.130440950 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.130454063 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.130481958 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.130502939 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.130568981 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.130616903 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.130626917 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.130680084 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.130724907 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.130769014 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.130856037 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.130867004 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.130908966 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.130932093 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.130964994 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.131012917 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.131077051 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.131123066 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.131150007 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.131160021 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.131194115 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.131268024 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.131278038 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.131285906 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.131334066 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.131381035 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.131391048 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.131423950 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.140566111 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.140634060 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.140692949 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.140820026 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.140829086 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.140831947 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.140871048 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.140906096 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.140914917 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.140961885 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.140999079 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.141009092 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.141061068 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.141096115 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.141103983 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.141129971 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.141144991 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.141170979 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.141189098 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.141211033 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.141233921 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.141242981 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.141288996 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.141330957 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.141360044 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.141382933 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.141412973 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.141489983 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.141499996 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.141537905 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.141679049 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.141688108 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.141697884 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.141748905 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.141768932 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.141803980 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.141813040 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.141817093 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.141877890 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.141910076 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.141947031 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.141969919 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.141988993 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.142081022 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142090082 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142147064 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.142180920 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142189980 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142222881 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142230034 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142239094 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.142275095 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.142311096 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142319918 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142359972 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.142405033 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142414093 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142457962 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.142491102 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142532110 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.142632008 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142642021 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142688036 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.142801046 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142810106 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142817020 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142824888 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142848015 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.142880917 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142890930 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142893076 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.142899036 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142946959 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.142959118 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142967939 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.142971992 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.143013000 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.143055916 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.143064976 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.143107891 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.143152952 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.143162966 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.143207073 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.143223047 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.143270016 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.143292904 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.143311024 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.247548103 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.247559071 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.247598886 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.247607946 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.247611046 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.247639894 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.247649908 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.247672081 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.247694969 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.247699022 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.247786045 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.247920036 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.247958899 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.247965097 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.248029947 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.248063087 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.248073101 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.248114109 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.248147964 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.248164892 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.248192072 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.248217106 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.248243093 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.248298883 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.248337984 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.248353958 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.248382092 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.248392105 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.248420954 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.248434067 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.248471022 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.248538971 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.248552084 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.248562098 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.248581886 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.248588085 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.248619080 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.248641014 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.248646021 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.248675108 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.248720884 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.248748064 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.248796940 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.248847008 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.248848915 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.248893023 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.248934984 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.248934984 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249005079 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.249052048 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249059916 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249063969 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249109030 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.249140978 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249149084 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249166965 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249186039 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.249218941 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.249247074 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249284029 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249293089 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249296904 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.249344110 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.249376059 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249397993 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249430895 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.249450922 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249490976 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.249514103 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249521971 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249628067 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249635935 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249663115 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.249706984 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249716997 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249764919 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.249800920 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249809027 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249842882 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.249877930 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249931097 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249942064 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.249972105 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.249980927 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.250000000 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.250041962 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.250087023 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.250102043 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.250144005 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.250158072 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.250176907 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.250217915 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.250233889 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.250305891 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.250351906 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.250351906 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.250411987 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.250422001 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.250435114 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.250444889 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.250468969 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.250499010 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.250540972 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.250549078 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.250591993 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.250624895 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.250658035 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.250673056 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.250713110 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.250746012 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.250797033 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.250844002 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.250889063 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.250914097 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.250926971 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.250958920 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.251032114 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.251039982 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.251082897 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.251087904 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.251137018 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.251180887 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.251190901 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.251229048 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.251233101 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.251296997 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.251306057 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.251355886 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.251363039 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.251401901 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.251405001 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.251447916 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.251472950 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.251482010 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.251526117 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.251553059 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.251580954 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.251600981 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.251616955 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.251668930 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.251713991 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.251750946 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.251799107 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.251848936 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.251868963 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.251898050 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.251920938 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.251936913 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252005100 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.252065897 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252075911 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252125025 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.252224922 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252234936 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252242088 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252249956 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252258062 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252270937 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.252293110 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.252304077 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.252367973 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252377033 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252379894 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252387047 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252428055 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.252469063 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252476931 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252516031 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.252556086 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252564907 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252605915 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.252645969 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252655029 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252686977 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.252703905 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.252717018 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252727032 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252769947 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.252847910 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252856970 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252903938 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.252912998 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252921104 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.252959967 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.252974987 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.252993107 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.253000975 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.253041029 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.253067017 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.253117085 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.253127098 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.253135920 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.253174067 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.253231049 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.253240108 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.253254890 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.253288984 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.253338099 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.253348112 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.253362894 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.253371954 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.253380060 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.253391027 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.253420115 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.253453970 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.253463030 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.253504992 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.253546953 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.253556013 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.253565073 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.253593922 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.253614902 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.260633945 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.260683060 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.260710955 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.260749102 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.260797024 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.260873079 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.260916948 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.260924101 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.260925055 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.260963917 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.261012077 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.261020899 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.261045933 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.261063099 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.261090994 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.261095047 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.261157990 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.261167049 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.261215925 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.261300087 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.261346102 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.261349916 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.261424065 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.261432886 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.261449099 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.261461973 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.261477947 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.261501074 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.261521101 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.261609077 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.261616945 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.261641026 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.261662006 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.261692047 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.261729956 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.261754036 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.261763096 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.261805058 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.261830091 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.261873960 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.262084007 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.262093067 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.262130022 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.262135983 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.262145996 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.262187958 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.262224913 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.262233973 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.262274027 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.262276888 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.262283087 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.262325048 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.262362957 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.262372017 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.262409925 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.262499094 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.262506962 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.262547970 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.262574911 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.262583971 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.262630939 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.262721062 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.262729883 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.262768030 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.262785912 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.262787104 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.262814999 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.262830019 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.262866020 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.262887955 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.262909889 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.262928963 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.262950897 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.263046026 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.263056040 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.263087034 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.263107061 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.263138056 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.263148069 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.263186932 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.263223886 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.263231993 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.263274908 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.263307095 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.263344049 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.263382912 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.263401985 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.263436079 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.263493061 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.263505936 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.263516903 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.263554096 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.263573885 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.263606071 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.263616085 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.263648987 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.263720989 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.263729095 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.263772964 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.263845921 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.263854980 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.263879061 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.263887882 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.263902903 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.263926983 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.263935089 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.264029980 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264039040 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264041901 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264064074 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264081955 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.264121056 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.264161110 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264199018 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264236927 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.264254093 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.264283895 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264307022 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264331102 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.264348984 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.264374971 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264420033 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.264427900 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264491081 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.264496088 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264512062 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264554024 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.264588118 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264610052 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264631033 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.264642954 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.264688969 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264698029 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264743090 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.264771938 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264816999 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264859915 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.264873028 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264882088 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264918089 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.264957905 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.264966011 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265003920 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.265085936 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265094995 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265130043 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.265149117 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.265163898 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265172005 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265197992 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265211105 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.265240908 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265249968 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.265284061 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.265319109 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265362978 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.265377045 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265425920 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.265482903 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265520096 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265526056 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.265563011 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265578032 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.265608072 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265619040 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.265697002 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265701056 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.265707016 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265743017 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.265757084 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265804052 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.265808105 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265866041 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265873909 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265917063 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.265944958 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265969038 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.265996933 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.266012907 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.266050100 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.266057968 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.266098976 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.367789984 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.367872953 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.367934942 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.368007898 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.368088007 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.368134975 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.368248940 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.368315935 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.368366957 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.368551970 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.368571043 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.368617058 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.368782043 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.368830919 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.368876934 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.368932962 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.368952036 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.368998051 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.369033098 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.369301081 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.369352102 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.369478941 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.369488001 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.369528055 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.369559050 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.369569063 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.369616985 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.369668007 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.369718075 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.369762897 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.369851112 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.369860888 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.369904995 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.370024920 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.370035887 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.370078087 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.370235920 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.370330095 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.370338917 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.370382071 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.370382071 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.370428085 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.370573997 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.370636940 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.370687962 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.370718002 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.370759964 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.370803118 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.370976925 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.370985985 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.371022940 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.371110916 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.371119976 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.371157885 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.371184111 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.371257067 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.371270895 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.371335983 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.371345997 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.371383905 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.371402979 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.371499062 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.371536970 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.371587992 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.371603966 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.371659040 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.371709108 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.371750116 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.371828079 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.371875048 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.371933937 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.371949911 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.371999979 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.372096062 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.372138023 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.372179985 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.372205973 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.372246981 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.372291088 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.372370958 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.372383118 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.372423887 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.372476101 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.372545958 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.372592926 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.372622967 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.372641087 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.372687101 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.372821093 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.372829914 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.372869015 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.372972965 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.372982979 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.373018980 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.373107910 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.373116970 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.373153925 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.373219013 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.373259068 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.373311043 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.373358965 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.373374939 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.373416901 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.373513937 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.373522997 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.373563051 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.373589039 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.373635054 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.373678923 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.373725891 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.373792887 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.373838902 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.373874903 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.373884916 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.373924017 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.374021053 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.374030113 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.374068022 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.374103069 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.374110937 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.374147892 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.374185085 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.374195099 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.374243021 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.374288082 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.374392986 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.374439955 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.374475002 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.374484062 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.374521017 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.374615908 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.374624968 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.374669075 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.374681950 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.374733925 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.374782085 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.374788046 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.374797106 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.374835968 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.374927998 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.374937057 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.374975920 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.375009060 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.375080109 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.375124931 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.375171900 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.375221968 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.375253916 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.375272036 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.375282049 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.375361919 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.375410080 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.375411034 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.375437021 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.375480890 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.375581980 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.375590086 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.375627041 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.375793934 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.375966072 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.376015902 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.376190901 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.376275063 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.376310110 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.376336098 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.376369953 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.376390934 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.376435041 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.376472950 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.376563072 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.376616955 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.376637936 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.376679897 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.376730919 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.376759052 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.376811028 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.376867056 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.376909018 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.376955032 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.377005100 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.377023935 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.377067089 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.377119064 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.377152920 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.377217054 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.377268076 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.377305984 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.377419949 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.377475977 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.377562046 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.377607107 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.377648115 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.377655029 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.377718925 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.377748966 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.377770901 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.377795935 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.377851963 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.377895117 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.377907038 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.377969027 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.378021002 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.378070116 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.378124952 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.378180027 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.378293037 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.378402948 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.378447056 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.378451109 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.378499985 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.378554106 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.378563881 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.378637075 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.378690004 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.378731966 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.378806114 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.378855944 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.378855944 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.378982067 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.379005909 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.379031897 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.379056931 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.379089117 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.379131079 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.379157066 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.379232883 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.379261017 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.379280090 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.379343033 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.379524946 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.379534006 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.379586935 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.379647970 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.379681110 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.379731894 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.379779100 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.379813910 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.379869938 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.379914045 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.380011082 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.380059004 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.380089998 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.380202055 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.380254030 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.380301952 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.380414009 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.380464077 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.380500078 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.380637884 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.380646944 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.380696058 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.380757093 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.380805969 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.380873919 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.381026983 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.381082058 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.381211042 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.381341934 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.381397009 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.381560087 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.381676912 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.381724119 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.381848097 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.382081032 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.382090092 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.382129908 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.382232904 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.382241964 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.382266045 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.382280111 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.382308960 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.382308006 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.382352114 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.382397890 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.382456064 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.382498980 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.382559061 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.382617950 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.382666111 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.382797956 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.382854939 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.382895947 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.382941961 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.383042097 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.383049965 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.383058071 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.383085966 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.383148909 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.383163929 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.383208990 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.383258104 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.383266926 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.383311033 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.383347034 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.383409977 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.383454084 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.383554935 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.383563995 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.383601904 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.383603096 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.383614063 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.383651972 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.383780956 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.383789062 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.383832932 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.383842945 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.383924007 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.383965015 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.383972883 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.384064913 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.384109020 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.384218931 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.384228945 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.384263039 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.384404898 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.384449005 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.384501934 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.384608984 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.384618044 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.384656906 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.384763956 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.384773970 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.384812117 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.384907007 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.384968996 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.385015965 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.385057926 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.385066986 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.385109901 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.385179043 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.385234118 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.385278940 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.385341883 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.385350943 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.385389090 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.385390997 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.385400057 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.385437012 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.385477066 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.385516882 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.385531902 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.385555983 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.385603905 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.385611057 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.385653973 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.385694981 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.385724068 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.385823011 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.385838985 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.385870934 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.385889053 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.386003971 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.386012077 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.386054039 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.386132002 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.386141062 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.386157036 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.386184931 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.386198044 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.386209011 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.386337042 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.386344910 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.386394024 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.386432886 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.386482954 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.386490107 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.386565924 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.386612892 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.386641026 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.386710882 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.386750937 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.386770010 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.386805058 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.386847973 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.386857033 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.386898041 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.386940956 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.387016058 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.387025118 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.387053967 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.387072086 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.387108088 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.387135029 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.387173891 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.387224913 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.387278080 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.387321949 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.387368917 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.387475014 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.387484074 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.387526035 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.387634993 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.387645960 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.387690067 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.387775898 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.387814045 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.387867928 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.387933969 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.388004065 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.388051987 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.388091087 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.388171911 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.388225079 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.388273954 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.388417006 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.388426065 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.388433933 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.388477087 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.388493061 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.388500929 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.388540030 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.388614893 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.388623953 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.388638973 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.388657093 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.388663054 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.388675928 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.388701916 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.388751984 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.388761044 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.388808012 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.388812065 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.388820887 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.388868093 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.388978004 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.388987064 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389003038 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389010906 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389029980 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.389051914 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.389087915 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389103889 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389152050 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.389157057 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389179945 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389230967 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.389286041 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389331102 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389372110 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389380932 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.389381886 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389424086 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.389437914 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389446974 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389487982 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.389537096 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389545918 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389592886 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.389611959 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389621973 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389656067 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389661074 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.389664888 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389708996 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.389710903 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389791012 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389834881 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.389863968 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389873028 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389903069 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389923096 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.389925957 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.389950037 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.390065908 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390074968 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390115976 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.390125036 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390152931 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390172958 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.390202045 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.390224934 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390234947 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390280008 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.390319109 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390327930 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390371084 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.390396118 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390404940 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390450001 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.390470982 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390480042 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390525103 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.390575886 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390584946 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390621901 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390633106 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.390670061 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.390671015 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390788078 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390801907 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390818119 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390825033 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390841961 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.390858889 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.390865088 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390904903 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.390913010 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.390960932 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.391011953 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.391025066 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.391093969 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.391102076 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.391145945 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.391205072 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.391213894 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.391258955 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.391261101 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.391304970 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.391305923 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.391336918 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.391350985 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.391380072 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.391390085 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.391483068 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.391527891 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.391545057 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.391691923 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.391736984 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.391773939 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.391845942 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.391892910 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.391896009 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.391932011 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.391941071 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.391971111 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.391993046 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.392015934 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.392031908 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.392131090 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.392139912 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.392180920 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.392226934 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.392237902 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.392283916 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.392359972 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.392412901 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.392456055 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.392606974 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.392642975 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.392663956 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.392682076 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.392687082 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.392730951 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.392759085 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.392767906 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.392807961 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.392812014 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.392824888 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.392832994 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.392853975 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.392869949 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.392889023 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.392999887 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.393050909 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.393093109 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.393184900 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.393230915 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.393239021 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.393340111 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.393387079 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.393407106 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.393415928 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.393425941 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.393465042 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.393558025 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.393567085 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.393613100 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.393651962 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.393747091 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.393785000 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.393793106 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.393794060 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.393837929 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.393851995 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.393923998 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.393965960 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.393974066 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.393976927 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.394010067 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.394023895 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.394062042 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.394071102 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.394175053 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.394182920 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.394217968 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.394220114 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.394237041 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.394273996 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.394375086 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.394383907 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.394392967 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.394407988 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.394422054 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.394435883 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.394454956 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.394479036 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.440323114 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.443325996 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.488167048 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.488177061 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.488281012 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.488312960 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.488352060 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.488393068 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.488400936 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.488430023 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.488445044 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.488472939 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.488675117 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.488686085 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.488711119 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.488719940 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.488738060 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.488769054 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.488787889 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.488804102 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.488826990 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.488857985 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.488929987 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.488974094 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.489000082 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489007950 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489057064 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489057064 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.489141941 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489150047 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489204884 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.489243984 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489255905 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489296913 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.489334106 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489343882 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489347935 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489387035 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.489398956 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489425898 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489435911 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489490032 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.489586115 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489593983 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489619970 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489638090 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.489670038 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.489749908 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489758968 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489799976 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.489814043 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489823103 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489883900 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.489957094 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.489965916 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490006924 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.490051031 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490058899 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490099907 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.490132093 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490164995 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490206003 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.490317106 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490326881 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490369081 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.490396023 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490406990 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490446091 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.490463018 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490484953 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490523100 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.490603924 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490613937 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490624905 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490655899 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.490678072 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.490748882 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490797043 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490804911 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490814924 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490850925 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490854025 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.490947962 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490957975 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.490995884 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.491002083 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.491013050 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.491050005 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.491111994 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.491121054 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.491164923 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.491198063 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.491205931 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.491245031 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.491261005 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.491270065 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.491309881 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.491353989 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.491370916 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.491410971 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.491477966 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.491487026 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.491533041 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.491605997 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.491738081 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.491786003 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.491795063 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.491884947 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.491931915 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.492005110 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.492057085 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.492110968 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.492157936 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.492275953 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.492321968 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.492336988 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.492374897 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.492433071 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.492434978 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.492465019 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.492516041 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.492523909 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.492619038 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.492672920 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.492705107 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.492858887 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.492908955 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.492944002 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.493079901 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.493133068 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.493133068 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.493232012 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.493277073 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.493279934 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.493328094 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.493381977 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.493411064 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.493573904 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.493582010 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.493628979 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.493666887 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.493710995 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.493761063 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.493822098 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.493860960 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.493910074 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.493936062 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.494096041 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.494148970 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.494188070 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.494285107 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.494328022 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.494432926 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.494636059 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.494692087 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.494698048 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.494852066 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.494904041 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.494940042 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.495059967 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.495115042 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.495161057 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.495191097 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.495242119 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.495326042 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.495462894 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.495512009 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.495516062 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.495668888 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.495717049 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.495727062 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.495846033 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.495903969 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.495920897 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.495929956 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.495971918 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.495997906 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.496062994 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.496107101 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.496145010 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.496284008 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.496292114 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.496332884 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.496332884 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.496419907 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.496471882 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.496511936 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.496536016 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.496581078 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.496674061 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.496781111 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.496788025 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.496844053 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.496891975 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.496937990 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.497006893 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.497097015 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.497153997 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.497227907 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.497323036 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.497369051 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.497462034 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.497472048 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.497512102 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.497523069 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.497554064 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.497673035 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.497715950 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.497832060 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.497884035 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.497931004 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.498059988 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.498148918 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.498200893 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.498323917 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.498497963 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.498545885 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.498595953 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.498693943 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.498744011 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.498923063 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.499111891 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.499120951 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.499124050 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.499157906 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.499186039 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.499191999 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.499259949 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.499272108 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.499303102 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.499334097 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.499360085 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.499381065 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.499406099 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.499445915 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.499614000 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.499663115 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.499736071 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.499882936 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.499937057 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.499986887 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.500210047 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.500216961 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.500225067 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.500272036 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.500288010 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.500705004 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.500713110 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.500720978 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.500777960 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.500885963 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.500894070 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.500938892 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.500951052 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.500999928 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.501046896 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.501198053 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.501207113 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.501214981 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.501256943 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.501262903 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.501491070 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.501498938 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.501543999 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.501604080 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.501612902 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.501624107 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.501674891 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.501712084 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.501931906 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.501940012 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.501946926 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.501995087 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.502073050 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.502082109 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.502130985 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.502249956 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.502258062 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.502300978 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.502331018 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.502338886 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.502384901 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.502458096 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.502468109 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.502505064 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.502538919 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.502547979 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.502585888 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.502676964 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.502686024 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.502718925 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.502852917 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.502861977 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.502868891 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.502901077 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.502918005 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.502975941 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.503020048 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.503026962 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.503052950 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.503070116 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.503212929 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.503221989 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.503225088 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.503227949 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.503272057 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.503381968 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.503390074 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.503426075 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.503459930 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.503468037 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.503504992 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.503614902 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.503623009 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.503657103 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.503741980 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.503751040 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.503783941 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.503829002 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.503837109 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.503871918 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.503992081 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.503999949 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.504008055 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.504034996 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.504040956 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.504049063 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.504084110 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.504268885 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.504277945 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.504308939 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.504347086 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.504355907 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.504393101 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.504498959 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.504714966 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.504723072 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.504730940 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.504750967 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.504772902 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.504806995 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.504815102 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.504825115 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.504851103 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.504874945 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.505036116 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.505048037 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.505059004 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.505067110 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.505074024 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.505112886 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.505114079 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.505125046 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.505153894 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.505166054 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.505253077 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.505295038 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.505336046 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.505337954 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.505461931 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.505500078 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.505503893 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.505526066 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.505573988 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.505625963 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.505659103 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.505703926 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.505732059 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.505798101 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.505845070 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.505861998 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.505871058 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.505917072 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.505935907 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.505963087 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.506010056 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.506051064 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.506061077 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.506102085 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.506197929 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.506206989 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.506220102 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.506252050 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.506264925 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.506300926 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.506345987 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.506392956 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.506395102 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.506450891 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.506495953 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.506505013 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.506546021 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.506596088 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.506637096 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.506640911 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.506707907 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.506753922 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.506753922 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.506799936 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.506814957 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.506824970 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.506863117 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.506938934 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.506979942 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.506992102 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.507103920 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.507112980 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.507128954 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.507136106 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.507153988 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.507170916 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.507191896 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.507239103 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.507247925 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.507294893 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.507353067 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.507361889 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.507402897 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.507405996 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.507472992 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.507529020 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.507549047 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.507565022 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.507611036 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.507647991 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.507658005 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.507699966 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.507741928 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.507750034 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.507791042 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.507822037 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.507913113 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.507920980 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.507958889 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.507977962 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.508050919 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.508058071 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.508093119 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.508121967 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.508162022 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.508234978 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.508280039 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.508315086 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.508323908 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.508363962 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.508399010 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.508426905 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.508476973 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.508542061 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.508559942 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.508610010 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.508624077 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.508634090 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.508671045 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.508733034 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.508743048 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.508781910 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.508856058 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.508863926 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.508904934 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.508939028 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.508948088 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.508991957 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.509021044 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509073973 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509108067 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509113073 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.509115934 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509154081 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.509205103 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509213924 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509251118 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.509282112 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509368896 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509377956 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509386063 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509428978 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.509466887 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509475946 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509517908 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.509553909 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509562969 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509603024 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.509634972 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509644985 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509681940 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509681940 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.509711981 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509763956 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.509824991 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509835958 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509876013 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.509893894 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509902000 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509939909 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.509953976 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.509967089 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.510008097 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.510035992 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.510080099 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.510122061 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.510129929 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.510585070 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.510593891 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.510601997 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.510610104 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.510617971 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.510626078 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.510627985 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.510633945 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.510643005 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.510648012 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.510652065 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.510672092 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.510685921 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.552318096 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.555372000 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.555568933 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.555632114 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.555685043 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.555757999 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.555810928 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.555869102 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.555917025 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.649270058 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.649441004 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.650003910 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.650067091 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.650113106 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.650154114 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.650197029 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.650254011 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.650295973 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.650347948 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.650401115 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.650454044 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.650492907 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.650552034 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.650604010 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.650667906 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.650715113 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.650769949 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.650819063 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.650882959 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.650933981 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.650984049 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.651015997 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.675605059 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.675817966 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.675899982 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.675959110 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.676027060 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.676084995 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.676145077 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.676199913 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.676265955 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.676317930 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.676379919 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.676429987 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.676492929 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.676536083 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.716332912 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.716543913 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.716635942 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.757150888 CET	15666	49707	45.130.145.152	192.168.2.6
Nov 29, 2024 16:04:05.757376909 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.757503033 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.757591963 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.757668018 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.757728100 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.757792950 CET	49707	15666	192.168.2.6	45.130.145.152
Nov 29, 2024 16:04:05.769937038 CET	15666	49707	45.130.145.152	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 29, 2024 16:03:59.536902905 CET	192.168.2.6	1.1.1.1	0x3a1d	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Nov 29, 2024 16:03:59.674184084 CET	1.1.1.1	192.168.2.6	0x3a1d	No error (0)	api.ipify.org	104.26.12.205	A (IP address)	IN (0x0001)	false
Nov 29, 2024 16:03:59.674184084 CET	1.1.1.1	192.168.2.6	0x3a1d	No error (0)	api.ipify.org	104.26.13.205	A (IP address)	IN (0x0001)	false
Nov 29, 2024 16:03:59.674184084 CET	1.1.1.1	192.168.2.6	0x3a1d	No error (0)	api.ipify.org	172.67.74.152	A (IP address)	IN (0x0001)	false

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49708	104.26.12.205	443	3492	C:\Users\user\Desktop\siveria.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 15:04:01 UTC	100	OUT	GET / HTTP/1.1 Accept: text/html; text/plain; / Host: api.ipify.org Cache-Control: no-cache
2024-11-29 15:04:01 UTC	424	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 15:04:01 GMT Content-Type: text/plain Content-Length: 12 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8ea37ce00d5703d5-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1999&min_rtt=1815&rtt_var=1048&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2819&recv_bytes=738&delivery_rate=888348&cwnd=223&unsent_bytes=0&cid=4dd832a673e3c999&ts=480&x=0"
2024-11-29 15:04:01 UTC	12	IN	Data Raw: 38 2e 34 36 2e 31 32 33 2e 32 32 38 Data Ascii: 8.46.123.228

Target ID:	0
Start time:	10:03:58
Start date:	29/11/2024
Path:	C:\Users\user\Desktop\siveria.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\siveria.exe"
Imagebase:	0x7ff6612b0000
File size:	3'341'824 bytes
MD5 hash:	FFCD6C4FE2661CFA22792CC0D68D21D2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000000.00000002.2326177026.000001FE725B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	6.2%
Dynamic/Decrypted Code Coverage:	87.9%
Signature Coverage:	22.2%
Total number of Nodes:	2000
Total number of Limit Nodes:	55

Executed Functions

Function 000001FE72425B70 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 225
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemMetrics.USER32 ref: 000001FE72425BB1
GetSystemMetrics.USER32 ref: 000001FE72425BBF
GetSystemMetrics.USER32 ref: 000001FE72425BCD
GetSystemMetrics.USER32 ref: 000001FE72425BDB
GetDC.USER32 ref: 000001FE72425BE5
GetDeviceCaps.GDI32 ref: 000001FE72425BFB
GetDeviceCaps.GDI32 ref: 000001FE72425C0B
CreateCompatibleDC.GDI32 ref: 000001FE72425C18
CreateCompatibleBitmap.GDI32 ref: 000001FE72425C30
SelectObject.GDI32 ref: 000001FE72425C46
BitBlt.GDI32 ref: 000001FE72425C7C
SHCreateMemStream.SHLWAPI ref: 000001FE72425CB2
SelectObject.GDI32 ref: 000001FE72425CC8
DeleteDC.GDI32 ref: 000001FE72425CD1
ReleaseDC.USER32 ref: 000001FE72425CDC
DeleteObject.GDI32 ref: 000001FE72425CE5
EnterCriticalSection.KERNEL32 ref: 000001FE72425DDC
LeaveCriticalSection.KERNEL32 ref: 000001FE72425DEE
IStream_Size.SHLWAPI ref: 000001FE72425E25
IStream_Reset.SHLWAPI ref: 000001FE72425E36
IStream_Read.SHLWAPI ref: 000001FE72425EBB
SelectObject.GDI32 ref: 000001FE72425F15
DeleteDC.GDI32 ref: 000001FE72425F1E
ReleaseDC.USER32 ref: 000001FE72425F2B
DeleteObject.GDI32 ref: 000001FE72425F34

Strings

, xrefs: 000001FE72425C51

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Object$DeleteMetricsSystem$CreateSelectStream_$CapsCompatibleCriticalDeviceReleaseSection$BitmapEnterLeaveReadResetSizeStream
String ID:
API String ID: 3214587331-3916222277
Opcode ID: 7f29424d3ead8c8ab7e32e0c66aef27a74aa28fe3180dede61f6c59901bdf73b
Instruction ID: 39eef3b82cb08d00aff3090109769fe295600014d54c6164882d85338c98f3a2
Opcode Fuzzy Hash: 7f29424d3ead8c8ab7e32e0c66aef27a74aa28fe3180dede61f6c59901bdf73b
Instruction Fuzzy Hash: 27B12332215BC186E760EB22E8543EEB3E5F799B80F405625DA9D47769EF38C444CF80

Function 000001FE7245B5B0 Relevance: 27.2, APIs: 18, Instructions: 229
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesExW.KERNEL32 ref: 000001FE7245B65D
GetLastError.KERNEL32 ref: 000001FE7245B667
FindFirstFileW.KERNEL32 ref: 000001FE7245B67E
GetLastError.KERNEL32 ref: 000001FE7245B68A
FindClose.KERNEL32 ref: 000001FE7245B698
__std_fs_open_handle.LIBCPMT ref: 000001FE7245B72B
CloseHandle.KERNEL32 ref: 000001FE7245B741
CloseHandle.KERNEL32 ref: 000001FE7245B8B4

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
String ID:
API String ID: 2398595512-0
Opcode ID: ae06ef96b620ec177ea6819a3a1ac38214177ad565b87e13f1ccf53398ca1eb7
Instruction ID: 9239a448ae44160063d22828ea35d4dc35751595f6d0f5f42ac30fbb59fee5e8
Opcode Fuzzy Hash: ae06ef96b620ec177ea6819a3a1ac38214177ad565b87e13f1ccf53398ca1eb7
Instruction Fuzzy Hash: C6912E31600A4286FA64AB37A8157B973D0A785BB4F585734D9B64B7F8EB38C8059F80

Function 000001FE72428030 Relevance: 22.6, APIs: 3, Strings: 9, Instructions: 1600COMMON

Download Yara Rule

APIs

Part of subcall function 000001FE72426C70: GetCurrentHwProfileW.ADVAPI32 ref: 000001FE72426CAC

Part of subcall function 000001FE72426540: EnumDisplayDevicesW.USER32 ref: 000001FE72426657
Part of subcall function 000001FE72426540: EnumDisplayDevicesW.USER32 ref: 000001FE724266FB

Part of subcall function 000001FE72426460: RegGetValueA.ADVAPI32 ref: 000001FE724264C9

Part of subcall function 000001FE72426150: GetUserNameW.ADVAPI32 ref: 000001FE72426195

Part of subcall function 000001FE724261F0: GetComputerNameW.KERNEL32 ref: 000001FE72426235

GlobalMemoryStatusEx.KERNEL32 ref: 000001FE724287BC
wcsftime.LIBCMT ref: 000001FE72428FB2
GetModuleFileNameA.KERNEL32 ref: 000001FE72429146

Strings

%d-%m-%Y, %H:%M:%S, xrefs: 000001FE72428F9F
system, xrefs: 000001FE72428424, 000001FE72428513, 000001FE72428609, 000001FE72428703, 000001FE7242884B, 000001FE72428945, 000001FE72428A38, 000001FE72428BBF, 000001FE72428DB0, 000001FE72429031, 000001FE724291F4, 000001FE7242940E, 000001FE724295AD, 000001FE72429757, 000001FE7242981D
time, xrefs: 000001FE72429081
cpu, xrefs: 000001FE72428658
ram, xrefs: 000001FE7242889B
computer_name, xrefs: 000001FE72428994
user_name, xrefs: 000001FE7242846F
timezone, xrefs: 000001FE72429454
gpu, xrefs: 000001FE72428562

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Name$DevicesDisplayEnum$ComputerCurrentFileGlobalMemoryModuleProfileStatusUserValuewcsftime
String ID: %d-%m-%Y, %H:%M:%S$computer_name$cpu$gpu$ram$system$time$timezone$user_name
API String ID: 2509368203-1182675529
Opcode ID: 94caa90cb02c2b45b2d6ace8ee1e8e8d1cd1b089b7b56b13961b7090b4054943
Instruction ID: 046e5e20eb5aa257e547106572eb3022e4476bb702e6ee8821d7940ae7cc5d46
Opcode Fuzzy Hash: 94caa90cb02c2b45b2d6ace8ee1e8e8d1cd1b089b7b56b13961b7090b4054943
Instruction Fuzzy Hash: E3F28F32614BC295EB21DF26D8403ED77E1F799798F509325EA8D47BA9EB38C244CB40

Function 000001FE723DD570 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 862
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32 ref: 000001FE723DD65C
GetProcAddress.KERNEL32 ref: 000001FE723DD767
GetProcAddress.KERNEL32 ref: 000001FE723DD829
GetProcAddress.KERNEL32 ref: 000001FE723DD8A3
GetProcAddress.KERNEL32 ref: 000001FE723DD925
GetProcAddress.KERNEL32 ref: 000001FE723DD99F
GetProcAddress.KERNEL32 ref: 000001FE723DDA23
FreeLibrary.KERNEL32 ref: 000001FE723DE551

Strings

system, xrefs: 000001FE723DE35D
vault, xrefs: 000001FE723DE3B3
cannot use push_back() with , xrefs: 000001FE723DE59F

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: AddressProc$Library$FreeLoad
String ID: cannot use push_back() with $system$vault
API String ID: 2449869053-1741236777
Opcode ID: 80a70884cdec41dda7643c934449dd7419392d6542b3f574aec0f4db0f318038
Instruction ID: fddce065ce1a455e613ea3c39a718f6c2ddef690be57b3e32046b86d8e7a674c
Opcode Fuzzy Hash: 80a70884cdec41dda7643c934449dd7419392d6542b3f574aec0f4db0f318038
Instruction Fuzzy Hash: 72925C32605BC69ADB609F25E8843ED77A1F749798F104326EB9C4BBA9EF34C644C740

Function 000001FE72405970 Relevance: 17.8, Strings: 14, Instructions: 304
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

key, xrefs: 000001FE7240C60E, 000001FE7240C740
@, xrefs: 000001FE72409B9B
exists, xrefs: 000001FE72405F90, 000001FE7240A58E, 000001FE7240A5DE, 000001FE7240A6AC, 000001FE7240A76E, 000001FE7240A83C, 000001FE7240CA70, 000001FE7240D060, 000001FE7240F48D, 000001FE7240F779
recursive_directory_iterator::recursive_directory_iterator, xrefs: 000001FE7240A68F, 000001FE7240A6C9, 000001FE7240A81F
chrome_key, xrefs: 000001FE7240C851, 000001FE7240C97F
cannot use push_back() with , xrefs: 000001FE7240A625, 000001FE7240A6FE, 000001FE7240A7B5, 000001FE7240DDD5
filename, xrefs: 000001FE72406D9C, 000001FE724078E3, 000001FE72408376, 000001FE72408E23, 000001FE72409793, 000001FE72409F35, 000001FE7240D5FC, 000001FE7240DAE0
@, xrefs: 000001FE7240A32B
recursive_directory_iterator::operator++, xrefs: 000001FE7240A678, 000001FE7240A745, 000001FE7240A808
., xrefs: 000001FE72405C70
prefs.js, xrefs: 000001FE7240E5E2
status, xrefs: 000001FE7240A5B5, 000001FE7240A600, 000001FE7240A6D9, 000001FE7240A790, 000001FE7240A863, 000001FE7240A885, 000001FE7240A89B, 000001FE7240A8BD, 000001FE7240CA99, 000001FE7240DE11, 000001FE7240DE33, 000001FE7240DE5B, 000001FE7240DE83, 000001FE7240F764
directory_iterator::directory_iterator, xrefs: 000001FE7240A5A5, 000001FE7240A853, 000001FE7240A875, 000001FE7240A8AD, 000001FE7240CA83, 000001FE7240DE23, 000001FE7240F4A4, 000001FE7240F78C
content, xrefs: 000001FE72406EB7, 000001FE724079CA, 000001FE7240845D, 000001FE72408F0A, 000001FE724098AE, 000001FE7240A03E, 000001FE7240D6B3, 000001FE7240DB94

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID:
String ID: .$@$@$cannot use push_back() with $chrome_key$content$directory_iterator::directory_iterator$exists$filename$key$prefs.js$recursive_directory_iterator::operator++$recursive_directory_iterator::recursive_directory_iterator$status
API String ID: 0-4287193513
Opcode ID: d85864b6336acd62be5f7280330fa91da0aadc80efc30bd9caf6eb99ab158536
Instruction ID: 272481026d73c8ea0525b9dac2d47dd4c9f8149ea54d8193cce2a69086768efb
Opcode Fuzzy Hash: d85864b6336acd62be5f7280330fa91da0aadc80efc30bd9caf6eb99ab158536
Instruction Fuzzy Hash: 56C18172204B8686EB70AB27E4443F973E1F748794F544361EB994B7A4EB38CC85CB80

Function 000001FE7241C600 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 173
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000001FE7241F820: GetCurrentProcess.KERNEL32 ref: 000001FE7241F85B
Part of subcall function 000001FE7241F820: OpenProcessToken.ADVAPI32 ref: 000001FE7241F86E
Part of subcall function 000001FE7241F820: GetTokenInformation.ADVAPI32 ref: 000001FE7241F8AA

ExitProcess.KERNEL32 ref: 000001FE7241C647
OpenMutexA.KERNEL32 ref: 000001FE7241C762
ExitProcess.KERNEL32 ref: 000001FE7241C772
CreateMutexA.KERNEL32 ref: 000001FE7241C791
ExitProcess.KERNEL32 ref: 000001FE7241C7B7

Part of subcall function 000001FE7241FB60: GetModuleFileNameW.KERNEL32 ref: 000001FE7241FBAA

Part of subcall function 000001FE7242A780: CoInitializeEx.OLE32 ref: 000001FE7242A7EA

Strings

SeDebugPrivilege, xrefs: 000001FE7241C64E
SeImpersonatePrivilege, xrefs: 000001FE7241C65A

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Process$Exit$MutexOpenToken$CreateCurrentFileInformationInitializeModuleName
String ID: SeDebugPrivilege$SeImpersonatePrivilege
API String ID: 470559343-3768118664
Opcode ID: 06f330de910fb0bd8a0805ee4733704188030b60338d59cfce2465abae6080ec
Instruction ID: 6bef26d13131d44a1f79de96d5a319ab8498e25b2e0e4261ce492d68005dbf43
Opcode Fuzzy Hash: 06f330de910fb0bd8a0805ee4733704188030b60338d59cfce2465abae6080ec
Instruction Fuzzy Hash: FE619132614B8382EA20BB66E8513FE73D0FB85780F505735EA9D466F6FF28C0459E81

Function 000001FE723D4B70 Relevance: 15.3, APIs: 3, Strings: 5, Instructions: 1343registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 000001FE723D509B
RegQueryValueExA.ADVAPI32 ref: 000001FE723D50E9
RegCloseKey.ADVAPI32 ref: 000001FE723D5186

Strings

exists, xrefs: 000001FE723D6398, 000001FE723D63E3, 000001FE723D647A
status, xrefs: 000001FE723D6403, 000001FE723D6413
directory_iterator::directory_iterator, xrefs: 000001FE723D6441
content, xrefs: 000001FE723D55A3, 000001FE723D5BF6, 000001FE723D6120
filename, xrefs: 000001FE723D549A, 000001FE723D5A28, 000001FE723D5F59

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID: content$directory_iterator::directory_iterator$exists$filename$status
API String ID: 3677997916-3429737954
Opcode ID: 44abb15e63e4dc58b5fa2400b0bced3606d5929ce26253b4556b1fcf68d5f94b
Instruction ID: 085b7758680341b961021cd9686e10ef0e6dc8243f1e104b67a3ba8cf1731aa5
Opcode Fuzzy Hash: 44abb15e63e4dc58b5fa2400b0bced3606d5929ce26253b4556b1fcf68d5f94b
Instruction Fuzzy Hash: 37E2A172600BC29AEB219F35D8803ED73A5F795758F505326EB5C0BAA9EF74C684CB40

Function 000001FE723D2CA0 Relevance: 14.8, APIs: 3, Strings: 5, Instructions: 789
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.ADVAPI32 ref: 000001FE723D3022
RegQueryValueExA.ADVAPI32 ref: 000001FE723D306A
RegCloseKey.ADVAPI32 ref: 000001FE723D30F7

Strings

exists, xrefs: 000001FE723D39BE
status, xrefs: 000001FE723D39F9
directory_iterator::directory_iterator, xrefs: 000001FE723D39DD
content, xrefs: 000001FE723D3694
filename, xrefs: 000001FE723D3500

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID: content$directory_iterator::directory_iterator$exists$filename$status
API String ID: 3677997916-3429737954
Opcode ID: 5a814a14b5fbe29d0cd3de77decec1a71dc5f091c45ed2303f0970953dcae146
Instruction ID: 7a897b5aedc8f2488d218f52b10d524d20205949d25aaf93bc0829050b971ba1
Opcode Fuzzy Hash: 5a814a14b5fbe29d0cd3de77decec1a71dc5f091c45ed2303f0970953dcae146
Instruction Fuzzy Hash: 66827172611BC69ADB209F35D8403ED73A1F789798F105325EA9D17BA9EF38C584CB80

Function 000001FE72442E3C Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335
timeCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 000001FE72442E81

Part of subcall function 000001FE724424E8: _invalid_parameter_noinfo.LIBCMT ref: 000001FE724424FC

Part of subcall function 000001FE7243D3C8: HeapFree.KERNEL32 ref: 000001FE7243D3DE
Part of subcall function 000001FE7243D3C8: GetLastError.KERNEL32 ref: 000001FE7243D3E8

Part of subcall function 000001FE7244BA84: _invalid_parameter_noinfo.LIBCMT ref: 000001FE7244B9CF

_get_daylight.LIBCMT ref: 000001FE72442E70

Part of subcall function 000001FE72442548: _invalid_parameter_noinfo.LIBCMT ref: 000001FE7244255C

_get_daylight.LIBCMT ref: 000001FE724430E6
_get_daylight.LIBCMT ref: 000001FE724430F7
_get_daylight.LIBCMT ref: 000001FE72443108
GetTimeZoneInformation.KERNEL32 ref: 000001FE7244312F

Strings

Eastern Summer Time, xrefs: 000001FE724431ED
Eastern Standard Time, xrefs: 000001FE724431D5

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 355007559-239921721
Opcode ID: d27e707e32a7a668b79f18f39980f86f66c1361dc0c94ac41fd5faca01788e5a
Instruction ID: 0ab254b04d3948deedc3f9f114808e63a52c3070f1e1e34d3a53300ae0b2b6d6
Opcode Fuzzy Hash: d27e707e32a7a668b79f18f39980f86f66c1361dc0c94ac41fd5faca01788e5a
Instruction Fuzzy Hash: BFD1A236A0065286EB24FF27D8513F977E2F794B94F548335DA19476A6FB38C4428F80

Function 000001FE72425240 Relevance: 13.9, APIs: 9, Instructions: 408
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET ref: 000001FE7242540B
InternetOpenUrlA.WININET ref: 000001FE724254E8
HttpQueryInfoW.WININET ref: 000001FE72425549
HttpQueryInfoW.WININET ref: 000001FE724255E2
InternetQueryDataAvailable.WININET ref: 000001FE72425626
InternetReadFile.WININET ref: 000001FE724256E9
InternetQueryDataAvailable.WININET ref: 000001FE724257B4
InternetCloseHandle.WININET ref: 000001FE7242585E
Concurrency::cancel_current_task.LIBCPMT ref: 000001FE724258BB

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Internet$Query$AvailableDataHttpInfoOpen$CloseConcurrency::cancel_current_taskFileHandleRead
String ID:
API String ID: 1475545111-0
Opcode ID: 49e77669582fa3e652aa993ac52c379e5c88da31bf1b2499a969205812445a96
Instruction ID: 35a7b1e915ba54ec328bea638aff476250147b05ec49961ebded631bb26cd3b4
Opcode Fuzzy Hash: 49e77669582fa3e652aa993ac52c379e5c88da31bf1b2499a969205812445a96
Instruction Fuzzy Hash: E8028032A14B9586EB10DB6AE8403AE77F5F795794F104325EE9D57BA8EF78C080CB40

Function 000001FE72460658 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000001FE7246023C: _invalid_parameter_noinfo.LIBCMT ref: 000001FE7246027D
Part of subcall function 000001FE7246023C: _invalid_parameter_noinfo.LIBCMT ref: 000001FE724602FB
Part of subcall function 000001FE7246023C: _invalid_parameter_noinfo.LIBCMT ref: 000001FE7246034C

CreateFileW.KERNEL32 ref: 000001FE7246075E
CreateFileW.KERNEL32 ref: 000001FE724607AE
GetLastError.KERNEL32 ref: 000001FE724607DE
GetFileType.KERNEL32 ref: 000001FE724607F3
GetLastError.KERNEL32 ref: 000001FE724607FD
CloseHandle.KERNEL32 ref: 000001FE72460830
CloseHandle.KERNEL32 ref: 000001FE72460993
CreateFileW.KERNEL32 ref: 000001FE724609C8
GetLastError.KERNEL32 ref: 000001FE724609D7

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: 9219a76bbf5b0a68fd8075754a2c2160bfaa822f6e476498c8a23ea95eed312f
Instruction ID: e4683adbccc5193fffd1ced99d348e763f4cd3a925847faf8ff80a1ad1505f75
Opcode Fuzzy Hash: 9219a76bbf5b0a68fd8075754a2c2160bfaa822f6e476498c8a23ea95eed312f
Instruction Fuzzy Hash: 32C1B037720A4186EB10EFA6C4946ED37B1F349B98F015325DE2A9B7E9EB34C455CB80

Function 000001FE72406350 Relevance: 13.4, APIs: 1, Strings: 6, Instructions: 1136
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

recursive_directory_iterator::operator++, xrefs: 000001FE7240A678, 000001FE7240A745, 000001FE7240A808
exists, xrefs: 000001FE7240A5DE, 000001FE7240A6AC, 000001FE7240A76E, 000001FE7240A83C
recursive_directory_iterator::recursive_directory_iterator, xrefs: 000001FE7240A68F, 000001FE7240A6C9, 000001FE7240A81F
status, xrefs: 000001FE7240A600, 000001FE7240A6D9, 000001FE7240A790, 000001FE7240A863, 000001FE7240A885, 000001FE7240A89B, 000001FE7240A8BD
directory_iterator::directory_iterator, xrefs: 000001FE7240A853, 000001FE7240A875, 000001FE7240A8AD
cannot use push_back() with , xrefs: 000001FE7240A625, 000001FE7240A6FE, 000001FE7240A7B5

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: __std_fs_convert_wide_to_narrow$__std_fs_code_page
String ID: cannot use push_back() with $directory_iterator::directory_iterator$exists$recursive_directory_iterator::operator++$recursive_directory_iterator::recursive_directory_iterator$status
API String ID: 3645842244-1862120484
Opcode ID: de5a621f2f067d1123de94e788919e3c44fbe91b6b887da37095cf4d544f4034
Instruction ID: 71af3d40855e99452ede26c1f0b6c3d499c00ad5f7b896d825f547b86be8733c
Opcode Fuzzy Hash: de5a621f2f067d1123de94e788919e3c44fbe91b6b887da37095cf4d544f4034
Instruction Fuzzy Hash: 29D22572508BCA85D6709B1AF4813AAB3A0F7D8784F405325EACC57B69EB3CC294CF44

Function 000001FE723D20B0 Relevance: 12.9, APIs: 3, Strings: 4, Instructions: 684
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.ADVAPI32 ref: 000001FE723D2409
RegQueryValueExA.ADVAPI32 ref: 000001FE723D244E
RegCloseKey.ADVAPI32 ref: 000001FE723D24F7

Strings

exists, xrefs: 000001FE723D2C42
directory_iterator::directory_iterator, xrefs: 000001FE723D2C64
content, xrefs: 000001FE723D2915
filename, xrefs: 000001FE723D2787

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID: content$directory_iterator::directory_iterator$exists$filename
API String ID: 3677997916-1400943384
Opcode ID: 03e4d06697ffb6064e1e745876f9dffcd224e37e7b8d43340098c93bda25d43c
Instruction ID: fcc4bd3addeebec16af1b1ef33babce1fbffd2f4f318a67a14b1bd03913c6afe
Opcode Fuzzy Hash: 03e4d06697ffb6064e1e745876f9dffcd224e37e7b8d43340098c93bda25d43c
Instruction Fuzzy Hash: 58728572610BC69AEB109F35D8803ED77A0F789798F109325EA9C17BA9DF34C685C780

Function 000001FE7241F020 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 451
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileSize.KERNEL32 ref: 000001FE7241F261
SetFilePointer.KERNEL32 ref: 000001FE7241F314
ReadFile.KERNEL32 ref: 000001FE7241F343

Strings

ios_base::badbit set, xrefs: 000001FE7241F771, 000001FE7241F7EF
ios_base::eofbit set, xrefs: 000001FE7241F784
exists, xrefs: 000001FE7241F7CA
ios_base::failbit set, xrefs: 000001FE7241F77D

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: File$PointerReadSize
String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 404940565-15404121
Opcode ID: cdc9b60c854cdcbeaf71dfb81e76edab83bed13f15cecf9c3a3e5e36df3e413e
Instruction ID: a48c3c61cb0796e84b0856d16f4bb92620e2c2fe4e6f440405651baa63bbcf1a
Opcode Fuzzy Hash: cdc9b60c854cdcbeaf71dfb81e76edab83bed13f15cecf9c3a3e5e36df3e413e
Instruction Fuzzy Hash: DD321632610BC689EB20DF35D8803ED37A1F785788F548226DB4D5BBA9EB74C545DB40

Function 000001FE724430B8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 000001FE724430E6

Part of subcall function 000001FE72442548: _invalid_parameter_noinfo.LIBCMT ref: 000001FE7244255C

_get_daylight.LIBCMT ref: 000001FE724430F7

Part of subcall function 000001FE724424E8: _invalid_parameter_noinfo.LIBCMT ref: 000001FE724424FC

_get_daylight.LIBCMT ref: 000001FE72443108

Part of subcall function 000001FE72442518: _invalid_parameter_noinfo.LIBCMT ref: 000001FE7244252C

Part of subcall function 000001FE7243D3C8: HeapFree.KERNEL32 ref: 000001FE7243D3DE
Part of subcall function 000001FE7243D3C8: GetLastError.KERNEL32 ref: 000001FE7243D3E8

GetTimeZoneInformation.KERNEL32 ref: 000001FE7244312F

Strings

Eastern Summer Time, xrefs: 000001FE724431ED
Eastern Standard Time, xrefs: 000001FE724431D5

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 3458911817-239921721
Opcode ID: a0b2f147c5ed72e73a9ba99eccd64d774068bd057930b9dd808764ab5dc4e304
Instruction ID: 6dc55ef05f00e688ebd7382ed41435e220338d6873a3153293039df434c0fbaf
Opcode Fuzzy Hash: a0b2f147c5ed72e73a9ba99eccd64d774068bd057930b9dd808764ab5dc4e304
Instruction Fuzzy Hash: 78513132A1064297E710FF27E8816E977E1F788B84F54523AEA5D476A6EB38C4418F80

Function 000001FE7243918C Relevance: 9.2, APIs: 6, Instructions: 227COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000001FE724391AE
_get_daylight.LIBCMT ref: 000001FE7243920E
_get_daylight.LIBCMT ref: 000001FE7243921F
_get_daylight.LIBCMT ref: 000001FE72439230
_isindst.LIBCMT ref: 000001FE72439281
_isindst.LIBCMT ref: 000001FE724392D4

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
String ID:
API String ID: 1405656091-0
Opcode ID: cd6fea744430340711cd49b3e9bdbfdb1b852b0eb5a7692198664b91c055b650
Instruction ID: 859e8f9199f1e7c324eed9f8eb668f95a5b138e8f25bf9c4adf02e864390291f
Opcode Fuzzy Hash: cd6fea744430340711cd49b3e9bdbfdb1b852b0eb5a7692198664b91c055b650
Instruction Fuzzy Hash: B781D7B2B002464BEB589F26CD413F873E5E754B88F44D239DA099B79AFB38D5418F80

Function 000001FE723E9F80 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 417COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 000001FE723EA134
__std_exception_destroy.LIBVCRUNTIME ref: 000001FE723EA142
__std_exception_destroy.LIBVCRUNTIME ref: 000001FE723EA3C5
__std_exception_destroy.LIBVCRUNTIME ref: 000001FE723EA3D3

Strings

value, xrefs: 000001FE723EA05A, 000001FE723EA2F3

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: __std_exception_destroy
String ID: value
API String ID: 2453523683-494360628
Opcode ID: fb3e1bf55c046c94c5dba31c0e042e301bb475e1992dc4255283c41285e6c634
Instruction ID: aa429f05ff28c2b4a024308e09667e3129df8a2a1332c859b9ac8a6973795a6d
Opcode Fuzzy Hash: fb3e1bf55c046c94c5dba31c0e042e301bb475e1992dc4255283c41285e6c634
Instruction Fuzzy Hash: A002B172A14BC295EB00EB75D4803ED77A1E7957A4F105361FAAD13BEADB38C185CB80

Function 000001FE723DE610 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 000001FE723DE65A
Process32FirstW.KERNEL32 ref: 000001FE723DE69C
Process32NextW.KERNEL32 ref: 000001FE723DE893
CloseHandle.KERNEL32 ref: 000001FE723DEB0A

Strings

[PID: , xrefs: 000001FE723DE6DE

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID: [PID:
API String ID: 420147892-2210602247
Opcode ID: 328d223ba682ce870284371046a1b98a5c32d8ce51894be109d56df121eea8d0
Instruction ID: a5d1cf46d4431b185e342f8928aedf5595f3dc6133a61bf8b061a81b024ce4de
Opcode Fuzzy Hash: 328d223ba682ce870284371046a1b98a5c32d8ce51894be109d56df121eea8d0
Instruction Fuzzy Hash: 34E19372614BC296EB24EB25E8803ED77E5F389794F504325EA9D07BA9DF78C244CB40

Function 000001FE7242B9B0 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 000001FE7242B9FE
OpenProcessToken.ADVAPI32 ref: 000001FE7242BA11
LookupPrivilegeValueW.ADVAPI32 ref: 000001FE7242BA32
AdjustTokenPrivileges.ADVAPI32 ref: 000001FE7242BA78
CloseHandle.KERNEL32 ref: 000001FE7242BA98

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
String ID:
API String ID: 3038321057-0
Opcode ID: d2de06470b4ed8e39d37734a47601b9eff7cf65b32299141bc4bcc42cf026e17
Instruction ID: 361d3d2be672bc8134669fa3f456e0b3af4ebbd4e6782007e464b3db0fd9b5d9
Opcode Fuzzy Hash: d2de06470b4ed8e39d37734a47601b9eff7cf65b32299141bc4bcc42cf026e17
Instruction Fuzzy Hash: FE215132218B8186E760DF22F45439AB3E0F788B94F554635EA8947B68EF7DC5458F80

Function 000001FE7240D080 Relevance: 6.8, Strings: 5, Instructions: 599COMMON

Download Yara Rule

Strings

exists, xrefs: 000001FE7240F48D
prefs.js, xrefs: 000001FE7240E5E2
status, xrefs: 000001FE7240DE11, 000001FE7240DE33, 000001FE7240DE5B, 000001FE7240DE83
directory_iterator::directory_iterator, xrefs: 000001FE7240DE23, 000001FE7240F4A4
cannot use push_back() with , xrefs: 000001FE7240DDD5

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID:
String ID: cannot use push_back() with $directory_iterator::directory_iterator$exists$prefs.js$status
API String ID: 0-2713369562
Opcode ID: f731b01b6b5038e0c577e7f2d837af0bad5f4b965bae9dd029f665d26bd80d5b
Instruction ID: c2a66ce4a083c1acb08ae3f54322981627487d2fc7a79d0fbab76a92d29fc7a9
Opcode Fuzzy Hash: f731b01b6b5038e0c577e7f2d837af0bad5f4b965bae9dd029f665d26bd80d5b
Instruction Fuzzy Hash: 36523732609FC694E6B1AB15F8813EAB3A4F7C9780F505225DACC47B69EF38C594CB40

Function 000001FE723DCA10 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 671COMMON

Download Yara Rule

APIs

CredEnumerateA.ADVAPI32 ref: 000001FE723DCA72
CredFree.ADVAPI32 ref: 000001FE723DD496

Strings

cannot use push_back() with , xrefs: 000001FE723DD4E4

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Cred$EnumerateFree
String ID: cannot use push_back() with
API String ID: 3403564193-4122110429
Opcode ID: cb7963401eb5612f5fa2cdc5584817467bc7fdc8db455fc209d596cc75c876fe
Instruction ID: 6ebb9bd220be00a2779da7b2690028cd165136074446b5580f2b387f8198e1f3
Opcode Fuzzy Hash: cb7963401eb5612f5fa2cdc5584817467bc7fdc8db455fc209d596cc75c876fe
Instruction Fuzzy Hash: 34627372614BC699EB20DF25E8803ED77A1F789798F504325EA9D17BA9DF34C284CB40

Function 00007FF6612B34C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47nativeCOMMON

Download Yara Rule

APIs

NtQueryVirtualMemory.NTDLL ref: 00007FF6612B3527
NtProtectVirtualMemory.NTDLL ref: 00007FF6612B3591

Strings

0, xrefs: 00007FF6612B3507

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: MemoryVirtual$ProtectQuery
String ID: 0
API String ID: 1355999870-4108050209
Opcode ID: 89413ede3b1e85be20c8f272e65a27b8bfe40e2a2e38e4141ba162e5d23f76ce
Instruction ID: 7dff9df5d17b82cd709590da6f0dc97581e70820d29f1b761c4913707a9bf1a0
Opcode Fuzzy Hash: 89413ede3b1e85be20c8f272e65a27b8bfe40e2a2e38e4141ba162e5d23f76ce
Instruction Fuzzy Hash: 28212F76918B85C6E750CB14F45435AB3B5FB88BA4F504335EAAD87BA8DF7CD0448B00

Function 000001FE724276A0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 217timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32 ref: 000001FE724279D0

Strings

[UTC, xrefs: 000001FE724279A3

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: InformationTimeZone
String ID: [UTC
API String ID: 565725191-1715286942
Opcode ID: d9464a4284bb91225a1d7d0a54c87c35ecca44aa388f45f9a5593c8af6dcd576
Instruction ID: 25ec95aafec4891f7f4272000f5a619dda64797e71319573bb4fd04597baf4ac
Opcode Fuzzy Hash: d9464a4284bb91225a1d7d0a54c87c35ecca44aa388f45f9a5593c8af6dcd576
Instruction Fuzzy Hash: 06B13932A05FC886D7608F2AE8412DAB7A4F79D788F105315EACC57B69EB78C250CB40

Function 000001FE72417BA0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 000001FE72417BF8
LocalFree.KERNEL32 ref: 000001FE72417C8A

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: CryptDataFreeLocalUnprotect
String ID:
API String ID: 1561624719-0
Opcode ID: 3f0d2640eba4d0f7871c2ec703edcb503dbe0d7ea7d03094cd3af9045bbe76bf
Instruction ID: 0315df8b302f1b0883248e7ca5aefa468f7e7caf9191cbbe9f6e51b103c57ab7
Opcode Fuzzy Hash: 3f0d2640eba4d0f7871c2ec703edcb503dbe0d7ea7d03094cd3af9045bbe76bf
Instruction Fuzzy Hash: F1415533614B81CAF3209F35E4403ED37A4F75878CF045229EB8906E9AEB79C5A4CB84

Function 000001FE724273F0 Relevance: 1.6, APIs: 1, Instructions: 137COMMON

Download Yara Rule

APIs

GetLogicalDriveStringsW.KERNEL32 ref: 000001FE72427461

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: DriveLogicalStrings
String ID:
API String ID: 2022863570-0
Opcode ID: 382e336121ae80466f962879a2229f0e9dc64838799d8113c369efc1594dfaf3
Instruction ID: e07c256fe231e7cdba309e12720221f467501202f25f316605036bbfab384bc1
Opcode Fuzzy Hash: 382e336121ae80466f962879a2229f0e9dc64838799d8113c369efc1594dfaf3
Instruction Fuzzy Hash: 5151B432A14B8182E710DF26E4803AEB7B5F794798F105315EA9813BB9EB78D591DB80

Function 000001FE72426150 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32 ref: 000001FE72426195

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: abf913a544c6f9fdd308559da787f240108ca61f3614bb29fccc85bbbd2848d6
Instruction ID: f223b494df996a0d139de3a10b0b3e726cb170cd25e0cfafa7bb4fdbadc5beb9
Opcode Fuzzy Hash: abf913a544c6f9fdd308559da787f240108ca61f3614bb29fccc85bbbd2848d6
Instruction Fuzzy Hash: 7801883261478182E721DF22E8403EEB3E0F798784F440225E6CD43655EB7CC195CF84

Function 000001FE72426860 Relevance: 1.5, Strings: 1, Instructions: 268COMMON

Download Yara Rule

Strings

cores, xrefs: 000001FE72426ABE

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID:
String ID: cores
API String ID: 0-2370456839
Opcode ID: c015235d733b43bac9d39de2a43355ad681f02ecaa006eea8bb7fde0cf9742d1
Instruction ID: 139f6d03e641da305e1930f5c4c15dd240eb4d543ed533953dc8d14f4d1f75ff
Opcode Fuzzy Hash: c015235d733b43bac9d39de2a43355ad681f02ecaa006eea8bb7fde0cf9742d1
Instruction Fuzzy Hash: 77C10973E14B818AF710DF7AD4403ED77A1F3997A8F105315EE9816AA6EB78C185C780

Function 000001FE7242D050 Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

\u%04x, xrefs: 000001FE7242D242

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID:
String ID: \u%04x
API String ID: 0-2916071157
Opcode ID: 9ac3e7affe24433a80f30ef63aa62ecbe97607ee0ab98c7cb77dcaf1733d29dc
Instruction ID: a8cdc73b135e68ea5f2510d63ae7b16b8b2829ce4556f752edb077f127c7af5b
Opcode Fuzzy Hash: 9ac3e7affe24433a80f30ef63aa62ecbe97607ee0ab98c7cb77dcaf1733d29dc
Instruction Fuzzy Hash: 4081DF3320469692EE54EB27D5507FE77E0F789B80F448232DB4A47BA5EB38C615CB90

Function 000001FE7242C5CB Relevance: 1.5, Strings: 1, Instructions: 206COMMON

Download Yara Rule

Strings

": , xrefs: 000001FE7242C6B1, 000001FE7242C75E

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID:
String ID: ":
API String ID: 0-3662656813
Opcode ID: b93e25f0a904a3fdb20e69b3e425758cacba5d6e5c85d4380c12b44ffc6d98ea
Instruction ID: fb749b86b9a06a8021d63a94435f49b874e058fe5782de66e435c7aeb61e4946
Opcode Fuzzy Hash: b93e25f0a904a3fdb20e69b3e425758cacba5d6e5c85d4380c12b44ffc6d98ea
Instruction Fuzzy Hash: 7D912576304A8681DB20AF2AD1947AD73A1F789FC8F419112CF9E47B64DF3AC559CB80

Function 000001FE723E5310 Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 000001FE723E5399

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID:
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
API String ID: 0-1713319389
Opcode ID: a7242879f608aa47813c865fc74e262a7c273f84777ad565790803f492419e94
Instruction ID: e78fde22652633ecdac8f9263c3269348e614bbfbe8c210f7b308282dc435aaa
Opcode Fuzzy Hash: a7242879f608aa47813c865fc74e262a7c273f84777ad565790803f492419e94
Instruction Fuzzy Hash: 9F41D4736196E14AD702CB3984113BD7FF2D366B88F1C82A2D7D487756D62DC206CB10

Function 000001FE723DECB0 Relevance: .7, Instructions: 715COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d421286474c561cbc185b05abbb53bc23506cfdb469a62f60a07dcf5819ed61
Instruction ID: e23bc23c198e46713f66e441a9386c9c491023379ffd98efd97ac2f8adf118b0
Opcode Fuzzy Hash: 1d421286474c561cbc185b05abbb53bc23506cfdb469a62f60a07dcf5819ed61
Instruction Fuzzy Hash: 2C726072A14BC69AEB20DB65E8803ED73A1F789798F504315EEDC57BA9DB38C144CB40

Function 000001FE723CF730 Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaa55e4cf4c31c6c4239622bbafb99f3257bc1278ccb2769de6878bca10c300f
Instruction ID: 1c41866b978ae39304b148cad290f99aa680d09b6a37cf266ee1a0f88e73ae52
Opcode Fuzzy Hash: aaa55e4cf4c31c6c4239622bbafb99f3257bc1278ccb2769de6878bca10c300f
Instruction Fuzzy Hash: 73F16372A15FC58AEB209B69E44139DB7E0F78C798F104325EEDC57B99EB38C1908B44

Function 000001FE723D0450 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e81a1d33d3f75331dcbad58bf1c81398c4bb63cdaa6b0804d900bcbdbb11c730
Instruction ID: 9fcec1614241a72b682fcd714bf4fcebc83204469008fea7c2058ca250ec3d69
Opcode Fuzzy Hash: e81a1d33d3f75331dcbad58bf1c81398c4bb63cdaa6b0804d900bcbdbb11c730
Instruction Fuzzy Hash: C7F15172A15F858AEB208B69E84139D77F0F78C798F104315EEDC57BA9EB38C1908B44

Function 000001FE723CFE20 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f93cf51b42409b50f8b6684a91df8765ba7d19443167589282b80b4a28e26d96
Instruction ID: 71485252d423d4e3fb532efa8d270b4c5e249e39ea8a7a3afd1d8706db49a1c2
Opcode Fuzzy Hash: f93cf51b42409b50f8b6684a91df8765ba7d19443167589282b80b4a28e26d96
Instruction Fuzzy Hash: 3AF17272A15F858AEB608B69E84139DB7E0F38C798F104315EEDC57B99EB78C180CB44

Function 000001FE723D1B90 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c2ee609906b87691af69831a7a769d4e2737882f8e3536b1fee27c1dc0d25fe
Instruction ID: 9290ca20475a66315272027118c08de01e2ed962b7bca65005f3acbda02988bb
Opcode Fuzzy Hash: 8c2ee609906b87691af69831a7a769d4e2737882f8e3536b1fee27c1dc0d25fe
Instruction Fuzzy Hash: 21D18F72F04B829AF711DBB4D4403EC37B6E75978CF006765EA8C26BAADB748195C384

Function 000001FE7241EBF0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 194
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000001FE7241E970: InitializeCriticalSectionEx.KERNEL32 ref: 000001FE7241E9C1
Part of subcall function 000001FE7241E970: GetLastError.KERNEL32 ref: 000001FE7241E9CB

EnterCriticalSection.KERNEL32 ref: 000001FE7241EC31
GdiplusStartup.GDIPLUS ref: 000001FE7241EC58
LeaveCriticalSection.KERNEL32 ref: 000001FE7241EC66
LeaveCriticalSection.KERNEL32 ref: 000001FE7241EC94
GdipGetImageEncodersSize.GDIPLUS ref: 000001FE7241ECA2
GdipGetImageEncoders.GDIPLUS ref: 000001FE7241ED36
GdipCreateBitmapFromScan0.GDIPLUS ref: 000001FE7241EE00
GdipSaveImageToStream.GDIPLUS ref: 000001FE7241EE1E
GdipDisposeImage.GDIPLUS ref: 000001FE7241EE83
GdipDisposeImage.GDIPLUS ref: 000001FE7241EE97

Strings

&, xrefs: 000001FE7241EDFA

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream
String ID: &
API String ID: 1703174404-3042966939
Opcode ID: dd964381881d80bb3d13f7f21f812b9ad7ab8c9b9795b3d442a88d8ae0dd4017
Instruction ID: 6f0dd1afad60f83bdd449b7e2b0fe317626411ad1911ce3e42c014817a0aba79
Opcode Fuzzy Hash: dd964381881d80bb3d13f7f21f812b9ad7ab8c9b9795b3d442a88d8ae0dd4017
Instruction Fuzzy Hash: 2F918336300B828AEB20EF22D8007E877E4F758B98F554725EA5947BA4EB34C555DBC4

Function 000001FE7241FCA0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 226
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000001FE724258D0: GetUserGeoID.KERNEL32 ref: 000001FE724258F7
Part of subcall function 000001FE724258D0: GetGeoInfoA.KERNEL32 ref: 000001FE72425911
Part of subcall function 000001FE724258D0: GetGeoInfoA.KERNEL32 ref: 000001FE72425961

WSAStartup.WS2_32 ref: 000001FE7241FDBE
socket.WS2_32 ref: 000001FE7241FDDB
htons.WS2_32 ref: 000001FE7241FE00
inet_pton.WS2_32 ref: 000001FE7241FE42
connect.WS2_32 ref: 000001FE7241FE5C
closesocket.WS2_32 ref: 000001FE7241FE7B
WSACleanup.WS2_32 ref: 000001FE7241FE81

Strings

system, xrefs: 000001FE7241FD2A
geo, xrefs: 000001FE7241FD6B

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
String ID: geo$system
API String ID: 213021568-2364779556
Opcode ID: 5344a4eb188fcb243936cf5c3513998f8a9e54be50aa32167590098b8822ab26
Instruction ID: 95ad3785ddfc733d79c28ba13401361f03055505d4b06ced59f36e3eebbf23ee
Opcode Fuzzy Hash: 5344a4eb188fcb243936cf5c3513998f8a9e54be50aa32167590098b8822ab26
Instruction Fuzzy Hash: 41B19D72B10B4285FB00ABB6E4443EC33F2E754B98F515326DA5D177B9EA74C54ACB80

Function 000001FE7244092C Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000001FE72440D59

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: f3fc50aa6c1617f97820c214b6f357f8593fa625a947542fe4ec2dfdbb2d532b
Instruction ID: f115a26eb3fd29dab6260e7f2961a6e929fd5f5641b1b0c1b6c41be58a22c7fb
Opcode Fuzzy Hash: f3fc50aa6c1617f97820c214b6f357f8593fa625a947542fe4ec2dfdbb2d532b
Instruction Fuzzy Hash: 0AC10632A0478281F769AB5794083FE77D2F781B84F555331DA49177B2FA78C86A8B80

Function 000001FE7241EA50 Relevance: 9.0, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

DeleteObject.GDI32 ref: 000001FE7241EA93
EnterCriticalSection.KERNEL32 ref: 000001FE7241EAA5
EnterCriticalSection.KERNEL32 ref: 000001FE7241EAB5
GdiplusShutdown.GDIPLUS ref: 000001FE7241EAC3
LeaveCriticalSection.KERNEL32 ref: 000001FE7241EAD0
LeaveCriticalSection.KERNEL32 ref: 000001FE7241EADA

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
String ID:
API String ID: 4268643673-0
Opcode ID: f5a1ecfcc53808b035d0d15b7c47fae7049546fa7d089acffeffd9e0bb2d86bb
Instruction ID: 4fbcb390aa8abf042622c9779c19b5002a133d9a9ffe2357ab7405424713770e
Opcode Fuzzy Hash: f5a1ecfcc53808b035d0d15b7c47fae7049546fa7d089acffeffd9e0bb2d86bb
Instruction Fuzzy Hash: 30113D36211B8181EB10AF26E8401A973B4F758FA4B684725DA6D0B7B4EF34C896CB80

Function 00007FF6612C7980 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 120COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6612C7C00: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00007FF6612C7C0E

Part of subcall function 00007FF6612B6610: char_traits.LIBCPMTD ref: 00007FF6612B663D

Part of subcall function 00007FF6612C7DC0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF6612C7ED5

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF6612C7AFA

Strings

LeaveCriticalSection, xrefs: 00007FF6612C79C5
LoadAcceleratorsW, xrefs: 00007FF6612C7A33
LoadAcceleratorsA, xrefs: 00007FF6612C7A73
EnterCriticalSection, xrefs: 00007FF6612C79FC

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Concurrency::details::_CriticalLock::_ProcessorReentrantScoped_lockScoped_lock::~_Virtual$Concurrency::RootRoot::char_traits
String ID: EnterCriticalSection$LeaveCriticalSection$LoadAcceleratorsA$LoadAcceleratorsW
API String ID: 2378420206-1394853731
Opcode ID: cd83877da9186fce9de08aafba9c68a49bc081f0f9bf195420d3f50a2b5f7a08
Instruction ID: 6453089e9249db7bbac0875626ddac94bee829fe0d8299d88486a297a4dbaf5a
Opcode Fuzzy Hash: cd83877da9186fce9de08aafba9c68a49bc081f0f9bf195420d3f50a2b5f7a08
Instruction Fuzzy Hash: 7851013295D9C2D5DB70DB50E5913EAA374FBD0B48F401432E28DCBAAADE2CD585CB40

Function 000001FE72424A30 Relevance: 6.4, APIs: 4, Instructions: 417networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 000001FE72424C0C
recv.WS2_32 ref: 000001FE724250EC
closesocket.WS2_32 ref: 000001FE724250FE
WSACleanup.WS2_32 ref: 000001FE72425104

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: recv$Cleanupclosesocket
String ID:
API String ID: 146070474-0
Opcode ID: b83be25fb53b123ddb1b67e240d003107384c720ecfdd84c5e8c93a1b8eab234
Instruction ID: 8df414d8f8e9acd8e979e213d06c746c6f47bb6fb6c1eaad9bcb2834b846a3fc
Opcode Fuzzy Hash: b83be25fb53b123ddb1b67e240d003107384c720ecfdd84c5e8c93a1b8eab234
Instruction Fuzzy Hash: 70127672614BC181EA21AB16E4443EEB7E1F7D9790F505721DA9D47AEAEF78C480CF80

Function 00007FF6612C7FD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF6612C80EF
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF6612C8197

Part of subcall function 00007FF6613077D4: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF66130651B), ref: 00007FF661307824
Part of subcall function 00007FF6613077D4: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF66130651B), ref: 00007FF661307865

Strings

1.3.1.zlib-ng, xrefs: 00007FF6612C802D

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$ExceptionFileHeaderRaise
String ID: 1.3.1.zlib-ng
API String ID: 543713560-992988628
Opcode ID: 214197893d06bd3299c1ad979106ee410af2f8313314ccf95e3a3178d2c3f560
Instruction ID: aa068ca60963be1ac182a2cac98d18afa8b57b39754b96d394ded6760509cac1
Opcode Fuzzy Hash: 214197893d06bd3299c1ad979106ee410af2f8313314ccf95e3a3178d2c3f560
Instruction Fuzzy Hash: BA61D632618AC1C6D770DB14E5513AAA3B5FBD8748F804135E6CD86AA9DF7CD684CB40

Function 000001FE72426460 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45registryCOMMON

Download Yara Rule

APIs

RegGetValueA.ADVAPI32 ref: 000001FE724264C9

Strings

ProductName, xrefs: 000001FE724264B4
SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 000001FE724264BB

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Value
String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
API String ID: 3702945584-1787575317
Opcode ID: ca02e5c3ed8e0fc6be14c1ad152ff79eaac3ff22c286f7938fb5c96ca43ff221
Instruction ID: 4dc5cdc35b1c4674b3cc0b2eb9176f754627c51eb2120d4fe5cdcb18d3271594
Opcode Fuzzy Hash: ca02e5c3ed8e0fc6be14c1ad152ff79eaac3ff22c286f7938fb5c96ca43ff221
Instruction Fuzzy Hash: 51115432608B8182DB209F26F44139AB3E4F799784F504725EB9847B69DF7CC155CF80

Function 000001FE72424DB7 Relevance: 4.7, APIs: 3, Instructions: 182networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 000001FE724250EC
closesocket.WS2_32 ref: 000001FE724250FE
WSACleanup.WS2_32 ref: 000001FE72425104

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Cleanupclosesocketrecv
String ID:
API String ID: 3447645871-0
Opcode ID: 4e98ddaa43597ce60faa99fafd4ff3d9ec4a3e2ad2db35c6c7b941d12b99c1c4
Instruction ID: cbc69ad9df622909850fe8b6ae9c23a17a1965cbf2c86baef5cb7d5d6d9870e5
Opcode Fuzzy Hash: 4e98ddaa43597ce60faa99fafd4ff3d9ec4a3e2ad2db35c6c7b941d12b99c1c4
Instruction Fuzzy Hash: 5A916773A14BC141EA25EB16E4443EE7791F7D57A0F105321DAAD47AE9EF78C481CB80

Function 000001FE72427151 Relevance: 4.7, APIs: 3, Instructions: 163registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 000001FE72427169
RegEnumKeyExA.ADVAPI32 ref: 000001FE724271AE
RegCloseKey.ADVAPI32 ref: 000001FE724273A4

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: CloseEnumOpen
String ID:
API String ID: 1332880857-0
Opcode ID: c776229b646a060b2928c0d5c5f80b0a6a94997743fe38de0b506056c7555680
Instruction ID: be481cbb811c706b91620652c60eecf537176242c0698bae4ca2be1192a7bb62
Opcode Fuzzy Hash: c776229b646a060b2928c0d5c5f80b0a6a94997743fe38de0b506056c7555680
Instruction Fuzzy Hash: F2718672A04B8685FB10DB66E4443AD77E1F7857A8F104315EFA917AE9EB78D0C1CB80

Function 00007FF6612BD7F0 Relevance: 4.6, APIs: 3, Instructions: 112COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF6612BD8DD
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF6612BD9C0
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6612BD9E9

Part of subcall function 00007FF6612B6610: char_traits.LIBCPMTD ref: 00007FF6612B663D

Part of subcall function 00007FF6612BDAA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6612BDAB8

Part of subcall function 00007FF6612BDB00: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6612BDB13

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Concurrency::details::Work$EmptyQueue::Structured$Base::ContextIdentityQueue$char_traits
String ID:
API String ID: 2573577243-0
Opcode ID: f26d7d76682de479d1a510b7515a2100360f65aa1e8371ebd0398830a94be955
Instruction ID: 31894de39f8fa7c5e0ed4e5ffcefd7c717abf179ce49dd3e2581816a567e43cd
Opcode Fuzzy Hash: f26d7d76682de479d1a510b7515a2100360f65aa1e8371ebd0398830a94be955
Instruction Fuzzy Hash: 9951EA62618AC6D1DB609B15E4913EBB375FBC5B88F804032D6CD8BB6ADF2CD4858B40

Function 000001FE724270E0 Relevance: 4.6, APIs: 3, Instructions: 96registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 000001FE72427169
RegEnumKeyExA.ADVAPI32 ref: 000001FE724271AE

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: EnumOpen
String ID:
API String ID: 3231578192-0
Opcode ID: d80f14cf87453080268adb68deae75d6ba4fc3d7dfc0e44dc0fd8621660a0c44
Instruction ID: 3fbe402813244f4cb90f1deed8626cef4a8132fef87312f48058e1ea674fec65
Opcode Fuzzy Hash: d80f14cf87453080268adb68deae75d6ba4fc3d7dfc0e44dc0fd8621660a0c44
Instruction Fuzzy Hash: 85319232610B8686FB20DF62E8547EE73A4F744798F204225EE9917B64EF78C596CB40

Function 00007FF6612C17D0 Relevance: 4.6, APIs: 3, Instructions: 77COMMON

Download Yara Rule

APIs

_CallMemberFunction0.LIBCPMTD ref: 00007FF6612C1850
_CallMemberFunction0.LIBCPMTD ref: 00007FF6612C18CD
_CallMemberFunction0.LIBCPMTD ref: 00007FF6612C1928

Part of subcall function 00007FF6612BA560: char_traits.LIBCPMTD ref: 00007FF6612BA593

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: CallFunction0Member$char_traits
String ID:
API String ID: 1927575840-0
Opcode ID: b3a0a285e39b8cf687cbf5e33b540a6d49c497df54d9ecd142d2dcea34095149
Instruction ID: a6f428db9814d0be86a269e61d49c5faf196bb1da6bae57cfe0d4deab5cadcc6
Opcode Fuzzy Hash: b3a0a285e39b8cf687cbf5e33b540a6d49c497df54d9ecd142d2dcea34095149
Instruction Fuzzy Hash: ED314F7190C642C5E760EB15E5511AAB7B5EF85B88F504135F38DCB6A6DF3CE6808B40

Function 000001FE72426E1B Relevance: 4.6, APIs: 3, Instructions: 68registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 000001FE72426E37
RegQueryValueExA.ADVAPI32 ref: 000001FE72426E76
RegCloseKey.ADVAPI32 ref: 000001FE72426F14

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: 497c1e7926f3d444a968bab04cca3fa9f68789f660d1b6e4e5e77ce73ce49532
Instruction ID: 6f2709c79964941742b5accb2419c7b5aa75e20f1e8987753c0ee2c03e892e64
Opcode Fuzzy Hash: 497c1e7926f3d444a968bab04cca3fa9f68789f660d1b6e4e5e77ce73ce49532
Instruction Fuzzy Hash: C121BB72A1478241EE50DB26E4503AE7790F7D57D4F405325EA9D46A79EE2CC084CF80

Function 00007FF6612C82A0 Relevance: 4.6, APIs: 3, Instructions: 51COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6612C82DB
OpenProcessToken.ADVAPI32 ref: 00007FF6612C82EE
GetTokenInformation.KERNELBASE ref: 00007FF6612C8336

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: ProcessToken$CurrentInformationOpen
String ID:
API String ID: 2743777493-0
Opcode ID: 722ab832dbefb05b570a67b2cccdef345e5e387398dfdff30b5f0e262e84267a
Instruction ID: c6f38deeb518b15351d4c49be78bb8d371bfe43156a95fa1bb30580998a7fa22
Opcode Fuzzy Hash: 722ab832dbefb05b570a67b2cccdef345e5e387398dfdff30b5f0e262e84267a
Instruction Fuzzy Hash: 91213E2292C681C5EB40DB10E4553AEB7B4FB85B48F945035F78E8BAA9DF3DD548CB40

Function 000001FE724258D0 Relevance: 4.6, APIs: 3, Instructions: 50COMMON

Download Yara Rule

APIs

GetUserGeoID.KERNEL32 ref: 000001FE724258F7
GetGeoInfoA.KERNEL32 ref: 000001FE72425911
GetGeoInfoA.KERNEL32 ref: 000001FE72425961

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Info$User
String ID:
API String ID: 2017065092-0
Opcode ID: 877c1b4e073b3a87c3d7ac6068cbd316133fc0437c9f32c249d117db553f0db1
Instruction ID: 4238f11936321c810ec9b8368396a5c9db31d611290340a3e1e3d0d265448283
Opcode Fuzzy Hash: 877c1b4e073b3a87c3d7ac6068cbd316133fc0437c9f32c249d117db553f0db1
Instruction Fuzzy Hash: 70119D32A1478283EB109F62E41076EB7A2F790BC8F045239EF8517B69DF7CD4948B84

Function 000001FE7241F820 Relevance: 4.5, APIs: 3, Instructions: 49COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 000001FE7241F85B
OpenProcessToken.ADVAPI32 ref: 000001FE7241F86E
GetTokenInformation.ADVAPI32 ref: 000001FE7241F8AA

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: ProcessToken$CurrentInformationOpen
String ID:
API String ID: 2743777493-0
Opcode ID: 1c225c442ed3ae12c114120d81f2afce391d37106ff629cfd40a7a8c2f449ed4
Instruction ID: 0bd059524eb79b3d8f1d8ef7cc77195d8090baa5a1a9a5633a2c3381618caee7
Opcode Fuzzy Hash: 1c225c442ed3ae12c114120d81f2afce391d37106ff629cfd40a7a8c2f449ed4
Instruction Fuzzy Hash: 6111FE32619B8182EB50AF16F85039AB3E4F788B80F555235EB9987B68DF3CC405CF84

Function 000001FE72444F60 Relevance: 4.5, APIs: 3, Instructions: 15COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 000001FE72444F71
TerminateProcess.KERNEL32 ref: 000001FE72444F7C
ExitProcess.KERNEL32 ref: 000001FE72444F8B

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 3909df8ddc6717e2b276abcc8b7868d121cee5230461283d2778d4ce90183b93
Instruction ID: 6731595bb275932dd9b09e29f9c0e971536dce760baf297d1121821f0764991f
Opcode Fuzzy Hash: 3909df8ddc6717e2b276abcc8b7868d121cee5230461283d2778d4ce90183b93
Instruction Fuzzy Hash: 18D09E30B0074652EF197BB25C952FC32E69B99716F841B3C9D130A3B3ED29844E4A80

Function 000001FE723E1EB0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 153COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000001FE723E209C

Strings

, xrefs: 000001FE723E1F33

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-3916222277
Opcode ID: 76448bf2a57e45e8968c455fbfa8bc2fcbf05d37a943354eb48dd18162d0e159
Instruction ID: 9627dcbd2b94da8a75c580c9d57ef285cdf841aee075ccf3f82523a03eddf7cf
Opcode Fuzzy Hash: 76448bf2a57e45e8968c455fbfa8bc2fcbf05d37a943354eb48dd18162d0e159
Instruction Fuzzy Hash: CB517C72A00B47A6EB159F2AD0503AC73A0F358B90F544766DF5D43BA4CF79D8A6C780

Function 000001FE72426C70 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74COMMON

Download Yara Rule

APIs

GetCurrentHwProfileW.ADVAPI32 ref: 000001FE72426CAC

Strings

Unknown, xrefs: 000001FE72426D66

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: CurrentProfile
String ID: Unknown
API String ID: 2104809126-1654365787
Opcode ID: 9620c529eb467c2ec69f9554772d2bcda9f57316b6868f94ab05b6f1bde0fce9
Instruction ID: c9ec87da55abbd2678f4ac6720c9fd514b1f5f5b07d92a90e2582a022ee2d8fb
Opcode Fuzzy Hash: 9620c529eb467c2ec69f9554772d2bcda9f57316b6868f94ab05b6f1bde0fce9
Instruction Fuzzy Hash: C831F033628BC186E710DF22E4403EAB7A0F799B44F541225EBC906A26EB7CC585CF40

Function 00007FF6612BFAE0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

_CRT_INIT.LIBCMTD ref: 00007FF6612BFB9A

Strings

@, xrefs: 00007FF6612BFB6E

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: b337b7728e22acf7a85b468339197ec44de5b842342dd1561fc2dcb21d3dd529
Instruction ID: 47576ce9456ff7a3451e071b29e39736ff7ee06dabb4031c3c4c7a4773844671
Opcode Fuzzy Hash: b337b7728e22acf7a85b468339197ec44de5b842342dd1561fc2dcb21d3dd529
Instruction Fuzzy Hash: 5131C93661C681C6D760CB15E55062BB7E4F788B88F100565EA8D87B59EF3CD9408F00

Function 000001FE723E8560 Relevance: 3.2, APIs: 2, Instructions: 192COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000001FE723E86A0
Concurrency::cancel_current_task.LIBCPMT ref: 000001FE723E879F

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: ea1572982dcc141632e1650f4bdcb9428156ccbb5de7831811242931a240452c
Instruction ID: 8dba3fe95fe7e489609d432e8e655211aa963ec45a9bb8f2c642139d8f9c547f
Opcode Fuzzy Hash: ea1572982dcc141632e1650f4bdcb9428156ccbb5de7831811242931a240452c
Instruction Fuzzy Hash: 2651D672B017C795EE24BB12A5003F972D1A714BE4F5807719F6D0B7F6EA78C4868B80

Function 000001FE7241EED0 Relevance: 3.1, APIs: 2, Instructions: 87COMMON

Download Yara Rule

APIs

SHGetKnownFolderPath.SHELL32 ref: 000001FE7241EF29
CoTaskMemFree.OLE32 ref: 000001FE7241EFEA

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: FolderFreeKnownPathTask
String ID:
API String ID: 969438705-0
Opcode ID: 5f2961302959c0ed5e282d88b8909df76f76c0f003f9f14efc1921d5f91e8f12
Instruction ID: 21086842138e2ecc80eacd35dbaed81da747669dad17a306070f4e43f1771e91
Opcode Fuzzy Hash: 5f2961302959c0ed5e282d88b8909df76f76c0f003f9f14efc1921d5f91e8f12
Instruction Fuzzy Hash: 02316672A14B8582E620DF26E44036EB7A1F7997F4F105325FAAD037A5EB7CC1818F44

Function 000001FE72434648 Relevance: 3.1, APIs: 2, Instructions: 77COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000001FE7243466F

Part of subcall function 000001FE72434604: _invalid_parameter_noinfo.LIBCMT ref: 000001FE7243461B

_invalid_parameter_noinfo.LIBCMT ref: 000001FE72434723

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 77ff38050bbf038ec147631c291faae903e00292372ea36fba1d268a897535c6
Instruction ID: 2b5b1cab0da7c0be7d3ca63c11efd767456d314839aede1164c1b1f410e54772
Opcode Fuzzy Hash: 77ff38050bbf038ec147631c291faae903e00292372ea36fba1d268a897535c6
Instruction Fuzzy Hash: 59317A32211A4682EA54FB56E8512FD33E1E795B90F958331E65A573F3FB38C5058B80

Function 000001FE7241D510 Relevance: 3.1, APIs: 2, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 000001FE7241D561
RegCloseKey.ADVAPI32 ref: 000001FE7241D573

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: CloseOpen
String ID:
API String ID: 47109696-0
Opcode ID: f1dca321947a1367f0d55f51290a78f41f5e328790fa86022a41bb21031095aa
Instruction ID: ee4dc7582e4e794ad6eebef2c68490a790742accbc1bcfafc1eb6e772b3c98de
Opcode Fuzzy Hash: f1dca321947a1367f0d55f51290a78f41f5e328790fa86022a41bb21031095aa
Instruction Fuzzy Hash: A6219671714A8185EF50AB27E4403EAB3E0EB98BD4F545231EA4D47BA5EB28C441DB80

Function 000001FE7241C7CC Relevance: 3.1, APIs: 2, Instructions: 58synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 000001FE723DE610: CreateToolhelp32Snapshot.KERNEL32 ref: 000001FE723DE65A
Part of subcall function 000001FE723DE610: Process32FirstW.KERNEL32 ref: 000001FE723DE69C

Part of subcall function 000001FE723DCA10: CredEnumerateA.ADVAPI32 ref: 000001FE723DCA72

Part of subcall function 000001FE72424A30: recv.WS2_32 ref: 000001FE72424C0C

ReleaseMutex.KERNEL32 ref: 000001FE7241C83B
CloseHandle.KERNEL32 ref: 000001FE7241C844

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
String ID:
API String ID: 420082584-0
Opcode ID: bdc3095a1b87ea801f36cca919535da8ad91ef6c23b11170d4e8423925a6948e
Instruction ID: 89ae2618c6affab36dfbda10f2fe4ad5e278e7f6810c10794936fe8ed8f1aad5
Opcode Fuzzy Hash: bdc3095a1b87ea801f36cca919535da8ad91ef6c23b11170d4e8423925a6948e
Instruction Fuzzy Hash: 63219371A0468392FA217777EC573FD72C0AF85351F145B70E99A066F7BE188041AEE2

Function 000001FE7241C7FD Relevance: 3.0, APIs: 2, Instructions: 47synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 000001FE72424A30: recv.WS2_32 ref: 000001FE72424C0C

ReleaseMutex.KERNEL32 ref: 000001FE7241C83B
CloseHandle.KERNEL32 ref: 000001FE7241C844

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: CloseHandleMutexReleaserecv
String ID:
API String ID: 2659716615-0
Opcode ID: 243e1f54ec1414a6cb5ddf1cb52e513f16c7a96ffc7a79d155c63164a1710649
Instruction ID: e611c13beeed2fb13c95dac1a6a34c9ca5833d75044e53e823e18696ebfecb64
Opcode Fuzzy Hash: 243e1f54ec1414a6cb5ddf1cb52e513f16c7a96ffc7a79d155c63164a1710649
Instruction Fuzzy Hash: 3511C231A046C382F9217736E8463FD72C0AB85752F045730EA99066F7BE188041AED6

Function 000001FE72440E9C Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32 ref: 000001FE72440EE8
GetLastError.KERNEL32 ref: 000001FE72440EF2

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 85342b8448b5f83962e520861b5040a532baca975cc467821ece28218af4e603
Instruction ID: bcc6b0b0f97bbecdfc483be96de701cdec8a66b7bf7c70ae06ac9439a6851edc
Opcode Fuzzy Hash: 85342b8448b5f83962e520861b5040a532baca975cc467821ece28218af4e603
Instruction Fuzzy Hash: 4A119471614B8281DE10AB26A4042A973E2E744BF4F645321EE790B7F9EF78C4628B80

Function 00007FF6612BD750 Relevance: 3.0, APIs: 2, Instructions: 33libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FF6612BD768
GetProcAddress.KERNEL32 ref: 00007FF6612BD789

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID:
API String ID: 2574300362-0
Opcode ID: bd71bcfb797b50c55a6df7201416778f22323b2fa91c79af38a8b0c2d0370c92
Instruction ID: 05ee3044204d29c69d22e7ce6d2cef1eee8b1badf76c88912ea7a85a68fec71d
Opcode Fuzzy Hash: bd71bcfb797b50c55a6df7201416778f22323b2fa91c79af38a8b0c2d0370c92
Instruction Fuzzy Hash: 9101D77651CB89C9D7608B11F58436AB7B4F788B9CF101935E6CE8ABA8CF3CD1949B04

Function 000001FE7244E888 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000001FE7244E8B8

Part of subcall function 000001FE7244F8DC: std::bad_alloc::bad_alloc.LIBCMT ref: 000001FE7244F8E5

Concurrency::cancel_current_task.LIBCPMT ref: 000001FE7244E8BE

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
String ID:
API String ID: 1173176844-0
Opcode ID: ad7fb39d7d0572768195cdb96d88edf57c93c5d00d8eaa663e4c704e5b7bea2c
Instruction ID: 7a9da9e678eecc9b8fa77108c80118dc62148bd1b8467d36d2ffc14cf7d9f677
Opcode Fuzzy Hash: ad7fb39d7d0572768195cdb96d88edf57c93c5d00d8eaa663e4c704e5b7bea2c
Instruction Fuzzy Hash: 11E01730F1128B19FD2832B319063F530C20F59370E2C1B30A9764A2F3BA2488978ED8

Function 00007FF6612F5810 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,?,00007FF6612F5929,00007FF6612FACD6,?,?,?,00007FF6612FB053,?,?,00000000,00007FF6612FB9B9,?,?,?,00007FF6612FB8EB), ref: 00007FF6612F5826
GetLastError.KERNEL32(?,?,00007FF6612F5929,00007FF6612FACD6,?,?,?,00007FF6612FB053,?,?,00000000,00007FF6612FB9B9,?,?,?,00007FF6612FB8EB), ref: 00007FF6612F5830

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: d1c0f4e6f877c9d6cfcd8a19c59eeb7a423ced942baaa3383c8ac58c4f15d072
Instruction ID: 3d258e68f402d474f35d9b5c8e452b9c9c9bb68620d7310a784d8a360f2f00b4
Opcode Fuzzy Hash: d1c0f4e6f877c9d6cfcd8a19c59eeb7a423ced942baaa3383c8ac58c4f15d072
Instruction Fuzzy Hash: DDE08C50F48202CAFF086BB2AA9603926795FC8F54F04C430CC2EDE3A2EE2C68C14350

Function 000001FE7243D3C8 Relevance: 2.5, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 000001FE7243D3DE
GetLastError.KERNEL32 ref: 000001FE7243D3E8

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: b7253a55b1276d1b57d670979138b52c86c30a15e8b70f9b8b054cc625f4c6ce
Instruction ID: d0196d3480cf761322d6869b2e7ee29166d52da91aab102419717ef234145b8f
Opcode Fuzzy Hash: b7253a55b1276d1b57d670979138b52c86c30a15e8b70f9b8b054cc625f4c6ce
Instruction Fuzzy Hash: 1AE01271B02606D2FE1877F3A8453F532D1AB94741F4486348915AA273FD1848858E80

Function 000001FE7242F150 Relevance: 1.7, APIs: 1, Instructions: 189COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000001FE7242F3A0

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 8ee1261b0074b4c1930e6de03223f2b47350efe231d8e93e631e38de9a5e3001
Instruction ID: 29a1772481cb580a8ec5285d6bf6e7048aa2eed3891f0ecad1766b792790a1ce
Opcode Fuzzy Hash: 8ee1261b0074b4c1930e6de03223f2b47350efe231d8e93e631e38de9a5e3001
Instruction Fuzzy Hash: 03619C36300A8584EA15EE17D2543BD33E1E305FD8F968621CE5D0B7E5EB39C886CB90

Function 000001FE723CE2A0 Relevance: 1.7, APIs: 1, Instructions: 175COMMON

Download Yara Rule

APIs

__std_fs_directory_iterator_open.LIBCPMT ref: 000001FE723CE3D3

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: __std_fs_directory_iterator_open
String ID:
API String ID: 4007087469-0
Opcode ID: 612ddcefc7630db56f3620f1072b6d911cf3a2af5b3b5cbf471fd81d26c93fdc
Instruction ID: 03e1be495e841bdbdb1c42777daa484b945b7f00372ee8c853be0126fd79ffd5
Opcode Fuzzy Hash: 612ddcefc7630db56f3620f1072b6d911cf3a2af5b3b5cbf471fd81d26c93fdc
Instruction Fuzzy Hash: 23619072B10A83A5FB10EB6AD4803FC33E1E7487A8F004735DE29576E9EA34C5859B84

Function 000001FE723E8E80 Relevance: 1.6, APIs: 1, Instructions: 129COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000001FE723E9015

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 0fddab9f0fc65afd18ea68c1df672a61be6ab72e1ef1925badb69b394b1d33b8
Instruction ID: d027538bffd616b34c499ee516de0650ee2df228945c34f003ebc5a793353e96
Opcode Fuzzy Hash: 0fddab9f0fc65afd18ea68c1df672a61be6ab72e1ef1925badb69b394b1d33b8
Instruction Fuzzy Hash: C341B072B04B8795EE10AB12A1043EDB3A2F758BD4F540731DF6D0B7AADE38C5468B80

Function 000001FE723F9FB0 Relevance: 1.6, APIs: 1, Instructions: 123COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000001FE723FA157

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 17a67f7000f568216462d827472073e51eaa917c8833adbe2f0f55d116a8286a
Instruction ID: 552b78f585cd5aaaa6d8f983c9f1354eea29126c7bc69446d75b50e4794a2223
Opcode Fuzzy Hash: 17a67f7000f568216462d827472073e51eaa917c8833adbe2f0f55d116a8286a
Instruction Fuzzy Hash: B941A072214B8695DA28EB66F5442BEB3E1F748BD0F508725AFAD03BA5DF38C041CB44

Function 000001FE723E9030 Relevance: 1.6, APIs: 1, Instructions: 118COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000001FE723E91AC

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 1fb953179ab442b135fe32c556255a3106088636cf944075173ae4f41d94bf45
Instruction ID: 9fc4c4ab00e00b901516836bef4334a14a74865f56c5a16e26bcad956b9e0f92
Opcode Fuzzy Hash: 1fb953179ab442b135fe32c556255a3106088636cf944075173ae4f41d94bf45
Instruction Fuzzy Hash: D741D47170078795EE14BB12A5083F9B2D2B314BD4F5447319F6D0B7EAEE78C6868B80

Function 000001FE723E4600 Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000001FE723E4751

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: e95ccaeb726be183b8e598d75789eac51d46a9696cd696b3df3820ec008f91ba
Instruction ID: 8801dd0cda402ba659768ae0b7e71a6c6fea1dee665fc9b3f085f0d757f09569
Opcode Fuzzy Hash: e95ccaeb726be183b8e598d75789eac51d46a9696cd696b3df3820ec008f91ba
Instruction Fuzzy Hash: 7231F372B01A8764FE15BB22A5003F872D1A319FE4F5447719F2D07BE6EA78C48987C0

Function 000001FE7243D8C8 Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000001FE7243D8F0

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: a6489b2be76faf22097b4e2486930154795670c0681d29dc16d0eeee0672d6c2
Instruction ID: 415e49bdad31a1174ae74b9df29c846c617c119b894e0d4b215090ed1ad62ba3
Opcode Fuzzy Hash: a6489b2be76faf22097b4e2486930154795670c0681d29dc16d0eeee0672d6c2
Instruction Fuzzy Hash: DA41D332101641C7EF68AB1AE5413FD73E4EB56B90F108320DA96A77A6EB28D502CFD1

Function 000001FE7242EF10 Relevance: 1.6, APIs: 1, Instructions: 110COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000001FE7242F070

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 2c8e6ea54a7083c1968ebf332093c0ed22209e4062b3f912ce83105a6d9f764a
Instruction ID: 3b70e78056a53d4335d43a9e83643061f5c4c231cbcbbd04105152b05e802656
Opcode Fuzzy Hash: 2c8e6ea54a7083c1968ebf332093c0ed22209e4062b3f912ce83105a6d9f764a
Instruction Fuzzy Hash: DF319F72301B8591EA24EF17E5403AEB2E0F744BD0F5447359BAE477A5EF38C0918B84

Function 000001FE72426290 Relevance: 1.6, APIs: 1, Instructions: 107COMMON

Download Yara Rule

APIs

GetVolumeInformationW.KERNEL32 ref: 000001FE72426320

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: bdaeba7249e67b2a27764a932d856e7435e7c222d067acc7a4ed718c825688f2
Instruction ID: 39c73dae3798dd814eb6377dc2bb519ba136025df27600ed9439bd8336453a70
Opcode Fuzzy Hash: bdaeba7249e67b2a27764a932d856e7435e7c222d067acc7a4ed718c825688f2
Instruction Fuzzy Hash: 28517D32A14B8186E710DF75D8403ED77A0F794788F505325EB9C57AA9EF78C585CB80

Function 00007FF6612C7DC0 Relevance: 1.6, APIs: 1, Instructions: 102COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6612CB970: _Byte_length.LIBCPMTD ref: 00007FF6612CB9F6

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF6612C7ED5

Part of subcall function 00007FF6612CBA40: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF6612CBA6A

Part of subcall function 00007FF6612CBAA0: _Byte_length.LIBCPMTD ref: 00007FF6612CBB26

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Byte_lengthConcurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
String ID:
API String ID: 2675252387-0
Opcode ID: 25f0638dfb9a7e7f1869a5053e67cf137c28dbe61eaf3d505533771dfcbf52f2
Instruction ID: b8f80f5380e1de2a29c3009c3edc2470fc424f7f178bc1b06ce9896c335afc86
Opcode Fuzzy Hash: 25f0638dfb9a7e7f1869a5053e67cf137c28dbe61eaf3d505533771dfcbf52f2
Instruction Fuzzy Hash: A251EA32619AC5D1DB60DB15E8903DAB3B5FBC4B88F804036E68D87B69DE3CD549CB40

Function 00007FF6612BBA90 Relevance: 1.6, APIs: 1, Instructions: 95COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6612BC520: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6612BC53D
Part of subcall function 00007FF6612BC520: _Max_value.LIBCPMTD ref: 00007FF6612BC562
Part of subcall function 00007FF6612BC520: _Min_value.LIBCPMTD ref: 00007FF6612BC590

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6612BBB3C

Part of subcall function 00007FF6612B4310: std::_Xinvalid_argument.LIBCPMT ref: 00007FF6612B431B

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Max_valueMin_valueXinvalid_argumentstd::_
String ID:
API String ID: 142707115-0
Opcode ID: 64e45d8456456b58955b4a52269d4573a0e0db22259897afc3b760c251d3df79
Instruction ID: 52364d333237929caa73bb4420cb5991bd7db25a933b13e42e3ab3a533a7a1f7
Opcode Fuzzy Hash: 64e45d8456456b58955b4a52269d4573a0e0db22259897afc3b760c251d3df79
Instruction Fuzzy Hash: AD51B33661DB85C5DB50DB16F49026AB7B4F7C9B88F505026EACE87B29DF3CD4908B40

Function 000001FE723E29B0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000001FE723E2AB8

Part of subcall function 000001FE723CB820: __std_exception_copy.LIBVCRUNTIME ref: 000001FE723CB868

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task__std_exception_copy
String ID:
API String ID: 317858897-0
Opcode ID: 9dac07bd1d0a0cb93e141047a6c54eee905ec5032acb1a693ad0e53e6d6826bd
Instruction ID: 88aa8f77b0baa6d2eb55eb66881354cc60d41dcb6094e3342d6599293d26f8af
Opcode Fuzzy Hash: 9dac07bd1d0a0cb93e141047a6c54eee905ec5032acb1a693ad0e53e6d6826bd
Instruction Fuzzy Hash: AF21CE32A01B8756FA28BB15A5003F972D1A764BA4F2447359E6C07BE2EE78C4D68780

Function 000001FE7244080C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000001FE72440892

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: a24f7c79d48368e33d7deb9d4eeecb52ce7ec7a6106812cc151fd4020b53ad0d
Instruction ID: fbd615889f0c776a6bd427da2f8b528fb04acfbddb276ea9347ac8c30b4872d0
Opcode Fuzzy Hash: a24f7c79d48368e33d7deb9d4eeecb52ce7ec7a6106812cc151fd4020b53ad0d
Instruction Fuzzy Hash: 3731BC32A1060286F755BB5788063FD36D1E790BA0F525325AA15173F2EB78C4528BD1

Function 00007FF6612BF580 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8832b93c38650351119958a3682aaab50e8cbc8b9dc0623d89af5356b64ee8a2
Instruction ID: eb599c61c1e29a934b3b8932d0d6797a7e2cffc09b693d1dd5f3ae1a9cab3371
Opcode Fuzzy Hash: 8832b93c38650351119958a3682aaab50e8cbc8b9dc0623d89af5356b64ee8a2
Instruction Fuzzy Hash: 0B311C6661CB81C5DB509B66E54032BA7A4FBC5BD8F001036FECD8BB69DF6CD0408B40

Function 000001FE72444E91 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 000001FE72444EBF

Part of subcall function 000001FE72444FB8: GetModuleHandleExW.KERNEL32 ref: 000001FE72444FDD
Part of subcall function 000001FE72444FB8: GetProcAddress.KERNEL32 ref: 000001FE72444FF3
Part of subcall function 000001FE72444FB8: FreeLibrary.KERNEL32 ref: 000001FE7244501A

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: 9e03c0276b42d0bae273c9ceb8b8abd1e24865752fa8da44abca3c0ffcb1668a
Instruction ID: 277c7b6b1cf0d44640888f597aeb509e26cc18761ec0904177c103c0cc89fe33
Opcode Fuzzy Hash: 9e03c0276b42d0bae273c9ceb8b8abd1e24865752fa8da44abca3c0ffcb1668a
Instruction Fuzzy Hash: 2F215E32A00B458AEB64AF65D4443FC37E1E34471CF540735E72A46AE5EB74C586CB80

Function 000001FE7245E200 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000001FE7245E15D

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 277766cc613ac521deff1262cc5973a4c6dda0ce244441028124d0478fb53980
Instruction ID: f322d859b107b53dddc094cb24c5f02f24f73e7d2a97430c819e1c34fa5299cb
Opcode Fuzzy Hash: 277766cc613ac521deff1262cc5973a4c6dda0ce244441028124d0478fb53980
Instruction Fuzzy Hash: C211753231568181FA65BF6398013FEB2E4B785B80F444231EAC557BA6EB7CC9019F85

Function 000001FE7245FEF8 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000001FE7245FF1B

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 4bdd7c7df9abbb715da046ae302baf4d590079e7e30464498c50f0bf6b7ea38d
Instruction ID: 23689adcf3d70b031c17f50a55a6837e2b405b57396e5cd84beae4c89cb7168a
Opcode Fuzzy Hash: 4bdd7c7df9abbb715da046ae302baf4d590079e7e30464498c50f0bf6b7ea38d
Instruction Fuzzy Hash: 6221A73321464187DB61AF2AD4403BD76E0F796B94F554335EB9A47AE9EB38C4008F40

Function 00007FF6612BE170 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 292d0802afc3662b8a44df9434c69ee7ab1bc2423aa3cf29da608adeab93335d
Instruction ID: ca1b74f34ae6b763b79c90cb3bc73b5200f440ee0cc3dc682f0bf49a45b94cb8
Opcode Fuzzy Hash: 292d0802afc3662b8a44df9434c69ee7ab1bc2423aa3cf29da608adeab93335d
Instruction Fuzzy Hash: F6214C2251CAC1C5DBA0DB11E4513AFA7B4FB84B8CF545571E6CECBA9ACF2CD1848B00

Function 00007FF6612CBBF0 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6612CBC1C

Part of subcall function 00007FF6612CF7D0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF6612CF846
Part of subcall function 00007FF6612CF7D0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF6612CF855

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 2595383736-0
Opcode ID: d187d2a0eb802e6f176a8c328b985804572825bb7962f1620d6111e602d056cd
Instruction ID: a5b3712d452d7b857407d22c2f9a8899bf8e2ac0cf3ef6be6ec6c23ff07848be
Opcode Fuzzy Hash: d187d2a0eb802e6f176a8c328b985804572825bb7962f1620d6111e602d056cd
Instruction Fuzzy Hash: 0D21AE36618F89C1DB50DB15F49025AB7B4FBD9B88F501126EA8E87B69DF3CD1908B40

Function 00007FF6612C8750 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6612C875E

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 1ad8e3f512f94af4e84cc218fd812ce07013cec5e36aa4d374ac0a216bf662a5
Instruction ID: 2b7d72cfb9cd6324a1edb1a7c7c276a3c7bbdf03d384a32cb3773155c3b5d26a
Opcode Fuzzy Hash: 1ad8e3f512f94af4e84cc218fd812ce07013cec5e36aa4d374ac0a216bf662a5
Instruction Fuzzy Hash: 61114F36619F8881DB609B1AE49031AB7B5F7C9B98F505126EB8E87B69CF3CD5508B00

Function 00007FF6612CBAA0 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6612CBB70: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF6612CBB7E

_Byte_length.LIBCPMTD ref: 00007FF6612CBB26

Part of subcall function 00007FF6612CBBF0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6612CBC1C

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Byte_lengthConcurrency::details::Concurrency::details::_CriticalEmptyLock::_Queue::ReentrantScoped_lockScoped_lock::~_StructuredWork
String ID:
API String ID: 3730899627-0
Opcode ID: a4279381825b097a51bbb40bb4fa2ec5ae5536782bc70fef3494edae06f6c104
Instruction ID: c9aea7b8b01e2c589e9813617e2cdb1841b04006a5758a7078bebab6f8d5c782
Opcode Fuzzy Hash: a4279381825b097a51bbb40bb4fa2ec5ae5536782bc70fef3494edae06f6c104
Instruction Fuzzy Hash: 94112422518A85C2DB60DB24F49119BB7B8FBC5B84F904022EBCD87B69DF3CC1518B40

Function 00007FF6612CB970 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

_Byte_length.LIBCPMTD ref: 00007FF6612CB9F6

Part of subcall function 00007FF6612CBBF0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6612CBC1C

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Byte_lengthConcurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 2180140624-0
Opcode ID: 4c1b483ce9ae656858f0bbe009e6f38eed582fb41a9c014dc9f6aa9f7ebd549b
Instruction ID: d8e8ceec752e8472e5cc98d46855567a01781d786265f560c1f0045c373ac789
Opcode Fuzzy Hash: 4c1b483ce9ae656858f0bbe009e6f38eed582fb41a9c014dc9f6aa9f7ebd549b
Instruction Fuzzy Hash: D911F426918A85C2DB50DB25F49119BB7B4FBC5B88F905122EBCD87B69DF3CC151CB40

Function 00007FF6612B7E40 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6612B7E74

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 3d4a030196c7ee3f94582092a48c7ddfc123bb74d61f0fbd3fd190b0a234afcd
Instruction ID: 1c189fbb77a0bcca6f09d70ff7b698bb475c9d182bde8cdcc3d974361e7f7d91
Opcode Fuzzy Hash: 3d4a030196c7ee3f94582092a48c7ddfc123bb74d61f0fbd3fd190b0a234afcd
Instruction Fuzzy Hash: BC112E66609B45C1DB20DB15E48036AA7B4FBC9BDCF040136EA8D8BB65CF3CC580CB40

Function 00007FF6612BF6A0 Relevance: 1.5, APIs: 1, Instructions: 38COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 00007FF6612BF721

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: type_info::_name_internal_method
String ID:
API String ID: 3713626258-0
Opcode ID: 76e54cbdeb55244470ca4b8c1149c975881fede5f5229d85922bdbd701fbbbd6
Instruction ID: 347bd21872479180330bdbc64a771b14b4feea92febfa905d0df498287d6d2cf
Opcode Fuzzy Hash: 76e54cbdeb55244470ca4b8c1149c975881fede5f5229d85922bdbd701fbbbd6
Instruction Fuzzy Hash: 52010C7A62CB86C1D7409B16F54026BA3A4FB85BC8F106471FACECB759DF2CE4509B40

Function 000001FE72420E00 Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON

Download Yara Rule

APIs

send.WS2_32 ref: 000001FE72420E48

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: 10723b900c3d3fb221c2729e0f2ab508e71a113b43aaaf7fd55bda6ca2804ccb
Instruction ID: fc999718e0334f79d15e06748fd19229fe31406e3287cad381dbaeb0b75c1edd
Opcode Fuzzy Hash: 10723b900c3d3fb221c2729e0f2ab508e71a113b43aaaf7fd55bda6ca2804ccb
Instruction Fuzzy Hash: 52012631724A8082EB109F17F94426DB7E0F798FD4F486230EF5D03B68EB28C8818B40

Function 00007FF6612BCD80 Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6612BCDC2

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 5b003b8cca513f1d9bd291702dbd346b7f7ce6d2eb4d71e1a0a6965b61c62195
Instruction ID: cd35ada76c96747f969d130e7804994d8740219e536cb494eef6d95cc432defe
Opcode Fuzzy Hash: 5b003b8cca513f1d9bd291702dbd346b7f7ce6d2eb4d71e1a0a6965b61c62195
Instruction Fuzzy Hash: A2015266619F86C1DB609B28E48131BA7A8FB88B9CF000231F69D86BD5DF3CC1A08704

Function 00007FF6612CC9F0 Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6612CCA33

Part of subcall function 00007FF6612BA910: allocator.LIBCONCRTD ref: 00007FF6612BA92B

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWorkallocator
String ID:
API String ID: 1755220593-0
Opcode ID: e9dd5059331e962bb0aad71984c047b5081c9f2cc64489ca351a57fb079b81be
Instruction ID: 3b84208750757af70630c6ef591f292bab28443ce9e13239311fca49dff21e51
Opcode Fuzzy Hash: e9dd5059331e962bb0aad71984c047b5081c9f2cc64489ca351a57fb079b81be
Instruction Fuzzy Hash: F6015E36619F8482CA60DB0AF89111EB7A4F7C9B98F504125FACD87B29DF3CD1608B00

Function 000001FE723D7633 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNEL32 ref: 000001FE723D7676

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 752fe5805e453647425062ce64daa4e53c54a82ad0d646f83825288564bb7983
Instruction ID: 971f671b5b263e0fc2ccc68ca74980928abf98e36e8276959e69bb4d6a79739e
Opcode Fuzzy Hash: 752fe5805e453647425062ce64daa4e53c54a82ad0d646f83825288564bb7983
Instruction Fuzzy Hash: A501F4362089C191EA70DB56F4543AA7364F788B94F444162DE9D43B69EE39C486CF40

Function 000001FE72437374 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000001FE72437393

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 68ea0e6e30933e9dd76abf56f21314c638998a57c534cc3687c594a1fb5b02e7
Instruction ID: f4f083c2ffcb67a3eb042842fe73c4d108d6bfd525a8eb074771dc721996d759
Opcode Fuzzy Hash: 68ea0e6e30933e9dd76abf56f21314c638998a57c534cc3687c594a1fb5b02e7
Instruction Fuzzy Hash: A9E02231211A0281EB647BAA91413FC71D0BB057F0F10C330AA74162E7EA7488608A00

Function 00007FF661305554 Relevance: 1.5, APIs: 1, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF661305584

Part of subcall function 00007FF6613064DC: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6613064E5

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
String ID:
API String ID: 680105476-0
Opcode ID: eab2c86477353e2fdf37daf347e1d7af9a32534bc8376d8c7edc6a9f128f6aaa
Instruction ID: 0bcc9da4070a01c12aeb67037626aa51fa7a93aaf2b2d4b840f8ab616cc091c8
Opcode Fuzzy Hash: eab2c86477353e2fdf37daf347e1d7af9a32534bc8376d8c7edc6a9f128f6aaa
Instruction Fuzzy Hash: B4E0EC80E4A14FC6FB2862A5655617A01E90F48F76E1D1730DA3FED2C7AD1DA4918690

Function 00007FF6612CBA40 Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF6612CBA6A

Part of subcall function 00007FF6612C7FD0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF6612C80EF
Part of subcall function 00007FF6612C7FD0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF6612C8197

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
String ID:
API String ID: 2443641946-0
Opcode ID: a00cf0b1ec4db13d273557ccddcb421bc2b4e8bce47aca48317bcbe3f147d040
Instruction ID: 07c21b6dc0838b8ece35aeb224b3110206e47f47cfe85a3f416d969a8bad77ec
Opcode Fuzzy Hash: a00cf0b1ec4db13d273557ccddcb421bc2b4e8bce47aca48317bcbe3f147d040
Instruction Fuzzy Hash: 23F0BCB2918A8086C760EB55E48111BB7A4FBC8B98F001225FACD87B29DF7CC2508F44

Function 00007FF6612BA910 Relevance: 1.5, APIs: 1, Instructions: 9COMMONLIBRARYCODE

Download Yara Rule

APIs

allocator.LIBCONCRTD ref: 00007FF6612BA92B

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: allocator
String ID:
API String ID: 3447690668-0
Opcode ID: 69c9719d4dd52abe98a264028dc470e26ea7d52536d19f2f10ff87e1f9baad59
Instruction ID: e3fee367dbaa2579d241034b9245497271d2705c92190f486f070c1df2cafc84
Opcode Fuzzy Hash: 69c9719d4dd52abe98a264028dc470e26ea7d52536d19f2f10ff87e1f9baad59
Instruction Fuzzy Hash: FEC0E966A29B85C1CA44EB16F48101A7764F7D8BC4F909425EA8E57729DF28C1A58B00

Function 000001FE7245B4C0 Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNEL32 ref: 000001FE7245B4C4

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 4104833be8186ecfced91f05a1dc286f8d4e1ac7fad94ea37a2bf5d234dce428
Instruction ID: 995a2af5468da8bf6edb23749c008722265320899477168f4892f7e77b13ce0c
Opcode Fuzzy Hash: 4104833be8186ecfced91f05a1dc286f8d4e1ac7fad94ea37a2bf5d234dce428
Instruction Fuzzy Hash: 1CC04C25F15542E1FA553B735C822A221D0D755712F440630891484660ED1C85D69E51

Function 000001FE7245D0B4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNEL32 ref: 000001FE7245D0BD

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: ebb3c2d15c06801dfe805b6087078b0f501a5fe9f8c446694f4975735c5f9cad
Instruction ID: 662b91f6d233ce34d0b18b8f84a5e3e0c70799353246099f38c5c7495d8ebd50
Opcode Fuzzy Hash: ebb3c2d15c06801dfe805b6087078b0f501a5fe9f8c446694f4975735c5f9cad
Instruction Fuzzy Hash: 48B09236A148C0C3CA11FB04EC465597371F794B0AFD00120E68E42724DE2CCA2A8E00

Function 000001FE7243DA30 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32 ref: 000001FE7243DA85

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 9ae9f8af891c0b94514e7ea55ed6623f4eb6cc8682cd7ae55c8d48968416ecb5
Instruction ID: 124cb32ba5ce42b2d111d8890128d35d4a130cba1eb38fee52350729876eac19
Opcode Fuzzy Hash: 9ae9f8af891c0b94514e7ea55ed6623f4eb6cc8682cd7ae55c8d48968416ecb5
Instruction Fuzzy Hash: B0F01D7430560781FE9477A35A513F532D56B99B40F4CD634890AAA3F7FE2CCA818A90

Function 00007FF6612F64BC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,00000028,00007FF661305573,?,?,?,00007FF6612B10A8), ref: 00007FF6612F64FA

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 31f5e82480b86c694179d874989cf1b3d096565e770f3be7cb9178f83f4d8f72
Instruction ID: 3fefe27c20e5ca15d2244f75e212e3bc16cedab91cd062e494f708341c251193
Opcode Fuzzy Hash: 31f5e82480b86c694179d874989cf1b3d096565e770f3be7cb9178f83f4d8f72
Instruction Fuzzy Hash: E3F0FE51F89287D9FB6467616A8537A61B8DFC4F78F084630D93EDE6D6DD1CE4C08210

Function 000001FE7243E8BC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32 ref: 000001FE7243E8FA

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: eba47d0c810211a009f984e3ce810decee2d7cb9fb39a7e87e15bbee8ef19542
Instruction ID: 2ad312845ea5fb56a0510a8b8acacac4b771f4b54e3217a59b75f58939eaf69e
Opcode Fuzzy Hash: eba47d0c810211a009f984e3ce810decee2d7cb9fb39a7e87e15bbee8ef19542
Instruction Fuzzy Hash: CFF0F831B0228A55FE9476639C457F532C05F887A4F4887349D369A2E3FA2888819B94

Function 00007FF6612B26C0 Relevance: 1.3, APIs: 1, Instructions: 17memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

VirtualAlloc.KERNEL32 ref: 00007FF6612B26F3

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: bb55d3c25760e0320b4c92f21841f287c01ac31988aa5e77e6438427710fe636
Instruction ID: 9fee233a14b7a167609ec4d359143fd49ef8507ab3c262aa5ebc8ba17e0ef99d
Opcode Fuzzy Hash: bb55d3c25760e0320b4c92f21841f287c01ac31988aa5e77e6438427710fe636
Instruction Fuzzy Hash: F2E0E576A1CB85C6D720CB15F44031ABBB4F799B88F204525EACD86B28CF7DD6948F44

Non-executed Functions

Function 000001FE7242A430 Relevance: 34.3, APIs: 18, Strings: 1, Instructions: 1015stringmemorynativeCOMMON

Download Yara Rule

APIs

RtlAcquirePebLock.NTDLL ref: 000001FE7242A473
NtAllocateVirtualMemory.NTDLL ref: 000001FE7242A4AB
lstrcpyW.KERNEL32 ref: 000001FE7242A50D
lstrcatW.KERNEL32 ref: 000001FE7242A5C2
NtAllocateVirtualMemory.NTDLL ref: 000001FE7242A649
lstrcpyW.KERNEL32 ref: 000001FE7242A6FC
RtlInitUnicodeString.NTDLL ref: 000001FE7242A711
RtlInitUnicodeString.NTDLL ref: 000001FE7242A726
LdrEnumerateLoadedModules.NTDLL ref: 000001FE7242A739
RtlReleasePebLock.NTDLL ref: 000001FE7242A73F

Part of subcall function 000001FE7241EED0: SHGetKnownFolderPath.SHELL32 ref: 000001FE7241EF29
Part of subcall function 000001FE7241EED0: CoTaskMemFree.OLE32 ref: 000001FE7241EFEA

CoInitializeEx.OLE32 ref: 000001FE7242A7EA
lstrcpyW.KERNEL32 ref: 000001FE7242A9C9
lstrcatW.KERNEL32 ref: 000001FE7242ABCE
CoGetObject.OLE32 ref: 000001FE7242ABEC
lstrcpyW.KERNEL32 ref: 000001FE7242B269
lstrcatW.KERNEL32 ref: 000001FE7242B48C
CoGetObject.OLE32 ref: 000001FE7242B4AA
CoUninitialize.OLE32 ref: 000001FE7242B972

Strings

0, xrefs: 000001FE7242B0AA

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$AllocateInitLockMemoryObjectStringUnicodeVirtual$AcquireEnumerateFolderFreeInitializeKnownLoadedModulesPathReleaseTaskUninitialize
String ID: 0
API String ID: 1424456515-4108050209
Opcode ID: 4a155e6e288a08d6e5d90cf9b3790c7b51114b4925d8c893251066b583a263cf
Instruction ID: 7daab1bb6a47ac946f57d24d11e7a69dc929c2504372a5e7de8d4ccf8a8a6a4d
Opcode Fuzzy Hash: 4a155e6e288a08d6e5d90cf9b3790c7b51114b4925d8c893251066b583a263cf
Instruction Fuzzy Hash: 2EC2A736626F948AD7908F69E88169DB3B5F788B88F105219FECD57B18EF38C154CB40

Function 00007FF6612FFF2C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMONLIBRARYCODE

Download Yara Rule

APIs

fegetenv.LIBCMT ref: 00007FF6612FFF7A
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6613005E6
_invalid_parameter_noinfo.LIBCMT ref: 00007FF66130075C
_invalid_parameter_noinfo.LIBCMT ref: 00007FF661300A1A
_invalid_parameter_noinfo.LIBCMT ref: 00007FF661300C3A
_invalid_parameter_noinfo.LIBCMT ref: 00007FF661300E77
memcpy_s.LIBCPMT ref: 00007FF661300F52
memcpy_s.LIBCPMT ref: 00007FF661300FFD
memcpy_s.LIBCPMT ref: 00007FF6613010CC

Strings

1#INF, xrefs: 00007FF6613000A3
1#SNAN, xrefs: 00007FF66130008A
1#QNAN, xrefs: 00007FF661300093
1#IND, xrefs: 00007FF661300067

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 808467561-2761157908
Opcode ID: f599b05029d98f237293d086c6c8cbc83094781c7e8eddfec9504f7173d138ad
Instruction ID: 356306dd61e24de0252067072cd8d81742f07bd59740cee477013726ae14c663
Opcode Fuzzy Hash: f599b05029d98f237293d086c6c8cbc83094781c7e8eddfec9504f7173d138ad
Instruction Fuzzy Hash: 31B29F72A18282CBE765CE64D5407FD77F1FB44B89F545135DA0EEBA84DF38AA408B80

Function 000001FE7241B420 Relevance: 21.5, APIs: 1, Strings: 11, Instructions: 465COMMON

Download Yara Rule

APIs

ShellExecuteW.SHELL32 ref: 000001FE7241B9A7

Strings

ios_base::badbit set, xrefs: 000001FE7241BBBA
.exe, xrefs: 000001FE7241B485
ios_base::eofbit set, xrefs: 000001FE7241BBCC
.exe, xrefs: 000001FE7241B56D
.vbs, xrefs: 000001FE7241B512
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;', xrefs: 000001FE7241B5B4
.ps1, xrefs: 000001FE7241B4B4
runas, xrefs: 000001FE7241B926
.cmd, xrefs: 000001FE7241B4E3
open, xrefs: 000001FE7241B91D
ios_base::failbit set, xrefs: 000001FE7241BBC5

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: ExecuteShell
String ID: .cmd$.exe$.exe$.ps1$.vbs$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$open$runas
API String ID: 587946157-4093014531
Opcode ID: d183a49cb038e1e05b35cdc0479dea64a12b0c8edb0861e5c6556ee9c69445ec
Instruction ID: 51357ee3a80bac1acf5362cc9656e04b30e2ae63f56820ec3ba6da2a67d1c035
Opcode Fuzzy Hash: d183a49cb038e1e05b35cdc0479dea64a12b0c8edb0861e5c6556ee9c69445ec
Instruction Fuzzy Hash: 6422A172A10B8185EB10EF39E8803ED77A1F784798F505326EA5D47AB9EB74C585CB80

Function 000001FE7244A3C8 Relevance: 20.4, APIs: 8, Strings: 3, Instructions: 1156COMMON

Download Yara Rule

Strings

s, xrefs: 000001FE7244B4D2
W$, xrefs: 000001FE7244A530
s, xrefs: 000001FE7244B3F1

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID: s$s$W$
API String ID: 3215553584-4165748295
Opcode ID: 9b1f272bfafe38334aa377421cf6210804c5f9af34e63209d09ff03d43a97708
Instruction ID: ad54d1b15859d58080f480045abed5364177a391ea15a085887b772f1c61ac99
Opcode Fuzzy Hash: 9b1f272bfafe38334aa377421cf6210804c5f9af34e63209d09ff03d43a97708
Instruction Fuzzy Hash: 33A20173E102A28BE775DE66D450BFD77E2F354788F405225DA065BAA8E734DA02CF80

Function 000001FE72418440 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 188COMMON

Download Yara Rule

APIs

BCryptOpenAlgorithmProvider.BCRYPT ref: 000001FE724184D8
BCryptSetProperty.BCRYPT ref: 000001FE72418502
BCryptGenerateSymmetricKey.BCRYPT ref: 000001FE7241853B
Concurrency::cancel_current_task.LIBCPMT ref: 000001FE72418661

Strings

ChainingModeGCM, xrefs: 000001FE724184F0
AES, xrefs: 000001FE724184CD
ChainingMode, xrefs: 000001FE724184F7

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Crypt$AlgorithmConcurrency::cancel_current_taskGenerateOpenPropertyProviderSymmetric
String ID: AES$ChainingMode$ChainingModeGCM
API String ID: 2222192889-1213888626
Opcode ID: fd76c9a3087cceedb26387cd54d192953fe5d99b26d557b13a9e1070e2ebde76
Instruction ID: fddc56bfc3a47e5d65797eb7bf1ab84758830845ba5d5a5b7949704a46b4893b
Opcode Fuzzy Hash: fd76c9a3087cceedb26387cd54d192953fe5d99b26d557b13a9e1070e2ebde76
Instruction Fuzzy Hash: 8B61B67270078686FB14AB66E4403E973A1E795BE4F144731AF5C0BBF6EB38C5918B81

Function 00007FF6612E2B97 Relevance: 12.0, Strings: 9, Instructions: 793COMMON

Download Yara Rule

Strings

invalid bit length repeat, xrefs: 00007FF6612E2F9C
too many length or distance symbols, xrefs: 00007FF6612E2D3E
invalid distance code, xrefs: 00007FF6612E34E4
invalid distance too far back, xrefs: 00007FF6612E35AA
invalid code lengths set, xrefs: 00007FF6612E2D25
invalid distances set, xrefs: 00007FF6612E30B5
invalid literal/lengths set, xrefs: 00007FF6612E303F
invalid literal/length code, xrefs: 00007FF6612E3308
invalid code -- missing end-of-block, xrefs: 00007FF6612E2FC9

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
API String ID: 0-2665694366
Opcode ID: 8dab440fc9059f63e4ec5b970c608ca424db9a839ae67d8aedf904f713204985
Instruction ID: e7ff1256138b1fbb616a219fdca8c533eff19afe832c131f44ed5800286f5ada
Opcode Fuzzy Hash: 8dab440fc9059f63e4ec5b970c608ca424db9a839ae67d8aedf904f713204985
Instruction Fuzzy Hash: E862F572A046E6C7E7A48F25D658B7E37BDFB84744F054139EA4A8B780DE38D984CB40

Function 00007FF6612FCE44 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6612F5CB8: GetLastError.KERNEL32 ref: 00007FF6612F5CC7
Part of subcall function 00007FF6612F5CB8: FlsGetValue.KERNEL32 ref: 00007FF6612F5CDC
Part of subcall function 00007FF6612F5CB8: SetLastError.KERNEL32 ref: 00007FF6612F5D67

TranslateName.LIBCMT ref: 00007FF6612FCEAE
TranslateName.LIBCMT ref: 00007FF6612FCEE9
GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF6612F42C8), ref: 00007FF6612FCF30
IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF6612F42C8), ref: 00007FF6612FCF68
GetLocaleInfoW.KERNEL32 ref: 00007FF6612FD125

Strings

utf8, xrefs: 00007FF6612FD04C

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
String ID: utf8
API String ID: 3069159798-905460609
Opcode ID: f952dde8d3cd7788e963193f5ea5aa1e92811ebc708004aabb464cf43692a041
Instruction ID: ae549c5ef79b4bfa3638dd4be67e498571d2ee2e73c75c30279af68cc5ac0ddf
Opcode Fuzzy Hash: f952dde8d3cd7788e963193f5ea5aa1e92811ebc708004aabb464cf43692a041
Instruction Fuzzy Hash: 9791A032A48746CAEB249F21D6016B963B8EF84F88F448135DE6D8B785DF3DE591C740

Function 00007FF6612FD88C Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6612F5CB8: GetLastError.KERNEL32 ref: 00007FF6612F5CC7
Part of subcall function 00007FF6612F5CB8: FlsGetValue.KERNEL32 ref: 00007FF6612F5CDC
Part of subcall function 00007FF6612F5CB8: SetLastError.KERNEL32 ref: 00007FF6612F5D67

Part of subcall function 00007FF6612F5CB8: FlsSetValue.KERNEL32 ref: 00007FF6612F5CFD

GetUserDefaultLCID.KERNEL32(?,00000000,00000092,?), ref: 00007FF6612FD9FC

Part of subcall function 00007FF6612F5CB8: FlsSetValue.KERNEL32 ref: 00007FF6612F5D2A
Part of subcall function 00007FF6612F5CB8: FlsSetValue.KERNEL32 ref: 00007FF6612F5D3B
Part of subcall function 00007FF6612F5CB8: FlsSetValue.KERNEL32 ref: 00007FF6612F5D4C

EnumSystemLocalesW.KERNEL32(?,00000000,00000092,?,?,00000000,?,00007FF6612F42C1), ref: 00007FF6612FD9E3
ProcessCodePage.LIBCMT ref: 00007FF6612FDA26
IsValidCodePage.KERNEL32 ref: 00007FF6612FDA38
IsValidLocale.KERNEL32 ref: 00007FF6612FDA4E
GetLocaleInfoW.KERNEL32 ref: 00007FF6612FDAAA
GetLocaleInfoW.KERNEL32 ref: 00007FF6612FDAC6

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 2591520935-0
Opcode ID: c4ae29048c0868d5221bcf0fbd91c5e5467cd0d186a5bb531500621032177dec
Instruction ID: f64b4a9382fac35ed58cb829bb338ef6c066326268612fda524a8eca3ba8262e
Opcode Fuzzy Hash: c4ae29048c0868d5221bcf0fbd91c5e5467cd0d186a5bb531500621032177dec
Instruction Fuzzy Hash: 6D716B22B48606CDFB109B61D5516BD33B8BF88F48F444135CA6E9B795EF3CA489C350

Function 000001FE724102C0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 410COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 000001FE72410474
__std_exception_destroy.LIBVCRUNTIME ref: 000001FE72410482
__std_exception_destroy.LIBVCRUNTIME ref: 000001FE72410705
__std_exception_destroy.LIBVCRUNTIME ref: 000001FE72410713

Strings

value, xrefs: 000001FE7241039A, 000001FE72410633

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: __std_exception_destroy
String ID: value
API String ID: 2453523683-494360628
Opcode ID: fb24c2487bef5d11f96c52c58a2826c42bb7973a23ceb61f9ba3f8d4a100ee2b
Instruction ID: 37bae8061ae8a7e94d398e3599d90f40acdf00250c0ca935943935de7c6277d5
Opcode Fuzzy Hash: fb24c2487bef5d11f96c52c58a2826c42bb7973a23ceb61f9ba3f8d4a100ee2b
Instruction Fuzzy Hash: 0F02A472A14BC185EB00EB75D4843ED77A1E7957A4F106321FA9D17AEAEB38C185CB80

Function 00007FF6612F1E68 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF6612F1EE1
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6612F1EF9
RtlVirtualUnwind.KERNEL32 ref: 00007FF6612F1F34
IsDebuggerPresent.KERNEL32 ref: 00007FF6612F1F6D
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6612F1F77
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6612F1F82

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: ce7e3796c7a5bb2387eca005e84a3121ab51e1fc44c73afe5079a6031630cece
Instruction ID: a8e768ce39a72d49f2dee8248b7fd0ca7aa7a7ff066a06a516e4012e9f9b3fb3
Opcode Fuzzy Hash: ce7e3796c7a5bb2387eca005e84a3121ab51e1fc44c73afe5079a6031630cece
Instruction Fuzzy Hash: CA31A636608B81C6DB60CF25E8412AE73B4FB88B58F544135EA9E8BB58DF3CD585C700

Function 00007FF6612D30B0 Relevance: 7.0, Strings: 5, Instructions: 719COMMON

Download Yara Rule

Strings

0, xrefs: 00007FF6612D374E
d, xrefs: 00007FF6612D3C7F
d, xrefs: 00007FF6612D3B18
0, xrefs: 00007FF6612D36AD
d, xrefs: 00007FF6612D35F5

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID: 0$0$d$d$d
API String ID: 0-911316061
Opcode ID: be84b10c0d2d45635747b94c10be12c5baf49aa36d94cf40a0aca8293bbb7e80
Instruction ID: 3f3ed4792931561d05318c965b9bdf6e54462ab44237204d438c078f05f9be2b
Opcode Fuzzy Hash: be84b10c0d2d45635747b94c10be12c5baf49aa36d94cf40a0aca8293bbb7e80
Instruction Fuzzy Hash: 8F72D676A18681CAD764CF19E5807AAB7A1F7C9B44F104126EB8EC7BA8DF3DD4458F00

Function 000001FE7244A44F Relevance: 6.4, Strings: 5, Instructions: 198COMMON

Download Yara Rule

Strings

1#IND, xrefs: 000001FE7244A49F
W$, xrefs: 000001FE7244A530
1#SNAN, xrefs: 000001FE7244A4C2
1#QNAN, xrefs: 000001FE7244A4CB
1#INF, xrefs: 000001FE7244A4DB

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID: 1#IND$1#INF$1#QNAN$1#SNAN$W$
API String ID: 3215553584-4287779413
Opcode ID: e914ef83dae64b72f50003c00f300a4745ddd1fbbdf1c541f482026cce5ebf66
Instruction ID: 35fbf53110381857d989f15a73a46a8d20ea29fe0760b2a9711aa8144bd7dcf5
Opcode Fuzzy Hash: e914ef83dae64b72f50003c00f300a4745ddd1fbbdf1c541f482026cce5ebf66
Instruction Fuzzy Hash: 44715573F142524BE760AF7AD4147FDB2E2A390794F4047359A194BAE4EA38D5428F80

Function 00007FF6612E22E8 Relevance: 5.5, Strings: 4, Instructions: 453COMMON

Download Yara Rule

Strings

unknown compression method, xrefs: 00007FF6612E231A
unknown header flags set, xrefs: 00007FF6612E233C
, xrefs: 00007FF6612E23D0
header crc mismatch, xrefs: 00007FF6612E27B6

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID: $header crc mismatch$unknown compression method$unknown header flags set
API String ID: 0-4074041902
Opcode ID: 5fd275a1f547e5e5e246a265f17631c6e5570a77d34065937c2ebc4c447087f8
Instruction ID: 246756a0d607bcafaf511fc7fa819ebcd5490dc280ab083a8da91f6b87e1652c
Opcode Fuzzy Hash: 5fd275a1f547e5e5e246a265f17631c6e5570a77d34065937c2ebc4c447087f8
Instruction Fuzzy Hash: 751278B2A142D6C6E7958B35C298B3A3ABDFF44B48F155534DA4E8B794CF38DA80C740

Function 00007FF6612FFA90 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE

Download Yara Rule

APIs

memcpy_s.LIBCPMT ref: 00007FF6612FFAF6
memcpy_s.LIBCPMT ref: 00007FF6612FFB21

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-0
Opcode ID: 57a8bb62846f71c15516153ffb7b4828fa003a6834a4406426bc392e6d140f03
Instruction ID: b354686c54362fb7dab6ff07ee4d04487808f929572e46f64ed35b6fad7a9f8d
Opcode Fuzzy Hash: 57a8bb62846f71c15516153ffb7b4828fa003a6834a4406426bc392e6d140f03
Instruction Fuzzy Hash: 75C1E373A582868BE724CF15A24466AB7A5F7C4F88F448235DB5A8B784DF3CE841CB40

Function 00007FF6612FD308 Relevance: 4.7, APIs: 3, Instructions: 167COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6612F5CB8: GetLastError.KERNEL32 ref: 00007FF6612F5CC7
Part of subcall function 00007FF6612F5CB8: FlsGetValue.KERNEL32 ref: 00007FF6612F5CDC
Part of subcall function 00007FF6612F5CB8: SetLastError.KERNEL32 ref: 00007FF6612F5D67

Part of subcall function 00007FF6612F5CB8: FlsSetValue.KERNEL32 ref: 00007FF6612F5CFD

GetLocaleInfoW.KERNEL32 ref: 00007FF6612FD374

Part of subcall function 00007FF66130242C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF661302449

GetLocaleInfoW.KERNEL32 ref: 00007FF6612FD3BD

Part of subcall function 00007FF66130242C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6613024A2

GetLocaleInfoW.KERNEL32 ref: 00007FF6612FD485

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: InfoLocale$ErrorLastValue_invalid_parameter_noinfo
String ID:
API String ID: 1791019856-0
Opcode ID: ffb303f14084d201689acfaa42d903f902045a7f0c7723b67fadfb05f0f86b60
Instruction ID: 35ff9ed2aecad5cbfe32c818aae1fc077be7fa95898b60ff3dd9a793fe988398
Opcode Fuzzy Hash: ffb303f14084d201689acfaa42d903f902045a7f0c7723b67fadfb05f0f86b60
Instruction Fuzzy Hash: CB619132A48546CAEB349F21E6802B973B5FB84B48F408135CB6EDB695DF3CE495C740

Function 000001FE724163A6 Relevance: 4.4, Strings: 3, Instructions: 653COMMON

Download Yara Rule

Strings

POQ7YD6OwoviuSf/QCxUyWIQOKozQGlWhLBB++/d59U=, xrefs: 000001FE72416449
wD1RIzr1K8o=, xrefs: 000001FE724164D1
port, xrefs: 000001FE7241705F

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID:
String ID: POQ7YD6OwoviuSf/QCxUyWIQOKozQGlWhLBB++/d59U=$port$wD1RIzr1K8o=
API String ID: 0-2521232984
Opcode ID: 0b48ea9a5cdd4616711938e025fafaf0def66692c71ceead38078b11092cc9bd
Instruction ID: ebef63f2c02548c55d7160361c01aef36ab19510dff04d6accfb474fd69ed798
Opcode Fuzzy Hash: 0b48ea9a5cdd4616711938e025fafaf0def66692c71ceead38078b11092cc9bd
Instruction Fuzzy Hash: DB726FB2A29BC581EA60DB25E4403EEB3A5F799784F105325EBCD13B69EF38C145CB44

Function 00007FF6612D27B0 Relevance: 4.2, Strings: 3, Instructions: 488COMMON

Download Yara Rule

Strings

d, xrefs: 00007FF6612D2E76
0, xrefs: 00007FF6612D2C8D
0, xrefs: 00007FF6612D2BEC

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID: 0$0$d
API String ID: 0-3608139397
Opcode ID: 5c76ddb99ef15a809886bb458ee614dacd124281dc7315fd32f47024dea49008
Instruction ID: 826f8a03afb21203b291d6143c6a75ae6ef53d26eb1fe0dc0e75cfb0d18c0eeb
Opcode Fuzzy Hash: 5c76ddb99ef15a809886bb458ee614dacd124281dc7315fd32f47024dea49008
Instruction Fuzzy Hash: C632D872A1C681CAD764CF19E5807AAB7A1F7C9B44F105126E68AC7BA8DF7CD485CF00

Function 00007FF6612EA140 Relevance: 4.2, Strings: 3, Instructions: 407COMMON

Download Yara Rule

Strings

invalid distance code, xrefs: 00007FF6612EA649
invalid distance too far back, xrefs: 00007FF6612EA666
invalid literal/length code, xrefs: 00007FF6612EA62C

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID: invalid distance code$invalid distance too far back$invalid literal/length code
API String ID: 0-3255898291
Opcode ID: 7a605b2cea8ad5d7cbca8e7681ee519b81b1658c2b26500f27ae4b4ec54e850d
Instruction ID: 9ac6bd2e1596a8157d14a280a86f646f1bc230e9a46198e5fac315c1cc128e39
Opcode Fuzzy Hash: 7a605b2cea8ad5d7cbca8e7681ee519b81b1658c2b26500f27ae4b4ec54e850d
Instruction Fuzzy Hash: 81F13772B0C6D587DB548F25A15867D7BB6E7C5B88F048139EA8E4B798CE3CD984CB00

Function 00007FF6612E8C30 Relevance: 4.2, Strings: 3, Instructions: 407COMMON

Download Yara Rule

Strings

invalid distance code, xrefs: 00007FF6612E9139
invalid distance too far back, xrefs: 00007FF6612E9156
invalid literal/length code, xrefs: 00007FF6612E911C

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID: invalid distance code$invalid distance too far back$invalid literal/length code
API String ID: 0-3255898291
Opcode ID: e5486bf6340005e40ec32ce1de8edf0dcb03f50dc41d0fbeeae64139bd64bd70
Instruction ID: fdf37e4c2612eb7863adaa1c86ef0a9d9571a019fdcecacd5e581af92e13ab63
Opcode Fuzzy Hash: e5486bf6340005e40ec32ce1de8edf0dcb03f50dc41d0fbeeae64139bd64bd70
Instruction Fuzzy Hash: 98F11832A0C6D583DB588F35955467D7BB6EB85B88F14813AEB8E4B788DE3CD984C700

Function 00007FF6612ECA20 Relevance: 4.0, Strings: 3, Instructions: 252COMMON

Download Yara Rule

Strings

0, xrefs: 00007FF6612ECC42
, xrefs: 00007FF6612ECCD2
@, xrefs: 00007FF6612ECB89

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID: $0$@
API String ID: 0-2347541974
Opcode ID: eeca5f65d7def711a2938bc2b9d1f084d0224f6aa778e8f803134c364f27b88c
Instruction ID: 671c2d0acb0002d784039d175a67c6033867720bef5128372e27ac8e5fe3f41b
Opcode Fuzzy Hash: eeca5f65d7def711a2938bc2b9d1f084d0224f6aa778e8f803134c364f27b88c
Instruction Fuzzy Hash: 22B1B457D28FC641F6138B3954439B5B320AFFF7D0A24A327FEE475612AB68A7918310

Function 00007FF6612F91E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,?,?,?,?,00007FF6612F449A), ref: 00007FF6612F9254

Strings

GetLocaleInfoEx, xrefs: 00007FF6612F91FC, 00007FF6612F920D

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 9b4a3f26f7b91ef26a560136e31b55ba1280cb57d4f7cd41046f5acf592c097e
Instruction ID: 70e76c3af0e6142d0b1c5481a6e46d0b8f2fedca99701bbba09a547b7f5a9306
Opcode Fuzzy Hash: 9b4a3f26f7b91ef26a560136e31b55ba1280cb57d4f7cd41046f5acf592c097e
Instruction Fuzzy Hash: 4C018F25B08B41C9EB449B56B5040A6B674AFCAFC0F588035EE5E9BB69CE3CD592C780

Function 00007FF6612F8758 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FF6612F89A7
RaiseException.KERNEL32 ref: 00007FF6612F89B8

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: a1839167aa180c42619ad643ddb8024cdd347c0831b0529f6c74a26638d682ba
Instruction ID: a19a1e6030fdb40e0653b0c481ab76cc8a2a6c555168500cfa2e51ee5f77c7c4
Opcode Fuzzy Hash: a1839167aa180c42619ad643ddb8024cdd347c0831b0529f6c74a26638d682ba
Instruction Fuzzy Hash: CDB13777A04B89CAEB19CF2AC9463687BB4F784F48F148921DA6D877A4CF39D491D700

Function 000001FE724414E4 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 000001FE72441733
RaiseException.KERNEL32 ref: 000001FE72441744

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 7fa2203b5ce5cf4252278981a869295bf258e597fb1a3e488d01a74adacce12a
Instruction ID: cea94f6e419411e83dce92307ddb565bf1820cbe6bb058d3bac16b1d2a03ba90
Opcode Fuzzy Hash: 7fa2203b5ce5cf4252278981a869295bf258e597fb1a3e488d01a74adacce12a
Instruction Fuzzy Hash: 11B13C77600B898BEB15DF2AC4463A87BF1F344B48F299A25DA5D837B4DB39C452CB40

Function 000001FE72426540 Relevance: 3.2, APIs: 2, Instructions: 187COMMON

Download Yara Rule

APIs

EnumDisplayDevicesW.USER32 ref: 000001FE72426657
EnumDisplayDevicesW.USER32 ref: 000001FE724266FB

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: DevicesDisplayEnum
String ID:
API String ID: 2211661463-0
Opcode ID: cc35d58293e2a6cfe0a1170f41aea105dbdf075c9d6bc5bd653bff1d9627b245
Instruction ID: 910beafc32e82015bc13c3a61d895848a287efa8664a3f91b1db8b66c11ca227
Opcode Fuzzy Hash: cc35d58293e2a6cfe0a1170f41aea105dbdf075c9d6bc5bd653bff1d9627b245
Instruction Fuzzy Hash: C281C032614B8586E710DF26E8447AE77E5F388798F505326EE9C17BA9EF38C581CB40

Function 00007FF6612F6CD8 Relevance: 2.6, Strings: 2, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

Strings

gfff, xrefs: 00007FF6612F6E62
e+000, xrefs: 00007FF6612F6DE5

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID: e+000$gfff
API String ID: 0-3030954782
Opcode ID: eae3eaedb716b390790cfcc6eb53f328968db58e854ae428f084f307bb2cca52
Instruction ID: a7934566dedb7fdaf37d931e9edbf2e977484265b0a773c3fc645374d3554957
Opcode Fuzzy Hash: eae3eaedb716b390790cfcc6eb53f328968db58e854ae428f084f307bb2cca52
Instruction Fuzzy Hash: 28515B63B186C5CAE7248E35DA517697BA5E784F98F488235CB78CFAC5CE3DD4848700

Function 00007FF6612F9CD8 Relevance: 1.9, APIs: 1, Instructions: 373COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 00007FF6612F9E20

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-0
Opcode ID: f303fb9edb89c9981dcaa8221041ff2017a834cce71cc05f93e29e86dd0c05cc
Instruction ID: 45fb9bf6dc17ae3e339237e08a98cbe59cf301b8dbfaca6feb50a90d0c8cd910
Opcode Fuzzy Hash: f303fb9edb89c9981dcaa8221041ff2017a834cce71cc05f93e29e86dd0c05cc
Instruction Fuzzy Hash: 79129E22A08BC1CAE751CF2895452FD77A8FB98B48F459235EB9D8B652DF39E1D4C300

Function 00007FF6612FA448 Relevance: 1.8, APIs: 1, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f25a4eb04e97a1cbd05bf3468fe75687d39b44580424cbd94dd95bbadaa425fa
Instruction ID: c85ad2ee041538509d9adf644bee85a44ad3397d93fe3395149aad051f920923
Opcode Fuzzy Hash: f25a4eb04e97a1cbd05bf3468fe75687d39b44580424cbd94dd95bbadaa425fa
Instruction Fuzzy Hash: 33E13E32A04B81C6E720DB61E5412EA67B4F794B88F408536DF9E97B56EF78D245C340

Function 000001FE723FB480 Relevance: 1.7, APIs: 1, Instructions: 214COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000001FE723FB778

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: a601ca1276c21b47724a3241582a9fe8544e11206b351a3787c5851274bd72f5
Instruction ID: e918be7a03d27852e6ac2a2f1c14eac43c35f6ebf2329ca25ec30e90da31d3d2
Opcode Fuzzy Hash: a601ca1276c21b47724a3241582a9fe8544e11206b351a3787c5851274bd72f5
Instruction Fuzzy Hash: 2FA19972701B9A99EB00EB6AE4803EC77B1F318B48F544666CF8D57B69DB38C095C780

Function 000001FE723FC420 Relevance: 1.7, APIs: 1, Instructions: 210COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000001FE723FC718

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 0891f831d966b78e4d03c4c0c353bb6b9c219881d799290f37f10cb6bdff4155
Instruction ID: 7e044958d751b83dd17be18bee430808775dd3d0c5a12ef3c7506da5ee0ac769
Opcode Fuzzy Hash: 0891f831d966b78e4d03c4c0c353bb6b9c219881d799290f37f10cb6bdff4155
Instruction Fuzzy Hash: A8A18932705B9A99EB00DB6AE4803EC37B0F359B48F544966CF8D57BA5DB38C095C784

Function 00007FF6612FD550 Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6612F5CB8: GetLastError.KERNEL32 ref: 00007FF6612F5CC7
Part of subcall function 00007FF6612F5CB8: FlsGetValue.KERNEL32 ref: 00007FF6612F5CDC
Part of subcall function 00007FF6612F5CB8: SetLastError.KERNEL32 ref: 00007FF6612F5D67

Part of subcall function 00007FF6612F5CB8: FlsSetValue.KERNEL32 ref: 00007FF6612F5CFD

GetLocaleInfoW.KERNEL32 ref: 00007FF6612FD5B8

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: ErrorLastValue$InfoLocale
String ID:
API String ID: 673564084-0
Opcode ID: 1fc60497d60af84bc3a25616b2cbffb7f0d58d90d82e0e4919eba903a1a3e98e
Instruction ID: 3b35206d46eb9fe2432bc23e41c12de1bafe23ae40ed0f5addd3300fdc4df09a
Opcode Fuzzy Hash: 1fc60497d60af84bc3a25616b2cbffb7f0d58d90d82e0e4919eba903a1a3e98e
Instruction Fuzzy Hash: 70318632A48686CAEB248B21E5413BD73B5FBC4B49F448135DA5ECB795DF3CE4818740

Function 000001FE72449310 Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 000001FE72439EEC: GetLastError.KERNEL32 ref: 000001FE72439EFB
Part of subcall function 000001FE72439EEC: FlsGetValue.KERNEL32 ref: 000001FE72439F10
Part of subcall function 000001FE72439EEC: SetLastError.KERNEL32 ref: 000001FE72439F9B

Part of subcall function 000001FE72439EEC: FlsSetValue.KERNEL32 ref: 000001FE72439F31

GetLocaleInfoW.KERNEL32 ref: 000001FE72449378

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: ErrorLastValue$InfoLocale
String ID:
API String ID: 673564084-0
Opcode ID: d3f265d93177da05e9e3079d3dae9c7822de4fa7ba26229b0f968e85ede82faf
Instruction ID: dab8637cb76dcae4b43678b502002e6ae0c33b365bd6bc79229820160f53e3a1
Opcode Fuzzy Hash: d3f265d93177da05e9e3079d3dae9c7822de4fa7ba26229b0f968e85ede82faf
Instruction Fuzzy Hash: 55316432B0468386FB24EB23D8517EE73E1F789788F4482359A49876A5EB78D511CB80

Function 000001FE723C6510 Relevance: 1.6, Strings: 1, Instructions: 314COMMON

Download Yara Rule

Strings

QN , xrefs: 000001FE723C6877

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID:
String ID: QN
API String ID: 0-3349929942
Opcode ID: 4adeaebae40e5ff169471ee5d4a8d23a557c17ee84dec89bc840266fd6fece81
Instruction ID: b11cca0192fe2ce3e008ad89492ac7a5cdf8c33caa57bfeaadf0d3b815d242db
Opcode Fuzzy Hash: 4adeaebae40e5ff169471ee5d4a8d23a557c17ee84dec89bc840266fd6fece81
Instruction Fuzzy Hash: A402D532915BC589E7228F39E8813D977A4F7AD788F105325EBCC26B69EB74C294C740

Function 00007FF6612FD1A0 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6612F5CB8: GetLastError.KERNEL32 ref: 00007FF6612F5CC7
Part of subcall function 00007FF6612F5CB8: FlsGetValue.KERNEL32 ref: 00007FF6612F5CDC
Part of subcall function 00007FF6612F5CB8: SetLastError.KERNEL32 ref: 00007FF6612F5D67

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF6612FD98F,?,00000000,00000092,?,?,00000000,?,00007FF6612F42C1), ref: 00007FF6612FD23E

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: 381a7898935054535fb9b37bad717d8d2f933d4e212882dca7d474c99c627ba2
Instruction ID: fb3422c29cf4d78b22422f432fc2d7ae135dd9596c14e7f64aec74517cec6398
Opcode Fuzzy Hash: 381a7898935054535fb9b37bad717d8d2f933d4e212882dca7d474c99c627ba2
Instruction Fuzzy Hash: A911E467E48649CEEB158F15E1802B877B4FB80FA9F448135DA6A8B3C5DE38D5D1C740

Function 00007FF6612FD758 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6612F5CB8: GetLastError.KERNEL32 ref: 00007FF6612F5CC7
Part of subcall function 00007FF6612F5CB8: FlsGetValue.KERNEL32 ref: 00007FF6612F5CDC
Part of subcall function 00007FF6612F5CB8: SetLastError.KERNEL32 ref: 00007FF6612F5D67

GetLocaleInfoW.KERNEL32(?,?,?,00007FF6612FD502), ref: 00007FF6612FD78F

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: ErrorLast$InfoLocaleValue
String ID:
API String ID: 3796814847-0
Opcode ID: 453c54bd9860f3c2c2274d73c6c0209dd6e7591276c886d4b974ba9ca7b18a21
Instruction ID: e4dd778ab3e350d48b355e4775b73e66dd5970cdb663e06593558f8426f00aba
Opcode Fuzzy Hash: 453c54bd9860f3c2c2274d73c6c0209dd6e7591276c886d4b974ba9ca7b18a21
Instruction Fuzzy Hash: AB112732B18696CAE7788725A140A7E2274EB84F68F548631D67ECF6C4EE29D8C18340

Function 000001FE72449518 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 000001FE72439EEC: GetLastError.KERNEL32 ref: 000001FE72439EFB
Part of subcall function 000001FE72439EEC: FlsGetValue.KERNEL32 ref: 000001FE72439F10
Part of subcall function 000001FE72439EEC: SetLastError.KERNEL32 ref: 000001FE72439F9B

GetLocaleInfoW.KERNEL32 ref: 000001FE7244954F

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocaleValue
String ID:
API String ID: 3796814847-0
Opcode ID: 8a450860209e15821de9f16c01ed0612a725223f9a4b72f88eafb3edea00904a
Instruction ID: 922f3f42000513dba4b4e0b536cd8b789a02f4ac908c0f872b47b94510523224
Opcode Fuzzy Hash: 8a450860209e15821de9f16c01ed0612a725223f9a4b72f88eafb3edea00904a
Instruction Fuzzy Hash: 6E112733B1055283E774A726A840FBE32E2E344764F648731E626477E4F735CA829B80

Function 00007FF6612FD270 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6612F5CB8: GetLastError.KERNEL32 ref: 00007FF6612F5CC7
Part of subcall function 00007FF6612F5CB8: FlsGetValue.KERNEL32 ref: 00007FF6612F5CDC
Part of subcall function 00007FF6612F5CB8: SetLastError.KERNEL32 ref: 00007FF6612F5D67

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF6612FD94B,?,00000000,00000092,?,?,00000000,?,00007FF6612F42C1), ref: 00007FF6612FD2EE

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: a8334e6b54be681260e95f2da46ab40b3b68223c67b0e278abaffbc4ce1ac67b
Instruction ID: 67b2394ffc7271bb1cc8ee71ace9ce5fa63313f63e21e8579b54bd0614268b11
Opcode Fuzzy Hash: a8334e6b54be681260e95f2da46ab40b3b68223c67b0e278abaffbc4ce1ac67b
Instruction Fuzzy Hash: 1301F572F08289CAE7104F55E5807B972B5EB80FB8F458232C67A8B2C5DF68D4C0C740

Function 000001FE724183C0 Relevance: 1.5, APIs: 1, Instructions: 38COMMON

Download Yara Rule

APIs

BCryptCloseAlgorithmProvider.BCRYPT ref: 000001FE724183D9

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: AlgorithmCloseCryptProvider
String ID:
API String ID: 3378198380-0
Opcode ID: d61dc55b1e9e5116d326b15c7f4e0b9e12aad6f9a42ccdda626fcd5cd7eecf19
Instruction ID: 4d653e27c986ee87b5eef2469a10b5331710cb62eb281210c1b6714ab87bf041
Opcode Fuzzy Hash: d61dc55b1e9e5116d326b15c7f4e0b9e12aad6f9a42ccdda626fcd5cd7eecf19
Instruction Fuzzy Hash: 2A01A4B2700A8541FF14AB22D4453BD7391F744F88F544620DA4C0A6A5FF79C88596C0

Function 00007FF6612F8E4C Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF6612F91AF,?,?,?,?,?,?,?,?,00000000,00007FF6612FC7F0), ref: 00007FF6612F8E9B

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 22e6d56a2479983aa24c821f7915748be8a8f683883795b8a980db0dd1babcfa
Instruction ID: 953855337237d005747f42e1314dd2403898eb7a6de2ddaaaa883af7913fb963
Opcode Fuzzy Hash: 22e6d56a2479983aa24c821f7915748be8a8f683883795b8a980db0dd1babcfa
Instruction Fuzzy Hash: F4F08CB6B08A45C3EB04DB19E9911A97375FB88B80F188035EA1DCB7B5DE3CD5A0C304

Function 000001FE7243840C Relevance: 1.5, APIs: 1, Instructions: 28timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 000001FE72438420

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Time$FileSystem
String ID:
API String ID: 2086374402-0
Opcode ID: 0313ca540423402b24a5e7d9dd0e4952f66ee95e8b7b4026d8869da447446bf6
Instruction ID: 2dd6121059c00d1a7236511839745a41c7528b187bcdc1e5a7af185993001c7a
Opcode Fuzzy Hash: 0313ca540423402b24a5e7d9dd0e4952f66ee95e8b7b4026d8869da447446bf6
Instruction Fuzzy Hash: 11F0A7E1B2568943EE149756A5147A4A281AB6CBF4F04A331AD7D4EBEAFA2CC1508B00

Function 00007FF6612F6844 Relevance: 1.5, Strings: 1, Instructions: 254COMMONLIBRARYCODE

Download Yara Rule

Strings

gfffffff, xrefs: 00007FF6612F6B86

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID: gfffffff
API String ID: 0-1523873471
Opcode ID: 7f8d784388c29e50a9ea76849624ee7fdd6d3f0132adaebc282318182cf08c6d
Instruction ID: f0def06400dd3648d2cecc5f4b0172fa3ed0c1fb5917e81bcb40f8392f5c9d65
Opcode Fuzzy Hash: 7f8d784388c29e50a9ea76849624ee7fdd6d3f0132adaebc282318182cf08c6d
Instruction Fuzzy Hash: 25A16B62B087C6CAEB21CF26D1907A977A8EB90F88F048131DE9D8B785EE3DD545C701

Function 00007FF6612F02A8 Relevance: 1.5, Strings: 1, Instructions: 247COMMONLIBRARYCODE

Download Yara Rule

Strings

, xrefs: 00007FF6612F0484

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: d37ea77a3cce38cd321032bb1ff835da33d935561b5e8104ad0e6f6f8b8a62f8
Instruction ID: 71787c1c4670e6039b8165110ad82b2a2013ef31c348b33234b312d884f1653f
Opcode Fuzzy Hash: d37ea77a3cce38cd321032bb1ff835da33d935561b5e8104ad0e6f6f8b8a62f8
Instruction Fuzzy Hash: B9B19E72948649CAE7648F29925427C3BBAF785F4CF640135CA5ECB395CF29E481C718

Function 00007FF66130209C Relevance: 1.4, APIs: 1, Instructions: 145COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF661302141

Part of subcall function 00007FF6612F5798: HeapAlloc.KERNEL32(?,?,00000000,00007FF6612F5E92,?,?,?,00007FF6612F5929,?,?,?,?,00007FF6612F650C,?,?,00000028), ref: 00007FF6612F57ED

Part of subcall function 00007FF6612F5810: RtlFreeHeap.NTDLL(?,?,00007FF6612F5929,00007FF6612FACD6,?,?,?,00007FF6612FB053,?,?,00000000,00007FF6612FB9B9,?,?,?,00007FF6612FB8EB), ref: 00007FF6612F5826
Part of subcall function 00007FF6612F5810: GetLastError.KERNEL32(?,?,00007FF6612F5929,00007FF6612FACD6,?,?,?,00007FF6612FB053,?,?,00000000,00007FF6612FB9B9,?,?,?,00007FF6612FB8EB), ref: 00007FF6612F5830

Part of subcall function 00007FF661304700: _invalid_parameter_noinfo.LIBCMT ref: 00007FF661304733

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: ErrorHeapLast$AllocFree_invalid_parameter_noinfo
String ID:
API String ID: 916656526-0
Opcode ID: 053a47b18b98772e483d4cb8cedf15fedaac31aca4fa50d076ed251903ccc722
Instruction ID: 7b6464fc3acddba8de41d05bac0df5d8c4d81d0f182d6d417333e56e039160c0
Opcode Fuzzy Hash: 053a47b18b98772e483d4cb8cedf15fedaac31aca4fa50d076ed251903ccc722
Instruction Fuzzy Hash: 9441F121B09243C2FB645A627A117BAA2F4AF85FC5F444135EE4EDFB85EE3CE0058740

Function 00007FF6612C66E0 Relevance: 1.0, Instructions: 996COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a24e7cebadb25e1a1071a985e3153bb70c692dd492349961dac4431c1ac8243
Instruction ID: 054416150b765f92100ac53e98be4bf400421dc3db3b6f2d5d4bd771e75e8288
Opcode Fuzzy Hash: 9a24e7cebadb25e1a1071a985e3153bb70c692dd492349961dac4431c1ac8243
Instruction Fuzzy Hash: 9BA28CF6304A4087DB08CA5DE0A572AB766E3C8B94F40513AE75B877E8DE7CD895CB04

Function 00007FF6612C6730 Relevance: .9, Instructions: 934COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cca1694c4598a210c22f8f475ca8cb19f43e7237f1ec9f88dcea8dcebb1f8f2
Instruction ID: fefd815eaf521cb1cfd7a32778d406e727f6af6bce8e736b3bcb2926882ad436
Opcode Fuzzy Hash: 3cca1694c4598a210c22f8f475ca8cb19f43e7237f1ec9f88dcea8dcebb1f8f2
Instruction Fuzzy Hash: 6F928AF5304A4087DB08CA9DE0A572AB766E3C8B94F40513AE75B877E8DE7CD895CB04

Function 000001FE723C83D0 Relevance: .8, Instructions: 795COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0538767b6b45461ea7b05e4291f3168d71c376be44ab5dc851c2711e80cf8c7
Instruction ID: ff1e5b30ded69f8a69074980729ea49db1eb31512816eb639a7c8e8224750a10
Opcode Fuzzy Hash: d0538767b6b45461ea7b05e4291f3168d71c376be44ab5dc851c2711e80cf8c7
Instruction Fuzzy Hash: FAA27236615FD88AD7418FAAEC8129973B6F7487A8B101629EFCC57F18EBB4C164C740

Function 000001FE723C5520 Relevance: .8, Instructions: 792COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92d1996251d80856e090bd7b157ed2eb2c4f4045e96a232b4fbbcdab88e0eccc
Instruction ID: 05f5a8c9ddc09546366f90f0a443de797de2231c5cdbc4eb275f2d5c2f87c0d2
Opcode Fuzzy Hash: 92d1996251d80856e090bd7b157ed2eb2c4f4045e96a232b4fbbcdab88e0eccc
Instruction Fuzzy Hash: 0392E932914BC98AD7718F29E8412EAB7A8F79D748F505315EBCC16B19EB38C394CB44

Function 00007FF6612F23EC Relevance: .5, Instructions: 535COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84c0cb83c689dd070a6176691960342bf1b6f8408e44a1f4b5d5845a74465e3e
Instruction ID: 36d17dd2a7b5499645ac7aa8f1c9ab3ffc462c863b2b784150ea0ed687a03066
Opcode Fuzzy Hash: 84c0cb83c689dd070a6176691960342bf1b6f8408e44a1f4b5d5845a74465e3e
Instruction Fuzzy Hash: 1A425D61928E96C9E3638F75AA115356738BF52BC4F418333E81FFE650DF6EE4828600

Function 00007FF6612E81D0 Relevance: .5, Instructions: 490COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cbc041faab4c4b85c301c09ae377af77968fd4b1b396d05bf3904191bd81879
Instruction ID: 34bad6ef7711a79e76230cc14d4c397d86dcfc4b4d2d19ebbc29d2522b66e301
Opcode Fuzzy Hash: 0cbc041faab4c4b85c301c09ae377af77968fd4b1b396d05bf3904191bd81879
Instruction Fuzzy Hash: 3012D2727101A44BEA44DB2AE86C4BA37D2F79C78E7C56027FF898F349C62DA504D721

Function 00007FF6612E4C30 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6634bdd44a1fa22541afa8fe710b752d6f9a0eae90cea3df49b852092a4059f
Instruction ID: f5cb5de361cfc8325784f7b98f53b0416f88c9c656524774695c611d6d3d5b20
Opcode Fuzzy Hash: b6634bdd44a1fa22541afa8fe710b752d6f9a0eae90cea3df49b852092a4059f
Instruction Fuzzy Hash: 7112A426B282D1C7D7288B26D2407B977B5FB44B89F445035EB89CB784DF3DE6A09740

Function 00007FF6612C39E0 Relevance: .5, Instructions: 456COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 642dc4f14b60206c0f6215a59d388f5b7023f11b53123760bd48b8ccc2892c3b
Instruction ID: 37fb408b7beb30795e5c46c46e7d13d401e044710938b90c1945cdbf26d7e8d8
Opcode Fuzzy Hash: 642dc4f14b60206c0f6215a59d388f5b7023f11b53123760bd48b8ccc2892c3b
Instruction Fuzzy Hash: C822DA7261C2818FE3A4CA29E55076ABBF2F7C9708F144539F789C7A99DA7CD9408F04

Function 000001FE723A6610 Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c14d958fe464adc388debaf94bc47cc9bcd4eaef4c4eaf33323983724edd9411
Instruction ID: 71a3286156789e63cea4cd8156b3b088051c5ee5f26e6147bc8da2e1a34143cd
Opcode Fuzzy Hash: c14d958fe464adc388debaf94bc47cc9bcd4eaef4c4eaf33323983724edd9411
Instruction Fuzzy Hash: 2712E732A05FC98AD7708F29E84139AB3E4F799788F505325EACC57B19EB38C254CB44

Function 00007FF6612F07B4 Relevance: .3, Instructions: 327COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec41fcf7318b3fdb136675af6d95facf500f9601c2ec072af153a2977cac78c0
Instruction ID: 4d06eb862e386862a4d2633049f27eb2a5d0f1efb56d0ae146024e85d9e4f63e
Opcode Fuzzy Hash: ec41fcf7318b3fdb136675af6d95facf500f9601c2ec072af153a2977cac78c0
Instruction Fuzzy Hash: 0DD1F722A48646C9FB688E29C61063D23BAFB85F4CF144235CE2DCB695DF39E8C5C344

Function 00007FF6612F4110 Relevance: .3, Instructions: 309COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
String ID:
API String ID: 4023145424-0
Opcode ID: ccdc4cc223566a9e700b4a92f04d3f31291b7a6cb77f8d2068ca2b5d0f3811b7
Instruction ID: 8ef0b43d775cf43be945df6ce8c4328a4322905d813b1656f296d7e8e7acca2f
Opcode Fuzzy Hash: ccdc4cc223566a9e700b4a92f04d3f31291b7a6cb77f8d2068ca2b5d0f3811b7
Instruction Fuzzy Hash: 46C1C026A486C2C9EB609B2197107BA27B8FBD4F8CF404035DEADDBA95DE7CD585C700

Function 00007FF6612EC550 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46f11c4fce7bcea95ba431acbf49a59f23e7ae597986c30c574894197be224cf
Instruction ID: c6174112bd0813b76599e9fb6f7d1c6d22b4312ea0e303aa7147a35d20c0a7fc
Opcode Fuzzy Hash: 46f11c4fce7bcea95ba431acbf49a59f23e7ae597986c30c574894197be224cf
Instruction Fuzzy Hash: 70B1C397E28FC641F713873D50425B2F325AFFBBA4A25E323F9E470611AF64A2D58214

Function 00007FF6612FC8B4 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: ErrorLast$Value_invalid_parameter_noinfo
String ID:
API String ID: 1500699246-0
Opcode ID: 016909b738e5124339fad153d3415a28628c645a638055c2929be9a92ab91f6c
Instruction ID: cd0cb61e891a85121feccf8a7950dcd320bf1e2375d95d69398d05852bbfb8d3
Opcode Fuzzy Hash: 016909b738e5124339fad153d3415a28628c645a638055c2929be9a92ab91f6c
Instruction Fuzzy Hash: 87B1C762A4864ACAEB54DF21D611AB933B4EBC4F8CF404131DA69CB6C9DF3CE5A5C740

Function 00007FF661313DA0 Relevance: .2, Instructions: 207COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: d98f4d47e0a857b1cf393355eb1c2583f24a2c3040599a4cd7810a84d3a9fbd0
Instruction ID: a26ba42c7b664a49490c3db5797e783f30c4ee351b03f6b40849476d0a3e3bcf
Opcode Fuzzy Hash: d98f4d47e0a857b1cf393355eb1c2583f24a2c3040599a4cd7810a84d3a9fbd0
Instruction Fuzzy Hash: BF819072A04A51C6EB64CE25D48237D33B4FB84FA8F548636EE6EAB785CF38D0518340

Function 00007FF6612E9C10 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 976ad66ee5da2cf88b50c9bfd367b15b8b9c24bdb5795f368fa9833ed7feb0ee
Instruction ID: aee4b9a06f46aa659d1290d7f12c7ec06068be358760efca8d3ab18b1cc8af1b
Opcode Fuzzy Hash: 976ad66ee5da2cf88b50c9bfd367b15b8b9c24bdb5795f368fa9833ed7feb0ee
Instruction Fuzzy Hash: 4F717D61E387D182EB16473CA5021B19669AFE27C5F50E333F98479B96FF3D91928304

Function 00007FF6612F7358 Relevance: .2, Instructions: 198COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47cc90599417af31cb42002b1ceffe57e88da7026f26894e3c97641a83985020
Instruction ID: 9fac925dea995cb5241967db938874c05de7aaef32200cb9cfdd31710fd258ea
Opcode Fuzzy Hash: 47cc90599417af31cb42002b1ceffe57e88da7026f26894e3c97641a83985020
Instruction Fuzzy Hash: 2581E672A48781C9E774CB19A64537A7AB4FBC5B98F104235DEAD8BB85CF3DD4808B00

Function 00007FF6612E7F90 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6fef933332038a432e0cbe0650c9c98f510f7709ea3c3125d6e13103ebde481
Instruction ID: 881708eecc9e7dce9d856eb80f5ee020e50e0c1de36d3602531699a5f3a16147
Opcode Fuzzy Hash: e6fef933332038a432e0cbe0650c9c98f510f7709ea3c3125d6e13103ebde481
Instruction Fuzzy Hash: C351C1B2F580E14BDFAC433DA935F782DD98B82354B09A039E195C9AD7E41EC242BB44

Function 000001FE7241E2F0 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fb7937483d9751731351928e76aee8723c875862e1f4a830a78d4c5ab3ff41f
Instruction ID: b068fd201f14eee4cd97537831a6346aa3bcf7792289d4a76b3f12335116e48b
Opcode Fuzzy Hash: 8fb7937483d9751731351928e76aee8723c875862e1f4a830a78d4c5ab3ff41f
Instruction Fuzzy Hash: ED5104B3B0568443DB248B49F842796F7A5FB987C5F00A126EE8D57B68EB3CD5808B00

Function 00007FF6612EF7EC Relevance: .1, Instructions: 145COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
Instruction ID: 496d31be2bfd6436eb03402355261537351cb37ad7eacc6fa8a60ee5843075f8
Opcode Fuzzy Hash: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
Instruction Fuzzy Hash: B3513236A186A1C5E7248B39E15423A37B4EB45F5CF254131CE8D9B794CF3AEA93C740

Function 00007FF6612EF9F0 Relevance: .1, Instructions: 145COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
Instruction ID: 81e583fa9825732bf683673a5d0a3b42c3013c61a1e7d80fa694ef654fdab983
Opcode Fuzzy Hash: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
Instruction Fuzzy Hash: BD517336A18691C5EB248B39E15022A37B9EB49F5CF254135CE4C9F794DF3AEE82C740

Function 00007FF6612EFBF4 Relevance: .1, Instructions: 145COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
Instruction ID: b1083dc45ae042b74f1f58c5dc8ed4cf6f3b48e7f1bfda4416f0971a079d3cb3
Opcode Fuzzy Hash: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
Instruction Fuzzy Hash: B0516076A18691C6E7248B39E14027A37B8EB45F5CF345131CE4D9B7A4CF3AEA92C740

Function 000001FE72435598 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
Instruction ID: 7f3915740f5df4a49927a1e3f78989a0310c8210ee1aff432f22bfbff988202d
Opcode Fuzzy Hash: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
Instruction Fuzzy Hash: DA515E76221A5186E724AB2AD0443B93BE1E74CF58F248221CE4D677B6E736DD52CFC0

Function 000001FE72435394 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
Instruction ID: 10bbca58fde4b0a3218b7cb7a2c357379fbf6157bc6b87e46037048151f1069f
Opcode Fuzzy Hash: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
Instruction Fuzzy Hash: EA51737762465186E7289B2AD0403BC3BE1E35CF68F248221CE49677B6E776D842CFC0

Function 00007FF6613028CC Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 252e97116b409d639cb7cf3346977e6c479a1c19db0d37f8eb51e4ebf816e3a9
Instruction ID: c30b55b3a99af83c41108ab6170726a6d11cd5e953fb861d8c3fff4b3537441d
Opcode Fuzzy Hash: 252e97116b409d639cb7cf3346977e6c479a1c19db0d37f8eb51e4ebf816e3a9
Instruction Fuzzy Hash: E941C467B14A6582EF04CF2AD964169A3B1FB48FD0B499032DE4EDBB58DE3CD1818340

Function 00007FF6612ECFA0 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3993780a94f75fabcfaabf439322e03bb81cee0a4827234de154ef40bcba7dd
Instruction ID: 4a50a3fe389e6dbce18b6cd978c573da85d23d6e7de053b95db05bcf7c8452de
Opcode Fuzzy Hash: e3993780a94f75fabcfaabf439322e03bb81cee0a4827234de154ef40bcba7dd
Instruction Fuzzy Hash: D4310D96D19BC986E702DB39A842231F3A0BF9AB90F90D321EDF5B8555DF2CF1544704

Function 00007FF6612EAF56 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e816ee9afbbd517afeac584de8933918a4fef5f7729cbd70fe33994d3c5995a
Instruction ID: 2b3155e598a7bd170e6171a99f9a21d1ce7fa9fd0840acf16f757e3a68bee986
Opcode Fuzzy Hash: 3e816ee9afbbd517afeac584de8933918a4fef5f7729cbd70fe33994d3c5995a
Instruction Fuzzy Hash: 84219597C1DBCD85E7129B3EA882171E360BFAAAA0F64D321EDF4B8415AF18B1944714

Function 000001FE724752E0 Relevance: .0, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1902b4920a8daad50d42d69a3c6c0cdc84067dc9195abc0bde99b515c7176ce7
Instruction ID: 1b30807dc27494f32996783dfca20bb40662438b6e87783fdbd2f6e1998b3121
Opcode Fuzzy Hash: 1902b4920a8daad50d42d69a3c6c0cdc84067dc9195abc0bde99b515c7176ce7
Instruction Fuzzy Hash: D81112AB50EAC20AFAA15B250D972E83FD1F762B14F0D015A8F508F3E3F5C6180A5F41

Function 00007FF6612ECEB2 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93c464e3852cc5915b9151c8cba22a9675c3ba6e6f19de27809d4dbd020f5729
Instruction ID: cc38d640d83d8a8b19bc768fb2d89e5941552ce017e6233d3830ffb0632ea9c7
Opcode Fuzzy Hash: 93c464e3852cc5915b9151c8cba22a9675c3ba6e6f19de27809d4dbd020f5729
Instruction Fuzzy Hash: 341154C6C5AB9D45EB039B3E9882061B260AF6A9A4A74D762EDF07C121EF2571D84314

Function 00007FF6612F9AA0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31e39b6c27bf28f0e056e49cbc12428bf1b6f050c7fc376ff2e6193081efeec9
Instruction ID: 144774f88d1c45a21d4222f5279ebc3382172705a603f1df4d8d84f5a74d39d9
Opcode Fuzzy Hash: 31e39b6c27bf28f0e056e49cbc12428bf1b6f050c7fc376ff2e6193081efeec9
Instruction Fuzzy Hash: 63F06DB1B19155CBDB94CF28E40252577E0F744794F504039E59DC7B38DE3C90508F04

Function 000001FE72430254 Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 407COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000001FE72430283
_invalid_parameter_noinfo.LIBCMT ref: 000001FE72430353

Strings

0, xrefs: 000001FE72430325
0, xrefs: 000001FE7243037D
0, xrefs: 000001FE7243038F

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0$0$0
API String ID: 3215553584-3137946472
Opcode ID: 4b936a4394e80428ad7bf41d875096a3e7add69c0315c25dc0869b4c3066c4ac
Instruction ID: ed037eecf50bb137ab40e9486217f2ad5c5389ed894c593675c7d45e983052fd
Opcode Fuzzy Hash: 4b936a4394e80428ad7bf41d875096a3e7add69c0315c25dc0869b4c3066c4ac
Instruction Fuzzy Hash: 1BE1D53210669686F760AF2A81983FD3BD5E351B84F54E332C684677F7E6398859CF80

Function 00007FF6612B4C00 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 52COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6612B4C1F
_Yarn.LIBCPMTD ref: 00007FF6612B4C31
_Yarn.LIBCPMTD ref: 00007FF6612B4C43
_Yarn.LIBCPMTD ref: 00007FF6612B4C55
_Yarn.LIBCPMTD ref: 00007FF6612B4C67
_Yarn.LIBCPMTD ref: 00007FF6612B4C79
_Yarn.LIBCPMTD ref: 00007FF6612B4C8B
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF6612B4CA3

Part of subcall function 00007FF66130B954: _Yarn.LIBCPMT ref: 00007FF66130B982

Strings

bad locale name, xrefs: 00007FF6612B4CAB

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Yarn$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3904239083-1405518554
Opcode ID: fdf93c7b3725d3de9480c70fc984c330f16ff8bafd09a5e6a50b7f6b76af3ea8
Instruction ID: f42b54c72441ce9240819d002c17fcf300a35e534718713ae457d1744d71a313
Opcode Fuzzy Hash: fdf93c7b3725d3de9480c70fc984c330f16ff8bafd09a5e6a50b7f6b76af3ea8
Instruction Fuzzy Hash: 54113D61A5AA8682DE00E72AE58126E53B4FF83F8CF500435EA8E5B76BCE2DD4518704

Function 00007FF6612B35B0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 181COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6612B35DB
RtlImageNtHeader.NTDLL ref: 00007FF6612B3606

Strings

ntdll.dll, xrefs: 00007FF6612B35D4
.data, xrefs: 00007FF6612B35E6
.mrdata, xrefs: 00007FF6612B36DA

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: HandleHeaderImageModule
String ID: .data$.mrdata$ntdll.dll
API String ID: 1307054163-825320017
Opcode ID: 540e6d451a2b33d2f7aa5391ba2a9d0ff351769d0afe938c76c5a5a31751ba7e
Instruction ID: 43c50cf5694b99785de5c0b05560862fd64ae4803617d6561aac42f7980c9922
Opcode Fuzzy Hash: 540e6d451a2b33d2f7aa5391ba2a9d0ff351769d0afe938c76c5a5a31751ba7e
Instruction Fuzzy Hash: 5AA1EC36619B85C6E760CB15E54436AB7B8F788B98F504535EA8D8BBA8DF3CD484CB00

Function 00007FF6612F8EC8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,?,00007FF6612F95D0,?,?,?,?,00007FF6612FDBCD,?,?,?,?,00007FF66130B3F8), ref: 00007FF6612F9044
GetProcAddress.KERNEL32(?,?,?,00007FF6612F95D0,?,?,?,?,00007FF6612FDBCD,?,?,?,?,00007FF66130B3F8), ref: 00007FF6612F9050

Strings

api-ms-, xrefs: 00007FF6612F8F8E
ext-ms-, xrefs: 00007FF6612F8FA1

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 88c23d9036aded5f7076838acfe0058b8650966d7edef86c05992df23181fc12
Instruction ID: ae15e6bd4294606020ececb97e2f6b6f179a8a913e664598e28acd5b6114ef08
Opcode Fuzzy Hash: 88c23d9036aded5f7076838acfe0058b8650966d7edef86c05992df23181fc12
Instruction Fuzzy Hash: E241E821B15A02CAFF168B16AA2057562B9BF85F94F484135EE2DDF794EE3CE4858300

Function 000001FE7241B2D0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET ref: 000001FE7241B33B
InternetOpenUrlA.WININET ref: 000001FE7241B370
InternetReadFile.WININET ref: 000001FE7241B391
InternetReadFile.WININET ref: 000001FE7241B3CF
InternetCloseHandle.WININET ref: 000001FE7241B3DC
InternetCloseHandle.WININET ref: 000001FE7241B3E5

Strings

File Downloader, xrefs: 000001FE7241B334

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandleOpenRead
String ID: File Downloader
API String ID: 4038090926-3631955488
Opcode ID: 2d8777ee4260c80b314c9bed156458a8780df2b315401914807f3b6119ccca09
Instruction ID: 332758a2a372f9f7d685e26a2532a99a7c935974f9622fc19619af5ce293733f
Opcode Fuzzy Hash: 2d8777ee4260c80b314c9bed156458a8780df2b315401914807f3b6119ccca09
Instruction Fuzzy Hash: 8131A43270478586EB20AF26E8507EAB3A1F788BC4F544225EE4947B68EF78C555CF40

Function 00007FF6612F146C Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6612F14AF
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6612F189C
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6612F1B38

Strings

p, xrefs: 00007FF6612F15D9
p, xrefs: 00007FF6612F1561
f, xrefs: 00007FF6612F15D1

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$p$p
API String ID: 3215553584-1995029353
Opcode ID: 35f128cec712ba658e9c7200868182dc03db665a37542de7a91c1d423a514665
Instruction ID: 1d614eda3940a7f30432d0735e83b683169de1153d1ebc811c891ed397d4a5ca
Opcode Fuzzy Hash: 35f128cec712ba658e9c7200868182dc03db665a37542de7a91c1d423a514665
Instruction Fuzzy Hash: B61284A1E4C183CDFB249A15E25467976B9FBC0F58FC84135E6A98A6C4DF3CE8C48B40

Function 00007FF6613035B8 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6613039E5

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 2111bb826fba5276a3a9dd84415bba117cbc3f7a0067bdd87d396387dbaf4657
Instruction ID: 56eb14b2f8322f5aed9aa6bb1e660a65ffc24ce0604f095b0e327b2aa6cdb1a6
Opcode Fuzzy Hash: 2111bb826fba5276a3a9dd84415bba117cbc3f7a0067bdd87d396387dbaf4657
Instruction Fuzzy Hash: 08C10022A0C786CAE720DB159440BBE7BB5EF81F91F554131DA5F9B391CE7CE8898380

Function 00007FF6612CEFC0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 241COMMON

Download Yara Rule

APIs

ReadNoFence64.LIBCMTD ref: 00007FF6612CF011

Strings

+, xrefs: 00007FF6612CF0AE
0123456789abcdefghijklmnopqrstuvwxyz, xrefs: 00007FF6612CF334
4, xrefs: 00007FF6612CF30A
d, xrefs: 00007FF6612CF0CC
4, xrefs: 00007FF6612CEFE9

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Fence64Read
String ID: +$0123456789abcdefghijklmnopqrstuvwxyz$4$4$d
API String ID: 3999070443-264949567
Opcode ID: 1743ddae81d6ea49377a863fa6a1ec82f2316a6d258534a902e75a0a57e9bff6
Instruction ID: 09ad97e966a86098419ccf7e05ea454f1a300ffec200a7efc5caf9fa9e22df6c
Opcode Fuzzy Hash: 1743ddae81d6ea49377a863fa6a1ec82f2316a6d258534a902e75a0a57e9bff6
Instruction Fuzzy Hash: D8C1B43250DBC4CADBA18B19F5803AAB7A4E799B94F104125EBDD87B98CF7DD4948F00

Function 00007FF66130AF88 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF66130B18F,?,?,00000000,00007FF661307CE2,?,?,?,00007FF6613174ED), ref: 00007FF66130B00D
GetLastError.KERNEL32(?,?,?,00007FF66130B18F,?,?,00000000,00007FF661307CE2,?,?,?,00007FF6613174ED), ref: 00007FF66130B01B
LoadLibraryExW.KERNEL32(?,?,?,00007FF66130B18F,?,?,00000000,00007FF661307CE2,?,?,?,00007FF6613174ED), ref: 00007FF66130B045
FreeLibrary.KERNEL32(?,?,?,00007FF66130B18F,?,?,00000000,00007FF661307CE2,?,?,?,00007FF6613174ED), ref: 00007FF66130B0B3
GetProcAddress.KERNEL32(?,?,?,00007FF66130B18F,?,?,00000000,00007FF661307CE2,?,?,?,00007FF6613174ED), ref: 00007FF66130B0BF

Strings

api-ms-, xrefs: 00007FF66130B02D

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 0d0ac073453aeb45f407a3059d888d0c76c4a1015270bd98423673d19d5896fd
Instruction ID: 4dfe7b29caf610e46d160cfef7f003b9b14ac0dc2e756c491dcac52bcf7652a7
Opcode Fuzzy Hash: 0d0ac073453aeb45f407a3059d888d0c76c4a1015270bd98423673d19d5896fd
Instruction Fuzzy Hash: F031A025B1A642D1EF22DB16A81057663F8FF48FA5F098535DD2EAE398EF3CE4458340

Function 00007FF6612F5CB8 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF6612F5CC7
FlsGetValue.KERNEL32 ref: 00007FF6612F5CDC
FlsSetValue.KERNEL32 ref: 00007FF6612F5CFD
FlsSetValue.KERNEL32 ref: 00007FF6612F5D2A
FlsSetValue.KERNEL32 ref: 00007FF6612F5D3B
FlsSetValue.KERNEL32 ref: 00007FF6612F5D4C
SetLastError.KERNEL32 ref: 00007FF6612F5D67

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 0e9a261044974c98fe15c55c3d55f2b3032747381efac69e6f322ca96625eeb5
Instruction ID: 3c05d4c6bacdfa1112123dcbd85531074bc1db065a71cfcef653b4e51f73969b
Opcode Fuzzy Hash: 0e9a261044974c98fe15c55c3d55f2b3032747381efac69e6f322ca96625eeb5
Instruction Fuzzy Hash: EC21B320E4D642CAFB185731575913951B95FC4FB8F548739E83E8E7D6DE2CA4828700

Function 00007FF6613049EC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF661304A1D
GetLastError.KERNEL32 ref: 00007FF661304A29
CloseHandle.KERNEL32 ref: 00007FF661304A41
CreateFileW.KERNEL32 ref: 00007FF661304A6C
WriteConsoleW.KERNEL32 ref: 00007FF661304A8B

Strings

CONOUT$, xrefs: 00007FF661304A4D

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 143c3a3f26d5e4478db14557210d9b5f5d56c35c52044c9f27410f3b50e0fd75
Instruction ID: c1d084f48077524af548b84c0179379563b82eac25624c2df5966974ebbfc3e2
Opcode Fuzzy Hash: 143c3a3f26d5e4478db14557210d9b5f5d56c35c52044c9f27410f3b50e0fd75
Instruction Fuzzy Hash: D4118E22A18A51C6E7508B12E855369B2B0FB98FE4F004234EA5EDBBA8DF7CD9448744

Function 000001FE7245D42C Relevance: 9.2, APIs: 6, Instructions: 239COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 000001FE7245D4D9
MultiByteToWideChar.KERNEL32 ref: 000001FE7245D575
MultiByteToWideChar.KERNEL32 ref: 000001FE7245D61E
MultiByteToWideChar.KERNEL32 ref: 000001FE7245D648
MultiByteToWideChar.KERNEL32 ref: 000001FE7245D6F0
CompareStringEx.KERNEL32 ref: 000001FE7245D73D

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$CompareInfoString
String ID:
API String ID: 2984826149-0
Opcode ID: 26eb7e015d5d110b74ff0d84bcaa31491d724dbf353ec7a17117fafe3eaea0ab
Instruction ID: 2d79167d7b615f9d7fc8182fcbc5c1f32d4dfa67b52e90089c46c6945074676c
Opcode Fuzzy Hash: 26eb7e015d5d110b74ff0d84bcaa31491d724dbf353ec7a17117fafe3eaea0ab
Instruction Fuzzy Hash: F7A16B72601A82C6EF21AB3794547F977D1AB41BA8F444731DAA90B7E5FB38C444DB80

Function 00007FF6612D8020 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 458COMMON

Download Yara Rule

Strings

e, xrefs: 00007FF6612D8088
&, xrefs: 00007FF6612D80CE
nan, xrefs: 00007FF6612D824A

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID: &$e$nan
API String ID: 0-1192993855
Opcode ID: 07c1dcf7fe85bbc1e067f6de4f926c6fb306207c60ad19f74a8bddca7f9c4e8f
Instruction ID: ff76b3d461b9ed88a33b0bc91df52f08943d195f38fb495d2f04e461aeee4e70
Opcode Fuzzy Hash: 07c1dcf7fe85bbc1e067f6de4f926c6fb306207c60ad19f74a8bddca7f9c4e8f
Instruction Fuzzy Hash: 8042D332A0CAC589D7B18B15E5903EEB7A8FB88B44F444126DACD87B99DF3CD584DB40

Function 00007FF6612D9C20 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 457COMMON

Download Yara Rule

Strings

e, xrefs: 00007FF6612D9C88
nan, xrefs: 00007FF6612D9E4A
&, xrefs: 00007FF6612D9CCE

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID: &$e$nan
API String ID: 0-1192993855
Opcode ID: 5bed7973e5487bab54717232cb26603583bcbfed259e19c44ec6817ed4f113ea
Instruction ID: 5bf704715b8b95d8f7a8fffbad0cc87d91376bee815ab5022c1d24bf64a21de1
Opcode Fuzzy Hash: 5bed7973e5487bab54717232cb26603583bcbfed259e19c44ec6817ed4f113ea
Instruction Fuzzy Hash: 8842D532A0CAC589D7B18B15E5903EEB7A8FB89B84F404126DACD87B59DF7CD584CB40

Function 00007FF6612D9120 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 457COMMON

Download Yara Rule

Strings

&, xrefs: 00007FF6612D91CE
nan, xrefs: 00007FF6612D934A
e, xrefs: 00007FF6612D9188

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID:
String ID: &$e$nan
API String ID: 0-1192993855
Opcode ID: 7952403a15a35431d6767a2053f8123c38403e361d52805be08b9de745fd9cb8
Instruction ID: 640e8417b03f46496da7f93cbfbe1d6d929de4e3209b4f544908544ef3ea0274
Opcode Fuzzy Hash: 7952403a15a35431d6767a2053f8123c38403e361d52805be08b9de745fd9cb8
Instruction Fuzzy Hash: 7142C432A0CAC589DBB18A15E5903EEB7A8FB89B44F404126DACD87B59DF3CD594CB40

Function 00007FF66130D26C Relevance: 9.2, APIs: 6, Instructions: 206COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF66130D2DC
MultiByteToWideChar.KERNEL32 ref: 00007FF66130D37A
LCMapStringEx.KERNEL32 ref: 00007FF66130D3E3
LCMapStringEx.KERNEL32 ref: 00007FF66130D435
LCMapStringEx.KERNEL32 ref: 00007FF66130D4DA
WideCharToMultiByte.KERNEL32 ref: 00007FF66130D534

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: 2b2fdd1503a79b380a1020f4e969409d4e922ebcf1c0befb99e6f4eb1a253c2d
Instruction ID: 2cca4e0970157a4261ca3109aac769bbad806d0a7dcf4d886ea9f7c54d340c2f
Opcode Fuzzy Hash: 2b2fdd1503a79b380a1020f4e969409d4e922ebcf1c0befb99e6f4eb1a253c2d
Instruction Fuzzy Hash: C6817072A08781C6EB208F25A540269B7F5FF84FA9F544631EA5E9BBD8DF3CD4448740

Function 00007FF6612F5E30 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF6612F5929,?,?,?,?,00007FF6612F650C,?,?,00000028,00007FF661305573), ref: 00007FF6612F5E3F
FlsSetValue.KERNEL32(?,?,?,00007FF6612F5929,?,?,?,?,00007FF6612F650C,?,?,00000028,00007FF661305573), ref: 00007FF6612F5E75
FlsSetValue.KERNEL32(?,?,?,00007FF6612F5929,?,?,?,?,00007FF6612F650C,?,?,00000028,00007FF661305573), ref: 00007FF6612F5EA2
FlsSetValue.KERNEL32(?,?,?,00007FF6612F5929,?,?,?,?,00007FF6612F650C,?,?,00000028,00007FF661305573), ref: 00007FF6612F5EB3
FlsSetValue.KERNEL32(?,?,?,00007FF6612F5929,?,?,?,?,00007FF6612F650C,?,?,00000028,00007FF661305573), ref: 00007FF6612F5EC4
SetLastError.KERNEL32(?,?,?,00007FF6612F5929,?,?,?,?,00007FF6612F650C,?,?,00000028,00007FF661305573), ref: 00007FF6612F5EDF

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: cf8115dcaa5ee2122fb104c4df6f54fc23ab72e4ca67caacefd1d5263795953b
Instruction ID: 6321c555b8b07deacb69885d9a177b5f02828bbbe61d148ad8c62520641c2870
Opcode Fuzzy Hash: cf8115dcaa5ee2122fb104c4df6f54fc23ab72e4ca67caacefd1d5263795953b
Instruction Fuzzy Hash: 81118120E8C242CAFB185B355B5517961BA5FC8FB8F54C639E83ECE7D6DE2CA4908300

Function 00007FF6612CDB90 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 272COMMON

Download Yara Rule

APIs

std::_Load_relaxed_4.LIBCONCRTD ref: 00007FF6612CDBC8

Strings

e, xrefs: 00007FF6612CDF5E
%, xrefs: 00007FF6612CDDE7
o, xrefs: 00007FF6612CDDF2
u, xrefs: 00007FF6612CDDDC

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Load_relaxed_4std::_
String ID: %$e$o$u
API String ID: 1853752696-1884988985
Opcode ID: 5fa3bfed00eb7f098b7cf37669c34e1e722c137927b02883ea76b391b0f2ab52
Instruction ID: 71006d76134811f46e7dc9c8dacbc63d5bef34f908d8e2c271bb9ab8a7a0352d
Opcode Fuzzy Hash: 5fa3bfed00eb7f098b7cf37669c34e1e722c137927b02883ea76b391b0f2ab52
Instruction Fuzzy Hash: 9AE1A432608BC5C9DBA1CB15E5903EAB7B4F788B84F504126EA8D87B69DF7CD584CB40

Function 00007FF6612D8B30 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 260COMMON

Download Yara Rule

APIs

_Mpunct.LIBCPMTD ref: 00007FF6612D8CB3
_Mpunct.LIBCPMTD ref: 00007FF6612D8E3F

Strings

0, xrefs: 00007FF6612D8BB8
., xrefs: 00007FF6612D8F49
0, xrefs: 00007FF6612D8FAD

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Mpunct
String ID: .$0$0
API String ID: 4240859931-1691970187
Opcode ID: e9687b47ea457237dee4bdc78be1e40fba84c5c64e038008681aa2fe3be40f6b
Instruction ID: 8efeada49dfd491c76e9be360797e87feb3fd298e70ec09fee45aa50a5440bdf
Opcode Fuzzy Hash: e9687b47ea457237dee4bdc78be1e40fba84c5c64e038008681aa2fe3be40f6b
Instruction Fuzzy Hash: 07D1A736609BC9D5DBA1DB1AE4902EAB774F7C9F84F408026DF8D87B69DE28C545CB00

Function 00007FF6612B2020 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 224COMMON

Download Yara Rule

APIs

allocator.LIBCONCRTD ref: 00007FF6612B23D2

Part of subcall function 00007FF6612B66C0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6612B66DD

Strings

eax, xrefs: 00007FF6612B21F6
rbx, xrefs: 00007FF6612B2070
ebx, xrefs: 00007FF6612B20A8
rax, xrefs: 00007FF6612B21A3

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWorkallocator
String ID: eax$ebx$rax$rbx
API String ID: 1755220593-2388916327
Opcode ID: c01962a9961ff03dcf299c024bebee3a4452aa249518325b59cd457b6bb118a3
Instruction ID: c654b71367d919af92a4402f749ae7b92df3cc3a49dba487460cca4d70161b4a
Opcode Fuzzy Hash: c01962a9961ff03dcf299c024bebee3a4452aa249518325b59cd457b6bb118a3
Instruction Fuzzy Hash: 29D14323D18BC1C9E321CF3899413E977B0FBA9748F045325EAC99BA5ADFB89645C344

Function 00007FF6612CB1E0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 195COMMON

Download Yara Rule

APIs

ReadNoFence64.LIBCMTD ref: 00007FF6612CB22E

Strings

nan(ind), xrefs: 00007FF6612CB390
nan, xrefs: 00007FF6612CB3C1
inf, xrefs: 00007FF6612CB35F
nan(snan), xrefs: 00007FF6612CB3D8

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Fence64Read
String ID: inf$nan$nan(ind)$nan(snan)
API String ID: 3999070443-3276396208
Opcode ID: e246f93cfd8b01a24d44e219b48bef0b546a2f143c45bedcdc11885149c42856
Instruction ID: 8079ce1d2156f3055ae835e7de476d45fafabb1f4619f4285e78cc8e9f068c54
Opcode Fuzzy Hash: e246f93cfd8b01a24d44e219b48bef0b546a2f143c45bedcdc11885149c42856
Instruction Fuzzy Hash: 54A1EC2660DBC5C5DBB0CB55F9903AAA7B4F784B94F504126EA8E87B98DF3CD484CB00

Function 00007FF6612CD630 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 187COMMON

Download Yara Rule

APIs

ReadNoFence64.LIBCMTD ref: 00007FF6612CD656

Strings

0p+0, xrefs: 00007FF6612CD66C
0123456789abcdefghijklmnopqrstuvwxyz, xrefs: 00007FF6612CD862
1, xrefs: 00007FF6612CD74D
4, xrefs: 00007FF6612CD838

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Fence64Read
String ID: 0123456789abcdefghijklmnopqrstuvwxyz$0p+0$1$4
API String ID: 3999070443-1197085086
Opcode ID: 22605e3e1ccf5c9f3454907df50a8bf921d3aa5bdd4aa9ee1894e77eaf097de2
Instruction ID: 01a1aa320f968a7c7fc684b50a9dffada3530b0bfe7632782aa881493c04f034
Opcode Fuzzy Hash: 22605e3e1ccf5c9f3454907df50a8bf921d3aa5bdd4aa9ee1894e77eaf097de2
Instruction Fuzzy Hash: B9A1723660DBC8C5DBA08B09E5903AAB7B5F384B94F105125EB8D87BA8DF7CD484CB01

Function 00007FF6612CAE00 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 183COMMON

Download Yara Rule

APIs

std::_Load_relaxed_4.LIBCONCRTD ref: 00007FF6612CAE4E

Strings

nan, xrefs: 00007FF6612CAF8F
nan(snan), xrefs: 00007FF6612CAFA6
inf, xrefs: 00007FF6612CAF41
nan(ind), xrefs: 00007FF6612CAF6B

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Load_relaxed_4std::_
String ID: inf$nan$nan(ind)$nan(snan)
API String ID: 1853752696-3276396208
Opcode ID: 464d97ded6cad5ea3cc5b8df829cfb978308b82cca82f5cc6969c81aa40300fb
Instruction ID: 6dd307888ebb4cb72c168b0a8720f4c97bf4f45c59119fde2fbdbe6df89abf6f
Opcode Fuzzy Hash: 464d97ded6cad5ea3cc5b8df829cfb978308b82cca82f5cc6969c81aa40300fb
Instruction Fuzzy Hash: 32A1B63650DAC5C6E7B0CB15E9807AAB7B4F785B84F504126EA8D87B98DF7CD484CB00

Function 00007FF6612CAAC0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 156COMMON

Download Yara Rule

APIs

ReadNoFence64.LIBCMTD ref: 00007FF6612CAB0B

Strings

inf, xrefs: 00007FF6612CAC27
nan(snan), xrefs: 00007FF6612CACA0
nan, xrefs: 00007FF6612CAC89
nan(ind), xrefs: 00007FF6612CAC58

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Fence64Read
String ID: inf$nan$nan(ind)$nan(snan)
API String ID: 3999070443-3276396208
Opcode ID: d5b88743fa5b3b07afb4db1eeea1c002ad18bbf23253e37765dc3445f34048a6
Instruction ID: 3265fe9ee613d6859608b070ad13a812764cd6c124272d7cb4326d43ac333126
Opcode Fuzzy Hash: d5b88743fa5b3b07afb4db1eeea1c002ad18bbf23253e37765dc3445f34048a6
Instruction Fuzzy Hash: F881D92661DBC5C5DBA0CB15E4503AAB7B4F785B94F504125EACE87BA8EF3CD484CB01

Function 00007FF6612CA7D0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 144COMMON

Download Yara Rule

APIs

std::_Load_relaxed_4.LIBCONCRTD ref: 00007FF6612CA81B

Strings

nan, xrefs: 00007FF6612CA943
nan(ind), xrefs: 00007FF6612CA91F
inf, xrefs: 00007FF6612CA8F5
nan(snan), xrefs: 00007FF6612CA95A

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Load_relaxed_4std::_
String ID: inf$nan$nan(ind)$nan(snan)
API String ID: 1853752696-3276396208
Opcode ID: 72cc235c785df8f3571cec6a84209a645bb403642a45b9f3071a678ad278a7e8
Instruction ID: 32ec80460a2ac5761a53c60331cbb2a91e53c07dd934471f372f469c923ce6d5
Opcode Fuzzy Hash: 72cc235c785df8f3571cec6a84209a645bb403642a45b9f3071a678ad278a7e8
Instruction Fuzzy Hash: 4071C73661DBC5C9DBA08B15E5803AAB7B4F785B84F504026EACE87B68DF3CD484CB41

Function 00007FF6612CA4E0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 141COMMON

Download Yara Rule

APIs

ReadNoFence64.LIBCMTD ref: 00007FF6612CA528

Strings

nan(ind), xrefs: 00007FF6612CA675
nan(snan), xrefs: 00007FF6612CA6BD
nan, xrefs: 00007FF6612CA6A6
inf, xrefs: 00007FF6612CA644

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Fence64Read
String ID: inf$nan$nan(ind)$nan(snan)
API String ID: 3999070443-3276396208
Opcode ID: 70d59d2c9d76d07b0f33b11adfc2aa066c03e6bbcb9822e25dfa6d8139c5e202
Instruction ID: 93c9b408817a6208209300fe70931c89e100b237f4db034b33ebd7db724b579a
Opcode Fuzzy Hash: 70d59d2c9d76d07b0f33b11adfc2aa066c03e6bbcb9822e25dfa6d8139c5e202
Instruction Fuzzy Hash: EF71D92660DBC5C9DBA0CB16F45036AA7B4F7C5B94F504125EA9E8BBA9DF3CD4848B00

Function 00007FF6612CA250 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 129COMMON

Download Yara Rule

APIs

std::_Load_relaxed_4.LIBCONCRTD ref: 00007FF6612CA298

Strings

nan(snan), xrefs: 00007FF6612CA3D7
inf, xrefs: 00007FF6612CA372
nan, xrefs: 00007FF6612CA3C0
nan(ind), xrefs: 00007FF6612CA39C

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Load_relaxed_4std::_
String ID: inf$nan$nan(ind)$nan(snan)
API String ID: 1853752696-3276396208
Opcode ID: d5adf79395b74f9d5280ca903bbc3249ff26270c4855bacc272925e682a68ccf
Instruction ID: 0341488359eb60ed577e67ec4bc483e1db424555acefd599f485bc98165d821f
Opcode Fuzzy Hash: d5adf79395b74f9d5280ca903bbc3249ff26270c4855bacc272925e682a68ccf
Instruction Fuzzy Hash: DA61B73261CBC5C9DBA08B15F59036AB7A4F785B84F505026EACE8BB69DF7CD484CB40

Function 00007FF6612D75D0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 100COMMON

Download Yara Rule

APIs

allocator.LIBCONCRTD ref: 00007FF6612D760E
std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF6612D76FD

Strings

^, xrefs: 00007FF6612D7679
Invalid format string., xrefs: 00007FF6612D761E
invalid fill character '{', xrefs: 00007FF6612D76C3

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Fac_nodeFac_node::_allocatorstd::_
String ID: Invalid format string.$^$invalid fill character '{'
API String ID: 598859312-3800272876
Opcode ID: ad42ce789a6cde225e893fa38872b060042fd1935f330b2a9c7aacee0af1ed30
Instruction ID: 238bf4670cc1016a93c5f1a08f37d2df48faea8a4495a51e06041ec37c530b8e
Opcode Fuzzy Hash: ad42ce789a6cde225e893fa38872b060042fd1935f330b2a9c7aacee0af1ed30
Instruction Fuzzy Hash: 07410E2290DAC5C9D7748B25E58036AB7B4FBC9B8CF540535E6CD87BAADF6CD5808B00

Function 00007FF6612FDE14 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF6612FDE39
GetProcAddress.KERNEL32 ref: 00007FF6612FDE4F
FreeLibrary.KERNEL32 ref: 00007FF6612FDE76

Strings

CorExitProcess, xrefs: 00007FF6612FDE48
mscoree.dll, xrefs: 00007FF6612FDE30

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b098b623c8c7801e5285911e96efcdbd3b420d839b436883500a26a7c39cdebe
Instruction ID: f6ec4f4a3402612ee5fb9110c279aa9b9b668e176c73e144c24f534de8b1c3f9
Opcode Fuzzy Hash: b098b623c8c7801e5285911e96efcdbd3b420d839b436883500a26a7c39cdebe
Instruction Fuzzy Hash: 5CF04965A18B0AC5FB108B24A4563397330AF88F65F545639CA7E9E2F8CF3CD588D700

Function 00007FF6612F843C Relevance: 7.7, APIs: 5, Instructions: 196COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF6612F847B
_set_statfp.LIBCMT ref: 00007FF6612F8499
_set_statfp.LIBCMT ref: 00007FF6612F84C2
_set_statfp.LIBCMT ref: 00007FF6612F86FE

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 7ad41c2085167253e11841c847abdc28045ab084f43f852668cbe7a267bd0bec
Instruction ID: 051aed779f92ac3ccb6e0b3686a644d386e6c110f900f281dac863b2bda64530
Opcode Fuzzy Hash: 7ad41c2085167253e11841c847abdc28045ab084f43f852668cbe7a267bd0bec
Instruction Fuzzy Hash: 96812812D48A46CEF3628A36A64037AE678EF95F5CF044231E96EAE5D4DF3CE4C19600

Function 00007FF6612F9894 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF6612F98BC
_set_statfp.LIBCMT ref: 00007FF6612F98D7
_set_statfp.LIBCMT ref: 00007FF6612F98F3
_set_statfp.LIBCMT ref: 00007FF6612F992F

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: e65ba792651367d839098e214d5891407b2dde01c0b567b7a4e043ebbfca8b6f
Instruction ID: ee7cdaa351c9dab3cc307ba82d4d5651528155d7f78f1d93f05386419cfbc513
Opcode Fuzzy Hash: e65ba792651367d839098e214d5891407b2dde01c0b567b7a4e043ebbfca8b6f
Instruction Fuzzy Hash: 6A11C422EC8A03C9FF941925D64137511697FD4B7CF150630F67E8F2D6CE2C69D09500

Function 00007FF6612F5EF8 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF6612F1DF7,?,?,00000000,00007FF6612F2092,?,?,?,?,?,00007FF6612F201E), ref: 00007FF6612F5F17
FlsSetValue.KERNEL32(?,?,?,00007FF6612F1DF7,?,?,00000000,00007FF6612F2092,?,?,?,?,?,00007FF6612F201E), ref: 00007FF6612F5F36
FlsSetValue.KERNEL32(?,?,?,00007FF6612F1DF7,?,?,00000000,00007FF6612F2092,?,?,?,?,?,00007FF6612F201E), ref: 00007FF6612F5F5E
FlsSetValue.KERNEL32(?,?,?,00007FF6612F1DF7,?,?,00000000,00007FF6612F2092,?,?,?,?,?,00007FF6612F201E), ref: 00007FF6612F5F6F
FlsSetValue.KERNEL32(?,?,?,00007FF6612F1DF7,?,?,00000000,00007FF6612F2092,?,?,?,?,?,00007FF6612F201E), ref: 00007FF6612F5F80

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 599f45f996d19451c8b2a229de22a9c688dca7130503bd761d5e478bd2defdca
Instruction ID: 35bf1d3004f51a27f915a1e23080bb05cd8280ff3e2b5d6bc8314c9fbc9c1d52
Opcode Fuzzy Hash: 599f45f996d19451c8b2a229de22a9c688dca7130503bd761d5e478bd2defdca
Instruction Fuzzy Hash: F611CD60E48202CAFB1857259B5117A51A94FC5FB8F088378E83ECE3D1DE2CA4818300

Function 00007FF6612F5D8C Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FF6612F5D9D
FlsSetValue.KERNEL32 ref: 00007FF6612F5DBC
FlsSetValue.KERNEL32 ref: 00007FF6612F5DE4
FlsSetValue.KERNEL32 ref: 00007FF6612F5DF5
FlsSetValue.KERNEL32 ref: 00007FF6612F5E06

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: b77b770852fc01411a0c66b1882f58713974e64d821ee1e4b1b057d686c5eaee
Instruction ID: 3f01595850ae4584f2b073bfbcb3bce04b07286b8afef2053daf384e93af0c1a
Opcode Fuzzy Hash: b77b770852fc01411a0c66b1882f58713974e64d821ee1e4b1b057d686c5eaee
Instruction Fuzzy Hash: 2B112160E89203C9FB5C66755A551B911A94FC5F38F588B38D83ECE2D2DD2CB4D14300

Function 00007FF6612BAFD0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 407COMMON

Download Yara Rule

APIs

_Mpunct.LIBCPMTD ref: 00007FF6612BB29F
_Mpunct.LIBCPMTD ref: 00007FF6612BB2BC
std::ios_base::width.LIBCPMTD ref: 00007FF6612BB79A

Strings

@, xrefs: 00007FF6612BB448

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Mpunct$std::ios_base::width
String ID: @
API String ID: 1355946870-2766056989
Opcode ID: 23e837240074d2248eaa6e84e28edfd629583ca9120122449e8306abbf3755b7
Instruction ID: d209601730cefb9780f9e74ccde3ab53f12b05267a3c7b3312fb97f010eaf82d
Opcode Fuzzy Hash: 23e837240074d2248eaa6e84e28edfd629583ca9120122449e8306abbf3755b7
Instruction Fuzzy Hash: A912273260DAC985DBB09B15E4943EBA7A5F7C8B88F444036DACD87B69DE7CC585CB00

Function 00007FF6612CE280 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 231COMMON

Download Yara Rule

APIs

std::_Load_relaxed_4.LIBCONCRTD ref: 00007FF6612CE2D1

Strings

+, xrefs: 00007FF6612CE34D
d, xrefs: 00007FF6612CE36B
0123456789abcdefghijklmnopqrstuvwxyz, xrefs: 00007FF6612CE576

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Load_relaxed_4std::_
String ID: +$0123456789abcdefghijklmnopqrstuvwxyz$d
API String ID: 1853752696-121654361
Opcode ID: 114d9d9c213bd84ef5e71c4c351011e52d5e67b59f85d736c31e102dd82b51f1
Instruction ID: 4bcfd69568e5b7e3680868e6abea118a4ef15bc702c1407135b3dafdcba043ef
Opcode Fuzzy Hash: 114d9d9c213bd84ef5e71c4c351011e52d5e67b59f85d736c31e102dd82b51f1
Instruction Fuzzy Hash: D3C1B07261D6C5CAD7A0CB59E48476EBBA0F388744F10412AE79E87B99DB7CD484CF10

Function 00007FF6612CD260 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 186COMMON

Download Yara Rule

APIs

std::_Load_relaxed_4.LIBCONCRTD ref: 00007FF6612CD286

Strings

0123456789abcdefghijklmnopqrstuvwxyz, xrefs: 00007FF6612CD47C
1, xrefs: 00007FF6612CD36C
0p+0, xrefs: 00007FF6612CD29A

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Load_relaxed_4std::_
String ID: 0123456789abcdefghijklmnopqrstuvwxyz$0p+0$1
API String ID: 1853752696-64391948
Opcode ID: 87ffbadd58718491a0f75fa8edb27ea73874d19d2365bb681a35b88d33976b5c
Instruction ID: 52dc72a740c1af5d9a8550cc37e8c0b4a62610bcf400d1ba9c46a98a78800762
Opcode Fuzzy Hash: 87ffbadd58718491a0f75fa8edb27ea73874d19d2365bb681a35b88d33976b5c
Instruction Fuzzy Hash: D9A18276618BC8C9D7A0CB19F5803AAB7A4E785B84F509026EBCD87B58CF7CD484CB01

Function 00007FF6612B5820 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 00007FF6612B58D8

Part of subcall function 00007FF6613077D4: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF66130651B), ref: 00007FF661307824
Part of subcall function 00007FF6613077D4: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF66130651B), ref: 00007FF661307865

Strings

ios_base::badbit set, xrefs: 00007FF6612B589B
ios_base::eofbit set, xrefs: 00007FF6612B58C2
ios_base::failbit set, xrefs: 00007FF6612B58B4

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: ExceptionFileHeaderRaisestd::make_error_code
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 504923140-1866435925
Opcode ID: 37625c85163a6a2edd9043ea699a6532f1f35351b076ec396d6e3d08002ad281
Instruction ID: 469d4909412246cc413b3996a1be400f6704becd981e1ff7643e0b631f93cb2f
Opcode Fuzzy Hash: 37625c85163a6a2edd9043ea699a6532f1f35351b076ec396d6e3d08002ad281
Instruction Fuzzy Hash: FA210C72A1D781C6E760CB14E84126AB7B4FB88B48F544035E6CDCBBA9DF2CD594CB44

Function 00007FF6612FE294 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF6612FE313
WriteFile.KERNEL32 ref: 00007FF6612FE5DB
WriteFile.KERNEL32 ref: 00007FF6612FE621
GetLastError.KERNEL32 ref: 00007FF6612FE6D7

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 8006df4a7e49d247def26c2c7127d35bc6642300e1a35ffac0c40609046d0867
Instruction ID: f4c7a2ccc38be7ad3a60123ff9c337efb74d84b18af13bf55ff0fae6e19ed9a6
Opcode Fuzzy Hash: 8006df4a7e49d247def26c2c7127d35bc6642300e1a35ffac0c40609046d0867
Instruction Fuzzy Hash: 9BD1C032B18A85CEE712CB66D5402AC37B5FB84B98F454235CE6E9BB99DE38D446C700

Function 000001FE7243C578 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 000001FE7243C5F7
WriteFile.KERNEL32 ref: 000001FE7243C8BF
WriteFile.KERNEL32 ref: 000001FE7243C905
GetLastError.KERNEL32 ref: 000001FE7243C9BB

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 51ca5d62aa19301a18794717acfbf1a46562df65ce568f5fb7798e040ec77a5b
Instruction ID: 5453aa1d76052d20e7c2c3a808f4d65cb5e4215b387eaa05c81d118357a2b411
Opcode Fuzzy Hash: 51ca5d62aa19301a18794717acfbf1a46562df65ce568f5fb7798e040ec77a5b
Instruction Fuzzy Hash: 3AD1F472B14A8189E721DF76D4403EC37F1F754B98F458226DE5DA7BAAEA34C406CB80

Function 00007FF6612FEBBC Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6612FEBA7), ref: 00007FF6612FECD8
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6612FEBA7), ref: 00007FF6612FED63

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 105dd8715a37432a8ca5a6fa959f0c984e635dbff9f10a33cd2e20e3aea9f4a0
Instruction ID: 253bd2ee4869317aa452dcf39d7d6164638d89e5e8f2f3751f7963e490e3c238
Opcode Fuzzy Hash: 105dd8715a37432a8ca5a6fa959f0c984e635dbff9f10a33cd2e20e3aea9f4a0
Instruction Fuzzy Hash: 2891D462E48651CDF7519F2A95402BD2BB8AB84F8CF154139DE2EABA94DF3CD4C2C700

Function 00007FF6612B7520 Relevance: 6.2, APIs: 4, Instructions: 185COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 00007FF6612B766A
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6612B77D6

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Concurrency::details::Decorator::getEmptyQueue::StructuredTableTypeWork
String ID:
API String ID: 4081100948-0
Opcode ID: 433dcc4501cc22be7c96191e04221bbceba203970fa6bf234e56f01351b521ae
Instruction ID: 7a8e55057a5ddbcafc546833406835cb22e7ca98c71e0ca27940b422c0ea42ac
Opcode Fuzzy Hash: 433dcc4501cc22be7c96191e04221bbceba203970fa6bf234e56f01351b521ae
Instruction Fuzzy Hash: CA91E832619AC5C5EB719B15E9903EEA3B4F7C8B88F800032DACD87B99DE2CD541DB40

Function 000001FE7242A260 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 000001FE7242A280
FreeEnvironmentStringsW.KERNEL32 ref: 000001FE7242A37B
RtlInitUnicodeString.NTDLL ref: 000001FE7242A3EE
RtlInitUnicodeString.NTDLL ref: 000001FE7242A3FB

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: EnvironmentInitStringStringsUnicode$Free
String ID:
API String ID: 2488768755-0
Opcode ID: 8b2d933cefea34d056b23e68afa2b8ca65fd27bc275f09a0afe4e350c556ea32
Instruction ID: a55f6f1efb4ccdfe7cbafce5ffdcafc3610a7d2fefac7a0612512bc507bfa825
Opcode Fuzzy Hash: 8b2d933cefea34d056b23e68afa2b8ca65fd27bc275f09a0afe4e350c556ea32
Instruction Fuzzy Hash: 8B51AD32A04B8182EB109F16E5403AD77A0F798BA4F549721DF9907BA5EF78D1E1CB44

Function 00007FF661306530 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF66130655C
GetCurrentThreadId.KERNEL32 ref: 00007FF66130656A
GetCurrentProcessId.KERNEL32 ref: 00007FF661306576
QueryPerformanceCounter.KERNEL32 ref: 00007FF661306586

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: a6819c37be0477cab6629fe85bd40332cbc882bfc7744020e340a307dd6c19ab
Instruction ID: b3746ecc8608c60516ec59fef663f06b0747d508a2e56f8fb7041facc2ae13c7
Opcode Fuzzy Hash: a6819c37be0477cab6629fe85bd40332cbc882bfc7744020e340a307dd6c19ab
Instruction Fuzzy Hash: 8E112E26B14F05C9EB00CF60E8552B933B4FB59B58F440E31DA6E8ABA8DF78D198C340

Function 00007FF6612B8830 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 356COMMON

Download Yara Rule

APIs

_Mpunct.LIBCPMTD ref: 00007FF6612B8A67
std::ios_base::width.LIBCPMTD ref: 00007FF6612B8EE6

Strings

@, xrefs: 00007FF6612B8B94

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Mpunctstd::ios_base::width
String ID: @
API String ID: 1954291571-2766056989
Opcode ID: 03687c50ff717027d4cbf97da90ce4cd140f58e9f754c6eefb8b4b0b970cbde7
Instruction ID: e88f9b5e76a654c697d296fffb35336c25eb0ef11b5b7bbadc88c1d008509d6a
Opcode Fuzzy Hash: 03687c50ff717027d4cbf97da90ce4cd140f58e9f754c6eefb8b4b0b970cbde7
Instruction Fuzzy Hash: EE02173660DAC985DB709B15E8943AFA365F7C8B88F444032DACD87B69DE7CC585DB00

Function 00007FF6612CE860 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 274COMMON

Download Yara Rule

APIs

ReadNoFence64.LIBCMTD ref: 00007FF6612CE898

Strings

e, xrefs: 00007FF6612CEC46
B, xrefs: 00007FF6612CEAC3

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Fence64Read
String ID: B$e
API String ID: 3999070443-1081078989
Opcode ID: c5527d5727164a535ea70a8198cdfd9bb409c33ca9616b643965ae659df559ff
Instruction ID: 97bc67c40a6b8ac8b786f067284ca71054586d6ae8084f7eb8dcccb891502462
Opcode Fuzzy Hash: c5527d5727164a535ea70a8198cdfd9bb409c33ca9616b643965ae659df559ff
Instruction Fuzzy Hash: EBE1D27261DAC5C9DBA0CB15E4913AAB7B4F788B88F504126EBCD87B58DF7CD4848B04

Function 00007FF6612DB990 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 265COMMON

Download Yara Rule

APIs

_Ptr_base.LIBCMTD ref: 00007FF6612DBBD3

Part of subcall function 00007FF6612BB830: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6612BB84F
Part of subcall function 00007FF6612BB830: std::locale::_Getfacet.LIBCPMTD ref: 00007FF6612BB87C

Part of subcall function 00007FF6612C86A0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF6612C86DD

Part of subcall function 00007FF6612C5C90: List.LIBCMTD ref: 00007FF6612C5CB2

Strings

x, xrefs: 00007FF6612DBAA9
integral cannot be stored in char, xrefs: 00007FF6612DB9E8

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: std::_$Fac_nodeFac_node::_GetfacetListLockitLockit::_Ptr_basestd::locale::_
String ID: integral cannot be stored in char$x
API String ID: 221360887-211560653
Opcode ID: 37da2e45b0d7b3146df98e9d44cab3b08f691e1043df3819007dde9a53eafa5e
Instruction ID: 0a63c70ff98cc8e375c064bc1b9d5b421841dbd66b09c7cc2b0ad3c30a68ee31
Opcode Fuzzy Hash: 37da2e45b0d7b3146df98e9d44cab3b08f691e1043df3819007dde9a53eafa5e
Instruction Fuzzy Hash: 2EE1093660CBC589D7B18B15E4943EBB7A4FB86B44F448126DACD87BA9DF2CD584CB00

Function 00007FF6612DD500 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 264COMMON

Download Yara Rule

APIs

_Ptr_base.LIBCMTD ref: 00007FF6612DD748

Part of subcall function 00007FF6612BB830: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6612BB84F
Part of subcall function 00007FF6612BB830: std::locale::_Getfacet.LIBCPMTD ref: 00007FF6612BB87C

Part of subcall function 00007FF6612C86A0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF6612C86DD

Part of subcall function 00007FF6612C5C90: List.LIBCMTD ref: 00007FF6612C5CB2

Strings

x, xrefs: 00007FF6612DD619
integral cannot be stored in char, xrefs: 00007FF6612DD558

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: std::_$Fac_nodeFac_node::_GetfacetListLockitLockit::_Ptr_basestd::locale::_
String ID: integral cannot be stored in char$x
API String ID: 221360887-211560653
Opcode ID: 4b244738b26a5789b77ad3fd3cb99100bb612cdf3abe259f1d14dde2a12ef4b0
Instruction ID: e484319d675142b85fc856fa12faff443267808671397900096c3e194598ba28
Opcode Fuzzy Hash: 4b244738b26a5789b77ad3fd3cb99100bb612cdf3abe259f1d14dde2a12ef4b0
Instruction Fuzzy Hash: 6AE1F73260CAC599D7708B25E4943EAB7B4FB89B44F844126DACD87BA9DF2CD584CF40

Function 00007FF6612DC340 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 264COMMON

Download Yara Rule

APIs

_Ptr_base.LIBCMTD ref: 00007FF6612DC57E

Part of subcall function 00007FF6612BB830: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6612BB84F
Part of subcall function 00007FF6612BB830: std::locale::_Getfacet.LIBCPMTD ref: 00007FF6612BB87C

Part of subcall function 00007FF6612C86A0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF6612C86DD

Part of subcall function 00007FF6612C5C90: List.LIBCMTD ref: 00007FF6612C5CB2

Strings

integral cannot be stored in char, xrefs: 00007FF6612DC397
x, xrefs: 00007FF6612DC458

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: std::_$Fac_nodeFac_node::_GetfacetListLockitLockit::_Ptr_basestd::locale::_
String ID: integral cannot be stored in char$x
API String ID: 221360887-211560653
Opcode ID: 1077f688a18f0bb061bb1737b16c4c955e09df886ced37da15a21ec57a8cb352
Instruction ID: 1dabf31a1d631ebf8e1aa3bdceb89173a2bbb9a1fe8016032dc2a4213a5579af
Opcode Fuzzy Hash: 1077f688a18f0bb061bb1737b16c4c955e09df886ced37da15a21ec57a8cb352
Instruction Fuzzy Hash: 8DE1E63260CBC589E7B19B15E4843EBB7A4FB85B48F444126DACD87BA9DF2CD584CB00

Function 00007FF6612DCC20 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 264COMMON

Download Yara Rule

APIs

_Ptr_base.LIBCMTD ref: 00007FF6612DCE5E

Part of subcall function 00007FF6612BB830: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6612BB84F
Part of subcall function 00007FF6612BB830: std::locale::_Getfacet.LIBCPMTD ref: 00007FF6612BB87C

Part of subcall function 00007FF6612C86A0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF6612C86DD

Part of subcall function 00007FF6612C5C90: List.LIBCMTD ref: 00007FF6612C5CB2

Strings

integral cannot be stored in char, xrefs: 00007FF6612DCC77
x, xrefs: 00007FF6612DCD38

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: std::_$Fac_nodeFac_node::_GetfacetListLockitLockit::_Ptr_basestd::locale::_
String ID: integral cannot be stored in char$x
API String ID: 221360887-211560653
Opcode ID: f68e61a9b24bcdbe501b4cb4a8be31105e4a74e301578b4c8d38f57891bf8768
Instruction ID: 2f419b2fcbc37bd5126f82c614b0e466b26d1fa264d402e33bc5f5c4d43a0053
Opcode Fuzzy Hash: f68e61a9b24bcdbe501b4cb4a8be31105e4a74e301578b4c8d38f57891bf8768
Instruction Fuzzy Hash: 8CE1E73260CAC589DBB09B15E4843EBB7A4FB85B48F444126DACD87BA9DF3CD584CB40

Function 00007FF6612DDDF0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 264COMMON

Download Yara Rule

APIs

_Ptr_base.LIBCMTD ref: 00007FF6612DE038

Part of subcall function 00007FF6612BB830: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6612BB84F
Part of subcall function 00007FF6612BB830: std::locale::_Getfacet.LIBCPMTD ref: 00007FF6612BB87C

Part of subcall function 00007FF6612C86A0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF6612C86DD

Part of subcall function 00007FF6612C5C90: List.LIBCMTD ref: 00007FF6612C5CB2

Strings

x, xrefs: 00007FF6612DDF09
integral cannot be stored in char, xrefs: 00007FF6612DDE48

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: std::_$Fac_nodeFac_node::_GetfacetListLockitLockit::_Ptr_basestd::locale::_
String ID: integral cannot be stored in char$x
API String ID: 221360887-211560653
Opcode ID: 1596abfdd457b49d8574ff87fe7b334aa10946dc342344dab65ebbd4e4ec0ae5
Instruction ID: 658c25d8343878ade1d8d4acad904183fcaebd0c1114b23936131002ca8ac04c
Opcode Fuzzy Hash: 1596abfdd457b49d8574ff87fe7b334aa10946dc342344dab65ebbd4e4ec0ae5
Instruction Fuzzy Hash: A2E1F83260CAC5D9D7718B25E4943EAB7B4FB89B44F444126DACD87BA9DF2CD584CB00

Function 00007FF6612F3E7C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6612F4020

Strings

., xrefs: 00007FF6612F3EB7
_.,, xrefs: 00007FF6612F3EF1

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: .$_.,
API String ID: 3215553584-3384562259
Opcode ID: 5005c32137a548dfb07fd7f872a37727fbf1990c54d12e514ca1fba1ab344483
Instruction ID: 273a56c7d8e6b913982a07626361f743e205f06f668b080c265dbb8529bca0e6
Opcode Fuzzy Hash: 5005c32137a548dfb07fd7f872a37727fbf1990c54d12e514ca1fba1ab344483
Instruction Fuzzy Hash: F841D421E88242CAEB74CA2586405B962B8BFC1F6CF544635DA6D8F6C1DF7CE9D5C302

Function 000001FE723EA600 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000001FE723EA66F
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 000001FE723EA6B7

Strings

bad locale name, xrefs: 000001FE723EA796

Memory Dump Source

Source File: 00000000.00000002.2326086279.000001FE723A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FE723A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fe723a0000_siveria.jbxd

Yara matches

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3988782225-1405518554
Opcode ID: a77924d69d56fdf125a58946b98c521fdd4a620c659600e6553a04f02ccca08a
Instruction ID: 00ed788c6626d3ff436f7e363213febdf815e2cfaac5696aa68f9db901256ecc
Opcode Fuzzy Hash: a77924d69d56fdf125a58946b98c521fdd4a620c659600e6553a04f02ccca08a
Instruction Fuzzy Hash: BB515B32702A4299EB50EFB1E4A13FC33F4FB54B48F044235EA8967AA5EE34C425D784

Function 00007FF6612D91FF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

isnan.LIBCPMTD ref: 00007FF6612D930F

Strings

nan, xrefs: 00007FF6612D934A
p, xrefs: 00007FF6612D9212

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: isnan
String ID: nan$p
API String ID: 3207536064-2149505255
Opcode ID: 212ba282b589994af6719a8786fa105b4abc7be932bc5a6e8be15af795549e72
Instruction ID: 08654535b8e39e656a60c3edc85532ddbae892dc5272821cb97a1df41dd8c697
Opcode Fuzzy Hash: 212ba282b589994af6719a8786fa105b4abc7be932bc5a6e8be15af795549e72
Instruction Fuzzy Hash: 5B51B232A0DBC588DBB18B15E5503EFB6A8FB85B44F404126DACD8AB99DF3CD190CB40

Function 00007FF6612D9CFF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

isnan.LIBCPMTD ref: 00007FF6612D9E0F

Strings

p, xrefs: 00007FF6612D9D12
nan, xrefs: 00007FF6612D9E4A

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: isnan
String ID: nan$p
API String ID: 3207536064-2149505255
Opcode ID: 9481a30ab3fd2cd97439ded438629b95f0626152fff0811fa843788489d09e16
Instruction ID: c1f990d3b8403daf06b9e2825a16d2b23d901ae69dbe75f8f2d634277e084e90
Opcode Fuzzy Hash: 9481a30ab3fd2cd97439ded438629b95f0626152fff0811fa843788489d09e16
Instruction Fuzzy Hash: 5E51A532A0DBC588D7B18B25E5503EFB6A8FB85B84F544026CACD8AB59DF7CD180CB10

Function 00007FF6612D80FF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

isnan.LIBCPMTD ref: 00007FF6612D820F

Strings

nan, xrefs: 00007FF6612D824A
p, xrefs: 00007FF6612D8112

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: isnan
String ID: nan$p
API String ID: 3207536064-2149505255
Opcode ID: 9322a994478f8a1e71212c7b64208aeab5a97f826a7379df3ff919e47543f4b3
Instruction ID: fc996445e018e45194f1bf975bb18c26f07576c0efd189e5d2c4c1bca3b5b3ea
Opcode Fuzzy Hash: 9322a994478f8a1e71212c7b64208aeab5a97f826a7379df3ff919e47543f4b3
Instruction Fuzzy Hash: B6519232A0DBC588E7B18A15E5403EAB6A8FB89B44F545125CACC8AB99DF7CD184DB10

Function 00007FF6612FE92C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF6612FEA43
GetLastError.KERNEL32 ref: 00007FF6612FEA65

Strings

U, xrefs: 00007FF6612FE9EF

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 803ea60b07f2bfd039fe1532e5b1b15e9d3e37eaacb6a5ccb339d6080fddc9c5
Instruction ID: f64a7eb366cbee05562f553d493a7720bf3faa861b22371c96300817349766bc
Opcode Fuzzy Hash: 803ea60b07f2bfd039fe1532e5b1b15e9d3e37eaacb6a5ccb339d6080fddc9c5
Instruction Fuzzy Hash: 2341B362A18A41C5DB608F25E8443AA77B4FB98B84F454031EE4ECB798EF3CD441C740

Function 00007FF6612D78B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF6612D7972

Strings

Missing precision specifier., xrefs: 00007FF6612D79C3
Invalid format string., xrefs: 00007FF6612D79A7

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Concurrency::details::_SchedulerScheduler::_
String ID: Invalid format string.$Missing precision specifier.
API String ID: 2780765137-617221873
Opcode ID: 4ca59656c3cc1c0764987cb03f835006a52b7bc3725c2088db24ddf1b17c7d77
Instruction ID: 4fee3c5081ea7cf3c502df4a22acaec6552b5d7dc8e7bc36e56d2b9478c8b94d
Opcode Fuzzy Hash: 4ca59656c3cc1c0764987cb03f835006a52b7bc3725c2088db24ddf1b17c7d77
Instruction Fuzzy Hash: F331382291DAC5C5DB508B55E49016EF7B8FB85BA8F400536E6CDCBBA9CFACD5808B40

Function 00007FF6612D7761 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON

Download Yara Rule

APIs

std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF6612D76FD

Strings

^, xrefs: 00007FF6612D7679
invalid fill character '{', xrefs: 00007FF6612D76C3

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Fac_nodeFac_node::_std::_
String ID: ^$invalid fill character '{'
API String ID: 1114552684-1467272599
Opcode ID: 719a7894ea2433418be1f6a2a8793a54ba95e5472bef42d9267058544f7ac8f4
Instruction ID: 0ea9bf10d8c7a6ffba30e5b666dc551d7a864d14cdd8af92460f4f7a791a7d66
Opcode Fuzzy Hash: 719a7894ea2433418be1f6a2a8793a54ba95e5472bef42d9267058544f7ac8f4
Instruction Fuzzy Hash: E9213216A0DBC5C8E7748A15E58037EB778EBC5F8CF440435EACD86BAADE6CD5808B00

Function 00007FF6612E0060 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON

Download Yara Rule

APIs

_Ptr_base.LIBCMTD ref: 00007FF6612E0162

Strings

x, xrefs: 00007FF6612E009B

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Ptr_base
String ID: x
API String ID: 897191226-2363233923
Opcode ID: a98be8c2056132d05dbec4f152304ae5764991d5042131e464acb9f7d0bc06b8
Instruction ID: 8b5ae07ec52a5e87eb9dcaeb69389e5a6d9f67a5809ab0ac7caba11bf8a6661b
Opcode Fuzzy Hash: a98be8c2056132d05dbec4f152304ae5764991d5042131e464acb9f7d0bc06b8
Instruction Fuzzy Hash: 5B312451B0C6C2C1E764D725E94513AAB74FB82F88F104035E78DCFAAACF1DDA858B44

Function 00007FF6612E03B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

_Ptr_base.LIBCMTD ref: 00007FF6612E04B0

Strings

x, xrefs: 00007FF6612E03EB

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Ptr_base
String ID: x
API String ID: 897191226-2363233923
Opcode ID: 9bfe9e957daf48727a13c624664f7626c2dd4fb6e28bca9134fae2d2c54b9db9
Instruction ID: 964ca29fa74832c94e868938e4304928ee56e66a25ae4ad890da84f05b0af09d
Opcode Fuzzy Hash: 9bfe9e957daf48727a13c624664f7626c2dd4fb6e28bca9134fae2d2c54b9db9
Instruction Fuzzy Hash: A4317555A0C6C2C1E760C725E25513EA7B4FB81B88F504035E78DCFAAACF2DDA86CB44

Function 00007FF6612E0920 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

_Ptr_base.LIBCMTD ref: 00007FF6612E0A21

Strings

x, xrefs: 00007FF6612E095B

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: Ptr_base
String ID: x
API String ID: 897191226-2363233923
Opcode ID: 7016c2d3df3c20257f2f836e6a0a8dc63c202ef464d6a10d065f226a5f5ba269
Instruction ID: 4ae4042bd5c9c7958097c38183a5f902bda42528a551f3052b38ff1c9c17c45f
Opcode Fuzzy Hash: 7016c2d3df3c20257f2f836e6a0a8dc63c202ef464d6a10d065f226a5f5ba269
Instruction Fuzzy Hash: 4D319751A1CAC2C2F760D725E18123AA774FB85F88F104135EB8DCBAA9CF2DD9818B44

Function 00007FF6613077D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF66130651B), ref: 00007FF661307824
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF66130651B), ref: 00007FF661307865

Strings

csm, xrefs: 00007FF661307852

Memory Dump Source

Source File: 00000000.00000002.2326596314.00007FF6612B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6612B0000, based on PE: true

Associated: 00000000.00000002.2326577281.00007FF6612B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF66131B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326638322.00007FF6615CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326963985.00007FF6615D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2326988344.00007FF6615DC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6612b0000_siveria.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: c503307943bf2825cf6e1cf168de274f8e029fc4329f5c4f3fb9745047db57ca
Instruction ID: 4282f69cbc0a51a7929cf49c5c288888f1c0230bf0169ccc3b854197b1dd8bf9
Opcode Fuzzy Hash: c503307943bf2825cf6e1cf168de274f8e029fc4329f5c4f3fb9745047db57ca
Instruction Fuzzy Hash: 6C110732618B8182EB218B19E44026A7BF4FB88F94F588635DECD5B768DF3CD551CB40

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report siveria.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Meduza Stealer

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

DNS Queries

Windows Analysis Report
siveria.exe

Function 000001FE72425B70 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 225
windowCOMMON

Function 000001FE7245B5B0 Relevance: 27.2, APIs: 18, Instructions: 229
fileCOMMON

Function 000001FE723DD570 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 862
libraryloaderCOMMON

Function 000001FE72405970 Relevance: 17.8, Strings: 14, Instructions: 304
COMMON

Function 000001FE7241C600 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 173
synchronizationCOMMON

Function 000001FE723D2CA0 Relevance: 14.8, APIs: 3, Strings: 5, Instructions: 789
registryCOMMON

Function 000001FE72442E3C Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335
timeCOMMONLIBRARYCODE

Function 000001FE72425240 Relevance: 13.9, APIs: 9, Instructions: 408
networkfileCOMMON

Function 000001FE72460658 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Function 000001FE72406350 Relevance: 13.4, APIs: 1, Strings: 6, Instructions: 1136
COMMON

Function 000001FE723D20B0 Relevance: 12.9, APIs: 3, Strings: 4, Instructions: 684
registryCOMMON

Function 000001FE7241F020 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 451
fileCOMMON

Function 000001FE7241EBF0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 194
windowCOMMON

Function 000001FE7241FCA0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 226
networkCOMMON

Function 000001FE7244092C Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre