Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
unique.exe

Overview

General Information

Sample name:unique.exe
Analysis ID:1565322
MD5:814a59368670f8d35ad8eb71ab874666
SHA1:ca386125774e35b84c16bacfbe52919a354434ac
SHA256:98d8aa77d46e09b79c04b5f4556b1d389c6f62549a5ac0f961a6d8f2961fa55d
Tags:exeuser-aachum
Infos:

Detection

CredGrabber, Meduza Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected CredGrabber
Yara detected Meduza Stealer
AI detected suspicious sample
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Suricata IDS alerts with low severity for network traffic
Terminates after testing mutex exists (may check infected machine status)
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • unique.exe (PID: 7344 cmdline: "C:\Users\user\Desktop\unique.exe" MD5: 814A59368670F8D35AD8EB71AB874666)
  • cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "45.130.145.152", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite", "build_name": "Work", "links": "", "port": 15666}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1491224091.000001EF1F070000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
    00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
      Process Memory Space: unique.exe PID: 7344JoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
        Process Memory Space: unique.exe PID: 7344JoeSecurity_CredGrabberYara detected CredGrabberJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.unique.exe.1ef1f1a0000.0.raw.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
            0.2.unique.exe.1ef1f1a0000.0.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-11-29T16:07:06.069806+010020494411A Network Trojan was detected192.168.2.74969945.130.145.15215666TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-11-29T16:07:06.069806+010020508061A Network Trojan was detected192.168.2.74969945.130.145.15215666TCP
              2024-11-29T16:07:06.190295+010020508061A Network Trojan was detected192.168.2.74969945.130.145.15215666TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-11-29T16:07:06.069806+010020508071A Network Trojan was detected192.168.2.74969945.130.145.15215666TCP
              2024-11-29T16:07:06.190295+010020508071A Network Trojan was detected192.168.2.74969945.130.145.15215666TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Found malware configuration
              Source: 0.2.unique.exe.1ef1f1a0000.0.raw.unpackMalware Configuration Extractor: Meduza Stealer {"C2 url": "45.130.145.152", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite", "build_name": "Work", "links": "", "port": 15666}
              Multi AV Scanner detection for submitted file
              Source: unique.exeReversingLabs: Detection: 55%
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F211EA0 CryptUnprotectData,LocalFree,0_2_000001EF1F211EA0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2121C0 CryptProtectData,LocalFree,0_2_000001EF1F2121C0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1D5EE0 CryptUnprotectData,LocalFree,0_2_000001EF1F1D5EE0
              Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.7:49700 version: TLS 1.2
              Source: unique.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F259810 FindClose,FindFirstFileExW,GetLastError,0_2_000001EF1F259810
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2598C0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_000001EF1F2598C0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2213B0 GetLogicalDriveStringsW,0_2_000001EF1F2213B0
              Source: C:\Users\user\Desktop\unique.exeFile opened: D:\sources\migration\Jump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: D:\sources\migration\wtr\Jump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.7:49699 -> 45.130.145.152:15666
              Source: Network trafficSuricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.7:49699 -> 45.130.145.152:15666
              Source: global trafficTCP traffic: 192.168.2.7:49699 -> 45.130.145.152:15666
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
              Source: Joe Sandbox ViewIP Address: 45.130.145.152 45.130.145.152
              Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
              Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
              Source: Joe Sandbox ViewASN Name: ASBAXETNRU ASBAXETNRU
              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
              Source: unknownDNS query: name: api.ipify.org
              Source: unknownDNS query: name: api.ipify.org
              Source: Network trafficSuricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.7:49699 -> 45.130.145.152:15666
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F21F200 InternetOpenA,InternetOpenUrlA,HttpQueryInfoW,HttpQueryInfoW,InternetQueryDataAvailable,InternetReadFile,InternetQueryDataAvailable,InternetCloseHandle,Concurrency::cancel_current_task,0_2_000001EF1F21F200
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
              Source: global trafficDNS traffic detected: DNS query: api.ipify.org
              Source: unique.exe, 00000000.00000003.1490195161.000001EF1F6E4000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1490145991.000001EF1F6E0000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1490111404.000001EF1F6E0000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1276151481.000001EF1F6D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.microsoft.t/Regi
              Source: unique.exe, 00000000.00000002.1491224091.000001EF1F070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
              Source: unique.exe, 00000000.00000002.1491224091.000001EF1F070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
              Source: unique.exe, 00000000.00000003.1290197593.000001EF1D7A2000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289100148.000001EF1FE6A000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D77E000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D74D000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289612684.000001EF1FE6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
              Source: unique.exe, 00000000.00000003.1290197593.000001EF1D7A2000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289100148.000001EF1FE6A000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D77E000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D74D000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289612684.000001EF1FE6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
              Source: unique.exe, 00000000.00000003.1290197593.000001EF1D7A2000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289100148.000001EF1FE6A000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D77E000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D74D000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289612684.000001EF1FE6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
              Source: unique.exe, 00000000.00000003.1290197593.000001EF1D7A2000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289100148.000001EF1FE6A000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D77E000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D74D000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289612684.000001EF1FE6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
              Source: unique.exe, 00000000.00000003.1278377282.000001EF1F10F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: unique.exe, 00000000.00000003.1278377282.000001EF1F10F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: unique.exe, 00000000.00000003.1278377282.000001EF1F10F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: unique.exe, 00000000.00000003.1289612684.000001EF1FE6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
              Source: unique.exe, 00000000.00000003.1282860551.000001EF1F400000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1285313977.000001EF207BE000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282073578.000001EF1FEEE000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282430928.000001EF1F4C8000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1283805465.000001EF1F11F000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1283976216.000001EF1D7D6000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1283805465.000001EF1F127000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282073578.000001EF1FEE6000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282860551.000001EF1F408000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282430928.000001EF1F4C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
              Source: unique.exe, 00000000.00000003.1285313977.000001EF207C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: unique.exe, 00000000.00000003.1285313977.000001EF207C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
              Source: unique.exe, 00000000.00000003.1290197593.000001EF1D7A2000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289100148.000001EF1FE6A000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D77E000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D74D000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289612684.000001EF1FE6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
              Source: unique.exe, 00000000.00000003.1290197593.000001EF1D7A2000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289100148.000001EF1FE6A000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D77E000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D74D000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289612684.000001EF1FE6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
              Source: unique.exe, 00000000.00000003.1282860551.000001EF1F400000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1285313977.000001EF207BE000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282073578.000001EF1FEEE000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282430928.000001EF1F4C8000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1283805465.000001EF1F11F000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1283976216.000001EF1D7D6000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1283805465.000001EF1F127000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282073578.000001EF1FEE6000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282860551.000001EF1F408000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282430928.000001EF1F4C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
              Source: unique.exe, 00000000.00000003.1285313977.000001EF207C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
              Source: unique.exe, 00000000.00000003.1285313977.000001EF207C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
              Source: unique.exe, 00000000.00000003.1283805465.000001EF1F12F000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282430928.000001EF1F4D0000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282073578.000001EF1FEF6000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282860551.000001EF1F410000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1285313977.000001EF207C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
              Source: unique.exe, 00000000.00000003.1285313977.000001EF207C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: unique.exe, 00000000.00000003.1283805465.000001EF1F12F000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282430928.000001EF1F4D0000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282073578.000001EF1FEF6000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282860551.000001EF1F410000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1285313977.000001EF207C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
              Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
              Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.7:49700 version: TLS 1.2
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F21FB30 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,0_2_000001EF1F21FB30
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2243F0 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,0_2_000001EF1F2243F0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F223CF0 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,0_2_000001EF1F223CF0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2726D0 NtQuerySystemInformation,0_2_000001EF1F2726D0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2726E0 NtAllocateVirtualMemory,0_2_000001EF1F2726E0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E634C0 NtQueryVirtualMemory,NtProtectVirtualMemory,0_2_00007FF617E634C0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2013400_2_000001EF1F201340
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1E22D00_2_000001EF1F1E22D0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F24114C0_2_000001EF1F24114C
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1CF1C00_2_000001EF1F1CF1C0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F21F2000_2_000001EF1F21F200
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2270B00_2_000001EF1F2270B0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1DCF600_2_000001EF1F1DCF60
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F218F600_2_000001EF1F218F60
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F221FF00_2_000001EF1F221FF0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1DACC00_2_000001EF1F1DACC0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F21FB300_2_000001EF1F21FB30
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F228B700_2_000001EF1F228B70
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F25E9680_2_000001EF1F25E968
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1DB8200_2_000001EF1F1DB820
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2208200_2_000001EF1F220820
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2598C00_2_000001EF1F2598C0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1DC8C00_2_000001EF1F1DC8C0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1CF8B00_2_000001EF1F1CF8B0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F22662B0_2_000001EF1F22662B
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2216600_2_000001EF1F221660
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F22C55A0_2_000001EF1F22C55A
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F23749C0_2_000001EF1F23749C
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1EE3200_2_000001EF1F1EE320
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2413C80_2_000001EF1F2413C8
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2243F00_2_000001EF1F2243F0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1C83D00_2_000001EF1F1C83D0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2182300_2_000001EF1F218230
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F25E2CC0_2_000001EF1F25E2CC
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F20D2A00_2_000001EF1F20D2A0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1D02E00_2_000001EF1F1D02E0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F20C3000_2_000001EF1F20C300
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2721380_2_000001EF1F272138
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1D61300_2_000001EF1F1D6130
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1EE1300_2_000001EF1F1EE130
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1A61800_2_000001EF1F1A6180
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2721580_2_000001EF1F272158
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2721600_2_000001EF1F272160
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2101F00_2_000001EF1F2101F0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2151E00_2_000001EF1F2151E0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1DA1F00_2_000001EF1F1DA1F0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F20F0400_2_000001EF1F20F040
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2350440_2_000001EF1F235044
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2370600_2_000001EF1F237060
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1D90900_2_000001EF1F1D9090
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F20CF700_2_000001EF1F20CF70
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F208F530_2_000001EF1F208F53
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F21AE500_2_000001EF1F21AE50
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F249EA00_2_000001EF1F249EA0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1CFEE00_2_000001EF1F1CFEE0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1A6D200_2_000001EF1F1A6D20
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F244D780_2_000001EF1F244D78
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F20FDB00_2_000001EF1F20FDB0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F230D980_2_000001EF1F230D98
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1A5DB00_2_000001EF1F1A5DB0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F23EE060_2_000001EF1F23EE06
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F238C340_2_000001EF1F238C34
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F20CC500_2_000001EF1F20CC50
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F232CD00_2_000001EF1F232CD0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1D7B8D0_2_000001EF1F1D7B8D
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1F9A100_2_000001EF1F1F9A10
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F20C9300_2_000001EF1F20C930
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2469840_2_000001EF1F246984
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2089500_2_000001EF1F208950
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2419B80_2_000001EF1F2419B8
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2429F40_2_000001EF1F2429F4
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F234A000_2_000001EF1F234A00
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1EC8200_2_000001EF1F1EC820
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F23088C0_2_000001EF1F23088C
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2128C00_2_000001EF1F2128C0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2358D00_2_000001EF1F2358D0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2247400_2_000001EF1F224740
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2047100_2_000001EF1F204710
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2487770_2_000001EF1F248777
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2167600_2_000001EF1F216760
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F23F7F40_2_000001EF1F23F7F4
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2347FC0_2_000001EF1F2347FC
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1A66100_2_000001EF1F1A6610
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F22B68A0_2_000001EF1F22B68A
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1F66A00_2_000001EF1F1F66A0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2106A60_2_000001EF1F2106A6
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2486F00_2_000001EF1F2486F0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F23E6F80_2_000001EF1F23E6F8
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1E86D00_2_000001EF1F1E86D0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1C55200_2_000001EF1F1C5520
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1C65100_2_000001EF1F1C6510
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1F55B00_2_000001EF1F1F55B0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2345F80_2_000001EF1F2345F8
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F20C6000_2_000001EF1F20C600
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F24A4380_2_000001EF1F24A438
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2205000_2_000001EF1F220500
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2454E80_2_000001EF1F2454E8
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617EB28CC0_2_00007FF617EB28CC
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617EAC8B40_2_00007FF617EAC8B4
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617EA68440_2_00007FF617EA6844
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E9F7EC0_2_00007FF617E9F7EC
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617EA07B40_2_00007FF617EA07B4
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E827B00_2_00007FF617E827B0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617EA87580_2_00007FF617EA8758
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E767300_2_00007FF617E76730
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E766E00_2_00007FF617E766E0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E9C5500_2_00007FF617E9C550
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617EAA4480_2_00007FF617EAA448
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617EA23EC0_2_00007FF617EA23EC
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617EA73580_2_00007FF617EA7358
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E922E80_2_00007FF617E922E8
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617EA02A80_2_00007FF617EA02A8
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E981D00_2_00007FF617E981D0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E9A1400_2_00007FF617E9A140
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617EA41100_2_00007FF617EA4110
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E830B00_2_00007FF617E830B0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617EB209C0_2_00007FF617EB209C
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E9AF560_2_00007FF617E9AF56
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E9CFA00_2_00007FF617E9CFA0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E97F900_2_00007FF617E97F90
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617EAFF2C0_2_00007FF617EAFF2C
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E9CEB20_2_00007FF617E9CEB2
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617EC3DA00_2_00007FF617EC3DA0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617EA9CD80_2_00007FF617EA9CD8
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617EA6CD80_2_00007FF617EA6CD8
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E94C300_2_00007FF617E94C30
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E98C300_2_00007FF617E98C30
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E99C100_2_00007FF617E99C10
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E9FBF40_2_00007FF617E9FBF4
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E92B970_2_00007FF617E92B97
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617EAFA900_2_00007FF617EAFA90
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E9CA200_2_00007FF617E9CA20
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E9F9F00_2_00007FF617E9F9F0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E739E00_2_00007FF617E739E0
              Source: C:\Users\user\Desktop\unique.exeCode function: String function: 000001EF1F1E5330 appears 74 times
              Source: C:\Users\user\Desktop\unique.exeCode function: String function: 000001EF1F1CB930 appears 32 times
              Source: C:\Users\user\Desktop\unique.exeCode function: String function: 000001EF1F1D4C00 appears 41 times
              Source: C:\Users\user\Desktop\unique.exeCode function: String function: 00007FF617E751F0 appears 69 times
              Source: classification engineClassification label: mal100.troj.spyw.winEXE@1/0@1/2
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F225970 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,0_2_000001EF1F225970
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1DC8C0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_000001EF1F1DC8C0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F20F1B5 CoCreateInstance,0_2_000001EF1F20F1B5
              Source: C:\Users\user\Desktop\unique.exeMutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E6963523BF477
              Source: unique.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\unique.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: unique.exe, 00000000.00000003.1281264293.000001EF1D7C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: unique.exeReversingLabs: Detection: 55%
              Source: C:\Users\user\Desktop\unique.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: vaultcli.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\unique.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
              Source: C:\Users\user\Desktop\unique.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: unique.exeStatic PE information: Image base 0x140000000 > 0x60000000
              Source: unique.exeStatic file information: File size 3341824 > 1048576
              Source: unique.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x2bd800
              Source: unique.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
              Source: unique.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
              Source: unique.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
              Source: unique.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: unique.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
              Source: unique.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
              Source: unique.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: unique.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: unique.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
              Source: unique.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
              Source: unique.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
              Source: unique.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
              Source: unique.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1DB820 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,0_2_000001EF1F1DB820
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F21E874 push rbx; iretd 0_2_000001EF1F21E875
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F21E89C push rbx; iretd 0_2_000001EF1F21E89D
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E9D8A1 push rdi; ret 0_2_00007FF617E9D8A5
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E9D2C0 push rcx; iretd 0_2_00007FF617E9D2C1
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E9DB93 push rcx; iretd 0_2_00007FF617E9DB94
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617E9DB8C push rdi; ret 0_2_00007FF617E9DB90
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F216480 ExitProcess,OpenMutexA,ExitProcess,CreateMutexA,CreateMutexExA,ExitProcess,ReleaseMutex,CloseHandle,0_2_000001EF1F216480
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F259810 FindClose,FindFirstFileExW,GetLastError,0_2_000001EF1F259810
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2598C0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_000001EF1F2598C0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2213B0 GetLogicalDriveStringsW,0_2_000001EF1F2213B0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F237348 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,0_2_000001EF1F237348
              Source: C:\Users\user\Desktop\unique.exeFile opened: D:\sources\migration\Jump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: D:\sources\migration\wtr\Jump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
              Source: unique.exe, 00000000.00000003.1277974859.000001EF1D736000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1277514996.000001EF1D733000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000002.1490762787.000001EF1D736000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000002.1491224091.000001EF1F070000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1278758252.000001EF1D736000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
              Source: unique.exe, 00000000.00000003.1280542780.000001EF1D7E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
              Source: C:\Users\user\Desktop\unique.exeAPI call chain: ExitProcess graph end nodegraph_0-97670
              Source: C:\Users\user\Desktop\unique.exeAPI call chain: ExitProcess graph end nodegraph_0-97664
              Source: C:\Users\user\Desktop\unique.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2243F0 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,0_2_000001EF1F2243F0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F25BB14 GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_000001EF1F25BB14
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F25BB14 GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_000001EF1F25BB14
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F1DB820 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,0_2_000001EF1F1DB820
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F247F00 GetProcessHeap,0_2_000001EF1F247F00
              Source: C:\Users\user\Desktop\unique.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2722D8 SetUnhandledExceptionFilter,0_2_000001EF1F2722D8
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F22F920 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_000001EF1F22F920
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F24D54C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_000001EF1F24D54C
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617EA1E68 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF617EA1E68
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_00007FF617EB5AC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF617EB5AC0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F2151E0 ShellExecuteW,0_2_000001EF1F2151E0
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F24C220 cpuid 0_2_000001EF1F24C220
              Source: C:\Users\user\Desktop\unique.exeCode function: EnumSystemLocalesW,0_2_000001EF1F247340
              Source: C:\Users\user\Desktop\unique.exeCode function: GetLocaleInfoW,0_2_000001EF1F272398
              Source: C:\Users\user\Desktop\unique.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_000001EF1F2473D8
              Source: C:\Users\user\Desktop\unique.exeCode function: EnumSystemLocalesW,0_2_000001EF1F247270
              Source: C:\Users\user\Desktop\unique.exeCode function: GetLocaleInfoW,0_2_000001EF1F23C1A8
              Source: C:\Users\user\Desktop\unique.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_000001EF1F246F14
              Source: C:\Users\user\Desktop\unique.exeCode function: EnumSystemLocalesW,0_2_000001EF1F23BC68
              Source: C:\Users\user\Desktop\unique.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_000001EF1F24795C
              Source: C:\Users\user\Desktop\unique.exeCode function: GetLocaleInfoW,0_2_000001EF1F247828
              Source: C:\Users\user\Desktop\unique.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_000001EF1F247778
              Source: C:\Users\user\Desktop\unique.exeCode function: GetLocaleInfoW,0_2_000001EF1F247620
              Source: C:\Users\user\Desktop\unique.exeCode function: GetLocaleInfoEx,FormatMessageA,0_2_000001EF1F259480
              Source: C:\Users\user\Desktop\unique.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF617EAD88C
              Source: C:\Users\user\Desktop\unique.exeCode function: GetLocaleInfoW,0_2_00007FF617EAD758
              Source: C:\Users\user\Desktop\unique.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00007FF617EAD6A8
              Source: C:\Users\user\Desktop\unique.exeCode function: GetLocaleInfoW,0_2_00007FF617EAD550
              Source: C:\Users\user\Desktop\unique.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF617EAD308
              Source: C:\Users\user\Desktop\unique.exeCode function: EnumSystemLocalesW,0_2_00007FF617EAD270
              Source: C:\Users\user\Desktop\unique.exeCode function: GetLocaleInfoW,0_2_00007FF617EA91E0
              Source: C:\Users\user\Desktop\unique.exeCode function: EnumSystemLocalesW,0_2_00007FF617EAD1A0
              Source: C:\Users\user\Desktop\unique.exeCode function: EnumSystemLocalesW,0_2_00007FF617EA8E4C
              Source: C:\Users\user\Desktop\unique.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00007FF617EACE44
              Source: C:\Users\user\Desktop\unique.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\unique.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\unique.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyNameJump to behavior
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F24DC18 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_000001EF1F24DC18
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F220110 GetUserNameW,0_2_000001EF1F220110
              Source: C:\Users\user\Desktop\unique.exeCode function: 0_2_000001EF1F24114C _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_000001EF1F24114C

              Stealing of Sensitive Information

              barindex
              Yara detected CredGrabber
              Source: Yara matchFile source: Process Memory Space: unique.exe PID: 7344, type: MEMORYSTR
              Yara detected Meduza Stealer
              Source: Yara matchFile source: 0.2.unique.exe.1ef1f1a0000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.unique.exe.1ef1f1a0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.1491224091.000001EF1F070000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: unique.exe PID: 7344, type: MEMORYSTR
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: unique.exe, 00000000.00000002.1491224091.000001EF1F070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Electrum-LTC\wallets
              Source: unique.exe, 00000000.00000002.1491224091.000001EF1F070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectronCash\wallets
              Source: unique.exe, 00000000.00000003.1310366744.000001EF2279B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "software": "Ny1aaXAgMjMuMDEgKHg2NCkgWzIzLjAxXQpNb3ppbGxhIEZpcmVmb3ggKHg2NCBlbi1VUykgWzExOC4wLjFdCk1vemlsbGEgTWFpbnRlbmFuY2UgU2VydmljZSBbMTE4LjAuMV0KTWljcm9zb2Z0IE9mZmljZSBQcm9mZXNzaW9uYWwgUGx1cyAyMDE5IC0gZW4tdXMgWzE2LjAuMTY4MjcuMjAxMzBdCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMjIgWDY0IEFkZGl0aW9uYWwgUnVudGltZSAtIDE0LjM2LjMyNTMyIFsxNC4zNi4zMjUzMl0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBMaWNlbnNpbmcgQ29tcG9uZW50IFsxNi4wLjE2ODI3LjIwMTMwXQpPZmZpY2UgMTYgQ2xpY2stdG8tUnVuIEV4dGVuc2liaWxpdHkgQ29tcG9uZW50IDY0LWJpdCBSZWdpc3RyYXRpb24gWzE2LjAuMTY4MjcuMjAwNTZdCkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkgWzIzLjAwNi4yMDMyMF0KTWljcm9zb2Z0IFZpc3VhbCBDKysgMjAyMiBYNjQgTWluaW11bSBSdW50aW1lIC0gMTQuMzYuMzI1MzIgWzE0LjM2LjMyNTMyXQpHb29nbGUgQ2hyb21lIFsxMTcuMC41OTM4LjEzNF0KTWljcm9zb2Z0IEVkZ2UgWzExNy4wLjIwNDUuNDddCk1pY3Jvc29mdCBFZGdlIFVwZGF0ZSBbMS4zLjE3Ny4xMV0KTWljcm9zb2Z0IEVkZ2UgV2ViVmlldzIgUnVudGltZSBbMTE3LjAuMjA0NS40N10KSmF2YSBBdXRvIFVwZGF0ZXIgWzIuOC4zODEuOV0KSmF2YSA4IFVwZGF0ZSAzODEgWzguMC4zODEwLjldCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMTUtMjAyMiBSZWRpc3RyaWJ1dGFibGUgKHg2NCkgLSAxNC4zNi4zMjUzMiBbMTQuMzYuMzI1MzIuMF0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBFeHRlbnNpYmlsaXR5IENvbXBvbmVudCBbMTYuMC4xNjgyNy4yMDEzMF0K",
              Source: unique.exe, 00000000.00000003.1289922829.000001EF1D77E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.walletser
              Source: unique.exe, 00000000.00000003.1289922829.000001EF1D77E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum\keystorerowser
              Source: unique.exe, 00000000.00000002.1491224091.000001EF1F070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Exodus\exodus.wallet
              Source: unique.exe, 00000000.00000003.1289922829.000001EF1D77E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\walletsser
              Source: unique.exe, 00000000.00000002.1491224091.000001EF1F070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
              Source: unique.exe, 00000000.00000002.1491224091.000001EF1F070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
              Tries to harvest and steal Bitcoin Wallet information
              Source: C:\Users\user\Desktop\unique.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\unique.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCKJump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldJump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
              Source: C:\Users\user\Desktop\unique.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Users\user\Desktop\unique.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

              Remote Access Functionality

              barindex
              Yara detected CredGrabber
              Source: Yara matchFile source: Process Memory Space: unique.exe PID: 7344, type: MEMORYSTR
              Yara detected Meduza Stealer
              Source: Yara matchFile source: 0.2.unique.exe.1ef1f1a0000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.unique.exe.1ef1f1a0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.1491224091.000001EF1F070000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: unique.exe PID: 7344, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
              Native API              		1
              DLL Side-Loading              		1
              Exploitation for Privilege Escalation              		1
              Access Token Manipulation              		1
              OS Credential Dumping              		12
              System Time Discovery              		Remote Services1
              Screen Capture              		21
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              Access Token Manipulation              		1
              Deobfuscate/Decode Files or Information              		LSASS Memory31
              Security Software Discovery              		Remote Desktop Protocol1
              Email Collection              		1
              Non-Standard Port              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              DLL Side-Loading              		2
              Obfuscated Files or Information              		Security Account Manager2
              Process Discovery              		SMB/Windows Admin Shares1
              Archive Collected Data              		2
              Ingress Tool Transfer              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              DLL Side-Loading              		NTDS1
              Account Discovery              		Distributed Component Object Model2
              Data from Local System              		2
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
              System Owner/User Discovery              		SSHKeylogging3
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
              System Network Configuration Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync3
              File and Directory Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem34
              System Information Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              unique.exe55%ReversingLabsWin64.Spyware.Meduzastealer

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              No Antivirus matches

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              api.ipify.org
              		172.67.74.152
              		truefalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://api.ipify.org/false
                  		high

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0unique.exe, 00000000.00000003.1290197593.000001EF1D7A2000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289100148.000001EF1FE6A000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D77E000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D74D000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289612684.000001EF1FE6B000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://duckduckgo.com/chrome_newtabunique.exe, 00000000.00000003.1278377282.000001EF1F10F000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://api.ipify.orgunique.exe, 00000000.00000002.1491224091.000001EF1F070000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://duckduckgo.com/ac/?q=unique.exe, 00000000.00000003.1278377282.000001EF1F10F000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgunique.exe, 00000000.00000003.1290197593.000001EF1D7A2000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289100148.000001EF1FE6A000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D77E000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D74D000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289612684.000001EF1FE6B000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&uunique.exe, 00000000.00000003.1290197593.000001EF1D7A2000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289100148.000001EF1FE6A000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D77E000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D74D000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289612684.000001EF1FE6B000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.unique.exe, 00000000.00000003.1290197593.000001EF1D7A2000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289100148.000001EF1FE6A000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D77E000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D74D000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289612684.000001EF1FE6B000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9eunique.exe, 00000000.00000003.1289612684.000001EF1FE6B000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=unique.exe, 00000000.00000003.1278377282.000001EF1F10F000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgunique.exe, 00000000.00000003.1290197593.000001EF1D7A2000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289100148.000001EF1FE6A000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D77E000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D74D000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289612684.000001EF1FE6B000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://support.mozilla.orgunique.exe, 00000000.00000003.1282860551.000001EF1F400000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1285313977.000001EF207BE000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282073578.000001EF1FEEE000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282430928.000001EF1F4C8000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1283805465.000001EF1F11F000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1283976216.000001EF1D7D6000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1283805465.000001EF1F127000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282073578.000001EF1FEE6000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282860551.000001EF1F408000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1282430928.000001EF1F4C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://ns.microsoft.t/Regiunique.exe, 00000000.00000003.1490195161.000001EF1F6E4000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1490145991.000001EF1F6E0000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1490111404.000001EF1F6E0000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1276151481.000001EF1F6D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brunique.exe, 00000000.00000003.1285313977.000001EF207C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLKunique.exe, 00000000.00000003.1285313977.000001EF207C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&ctaunique.exe, 00000000.00000003.1290197593.000001EF1D7A2000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289100148.000001EF1FE6A000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D77E000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289922829.000001EF1D74D000.00000004.00000020.00020000.00000000.sdmp, unique.exe, 00000000.00000003.1289612684.000001EF1FE6B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                45.130.145.152
                                                		unknownRussian Federation
                                                		49392ASBAXETNRUtrue
                                                172.67.74.152
                                                		api.ipify.orgUnited States
                                                		13335CLOUDFLARENETUSfalse

                                                General Information

                                                Joe Sandbox version:41.0.0 Charoite
                                                Analysis ID:1565322
                                                Start date and time:2024-11-29 16:06:05 +01:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 5m 16s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:12
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Sample name:unique.exe
                                                Detection:MAL
                                                Classification:mal100.troj.spyw.winEXE@1/0@1/2
                                                EGA Information:
                                                • Successful, ratio: 100%
                                                HCA Information:
                                                • Successful, ratio: 99%
                                                • Number of executed functions: 101
                                                • Number of non-executed functions: 115
                                                Cookbook Comments:
                                                • Found application associated with file extension: .exe

                                                Warnings

                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                • Report size exceeded maximum capacity and may have missing network information.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                • VT rate limit hit for: unique.exe

                                                Simulations

                                                Behavior and APIs

                                                No simulations

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                45.130.145.152siveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                  chelentano.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                    9RM52QaURq.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                      HZ1BUCfTne.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                        9RM52QaURq.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                          bv2DbIiZeK.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                            brozer.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                              YU7jHNMJjG.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                6Ev0Nd7z2t.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                  6HWYiong4s.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                    172.67.74.1522b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                                    • api.ipify.org/
                                                                    Zc9eO57fgF.elfGet hashmaliciousUnknownBrowse
                                                                    • api.ipify.org/
                                                                    67065b4c84713_Javiles.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                    • api.ipify.org/
                                                                    Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                                    • api.ipify.org/
                                                                    4F08j2Rmd9.binGet hashmaliciousXmrigBrowse
                                                                    • api.ipify.org/
                                                                    y8tCHz7CwC.binGet hashmaliciousXmrigBrowse
                                                                    • api.ipify.org/
                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                    • api.ipify.org/
                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                    • api.ipify.org/
                                                                    file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                    • api.ipify.org/
                                                                    file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                    • api.ipify.org/

                                                                    Domains

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    api.ipify.orgsiveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                    • 104.26.12.205
                                                                    https://google.lk/url?q=ernie.grue@nationalmi.com&nationalmi.com&sa=t&url=amp/s/i--iy.s3.us-east-1.amazonaws.com/vocabulary.html#ZXJuaWUuZ3J1ZUBuYXRpb25hbG1pLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                    • 104.26.12.205
                                                                    Employee_Important_Message.pdfGet hashmaliciousUnknownBrowse
                                                                    • 104.26.12.205
                                                                    9arEd0o4IZ.exeGet hashmaliciousUnknownBrowse
                                                                    • 104.26.12.205
                                                                    IwSa5fjMWm.exeGet hashmaliciousUnknownBrowse
                                                                    • 172.67.74.152
                                                                    051qAVqlq9.exeGet hashmaliciousUnknownBrowse
                                                                    • 104.26.12.205
                                                                    rkGw58sHF5.exeGet hashmaliciousUnknownBrowse
                                                                    • 104.26.12.205
                                                                    Vr39ff92jh.exeGet hashmaliciousUnknownBrowse
                                                                    • 172.67.74.152
                                                                    LBswoftSFF.exeGet hashmaliciousUnknownBrowse
                                                                    • 104.26.12.205
                                                                    3lpDhNtVKt.exeGet hashmaliciousUnknownBrowse
                                                                    • 172.67.74.152

                                                                    ASNs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    ASBAXETNRUsiveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                    • 45.130.145.152
                                                                    1732748284fd56a2da13edf4ae4b865c44fa6834581d27eb2edbfe3fc50ef131cb95db5639506.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                    • 45.135.232.38
                                                                    mips.elfGet hashmaliciousUnknownBrowse
                                                                    • 212.192.15.158
                                                                    chelentano.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                    • 45.130.145.152
                                                                    m2.exeGet hashmaliciousXmrigBrowse
                                                                    • 194.87.31.45
                                                                    9RM52QaURq.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                    • 45.130.145.152
                                                                    HZ1BUCfTne.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                    • 45.130.145.152
                                                                    9RM52QaURq.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                    • 45.130.145.152
                                                                    bv2DbIiZeK.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                    • 45.130.145.152
                                                                    brozer.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                    • 45.130.145.152
                                                                    CLOUDFLARENETUSsiveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                    • 104.26.12.205
                                                                    https://google.lk/url?q=ernie.grue@nationalmi.com&nationalmi.com&sa=t&url=amp/s/i--iy.s3.us-east-1.amazonaws.com/vocabulary.html#ZXJuaWUuZ3J1ZUBuYXRpb25hbG1pLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                    • 104.26.13.205
                                                                    file.ps1Get hashmaliciousLummaC StealerBrowse
                                                                    • 172.67.170.85
                                                                    IMG_1205 #U2014 ThingLink.htmlGet hashmaliciousUnknownBrowse
                                                                    • 104.18.41.175
                                                                    bUAmCazc.ps1Get hashmaliciousLummaC StealerBrowse
                                                                    • 172.67.170.85
                                                                    http://myhobbybuys.comGet hashmaliciousUnknownBrowse
                                                                    • 104.17.25.14
                                                                    https://29112024red01kamcjduq.z33.web.core.windows.netGet hashmaliciousTechSupportScamBrowse
                                                                    • 104.17.25.14
                                                                    http://antena1.rtp.ptGet hashmaliciousRATDispenserBrowse
                                                                    • 104.22.62.150
                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                    • 172.67.165.166
                                                                    https://herald-review.com/users/logout-success/?expire=1626371676&referer_url=http://209.159.152.50Get hashmaliciousHTMLPhisherBrowse
                                                                    • 104.17.25.14

                                                                    JA3 Fingerprints

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    37f463bf4616ecd445d4a1937da06e19siveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                    • 172.67.74.152
                                                                    file.exeGet hashmaliciousClipboard HijackerBrowse
                                                                    • 172.67.74.152
                                                                    file.exeGet hashmaliciousClipboard HijackerBrowse
                                                                    • 172.67.74.152
                                                                    pPLD6OSn7O.exeGet hashmaliciousUnknownBrowse
                                                                    • 172.67.74.152
                                                                    pPLD6OSn7O.exeGet hashmaliciousUnknownBrowse
                                                                    • 172.67.74.152
                                                                    0b3SUiWz3y.exeGet hashmaliciousUnknownBrowse
                                                                    • 172.67.74.152
                                                                    ww7Oxm9pwx.exeGet hashmaliciousUnknownBrowse
                                                                    • 172.67.74.152
                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                    • 172.67.74.152
                                                                    0b3SUiWz3y.exeGet hashmaliciousUnknownBrowse
                                                                    • 172.67.74.152
                                                                    ww7Oxm9pwx.exeGet hashmaliciousUnknownBrowse
                                                                    • 172.67.74.152

                                                                    Dropped Files

                                                                    No context

                                                                    Created / dropped Files

                                                                    No created / dropped files found

                                                                    Static File Info

                                                                    General

                                                                    File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                    Entropy (8bit):4.216400575454824
                                                                    TrID:
                                                                    • Win64 Executable GUI (202006/5) 92.65%
                                                                    • Win64 Executable (generic) (12005/4) 5.51%
                                                                    • Generic Win/DOS Executable (2004/3) 0.92%
                                                                    • DOS Executable Generic (2002/1) 0.92%
                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                    File name:unique.exe
                                                                    File size:3'341'824 bytes
                                                                    MD5:814a59368670f8d35ad8eb71ab874666
                                                                    SHA1:ca386125774e35b84c16bacfbe52919a354434ac
                                                                    SHA256:98d8aa77d46e09b79c04b5f4556b1d389c6f62549a5ac0f961a6d8f2961fa55d
                                                                    SHA512:57c30c5838a59f7d82343d40cbb539a1405485f51ceaf6350c52b27b1e54d5a9c9e2b8e08a8a73644e1ddd2733135128b1339c53676ba770a3bd0d69f33c192f
                                                                    SSDEEP:24576:S/frmzI7lsX7Rh7lmXh0lhSMXlWuZndKjOg4eMLbjxMQ2PEpnjaJ9:KfrmzI7OXBGu+ybjxGaja
                                                                    TLSH:84F5AD67EE9064F2D874D13488A3076BBA767481C37183C75B88662A5F527E43F3AF84
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N..f...5...5...5.x.4...5.x.4...5.x.4V..5A..4...5A..4...5A..4...52|.4$..52|.4...5By.4...5A..4...5...5...5Ay.4...5AyH5...5Ay.4...

                                                                    File Icon

                                                                    Icon Hash:00928e8e8686b000

                                                                    Static PE Info

                                                                    General

                                                                    Entrypoint:0x140055a30
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x140000000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0x67451F50 [Tue Nov 26 01:07:28 2024 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:6
                                                                    OS Version Minor:0
                                                                    File Version Major:6
                                                                    File Version Minor:0
                                                                    Subsystem Version Major:6
                                                                    Subsystem Version Minor:0
                                                                    Import Hash:de1751741e7d5e07ce98493d3f0130fc

                                                                    Entrypoint Preview

                                                                    Instruction
                                                                    dec eax
                                                                    sub esp, 28h
                                                                    call 00007F21E87B3A0Ch
                                                                    dec eax
                                                                    add esp, 28h
                                                                    jmp 00007F21E87B2D8Fh
                                                                    int3
                                                                    int3
                                                                    dec eax
                                                                    sub esp, 28h
                                                                    dec ebp
                                                                    mov eax, dword ptr [ecx+38h]
                                                                    dec eax
                                                                    mov ecx, edx
                                                                    dec ecx
                                                                    mov edx, ecx
                                                                    call 00007F21E87B2F22h
                                                                    mov eax, 00000001h
                                                                    dec eax
                                                                    add esp, 28h
                                                                    ret
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    inc eax
                                                                    push ebx
                                                                    inc ebp
                                                                    mov ebx, dword ptr [eax]
                                                                    dec eax
                                                                    mov ebx, edx
                                                                    inc ecx
                                                                    and ebx, FFFFFFF8h
                                                                    dec esp
                                                                    mov ecx, ecx
                                                                    inc ecx
                                                                    test byte ptr [eax], 00000004h
                                                                    dec esp
                                                                    mov edx, ecx
                                                                    je 00007F21E87B2F25h
                                                                    inc ecx
                                                                    mov eax, dword ptr [eax+08h]
                                                                    dec ebp
                                                                    arpl word ptr [eax+04h], dx
                                                                    neg eax
                                                                    dec esp
                                                                    add edx, ecx
                                                                    dec eax
                                                                    arpl ax, cx
                                                                    dec esp
                                                                    and edx, ecx
                                                                    dec ecx
                                                                    arpl bx, ax
                                                                    dec edx
                                                                    mov edx, dword ptr [eax+edx]
                                                                    dec eax
                                                                    mov eax, dword ptr [ebx+10h]
                                                                    mov ecx, dword ptr [eax+08h]
                                                                    dec eax
                                                                    mov eax, dword ptr [ebx+08h]
                                                                    test byte ptr [ecx+eax+03h], 0000000Fh
                                                                    je 00007F21E87B2F1Dh
                                                                    movzx eax, byte ptr [ecx+eax+03h]
                                                                    and eax, FFFFFFF0h
                                                                    dec esp
                                                                    add ecx, eax
                                                                    dec esp
                                                                    xor ecx, edx
                                                                    dec ecx
                                                                    mov ecx, ecx
                                                                    pop ebx
                                                                    jmp 00007F21E87B2956h
                                                                    int3
                                                                    inc eax
                                                                    push ebx
                                                                    dec eax
                                                                    sub esp, 20h
                                                                    dec eax
                                                                    mov ebx, ecx
                                                                    xor ecx, ecx
                                                                    call dword ptr [0001563Fh]
                                                                    dec eax
                                                                    mov ecx, ebx
                                                                    call dword ptr [0001562Eh]
                                                                    call dword ptr [000155B0h]
                                                                    dec eax
                                                                    mov ecx, eax
                                                                    mov edx, C0000409h
                                                                    dec eax
                                                                    add esp, 20h
                                                                    pop ebx
                                                                    dec eax
                                                                    jmp dword ptr [00015624h]
                                                                    dec eax
                                                                    mov dword ptr [esp+00h], ecx

                                                                    Data Directories

                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x327b9c0x64.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x3320000x1e0.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x32c0000x57e4.pdata
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x3330000x1d38.reloc
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x320ef00x38.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x3211000x28.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x320db00x140.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x6b0000x330.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                    Sections

                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x10000x692f00x69400201d673c76ad9fae647f8cd6a278e333False0.4342200489904988data6.181155425260236IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                    .rdata0x6b0000x2bd6960x2bd800fd84b474fc2b5d511c79aef4a401aa86unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .data0x3290000x2f1c0x16008e0cf2168d43982c322bc34eed94de2bFalse0.18980823863636365data3.2059756111359152IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                    .pdata0x32c0000x57e40x58004c0d14150dd6a4ac35b35408d7a8233dFalse0.47767223011363635data5.711183919097264IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .rsrc0x3320000x1e00x2000c1ab865bc43ec75ebd479502575ccefFalse0.525390625data4.700456763479242IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .reloc0x3330000x1d380x1e003d9cd06dc9d02c11c130514ad02ec0c5False0.6712239583333334data6.471011674882192IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                    Resources

                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                    RT_MANIFEST0x3320600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                    Imports

                                                                    DLLImport
                                                                    ntdll.dllRtlImageDirectoryEntryToData, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlCompareMemory, NtProtectVirtualMemory, RtlImageNtHeader, NtQueryVirtualMemory, RtlGetNtVersionNumbers
                                                                    KERNEL32.dllGetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, FindNextFileW, FindFirstFileExW, FindClose, VirtualFree, VirtualAlloc, GetModuleHandleW, LoadLibraryA, ReadFile, WriteFile, CreateFileW, CloseHandle, GetProcAddress, GetCurrentProcess, VirtualQuery, EnterCriticalSection, GetModuleFileNameW, LeaveCriticalSection, MultiByteToWideChar, ExitProcess, WideCharToMultiByte, GetLastError, DeleteCriticalSection, SetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, GetSystemTimeAsFileTime, HeapAlloc, HeapFree, GetCurrentThreadId, GetStdHandle, GetFileType, FreeEnvironmentStringsW, RaiseException, HeapReAlloc, HeapSize, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, InitializeCriticalSectionAndSpinCount, FreeLibrary, LoadLibraryExW, LCMapStringW, GetLocaleInfoW, IsValidLocale, EnumSystemLocalesW, GetCPInfo, GetStringTypeW, IsValidCodePage, GetACP, GetOEMCP, GetModuleHandleExW, GetConsoleOutputCP, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, GetProcessHeap, SetStdHandle, ReadConsoleW, FlushFileBuffers, WriteConsoleW, QueryPerformanceCounter, GetCurrentProcessId, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, RtlUnwind, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetUserDefaultLCID, InitializeCriticalSectionEx, DecodePointer, LCMapStringEx
                                                                    USER32.dllLoadAcceleratorsA, LoadAcceleratorsW
                                                                    ADVAPI32.dllGetTokenInformation, OpenProcessToken

                                                                    Possible Origin

                                                                    Language of compilation systemCountry where language is spokenMap
                                                                    EnglishUnited States

                                                                    Network Behavior

                                                                    Suricata IDS Alerts

                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                    2024-11-29T16:07:06.069806+01002049441ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt1192.168.2.74969945.130.145.15215666TCP
                                                                    2024-11-29T16:07:06.069806+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.74969945.130.145.15215666TCP
                                                                    2024-11-29T16:07:06.069806+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.74969945.130.145.15215666TCP
                                                                    2024-11-29T16:07:06.190295+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.74969945.130.145.15215666TCP
                                                                    2024-11-29T16:07:06.190295+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.74969945.130.145.15215666TCP

                                                                    Network Port Distribution

                                                                    TCP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Nov 29, 2024 16:06:59.939435959 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:00.059547901 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:00.059628963 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:00.267242908 CET49700443192.168.2.7172.67.74.152
                                                                    Nov 29, 2024 16:07:00.267319918 CET44349700172.67.74.152192.168.2.7
                                                                    Nov 29, 2024 16:07:00.267395020 CET49700443192.168.2.7172.67.74.152
                                                                    Nov 29, 2024 16:07:00.276581049 CET49700443192.168.2.7172.67.74.152
                                                                    Nov 29, 2024 16:07:00.276599884 CET44349700172.67.74.152192.168.2.7
                                                                    Nov 29, 2024 16:07:01.503614902 CET44349700172.67.74.152192.168.2.7
                                                                    Nov 29, 2024 16:07:01.503750086 CET49700443192.168.2.7172.67.74.152
                                                                    Nov 29, 2024 16:07:01.844033003 CET49700443192.168.2.7172.67.74.152
                                                                    Nov 29, 2024 16:07:01.844079971 CET44349700172.67.74.152192.168.2.7
                                                                    Nov 29, 2024 16:07:01.844588041 CET44349700172.67.74.152192.168.2.7
                                                                    Nov 29, 2024 16:07:01.844650984 CET49700443192.168.2.7172.67.74.152
                                                                    Nov 29, 2024 16:07:01.846040964 CET49700443192.168.2.7172.67.74.152
                                                                    Nov 29, 2024 16:07:01.887341976 CET44349700172.67.74.152192.168.2.7
                                                                    Nov 29, 2024 16:07:02.182327986 CET44349700172.67.74.152192.168.2.7
                                                                    Nov 29, 2024 16:07:02.182400942 CET49700443192.168.2.7172.67.74.152
                                                                    Nov 29, 2024 16:07:02.182416916 CET44349700172.67.74.152192.168.2.7
                                                                    Nov 29, 2024 16:07:02.182461023 CET49700443192.168.2.7172.67.74.152
                                                                    Nov 29, 2024 16:07:02.183063030 CET49700443192.168.2.7172.67.74.152
                                                                    Nov 29, 2024 16:07:02.183080912 CET44349700172.67.74.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.069806099 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.190201998 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.190224886 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.190260887 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.190275908 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.190294981 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.190345049 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.190362930 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.190376043 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.190427065 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.190470934 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.190566063 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.190598011 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.190599918 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.190629959 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.190654039 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.190680027 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.190706015 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.310484886 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.310506105 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.310520887 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.310543060 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.310560942 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.310610056 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.310664892 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.310692072 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.310749054 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.310782909 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.310903072 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.310982943 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.311007023 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.311045885 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.311079025 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.311131954 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.311146021 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.311194897 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.311227083 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.311265945 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.311289072 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.311330080 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.430737019 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.430787086 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.430803061 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.430835009 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.430887938 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.430891037 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.430938959 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.430999994 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.431133032 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.431143045 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.431143045 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.431222916 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.431349039 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.431411982 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.431436062 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.431441069 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.431447983 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.431456089 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.431473017 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.431550980 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.431597948 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.431607008 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.431679964 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.431679964 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.431691885 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.431766033 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.431827068 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.431837082 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.431898117 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.431905985 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.431906939 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.431993961 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.432037115 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.432045937 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.432121992 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.432132959 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.432153940 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.432229042 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.551100016 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551120996 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551153898 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551166058 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551192045 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551203012 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551246881 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.551251888 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551264048 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551282883 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.551352978 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551363945 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551389933 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.551430941 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551441908 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551470041 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.551511049 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.551547050 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551558971 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551611900 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551632881 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551691055 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.551738024 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551748991 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551778078 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551789045 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551801920 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.551836967 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.551918030 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551930904 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.551995039 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552016973 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552028894 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.552038908 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552078009 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.552089930 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552115917 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552138090 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552162886 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552176952 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.552252054 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.552264929 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552289963 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552323103 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.552373886 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.552377939 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552448034 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552480936 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.552545071 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.552582026 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552593946 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552603960 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552614927 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552628040 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552651882 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.552659035 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552680016 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.552733898 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.552750111 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552762032 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552783966 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552795887 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552798986 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.552826881 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.552884102 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552896976 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.552911997 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552933931 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552943945 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.552948952 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.552990913 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.553004980 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553016901 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553030968 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553056002 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553083897 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.553138018 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553167105 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.553188086 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553216934 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.553406954 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553420067 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553437948 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.553463936 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553498983 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.553510904 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.553534985 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553546906 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553560019 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553576946 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553589106 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553591013 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.553617001 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.553630114 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553663015 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553666115 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.553695917 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.553716898 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.553751945 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553771019 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553781986 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553824902 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553836107 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553845882 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.553847075 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.553899050 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.671392918 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.671427965 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.671472073 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.671509981 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.671533108 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.671564102 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.671614885 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.671623945 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.671648026 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.671736956 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.671770096 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.671804905 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.671823978 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.671863079 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.671873093 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.671888113 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.672014952 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.672020912 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.672051907 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.672199011 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.672236919 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.672343969 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.672480106 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.672524929 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.672569036 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.672687054 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.672709942 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.672750950 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.672755003 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.672910929 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.672997952 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.673036098 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.673064947 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.673248053 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.673324108 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.673525095 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.673559904 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.673633099 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.673644066 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.673765898 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.673770905 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.673798084 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.673826933 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.673835039 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.673842907 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.673882961 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.673917055 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.673962116 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.674004078 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.674011946 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.674046993 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.674065113 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.674108982 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.674109936 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.674173117 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.674295902 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.674400091 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.674408913 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.674449921 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.674489975 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.674550056 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.674577951 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.674578905 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.674606085 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.674671888 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.674679995 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.674693108 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.674770117 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.674787045 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.674801111 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.674812078 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.674851894 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.674889088 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.674916983 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.674954891 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.674954891 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.675102949 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.675113916 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.675199032 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.675234079 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.675245047 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.675275087 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.675283909 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.675376892 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.675385952 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.675386906 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.675457001 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.675508022 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.675515890 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.675571918 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.675627947 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.675676107 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.675765038 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.675782919 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.675803900 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.675909042 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.675918102 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.675945044 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.676012039 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676021099 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676037073 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676112890 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.676152945 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676188946 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676203966 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676215887 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.676275015 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676284075 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676312923 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.676348925 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676357985 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676381111 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.676413059 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.676429987 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676438093 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676616907 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676625967 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676711082 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676718950 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676743984 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.676749945 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676768064 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676783085 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.676798105 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.676831007 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676853895 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676907063 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.676922083 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676983118 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.676991940 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.677046061 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.677053928 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.677090883 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.677155018 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.677162886 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.677196980 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.677229881 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.677251101 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.677270889 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.677304983 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.677314043 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.677340984 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.677393913 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.677402973 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.677452087 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.677489996 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.677577972 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.677587986 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.677607059 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.677654982 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.677664042 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.677689075 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.677798986 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.677808046 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.677831888 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.677900076 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.677906036 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.678000927 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.678018093 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.678026915 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.678049088 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.678064108 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.678141117 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.678180933 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.678189993 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.678273916 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.678309917 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.678334951 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.678433895 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.678441048 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.678536892 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.678569078 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.678617001 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.678626060 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.678649902 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.678771019 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.678776026 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.678778887 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.678884983 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.678894043 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.678916931 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.678944111 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.678980112 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.679018021 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.679028988 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.679048061 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.679068089 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.679104090 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.679151058 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.679160118 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.679214954 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.679224968 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.679250002 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.679279089 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.679289103 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.679300070 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.679395914 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.679424047 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.679480076 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.679518938 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.679554939 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.679578066 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.679606915 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.679650068 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.679692984 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.679702044 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.679712057 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.679728985 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.679745913 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.679778099 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.679780006 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.679832935 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.679867983 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.791565895 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.791582108 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.791667938 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.791678905 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.791687965 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.791699886 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.791742086 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.791745901 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.791753054 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.791785002 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.791860104 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.791870117 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.791901112 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.791915894 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.791922092 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.791953087 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.791984081 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.792120934 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.792201042 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.792253971 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.792265892 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.792274952 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.792320967 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.792426109 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.792435884 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.792447090 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.792493105 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.792510033 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.792545080 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.792594910 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.792603970 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.792644024 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.792691946 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.792727947 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.792735100 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.792782068 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.792859077 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.792874098 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.792902946 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.792947054 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.792953968 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.792989016 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.792999029 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.793010950 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.793028116 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.793060064 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.793066025 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.793186903 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.793236971 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.793298006 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.793317080 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.793348074 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.793359995 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.793392897 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.793400049 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.793457985 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.793508053 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.793541908 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.793560028 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.793602943 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.793641090 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.793649912 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.793698072 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.793715954 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.793756962 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.793804884 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.793863058 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.793873072 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.793912888 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.793955088 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.793965101 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.794006109 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.794040918 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.794049978 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.794086933 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.794173956 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.794183969 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.794190884 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.794199944 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.794224977 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.794239998 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.794250965 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.794258118 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.794323921 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.794363022 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.794404984 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.794476032 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.794550896 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.794584036 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.794625044 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.794691086 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.794698954 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.794742107 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.794778109 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.794786930 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.794836044 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.794884920 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.794930935 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.794950008 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.795031071 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.795073032 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.795084953 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.795121908 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.795125961 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.795151949 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.795171976 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.795202017 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.795376062 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.795391083 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.795424938 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.795439959 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.795536995 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.795546055 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.795589924 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.795598030 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.795631886 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.795651913 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.795694113 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.795732975 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.795777082 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.795788050 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.795911074 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.795922995 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.795967102 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.796008110 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.796025991 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.796052933 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.796065092 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.796113968 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.796124935 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.796168089 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.796194077 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.796228886 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.796277046 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.796355963 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.796365023 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.796410084 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.796487093 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.796520948 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.796565056 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.796612024 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.796622038 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.796658039 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.796686888 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.796751022 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.796793938 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.796814919 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.796824932 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.796864986 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.796884060 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.796896935 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.796946049 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.797019005 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797030926 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797068119 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797079086 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.797111034 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.797122002 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797168016 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.797214031 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797224998 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797261000 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.797317982 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797328949 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797373056 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.797405005 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797435045 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797478914 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.797525883 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797539949 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797553062 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797581911 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.797594070 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.797707081 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797718048 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797739983 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797753096 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.797763109 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797800064 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.797832012 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797861099 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797909021 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.797947884 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797959089 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.797997952 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.798039913 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.798067093 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.798115969 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.798166037 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.798176050 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.798221111 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.798254967 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.798300982 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.798346043 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.798358917 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.798369884 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.798415899 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.798420906 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.798490047 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.798501015 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.798532009 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.798542976 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.798553944 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.798600912 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.798614025 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.798646927 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.798660994 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.798700094 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.798731089 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.798772097 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.798796892 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.798830032 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.798872948 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.798899889 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.798943043 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.798988104 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.799036980 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.799048901 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.799088955 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.799110889 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.799138069 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.799190998 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.799216032 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.799299002 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.799350023 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.799350023 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.799360991 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.799401045 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.799448967 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.799458981 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.799505949 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.799509048 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.799544096 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.799587965 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.799588919 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.799602032 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.799634933 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.799647093 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.799680948 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.799683094 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.799777031 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.799787045 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.799823046 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.799835920 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.799860954 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.799871922 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.799906015 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.799930096 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800009966 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800029039 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800050974 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.800081015 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.800160885 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800172091 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800183058 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800193071 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800203085 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800246954 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.800340891 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800354004 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800380945 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800390959 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800400972 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.800409079 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800435066 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.800450087 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.800463915 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800504923 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800532103 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800558090 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.800579071 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.800681114 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800724983 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.800745964 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800757885 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800767899 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800796986 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.800800085 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800810099 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.800811052 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800854921 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.800857067 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800899029 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800951004 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.800972939 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.800996065 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801043987 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.801073074 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801117897 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801127911 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801167965 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.801194906 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.801253080 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801270008 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801280975 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801290035 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801332951 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.801383018 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801393986 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801403999 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801414013 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801433086 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.801445961 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.801465034 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.801503897 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801515102 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801525116 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801536083 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801542044 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801558971 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.801592112 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.801714897 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801727057 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801736116 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801745892 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801755905 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801764011 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.801765919 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801775932 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801776886 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.801786900 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801796913 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.801808119 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801827908 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801829100 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.801837921 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801860094 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.801876068 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.801887989 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801933050 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.801942110 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.801985979 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802023888 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802030087 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.802083969 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.802117109 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802128077 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802174091 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.802181959 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802227020 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802270889 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.802371025 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802381992 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802395105 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802427053 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802428007 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.802449942 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.802476883 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.802556038 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802567005 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802606106 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802613020 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.802617073 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802661896 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.802814960 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802825928 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802835941 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802845001 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802867889 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.802887917 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.802937984 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802948952 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802958965 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802968979 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802978992 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.802990913 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.803009033 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.803021908 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.803024054 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.803033113 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.803042889 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.803076982 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.803153038 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.803164005 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.803173065 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.803183079 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.803204060 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.803216934 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.803225040 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.803293943 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.803318977 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.803329945 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.803340912 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.803364992 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.803379059 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.803474903 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.803486109 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.803495884 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.803505898 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.803518057 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.803527117 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.803527117 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.803536892 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.803543091 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.803559065 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.803580999 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.809938908 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.809973001 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.809987068 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.810034990 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.810051918 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.810086966 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.810112000 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.810123920 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.810357094 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.911617041 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.911655903 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.911691904 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.911703110 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.911732912 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.911781073 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.911788940 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.911791086 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.911832094 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.911839008 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.911840916 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.911883116 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.911952019 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.911973953 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.911983967 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912002087 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.912022114 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.912072897 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912081957 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912127018 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.912149906 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912198067 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.912210941 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912220955 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912271976 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.912286043 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912296057 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912338018 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.912398100 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912408113 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912455082 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.912478924 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912528992 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.912580013 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912590027 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912599087 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912610054 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912637949 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.912650108 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.912658930 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912704945 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.912779093 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912787914 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912834883 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.912842989 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912852049 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912892103 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.912966967 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.912997007 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.913006067 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.913016081 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.913021088 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.913049936 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.913067102 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.913084984 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.913115025 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.913126945 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.913162947 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.913253069 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.913274050 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.913319111 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.913327932 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.913372040 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.913378954 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.913410902 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.913456917 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.913463116 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.913490057 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.913505077 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.913520098 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.913538933 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.913557053 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.913652897 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.913688898 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.913734913 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.913774967 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.913801908 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.913826942 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.913842916 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.913980007 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.914021969 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.914030075 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.914139032 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.914174080 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.914184093 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.914221048 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.914298058 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.914334059 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.914340973 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.914410114 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.914426088 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.914488077 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.914505959 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.914551020 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.914552927 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.914562941 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.914617062 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.914645910 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.914654970 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.914689064 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.914697886 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.914730072 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.914733887 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.914784908 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.914838076 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.914848089 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.914889097 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.914941072 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.914974928 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915020943 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915031910 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.915050983 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915071011 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.915102005 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.915133953 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915143967 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915182114 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.915190935 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915219069 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915241003 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.915257931 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.915293932 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915302992 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915352106 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.915390015 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915400028 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915457010 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.915463924 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915473938 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915524006 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.915532112 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915541887 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915581942 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.915699005 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915709019 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915731907 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915740967 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915752888 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915757895 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.915785074 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.915795088 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915812969 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.915832043 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.915868044 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915889978 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915918112 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.915930033 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.915941000 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.915961027 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916018009 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.916045904 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916091919 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916140079 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.916141033 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916151047 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916191101 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.916227102 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916269064 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.916297913 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916318893 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916333914 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916333914 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.916358948 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.916374922 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.916433096 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916476965 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916527033 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.916609049 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916620016 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916652918 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.916665077 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.916678905 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916687965 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916723013 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916729927 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.916749001 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916766882 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.916774988 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916799068 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.916819096 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.916829109 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916877031 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.916904926 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916934013 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.916944981 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.917000055 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.917000055 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.917041063 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.917053938 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.917064905 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.917109013 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.917145967 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.917155027 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.917164087 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.917208910 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.917244911 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.917263031 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.917284966 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.917285919 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.917304039 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.917327881 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.917423010 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.917464972 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.917500019 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.917519093 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.917628050 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.917717934 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.917754889 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.917768955 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.917803049 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.917809010 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.917829990 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.917841911 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.917848110 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.917877913 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.917973042 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.918010950 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.918035030 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.918061972 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.918061972 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.918072939 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.918118000 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.918201923 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.918255091 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.918266058 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.918276072 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.918304920 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.918314934 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.918320894 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.918361902 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.918411970 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.918454885 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.918504000 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.918505907 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.918525934 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.918570042 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.918730021 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.918775082 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.918773890 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.918818951 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.918843031 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.918939114 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.918983936 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.919025898 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.919065952 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.919076920 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.919142008 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.919167042 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.919210911 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.919215918 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.919255018 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.919292927 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.919318914 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.919332981 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.919358015 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.919368029 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.919373035 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.919404030 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.919445038 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.919476986 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.919497013 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.919527054 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.919568062 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.919672012 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.919714928 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.919732094 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.919775009 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.919910908 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.919960976 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.919967890 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920047998 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920088053 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920099020 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.920141935 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.920201063 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920209885 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920259953 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.920299053 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920312881 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920346022 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.920355082 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920357943 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.920372009 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920408010 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.920423031 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.920499086 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920509100 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920519114 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920545101 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.920553923 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920573950 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.920593977 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.920608997 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920635939 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920654058 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.920656919 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920681000 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.920702934 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920706987 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.920753956 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920767069 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920806885 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.920820951 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.920834064 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920845032 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920891047 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.920933008 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920953989 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.920973063 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.920989037 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.920995951 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.921015978 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.921034098 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.921058893 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.921149969 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.921183109 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.921200991 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.921228886 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.921261072 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.921271086 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.921299934 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.921312094 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.921314955 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.921343088 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.921363115 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.921379089 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.921399117 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.921444893 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.921479940 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.921525002 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.921574116 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.921616077 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.921667099 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.921689034 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.921747923 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.921756029 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.921781063 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.921797991 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.921819925 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.921824932 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.921854973 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.921885014 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.921915054 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.921916962 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.921967030 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.921979904 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.922089100 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.922099113 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.922137976 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.922216892 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.922254086 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.922259092 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.922301054 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.922324896 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.922344923 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.922389030 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.922405958 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.922427893 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.922473907 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.922765970 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.922775984 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.922806978 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.922822952 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.923085928 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923095942 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923140049 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.923186064 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923196077 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923224926 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923230886 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.923233986 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923244953 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923254013 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923270941 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.923302889 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.923327923 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923358917 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923382998 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.923427105 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923437119 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923460960 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.923497915 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.923523903 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923532963 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923573971 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.923616886 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923626900 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923667908 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.923692942 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923701048 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.923736095 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923784018 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.923784018 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923820019 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923824072 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.923892021 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.923923969 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923933983 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.923965931 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.923981905 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.924010992 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924030066 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924051046 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924060106 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924062014 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.924099922 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.924122095 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.924190998 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924201012 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924210072 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924240112 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.924257040 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.924264908 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924276114 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924284935 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924314022 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.924338102 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.924345970 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924355030 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924364090 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924371958 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924401999 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.924422979 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.924489021 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924499035 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924508095 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924534082 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924535990 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.924552917 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.924576044 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.924654007 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924663067 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924712896 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.924783945 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924827099 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.924839973 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924901009 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924911022 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924921989 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.924961090 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.924982071 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.925036907 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.925045967 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.925062895 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.925091982 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.925092936 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.925101995 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.925137997 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.925152063 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.925177097 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.925223112 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.925266027 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.925275087 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.925321102 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.925348997 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.925369024 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.925399065 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.925415039 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.925457001 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.925498962 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.925504923 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.925518036 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.925538063 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.925564051 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.925645113 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.925678015 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.925784111 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.925831079 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.925879955 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.925906897 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.925956964 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.926121950 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.926175117 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.926196098 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.926244974 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.926254034 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.926352024 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.926388979 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.926405907 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.926426888 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.926479101 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.926501989 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.926532030 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.926553965 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.926585913 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.926609039 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.926618099 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.926625967 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.926635027 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.926661015 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.926682949 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.926691055 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.926732063 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.926743031 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.926789045 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.926825047 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.926862955 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.926886082 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.926915884 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.926975965 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.927045107 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.927062988 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.927081108 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.927107096 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.927160978 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.927217007 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.927261114 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.927273035 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.927309990 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.927345991 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.927366018 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.927417040 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.927421093 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.927462101 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.927505016 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.927604914 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.927630901 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.927658081 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.927736998 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.927793980 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.927814960 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.927860975 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.927885056 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.927931070 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.927963972 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.928006887 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.928049088 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.928100109 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.928102016 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.928143024 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.928169966 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.928217888 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.928260088 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.928344011 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.928347111 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.928467989 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.928477049 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.928524017 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.974045038 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:06.974225998 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.974297047 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.974342108 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.974401951 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:06.974442959 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.068203926 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.070338011 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.070411921 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.070451021 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.070504904 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.070542097 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.070589066 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.070626020 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.070671082 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.070705891 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.070744991 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.070785999 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.070837021 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.070889950 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.070949078 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.070991039 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.071050882 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.071089029 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.071155071 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.071197033 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.071255922 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.071295023 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.071358919 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.071382999 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.094597101 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.097548008 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.138021946 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.142060995 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.142127991 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.142178059 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.142229080 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.142278910 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.142327070 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.210436106 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.211415052 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.211543083 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.211605072 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.211664915 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.211719990 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.211769104 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.211812973 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.211859941 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.211899996 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.211947918 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.211987972 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.212044954 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.212086916 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.212146997 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.212189913 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.212243080 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.212287903 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.212353945 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.212398052 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.212454081 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.212497950 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.212549925 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.212579012 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.217716932 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.217801094 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.258065939 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.258270979 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.307815075 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.309910059 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.309981108 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.310030937 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.310086012 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.310137033 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.310200930 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.335859060 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.335871935 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.336009979 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.336019039 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.336067915 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.336117983 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.336127996 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.336129904 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.336137056 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.336185932 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.336249113 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.336298943 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.336301088 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.336368084 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.336390018 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.336453915 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.336463928 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.336472988 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.336529016 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.336622953 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.336754084 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.336762905 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.336771011 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.336792946 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.336826086 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.336886883 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.336896896 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.336900949 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.336946964 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.337012053 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.337021112 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.337060928 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.337280989 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.337291956 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.337335110 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.337408066 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.337418079 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.337425947 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.337476969 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.337557077 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.337699890 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.337709904 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.337719917 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.337728024 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.337743044 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.337779999 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.337820053 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.337829113 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.337867975 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.337976933 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.337985992 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.338030100 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.338263988 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.338274002 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.338280916 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.338320971 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.338462114 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.338470936 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.338478088 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.338486910 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.338510036 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.338536024 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.338537931 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.338546038 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.338555098 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.338562965 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.338570118 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.338586092 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.338628054 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.338985920 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.338995934 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339004040 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339015007 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339025021 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339032888 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339040995 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339044094 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.339049101 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339057922 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339066029 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.339066982 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339076042 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339083910 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339092970 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.339093924 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339102983 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339107990 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.339123011 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339131117 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339138985 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339147091 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339153051 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.339169025 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.339200020 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.339236975 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339253902 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339303017 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.339404106 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339802027 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.339854002 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.340629101 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.340637922 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.340646982 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.340682983 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.340702057 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.340764046 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.340773106 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.340780020 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.340787888 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.340814114 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.340831995 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.340907097 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.340915918 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.340924978 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.340933084 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.340940952 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.340949059 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.340954065 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.340970993 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.340998888 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.341026068 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341034889 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341042042 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341049910 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341053963 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341072083 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.341100931 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.341159105 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341167927 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341176033 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341183901 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341192961 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341202974 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.341238022 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.341308117 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341316938 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341324091 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341363907 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.341413021 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341423035 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341429949 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341439009 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341464043 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.341489077 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.341607094 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341615915 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341662884 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.341888905 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341898918 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341907024 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341916084 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341924906 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341933012 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341942072 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341948032 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.341950893 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341962099 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.341969013 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341978073 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341984987 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.341989040 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.341993093 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342003107 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.342004061 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342011929 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342020988 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342029095 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342034101 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.342037916 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342046022 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342046976 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.342055082 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342063904 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342071056 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342078924 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342080116 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.342089891 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342098951 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.342130899 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.342271090 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342281103 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342288017 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342295885 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342303991 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342323065 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.342355013 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.342356920 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342365980 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342374086 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342380047 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342396975 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.342397928 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342406988 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.342423916 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.342434883 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.342461109 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.378933907 CET156664969945.130.145.152192.168.2.7
                                                                    Nov 29, 2024 16:07:07.380007029 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.380079031 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.380137920 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.380184889 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.380223989 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.380268097 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.380306005 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.380354881 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.380398989 CET4969915666192.168.2.745.130.145.152
                                                                    Nov 29, 2024 16:07:07.380464077 CET4969915666192.168.2.745.130.145.152

                                                                    DNS Queries

                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Nov 29, 2024 16:07:00.117027044 CET192.168.2.71.1.1.10xee49Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                                                    DNS Answers

                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Nov 29, 2024 16:07:00.260934114 CET1.1.1.1192.168.2.70xee49No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                    Nov 29, 2024 16:07:00.260934114 CET1.1.1.1192.168.2.70xee49No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                    Nov 29, 2024 16:07:00.260934114 CET1.1.1.1192.168.2.70xee49No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false

                                                                    HTTPS Proxied Packets

                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    0192.168.2.749700172.67.74.1524437344C:\Users\user\Desktop\unique.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-11-29 15:07:01 UTC100OUTGET / HTTP/1.1
                                                                    Accept: text/html; text/plain; */*
                                                                    Host: api.ipify.org
                                                                    Cache-Control: no-cache
                                                                    2024-11-29 15:07:02 UTC425INHTTP/1.1 200 OK
                                                                    Date: Fri, 29 Nov 2024 15:07:02 GMT
                                                                    Content-Type: text/plain
                                                                    Content-Length: 12
                                                                    Connection: close
                                                                    Vary: Origin
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Server: cloudflare
                                                                    CF-RAY: 8ea38149887d726e-EWR
                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=3700&min_rtt=1853&rtt_var=1986&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=738&delivery_rate=1575822&cwnd=221&unsent_bytes=0&cid=fdb154a811312bb6&ts=695&x=0"
                                                                    2024-11-29 15:07:02 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 32 32 38
                                                                    Data Ascii: 8.46.123.228


                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    High Level Behavior Distribution

                                                                    Click to dive into process behavior distribution

                                                                    System Behavior

                                                                    General

                                                                    Target ID:0
                                                                    Start time:10:06:59
                                                                    Start date:29/11/2024
                                                                    Path:C:\Users\user\Desktop\unique.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Users\user\Desktop\unique.exe"
                                                                    Imagebase:0x7ff617e60000
                                                                    File size:3'341'824 bytes
                                                                    MD5 hash:814A59368670F8D35AD8EB71AB874666
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000000.00000002.1491224091.000001EF1F070000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    Disassembly

                                                                    Reset < >

                                                                      Execution Graph

                                                                      Execution Coverage:6.5%
                                                                      Dynamic/Decrypted Code Coverage:91.1%
                                                                      Signature Coverage:20.3%
                                                                      Total number of Nodes:2000
                                                                      Total number of Limit Nodes:88
                                                                      execution_graph 95534 1ef1f219b50 95535 1ef1f219b80 95534->95535 95540 1ef1f2598c0 95535->95540 95539 1ef1f219bd6 95542 1ef1f259902 95540->95542 95541 1ef1f24cb70 _Strcoll 3 API calls 95544 1ef1f219b99 95541->95544 95543 1ef1f259a1d 95542->95543 95545 1ef1f259963 GetFileAttributesExW 95542->95545 95556 1ef1f25990b __std_fs_open_handle 95542->95556 95579 1ef1f259c94 CreateFileW __std_fs_open_handle 95543->95579 95572 1ef1f24cb70 95544->95572 95548 1ef1f2599c8 95545->95548 95549 1ef1f259977 __std_fs_open_handle 95545->95549 95547 1ef1f259a40 95550 1ef1f259b13 95547->95550 95551 1ef1f259a75 GetFileInformationByHandleEx 95547->95551 95561 1ef1f259a46 ProcessCodePage 95547->95561 95548->95543 95548->95556 95553 1ef1f259986 FindFirstFileW 95549->95553 95549->95556 95552 1ef1f259b2e GetFileInformationByHandleEx 95550->95552 95550->95561 95554 1ef1f259ab5 95551->95554 95559 1ef1f259a8f ProcessCodePage __std_fs_open_handle 95551->95559 95552->95561 95562 1ef1f259b44 ProcessCodePage __std_fs_open_handle 95552->95562 95555 1ef1f2599a5 FindClose 95553->95555 95553->95556 95554->95550 95557 1ef1f259ad6 GetFileInformationByHandleEx 95554->95557 95555->95548 95556->95541 95557->95550 95565 1ef1f259af2 ProcessCodePage __std_fs_open_handle 95557->95565 95558 1ef1f259bd5 95580 1ef1f237bc4 31 API calls __std_fs_directory_iterator_open 95558->95580 95564 1ef1f259be6 95559->95564 95568 1ef1f259a5f 95559->95568 95561->95556 95561->95558 95561->95568 95562->95568 95569 1ef1f259be0 95562->95569 95563 1ef1f259bda 95581 1ef1f237bc4 31 API calls __std_fs_directory_iterator_open 95563->95581 95583 1ef1f237bc4 31 API calls __std_fs_directory_iterator_open 95564->95583 95565->95563 95565->95568 95568->95556 95582 1ef1f237bc4 31 API calls __std_fs_directory_iterator_open 95569->95582 95574 1ef1f24cb79 95572->95574 95573 1ef1f24cb84 95573->95539 95574->95573 95575 1ef1f24cf4c IsProcessorFeaturePresent 95574->95575 95576 1ef1f24cf64 95575->95576 95584 1ef1f24d144 RtlCaptureContext RtlLookupFunctionEntry capture_previous_context 95576->95584 95578 1ef1f24cf77 95578->95539 95579->95547 95584->95578 95585 1ef1f1d7b8d 95586 1ef1f1d7b9c 95585->95586 95587 1ef1f1d7bbe 95586->95587 95783 1ef1f1ce900 42 API calls _Strcoll 95586->95783 95620 1ef1f1d7bc2 _Receive_impl 95587->95620 95670 1ef1f1ce610 47 API calls 95587->95670 95590 1ef1f1d8fd2 _Receive_impl 95591 1ef1f24cb70 _Strcoll 3 API calls 95590->95591 95592 1ef1f1d8ffd 95591->95592 95593 1ef1f1d901e 95851 1ef1f1ce080 95593->95851 95595 1ef1f1cd390 34 API calls 95634 1ef1f1d7c4c 95595->95634 95596 1ef1f1d7eec 95671 1ef1f1cd6c0 95596->95671 95598 1ef1f1d8000 95680 1ef1f1ce900 42 API calls _Strcoll 95598->95680 95600 1ef1f1d8023 95619 1ef1f1d83d1 95600->95619 95681 1ef1f1ce610 47 API calls 95600->95681 95603 1ef1f219830 92 API calls 95603->95634 95605 1ef1f1d9033 95607 1ef1f1d8886 95807 1ef1f1d6130 94 API calls 2 library calls 95607->95807 95609 1ef1f1d8899 95609->95620 95808 1ef1f1e0a90 34 API calls 3 library calls 95609->95808 95610 1ef1f1cd220 35 API calls 95610->95634 95612 1ef1f1d88cb 95809 1ef1f1e0fb0 95612->95809 95613 1ef1f1e25a0 34 API calls 95613->95634 95619->95620 95804 1ef1f1e3680 55 API calls 95619->95804 95620->95590 95620->95593 95620->95605 95622 1ef1f1ce660 36 API calls 95629 1ef1f1d803e 95622->95629 95623 1ef1f1dfe50 34 API calls 95632 1ef1f1d84f9 _Strcoll _Receive_impl 95623->95632 95624 1ef1f1d8996 95627 1ef1f1deda0 34 API calls 95624->95627 95628 1ef1f1d8a46 95627->95628 95633 1ef1f1e0fb0 34 API calls 95628->95633 95629->95593 95629->95619 95629->95622 95645 1ef1f1e2510 34 API calls 95629->95645 95647 1ef1f1deee0 34 API calls 95629->95647 95665 1ef1f1cd390 34 API calls 95629->95665 95667 1ef1f1deec0 34 API calls 95629->95667 95668 1ef1f1df920 8 API calls 95629->95668 95682 1ef1f1ce9a0 95629->95682 95688 1ef1f219830 95629->95688 95695 1ef1f1def40 34 API calls 95629->95695 95696 1ef1f1cd220 95629->95696 95709 1ef1f1e25a0 95629->95709 95716 1ef1f1e2570 34 API calls 95629->95716 95717 1ef1f1dfe50 95629->95717 95729 1ef1f1deda0 95629->95729 95745 1ef1f1decc0 95629->95745 95780 1ef1f1cd350 95629->95780 95799 1ef1f1e34d0 95629->95799 95632->95605 95632->95607 95632->95620 95632->95623 95805 1ef1f1e3eb0 34 API calls 2 library calls 95632->95805 95806 1ef1f1e9500 34 API calls 3 library calls 95632->95806 95635 1ef1f1d8a82 95633->95635 95634->95595 95634->95596 95634->95603 95634->95610 95634->95613 95636 1ef1f1e2510 34 API calls 95634->95636 95640 1ef1f1deee0 34 API calls 95634->95640 95644 1ef1f1dfe50 34 API calls 95634->95644 95646 1ef1f1deda0 34 API calls 95634->95646 95649 1ef1f1decc0 34 API calls 95634->95649 95784 1ef1f1def40 34 API calls 95634->95784 95785 1ef1f1df920 8 API calls 2 library calls 95634->95785 95786 1ef1f1e2570 34 API calls 95634->95786 95787 1ef1f1deec0 95634->95787 95790 1ef1f1ce660 95634->95790 95846 1ef1f1e22d0 95635->95846 95636->95634 95640->95634 95642 1ef1f1e25a0 34 API calls 95643 1ef1f1d8ad2 95642->95643 95648 1ef1f1deda0 34 API calls 95643->95648 95644->95634 95645->95629 95646->95634 95647->95629 95650 1ef1f1d8b28 95648->95650 95649->95634 95651 1ef1f1e0fb0 34 API calls 95650->95651 95653 1ef1f1d8b4f _Receive_impl 95651->95653 95653->95605 95654 1ef1f1dfe50 34 API calls 95653->95654 95655 1ef1f1d8bbe 95654->95655 95656 1ef1f1deda0 34 API calls 95655->95656 95657 1ef1f1d8bce 95656->95657 95659 1ef1f1decc0 34 API calls 95657->95659 95660 1ef1f1d8bda 95659->95660 95661 1ef1f1e0fb0 34 API calls 95660->95661 95661->95620 95665->95629 95667->95629 95668->95629 95670->95634 95672 1ef1f1cd700 95671->95672 95673 1ef1f1cd82a 95672->95673 95677 1ef1f1cd746 95672->95677 95858 1ef1f1d4e90 95673->95858 95675 1ef1f1cd832 95870 1ef1f1ccff0 95675->95870 95679 1ef1f1cd7aa _Yarn 95677->95679 95857 1ef1f1e86f0 34 API calls 4 library calls 95677->95857 95679->95598 95680->95600 95681->95629 95683 1ef1f1ce9d1 95682->95683 95684 1ef1f2598c0 38 API calls 95683->95684 95685 1ef1f1ce9ed 95684->95685 95686 1ef1f24cb70 _Strcoll 3 API calls 95685->95686 95687 1ef1f1cea72 95686->95687 95687->95629 95890 1ef1f218f60 95688->95890 95691 1ef1f1e22d0 34 API calls 95692 1ef1f21988a 95691->95692 95693 1ef1f24cb70 _Strcoll 3 API calls 95692->95693 95694 1ef1f21990d 95693->95694 95694->95629 95695->95629 95697 1ef1f1cd250 95696->95697 96547 1ef1f259570 95697->96547 95699 1ef1f1cd2ea 95699->95629 95700 1ef1f1cd339 96559 1ef1f1cc010 34 API calls 2 library calls 95700->96559 95702 1ef1f1cd25c __std_fs_convert_wide_to_narrow 95702->95699 95702->95700 95703 1ef1f1cd33f 95702->95703 96552 1ef1f1dfc80 95702->96552 96560 1ef1f1cc3e0 34 API calls Concurrency::cancel_current_task 95703->96560 95707 1ef1f1cd2c0 __std_fs_convert_wide_to_narrow 95707->95699 96558 1ef1f1cc3e0 34 API calls Concurrency::cancel_current_task 95707->96558 95710 1ef1f1e0fb0 34 API calls 95709->95710 95711 1ef1f1e25e4 95710->95711 95712 1ef1f24cb98 std::_Facet_Register 34 API calls 95711->95712 95713 1ef1f1e25f9 95712->95713 95714 1ef1f24cb70 _Strcoll 3 API calls 95713->95714 95715 1ef1f1e264d 95714->95715 95715->95629 95716->95629 95718 1ef1f1dfe7e 95717->95718 95721 1ef1f1dfe9a _Yarn 95718->95721 95723 1ef1f1dfeca 95718->95723 95724 1ef1f1dff22 95718->95724 95728 1ef1f1dff5d 95718->95728 95721->95629 95722 1ef1f24cb98 std::_Facet_Register 34 API calls 95726 1ef1f1dfee0 95722->95726 95723->95722 95723->95726 95725 1ef1f24cb98 std::_Facet_Register 34 API calls 95724->95725 95725->95721 95726->95721 96595 1ef1f1cb7b0 34 API calls 2 library calls 95726->96595 96596 1ef1f1cb870 34 API calls 95728->96596 95730 1ef1f1dedd7 95729->95730 95731 1ef1f1deddf 95729->95731 96607 1ef1f1e4b00 34 API calls 2 library calls 95730->96607 95733 1ef1f1dee74 95731->95733 96597 1ef1f1e49c0 95731->96597 96608 1ef1f1e4b90 34 API calls 95733->96608 95735 1ef1f1dedfd 95735->95733 95737 1ef1f1dee30 _Receive_impl 95735->95737 95738 1ef1f24cb70 _Strcoll 3 API calls 95737->95738 95740 1ef1f1dee5f 95738->95740 95739 1ef1f1dee96 96609 1ef1f1e4740 95739->96609 95740->95629 95743 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 95744 1ef1f1deeba 95743->95744 95746 1ef1f1decda 95745->95746 95747 1ef1f1dece0 95745->95747 95748 1ef1f1decde 95746->95748 95749 1ef1f1ded4b 95746->95749 95750 1ef1f1e0840 34 API calls 95747->95750 95751 1ef1f1ded2d 95748->95751 95752 1ef1f1ded0c 95748->95752 96697 1ef1f1e4670 95749->96697 95750->95748 95758 1ef1f1ea034 95751->95758 95762 1ef1f1ea039 95751->95762 95764 1ef1f1e9f9b 95751->95764 95765 1ef1f1e9f6f 95751->95765 95774 1ef1f1e9f5d 95751->95774 96693 1ef1f1e1730 95752->96693 96708 1ef1f1cb7b0 34 API calls 2 library calls 95758->96708 95759 1ef1f1e4740 34 API calls 95761 1ef1f1ded84 95759->95761 95763 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 95761->95763 96709 1ef1f1de8f0 34 API calls 95762->96709 95766 1ef1f1ded95 95763->95766 95767 1ef1f24cb98 std::_Facet_Register 34 API calls 95764->95767 95765->95758 95770 1ef1f1e9f7c 95765->95770 95767->95774 95768 1ef1f1e1730 3 API calls 95771 1ef1f1e9fd4 95768->95771 95769 1ef1f1ea03f 95772 1ef1f24cb98 std::_Facet_Register 34 API calls 95770->95772 95773 1ef1f1e9fe5 95771->95773 96705 1ef1f1ea210 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll 95771->96705 95772->95774 96706 1ef1f1ea210 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll 95773->96706 95774->95768 95774->95769 95777 1ef1f1ea00f 96707 1ef1f1e6c80 34 API calls _Receive_impl 95777->96707 95779 1ef1f1ea021 95779->95629 95781 1ef1f1d4e90 34 API calls 95780->95781 95782 1ef1f1cd370 95781->95782 95782->95629 95783->95587 95784->95634 95785->95634 95786->95634 95788 1ef1f1e0fb0 34 API calls 95787->95788 95789 1ef1f1deed8 95788->95789 95789->95634 95792 1ef1f1ce690 95790->95792 95793 1ef1f1ce75e 95792->95793 95794 1ef1f1ce6cb 95792->95794 96710 1ef1f2597d0 FindNextFileW 95792->96710 96713 1ef1f1cdf70 34 API calls 2 library calls 95793->96713 95795 1ef1f24cb70 _Strcoll 3 API calls 95794->95795 95797 1ef1f1ce749 95795->95797 95797->95634 95798 1ef1f1ce76c 95800 1ef1f1dfc80 34 API calls 95799->95800 95803 1ef1f1e3528 _Yarn 95800->95803 95801 1ef1f1dfc80 34 API calls 95802 1ef1f1e3661 95801->95802 95802->95629 95803->95801 95804->95632 95805->95632 95806->95632 95807->95609 95808->95612 95810 1ef1f1e0fed 95809->95810 95812 1ef1f1e10c7 95810->95812 95813 1ef1f1e1026 95810->95813 95828 1ef1f1e1310 95810->95828 95833 1ef1f1e1382 _Receive_impl 95810->95833 95811 1ef1f24cb70 _Strcoll 3 API calls 95814 1ef1f1d897b 95811->95814 95817 1ef1f1e143d 95812->95817 95831 1ef1f1e10f4 95812->95831 96721 1ef1f1e5f40 34 API calls 2 library calls 95812->96721 95813->95817 95825 1ef1f1e1066 95813->95825 96719 1ef1f1e5f40 34 API calls 2 library calls 95813->96719 95839 1ef1f24cb98 95814->95839 95815 1ef1f1e13fa 96714 1ef1f1de3a0 95815->96714 95816 1ef1f1e1333 95819 1ef1f1e13eb 95816->95819 95832 1ef1f1e133c 95816->95832 96732 1ef1f1de8f0 34 API calls 95817->96732 95818 1ef1f1e1307 96730 1ef1f1e1c60 34 API calls _Receive_impl 95818->96730 96731 1ef1f1e1c60 34 API calls _Receive_impl 95819->96731 95837 1ef1f1e10c2 _Receive_impl 95825->95837 96720 1ef1f1e9d50 34 API calls 2 library calls 95825->96720 95828->95815 95828->95816 95828->95833 95831->95837 96722 1ef1f1e9d50 34 API calls 2 library calls 95831->96722 95832->95817 95832->95833 95833->95811 95834 1ef1f1e9d50 34 API calls 95834->95837 95835 1ef1f1deec0 34 API calls 95835->95837 95837->95818 95837->95834 95837->95835 96723 1ef1f1e6000 95837->96723 96728 1ef1f1f0000 95837->96728 95842 1ef1f24cba3 std::_Facet_Register 95839->95842 95840 1ef1f24cbbc 95840->95624 95841 1ef1f24cbcd 96734 1ef1f1cb7b0 34 API calls 2 library calls 95841->96734 95842->95840 95842->95841 96733 1ef1f24dbec RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 95842->96733 95845 1ef1f24cbd3 95847 1ef1f1dfc80 34 API calls 95846->95847 95848 1ef1f1e233a 95847->95848 95849 1ef1f1dfc80 34 API calls 95848->95849 95850 1ef1f1d8ab6 95849->95850 95850->95642 95852 1ef1f1ce099 95851->95852 96735 1ef1f1cda20 35 API calls _Receive_impl 95852->96735 95854 1ef1f1ce0d0 95855 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 95854->95855 95856 1ef1f1ce0e1 95855->95856 95857->95679 95861 1ef1f1d4ebe 95858->95861 95859 1ef1f1d4fb3 95885 1ef1f1cb870 34 API calls 95859->95885 95861->95859 95864 1ef1f1d4eda _Yarn 95861->95864 95865 1ef1f1d4f4d 95861->95865 95866 1ef1f1d4f74 95861->95866 95869 1ef1f1d4f5e 95861->95869 95864->95675 95868 1ef1f24cb98 std::_Facet_Register 34 API calls 95865->95868 95865->95869 95867 1ef1f24cb98 std::_Facet_Register 34 API calls 95866->95867 95867->95864 95868->95869 95869->95864 95884 1ef1f1cb7b0 34 API calls 2 library calls 95869->95884 95872 1ef1f1cd00f 95870->95872 95871 1ef1f1cd170 95880 1ef1f1cd157 95871->95880 95887 1ef1f1e4c50 34 API calls 4 library calls 95871->95887 95874 1ef1f1cd11b 95872->95874 95882 1ef1f1cd0fa 95872->95882 95873 1ef1f1cd147 95875 1ef1f1cd20e 95873->95875 95873->95880 95874->95871 95874->95873 95889 1ef1f1e15a0 34 API calls 95875->95889 95878 1ef1f1cd105 95878->95679 95888 1ef1f1dfa70 34 API calls _Yarn 95880->95888 95886 1ef1f1cd870 34 API calls _Yarn 95882->95886 95884->95859 95886->95878 95887->95880 95888->95878 95891 1ef1f1ce9a0 38 API calls 95890->95891 95894 1ef1f218faf memcpy_s 95891->95894 95892 1ef1f218fe7 95930 1ef1f218fef 95892->95930 95945 1ef1f2196ff 95892->95945 95894->95892 95894->95930 95946 1ef1f2291d0 95894->95946 95895 1ef1f24cb70 _Strcoll 3 API calls 95896 1ef1f219691 95895->95896 95896->95691 95896->95692 95898 1ef1f21902e 95899 1ef1f219091 95898->95899 95900 1ef1f219485 95898->95900 95963 1ef1f223b30 GetCurrentProcess GetProcessId RmStartSession 95899->95963 95981 1ef1f1f4da0 95900->95981 95903 1ef1f219716 96061 1ef1f1ccc70 34 API calls 95903->96061 95910 1ef1f219740 95913 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 95910->95913 95911 1ef1f2194d7 95915 1ef1f1f4da0 34 API calls 95911->95915 95912 1ef1f2190b4 95916 1ef1f2190c7 95912->95916 95917 1ef1f21919c GetFileSize 95912->95917 95918 1ef1f219751 95913->95918 95919 1ef1f2194ea 95915->95919 95916->95903 95920 1ef1f21910e _Receive_impl 95916->95920 95921 1ef1f2191dd 95917->95921 95923 1ef1f2191b8 memcpy_s 95917->95923 96020 1ef1f2276a0 95919->96020 96038 1ef1f1f19c0 32 API calls 95920->96038 95921->95923 96039 1ef1f1e5b00 95921->96039 95922 1ef1f219242 SetFilePointer 95927 1ef1f219289 _fread_nolock 95922->95927 95923->95922 95938 1ef1f2193a2 95927->95938 95940 1ef1f219291 95927->95940 95929 1ef1f21915f 95929->95930 95930->95895 95934 1ef1f2193f7 _Receive_impl 96052 1ef1f1f19c0 32 API calls 95934->96052 95935 1ef1f219314 _Receive_impl 96051 1ef1f1f19c0 32 API calls 95935->96051 95938->95903 95938->95934 95940->95903 95940->95935 96060 1ef1f1ce0f0 35 API calls Concurrency::cancel_current_task 95945->96060 96062 1ef1f1e1a70 95946->96062 95953 1ef1f2292df 96088 1ef1f1f1f80 31 API calls _Strcoll 95953->96088 95955 1ef1f229368 95962 1ef1f229318 95955->95962 96090 1ef1f1ccc70 34 API calls 95955->96090 95957 1ef1f2292f1 96089 1ef1f1f39f0 50 API calls 4 library calls 95957->96089 95958 1ef1f2293d2 95960 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 95958->95960 95961 1ef1f2293e3 95960->95961 95962->95898 95964 1ef1f223c91 95963->95964 95965 1ef1f223b98 RmRegisterResources 95963->95965 95969 1ef1f24cb70 _Strcoll 3 API calls 95964->95969 95966 1ef1f223bc3 RmGetList 95965->95966 95967 1ef1f223c88 RmEndSession 95965->95967 95968 1ef1f223cd4 95966->95968 95972 1ef1f223bff 95966->95972 95967->95964 95970 1ef1f223cd7 RmEndSession 95968->95970 95971 1ef1f2190a3 95969->95971 95970->95964 96037 1ef1f223cf0 43 API calls 5 library calls 95971->96037 95972->95968 95972->95970 95973 1ef1f223c36 RmGetList 95972->95973 95974 1ef1f223c5a 95973->95974 95975 1ef1f223ccc 95973->95975 95974->95975 95977 1ef1f223c5f 95974->95977 96342 1ef1f22efd8 6 API calls 3 library calls 95975->96342 95977->95967 95978 1ef1f223cb7 95977->95978 96341 1ef1f22efd8 6 API calls 3 library calls 95978->96341 95980 1ef1f223cbf RmEndSession 95980->95964 95982 1ef1f1f4ee3 95981->95982 95984 1ef1f1f4dfd 95981->95984 96363 1ef1f1ccc70 34 API calls 95982->96363 96343 1ef1f1f56c0 95984->96343 95985 1ef1f1f4e22 95990 1ef1f1f4e59 95985->95990 96353 1ef1f1f0f70 95985->96353 95987 1ef1f1f4eb0 95996 1ef1f1f4cc0 95987->95996 95988 1ef1f1f4f25 95989 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 95988->95989 95989->95990 95990->95987 96364 1ef1f1ccc70 34 API calls 95990->96364 95992 1ef1f1f4f7e 95993 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 95992->95993 95994 1ef1f1f4f92 95993->95994 95998 1ef1f1f4cf0 95996->95998 95997 1ef1f1f56c0 34 API calls 95999 1ef1f1f4cff 95997->95999 95998->95997 95999->95911 96000 1ef1f1e51e0 95999->96000 96001 1ef1f1e531a 96000->96001 96005 1ef1f1e5209 96000->96005 96449 1ef1f1cb870 34 API calls 96001->96449 96002 1ef1f1e526e 96006 1ef1f24cb98 std::_Facet_Register 34 API calls 96002->96006 96004 1ef1f1e531f 96450 1ef1f1cb7b0 34 API calls 2 library calls 96004->96450 96005->96002 96008 1ef1f1e529d 96005->96008 96009 1ef1f1e5261 96005->96009 96011 1ef1f1e5254 _Yarn 96005->96011 96006->96011 96010 1ef1f24cb98 std::_Facet_Register 34 API calls 96008->96010 96009->96002 96009->96004 96010->96011 96012 1ef1f1e52e7 _Yarn _Receive_impl 96011->96012 96013 1ef1f1e538c 96011->96013 96014 1ef1f1e53da 96011->96014 96015 1ef1f1e53e5 96011->96015 96012->95911 96016 1ef1f24cb98 std::_Facet_Register 34 API calls 96013->96016 96014->96013 96017 1ef1f1e541f 96014->96017 96018 1ef1f24cb98 std::_Facet_Register 34 API calls 96015->96018 96016->96012 96451 1ef1f1cb7b0 34 API calls 2 library calls 96017->96451 96018->96012 96021 1ef1f2276fd 96020->96021 96023 1ef1f227717 96020->96023 96021->96023 96452 1ef1f1f1370 96021->96452 96022 1ef1f2277ba 96025 1ef1f2277c5 _Receive_impl 96022->96025 96482 1ef1f1e15c0 96022->96482 96023->96022 96471 1ef1f22d450 96023->96471 96027 1ef1f24cb70 _Strcoll 3 API calls 96025->96027 96029 1ef1f227889 96025->96029 96028 1ef1f21954d 96027->96028 96028->95903 96037->95912 96038->95929 96040 1ef1f1e5c8f 96039->96040 96044 1ef1f1e5b2f 96039->96044 96545 1ef1f1cb870 34 API calls 96040->96545 96042 1ef1f1e5b99 96045 1ef1f24cb98 std::_Facet_Register 34 API calls 96042->96045 96043 1ef1f1e5c94 96546 1ef1f1cb7b0 34 API calls 2 library calls 96043->96546 96044->96042 96047 1ef1f1e5b8c 96044->96047 96048 1ef1f1e5bc8 96044->96048 96050 1ef1f1e5b7f _Yarn memcpy_s _Receive_impl 96044->96050 96045->96050 96047->96042 96047->96043 96049 1ef1f24cb98 std::_Facet_Register 34 API calls 96048->96049 96049->96050 96050->95922 96051->95929 96052->95929 96061->95910 96063 1ef1f24cb98 std::_Facet_Register 34 API calls 96062->96063 96064 1ef1f1e1ad1 96063->96064 96091 1ef1f25a8fc 96064->96091 96066 1ef1f1e1ae1 96100 1ef1f1e1dd0 96066->96100 96069 1ef1f1e1b6e 96070 1ef1f1e1b7b 96069->96070 96115 1ef1f25abc8 EnterCriticalSection GetProcAddress std::_Lockit::_Lockit 96069->96115 96077 1ef1f1f2460 96070->96077 96072 1ef1f1e1b96 96116 1ef1f1ccc70 34 API calls 96072->96116 96074 1ef1f1e1bd6 96075 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 96074->96075 96076 1ef1f1e1be7 96075->96076 96128 1ef1f1e14c0 96077->96128 96080 1ef1f25ae38 96081 1ef1f25ae7e 96080->96081 96083 1ef1f2292d6 96081->96083 96133 1ef1f25c510 96081->96133 96083->95953 96083->95955 96084 1ef1f25aeb1 96084->96083 96150 1ef1f22f7cc 31 API calls ProcessCodePage 96084->96150 96086 1ef1f25aecc 96086->96083 96151 1ef1f22e530 96086->96151 96088->95957 96089->95962 96090->95958 96117 1ef1f25a29c 96091->96117 96093 1ef1f25a91e 96099 1ef1f25a962 _Yarn 96093->96099 96121 1ef1f25aaf4 34 API calls std::_Facet_Register 96093->96121 96095 1ef1f25a936 96122 1ef1f25ab24 32 API calls std::locale::_Setgloballocale 96095->96122 96097 1ef1f25a941 96097->96099 96123 1ef1f22efd8 6 API calls 3 library calls 96097->96123 96099->96066 96101 1ef1f25a29c std::_Lockit::_Lockit 2 API calls 96100->96101 96102 1ef1f1e1e00 96101->96102 96103 1ef1f25a29c std::_Lockit::_Lockit 2 API calls 96102->96103 96104 1ef1f1e1e25 96102->96104 96103->96104 96114 1ef1f1e1e9d 96104->96114 96125 1ef1f1cc910 53 API calls 6 library calls 96104->96125 96105 1ef1f24cb70 _Strcoll 3 API calls 96107 1ef1f1e1b12 96105->96107 96107->96069 96107->96072 96108 1ef1f1e1eaf 96109 1ef1f1e1eb5 96108->96109 96110 1ef1f1e1f16 96108->96110 96126 1ef1f25a8bc 34 API calls std::_Facet_Register 96109->96126 96127 1ef1f1cc450 34 API calls 2 library calls 96110->96127 96113 1ef1f1e1f1b 96114->96105 96115->96070 96116->96074 96118 1ef1f25a2b0 96117->96118 96119 1ef1f25a2ab 96117->96119 96118->96093 96124 1ef1f23a73c EnterCriticalSection GetProcAddress std::_Lockit::_Lockit 96119->96124 96121->96095 96122->96097 96123->96099 96125->96108 96126->96114 96127->96113 96129 1ef1f24cb98 std::_Facet_Register 34 API calls 96128->96129 96130 1ef1f1e1537 96129->96130 96131 1ef1f25a8fc 37 API calls 96130->96131 96132 1ef1f1e1547 96131->96132 96132->95955 96132->96080 96134 1ef1f25c43c 96133->96134 96135 1ef1f25c462 96134->96135 96138 1ef1f25c495 96134->96138 96168 1ef1f2340cc 5 API calls _get_daylight 96135->96168 96137 1ef1f25c467 96169 1ef1f22fbec 31 API calls _invalid_parameter_noinfo 96137->96169 96140 1ef1f25c49b 96138->96140 96141 1ef1f25c4a8 96138->96141 96170 1ef1f2340cc 5 API calls _get_daylight 96140->96170 96159 1ef1f23b830 96141->96159 96144 1ef1f25c4b2 96145 1ef1f25c4bc 96144->96145 96146 1ef1f25c4c9 96144->96146 96171 1ef1f2340cc 5 API calls _get_daylight 96145->96171 96163 1ef1f25d78c 96146->96163 96149 1ef1f25c472 96149->96084 96150->96086 96152 1ef1f22e560 96151->96152 96297 1ef1f22e40c 96152->96297 96154 1ef1f22e579 96155 1ef1f22e59e 96154->96155 96303 1ef1f22db64 31 API calls 4 library calls 96154->96303 96157 1ef1f22e5b3 96155->96157 96304 1ef1f22db64 31 API calls 4 library calls 96155->96304 96157->96083 96160 1ef1f23b847 96159->96160 96172 1ef1f23b8a4 96160->96172 96162 1ef1f23b852 96162->96144 96188 1ef1f25d3ec 96163->96188 96167 1ef1f25d7e6 96167->96149 96168->96137 96169->96149 96170->96149 96171->96149 96176 1ef1f23b8d5 96172->96176 96173 1ef1f23b95b 96173->96162 96175 1ef1f23b931 96181 1ef1f23b550 96175->96181 96176->96173 96180 1ef1f23bbb8 5 API calls 3 library calls 96176->96180 96180->96175 96182 1ef1f23b555 HeapFree 96181->96182 96183 1ef1f23b586 96181->96183 96182->96183 96184 1ef1f23b570 __std_fs_open_handle __free_lconv_num 96182->96184 96183->96173 96186 1ef1f23c358 GetProcAddress __crtLCMapStringW __vcrt_InitializeCriticalSectionEx 96183->96186 96187 1ef1f2340cc 5 API calls _get_daylight 96184->96187 96186->96173 96187->96183 96194 1ef1f25d427 __vcrt_FlsSetValue 96188->96194 96189 1ef1f25d5ee 96193 1ef1f25d5f7 96189->96193 96206 1ef1f2340cc 5 API calls _get_daylight 96189->96206 96191 1ef1f25d6c5 96207 1ef1f22fbec 31 API calls _invalid_parameter_noinfo 96191->96207 96193->96167 96200 1ef1f25ed58 96193->96200 96194->96189 96194->96194 96203 1ef1f24a7bc 33 API calls 5 library calls 96194->96203 96196 1ef1f25d659 96196->96189 96204 1ef1f24a7bc 33 API calls 5 library calls 96196->96204 96198 1ef1f25d678 96198->96189 96205 1ef1f24a7bc 33 API calls 5 library calls 96198->96205 96208 1ef1f25e208 96200->96208 96203->96196 96204->96198 96205->96189 96206->96191 96207->96193 96209 1ef1f25e21f 96208->96209 96210 1ef1f25e23d 96208->96210 96259 1ef1f2340cc 5 API calls _get_daylight 96209->96259 96210->96209 96213 1ef1f25e259 96210->96213 96212 1ef1f25e224 96217 1ef1f25e968 96213->96217 96259->96212 96298 1ef1f22e427 96297->96298 96300 1ef1f22e455 96297->96300 96319 1ef1f22fb20 31 API calls _invalid_parameter_noinfo 96298->96319 96302 1ef1f22e447 96300->96302 96305 1ef1f22e488 96300->96305 96302->96154 96303->96155 96304->96157 96306 1ef1f22e4a3 96305->96306 96307 1ef1f22e4c8 96305->96307 96330 1ef1f22fb20 31 API calls _invalid_parameter_noinfo 96306->96330 96309 1ef1f22e4c3 96307->96309 96320 1ef1f22e23c 96307->96320 96309->96302 96317 1ef1f22e4f7 96317->96309 96319->96302 96321 1ef1f22e262 96320->96321 96325 1ef1f22e293 96320->96325 96322 1ef1f237c1c _fread_nolock 31 API calls 96321->96322 96321->96325 96323 1ef1f22e283 96322->96323 96338 1ef1f23b128 31 API calls 2 library calls 96323->96338 96326 1ef1f23b990 96325->96326 96327 1ef1f23b9a4 96326->96327 96328 1ef1f22e4e5 96326->96328 96327->96328 96329 1ef1f23b550 __free_lconv_num 5 API calls 96327->96329 96331 1ef1f237c1c 96328->96331 96329->96328 96330->96309 96332 1ef1f237c25 96331->96332 96336 1ef1f22e4ed 96331->96336 96339 1ef1f2340cc 5 API calls _get_daylight 96332->96339 96334 1ef1f237c2a 96337 1ef1f23b604 32 API calls _invalid_parameter_noinfo 96336->96337 96337->96317 96338->96325 96339->96334 96341->95980 96342->95968 96344 1ef1f1f5700 96343->96344 96348 1ef1f1f56dd 96343->96348 96346 1ef1f1f570e 96344->96346 96365 1ef1f1e7060 34 API calls 2 library calls 96344->96365 96345 1ef1f1f56fa 96345->95985 96346->95985 96348->96345 96366 1ef1f1ccc70 34 API calls 96348->96366 96350 1ef1f1f5763 96351 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 96350->96351 96352 1ef1f1f5774 _Receive_impl 96351->96352 96352->95985 96354 1ef1f1f0fa3 96353->96354 96362 1ef1f1f0ffb 96354->96362 96367 1ef1f1f1e90 96354->96367 96356 1ef1f1f0fc6 96359 1ef1f1f0fe6 96356->96359 96356->96362 96377 1ef1f22f734 96356->96377 96357 1ef1f24cb70 _Strcoll 3 API calls 96358 1ef1f1f1069 96357->96358 96358->95990 96359->96362 96385 1ef1f22ed2c 96359->96385 96362->96357 96363->95988 96364->95992 96365->96346 96366->96350 96368 1ef1f1f1eb3 96367->96368 96369 1ef1f1f1f62 96367->96369 96368->96369 96375 1ef1f1f1ebd 96368->96375 96370 1ef1f24cb70 _Strcoll 3 API calls 96369->96370 96371 1ef1f1f1f71 96370->96371 96371->96356 96372 1ef1f24cb70 _Strcoll 3 API calls 96373 1ef1f1f1f1e 96372->96373 96373->96356 96374 1ef1f1f1f01 96374->96372 96375->96374 96394 1ef1f22ec88 31 API calls ProcessCodePage 96375->96394 96378 1ef1f22f764 96377->96378 96395 1ef1f22f4c4 96378->96395 96380 1ef1f22f77d 96386 1ef1f22ed40 96385->96386 96387 1ef1f22ed55 96385->96387 96424 1ef1f2340cc 5 API calls _get_daylight 96386->96424 96387->96386 96388 1ef1f22ed5a 96387->96388 96416 1ef1f23cf38 96388->96416 96391 1ef1f22ed45 96425 1ef1f22fbec 31 API calls _invalid_parameter_noinfo 96391->96425 96392 1ef1f22ed50 96392->96362 96394->96374 96396 1ef1f22f52e 96395->96396 96397 1ef1f22f4ee 96395->96397 96396->96397 96399 1ef1f22f53a 96396->96399 96410 1ef1f22fb20 31 API calls _invalid_parameter_noinfo 96397->96410 96404 1ef1f22f648 96399->96404 96401 1ef1f22f515 96401->96380 96405 1ef1f22f68d 96404->96405 96409 1ef1f22f678 96404->96409 96411 1ef1f22f560 96405->96411 96409->96401 96410->96401 96417 1ef1f23cf68 96416->96417 96426 1ef1f23ca44 96417->96426 96424->96391 96425->96392 96427 1ef1f23ca5f 96426->96427 96428 1ef1f23ca8e 96426->96428 96450->96011 96451->96012 96453 1ef1f1f13ad 96452->96453 96455 1ef1f1f1443 96453->96455 96456 1ef1f1f1421 96453->96456 96461 1ef1f1f13bd _Receive_impl 96453->96461 96454 1ef1f24cb70 _Strcoll 3 API calls 96457 1ef1f1f15ef 96454->96457 96459 1ef1f22e614 31 API calls 96455->96459 96495 1ef1f22e614 96456->96495 96457->96023 96465 1ef1f1f1471 _Yarn 96459->96465 96461->96454 96537 1ef1f22d380 96471->96537 96479 1ef1f22d48c _Yarn _Receive_impl 96487 1ef1f1e15dd _Yarn 96482->96487 96488 1ef1f1e1607 96482->96488 96483 1ef1f1e1653 _Yarn 96494 1ef1f1e16e7 _Receive_impl 96483->96494 96543 1ef1f1cb870 34 API calls 96483->96543 96485 1ef1f1e1661 96486 1ef1f1e1710 96485->96486 96489 1ef1f24cb98 std::_Facet_Register 34 API calls 96485->96489 96487->96025 96488->96483 96488->96485 96491 1ef1f1e1699 96488->96491 96489->96483 96492 1ef1f24cb98 std::_Facet_Register 34 API calls 96491->96492 96492->96483 96494->96025 96496 1ef1f22e630 96495->96496 96499 1ef1f22e64e 96495->96499 96538 1ef1f22d396 96537->96538 96539 1ef1f22d3b3 96537->96539 96538->96539 96540 1ef1f1f1370 34 API calls 96538->96540 96539->96479 96540->96539 96546->96050 96561 1ef1f244cb4 96547->96561 96550 1ef1f25958f 96550->95702 96551 1ef1f259582 AreFileApisANSI 96551->96550 96553 1ef1f1dfc8d 96552->96553 96554 1ef1f1dfca4 96552->96554 96553->95707 96555 1ef1f1e5b00 34 API calls 96554->96555 96557 1ef1f1dfcbe memcpy_s 96554->96557 96556 1ef1f1dfd0c 96555->96556 96556->95707 96557->95707 96559->95703 96566 1ef1f2381fc 96561->96566 96567 1ef1f238211 __std_fs_open_handle 96566->96567 96568 1ef1f238220 FlsGetValue 96567->96568 96569 1ef1f23823d FlsSetValue 96567->96569 96570 1ef1f238237 96568->96570 96574 1ef1f23822d _get_daylight 96568->96574 96571 1ef1f23824f 96569->96571 96569->96574 96570->96569 96591 1ef1f23bbb8 5 API calls 3 library calls 96571->96591 96573 1ef1f23825e 96575 1ef1f23827c FlsSetValue 96573->96575 96576 1ef1f23826c FlsSetValue 96573->96576 96577 1ef1f2382b6 96574->96577 96593 1ef1f237bc4 31 API calls __std_fs_directory_iterator_open 96574->96593 96579 1ef1f23829a 96575->96579 96580 1ef1f238288 FlsSetValue 96575->96580 96578 1ef1f238275 96576->96578 96587 1ef1f23a488 96577->96587 96583 1ef1f23b550 __free_lconv_num 5 API calls 96578->96583 96592 1ef1f237fac 5 API calls _get_daylight 96579->96592 96580->96578 96583->96574 96584 1ef1f2382a2 96586 1ef1f23b550 __free_lconv_num 5 API calls 96584->96586 96586->96574 96588 1ef1f23a4b0 96587->96588 96589 1ef1f23a49d 96587->96589 96588->96550 96588->96551 96589->96588 96594 1ef1f243f24 31 API calls 2 library calls 96589->96594 96591->96573 96592->96584 96594->96588 96595->95728 96598 1ef1f1e49e6 96597->96598 96599 1ef1f1e4a2c 96598->96599 96600 1ef1f1e4af3 96598->96600 96603 1ef1f1e4a9f 96598->96603 96601 1ef1f24cb98 std::_Facet_Register 34 API calls 96599->96601 96630 1ef1f1cb890 34 API calls 96600->96630 96604 1ef1f1e4a4a 96601->96604 96603->95735 96620 1ef1f1e0840 96604->96620 96607->95731 96608->95739 96610 1ef1f1e4797 96609->96610 96632 1ef1f1ceaa0 96610->96632 96612 1ef1f1e47d5 96654 1ef1f1e9c80 96612->96654 96614 1ef1f1e47e9 _Receive_impl 96618 1ef1f1e49a4 96614->96618 96664 1ef1f24ea50 96614->96664 96616 1ef1f1e4924 _Receive_impl 96617 1ef1f24cb70 _Strcoll 3 API calls 96616->96617 96616->96618 96619 1ef1f1deea9 96617->96619 96619->95743 96621 1ef1f1e0996 96620->96621 96622 1ef1f1e0873 96620->96622 96621->96622 96623 1ef1f1e09a3 96621->96623 96624 1ef1f24cb70 _Strcoll 3 API calls 96622->96624 96631 1ef1f1e5540 34 API calls 3 library calls 96623->96631 96625 1ef1f1e08a2 96624->96625 96625->96603 96627 1ef1f1e09c4 96628 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 96627->96628 96629 1ef1f1e09d5 96628->96629 96631->96627 96633 1ef1f1ceadb 96632->96633 96634 1ef1f1cebd1 96633->96634 96635 1ef1f1e51e0 34 API calls 96633->96635 96670 1ef1f1e0dc0 96634->96670 96635->96634 96637 1ef1f1cebea 96638 1ef1f1e0dc0 34 API calls 96637->96638 96639 1ef1f1cec03 96638->96639 96640 1ef1f1cec10 96639->96640 96641 1ef1f1e5990 34 API calls 96639->96641 96642 1ef1f1e0dc0 34 API calls 96640->96642 96641->96640 96643 1ef1f1cec5a 96642->96643 96644 1ef1f1e0dc0 34 API calls 96643->96644 96645 1ef1f1cec6f 96644->96645 96646 1ef1f1cecb3 _Receive_impl 96645->96646 96648 1ef1f1cecec 96645->96648 96647 1ef1f24cb70 _Strcoll 3 API calls 96646->96647 96649 1ef1f1cecd8 96647->96649 96675 1ef1f24eae0 6 API calls _Yarn 96648->96675 96649->96612 96651 1ef1f1ced35 96676 1ef1f24eae0 6 API calls _Yarn 96651->96676 96653 1ef1f1ced42 _Receive_impl 96653->96612 96655 1ef1f1e9ce4 96654->96655 96656 1ef1f1e9cd8 96654->96656 96658 1ef1f1e0dc0 34 API calls 96655->96658 96657 1ef1f1e51e0 34 API calls 96656->96657 96657->96655 96659 1ef1f1e9d01 96658->96659 96660 1ef1f1e0dc0 34 API calls 96659->96660 96661 1ef1f1e9d1a 96660->96661 96662 1ef1f1e0dc0 34 API calls 96661->96662 96663 1ef1f1e9d33 96662->96663 96663->96614 96665 1ef1f24ea71 96664->96665 96669 1ef1f24eabb 96664->96669 96666 1ef1f24eaa6 96665->96666 96665->96669 96691 1ef1f236fc0 31 API calls 2 library calls 96665->96691 96692 1ef1f22efd8 6 API calls 3 library calls 96666->96692 96669->96616 96671 1ef1f1e0e22 96670->96671 96674 1ef1f1e0de3 _Yarn 96670->96674 96677 1ef1f1e5cb0 96671->96677 96673 1ef1f1e0e3b 96673->96637 96674->96637 96675->96651 96676->96653 96678 1ef1f1e5e26 96677->96678 96682 1ef1f1e5ce8 96677->96682 96689 1ef1f1cb870 34 API calls 96678->96689 96679 1ef1f1e5d4d 96683 1ef1f24cb98 std::_Facet_Register 34 API calls 96679->96683 96681 1ef1f1e5e2b 96690 1ef1f1cb7b0 34 API calls 2 library calls 96681->96690 96682->96679 96685 1ef1f1e5d7c 96682->96685 96686 1ef1f1e5d40 96682->96686 96688 1ef1f1e5d33 _Yarn _Receive_impl 96682->96688 96683->96688 96687 1ef1f24cb98 std::_Facet_Register 34 API calls 96685->96687 96686->96679 96686->96681 96687->96688 96688->96673 96690->96688 96691->96666 96692->96669 96694 1ef1f1e177e 96693->96694 96695 1ef1f24cb70 _Strcoll 3 API calls 96694->96695 96696 1ef1f1ded17 96695->96696 96696->95629 96698 1ef1f1e46c0 96697->96698 96699 1ef1f1e51e0 34 API calls 96698->96699 96700 1ef1f1e46ee 96698->96700 96699->96700 96700->96700 96701 1ef1f1e0dc0 34 API calls 96700->96701 96702 1ef1f1e470a 96701->96702 96703 1ef1f1e0dc0 34 API calls 96702->96703 96704 1ef1f1ded71 96703->96704 96704->95759 96705->95773 96706->95777 96707->95779 96708->95762 96711 1ef1f2597e5 GetLastError 96710->96711 96712 1ef1f2597de 96710->96712 96712->95792 96713->95798 96715 1ef1f1de3f1 96714->96715 96718 1ef1f1de3bf _Receive_impl 96714->96718 96716 1ef1f1e6000 34 API calls 96716->96718 96717 1ef1f1f0000 34 API calls 96717->96718 96718->96715 96718->96716 96718->96717 96720->95825 96722->95831 96724 1ef1f1e6051 96723->96724 96727 1ef1f1e601c _Receive_impl 96723->96727 96724->95837 96725 1ef1f1e6000 34 API calls 96725->96727 96726 1ef1f1f0000 34 API calls 96726->96727 96727->96724 96727->96725 96727->96726 96729 1ef1f1deec0 34 API calls 96728->96729 96730->95828 96731->95833 96734->95845 96735->95854 96736 1ef1f22c7fa 96830 1ef1f20b310 96736->96830 96738 1ef1f24cb70 _Strcoll 3 API calls 96739 1ef1f22d1e6 96738->96739 96740 1ef1f229610 34 API calls 96744 1ef1f22c66e 96740->96744 96741 1ef1f22ca48 96848 1ef1f229610 96741->96848 96743 1ef1f22ca50 96745 1ef1f22ca5c 96743->96745 96753 1ef1f22ce8c 96743->96753 96744->96740 96744->96741 96746 1ef1f22cc6d 96744->96746 96747 1ef1f22cd22 96744->96747 96750 1ef1f20a9b0 34 API calls 96744->96750 96815 1ef1f22cb35 96744->96815 96866 1ef1f20a810 96745->96866 96881 1ef1f208950 34 API calls 4 library calls 96746->96881 96884 1ef1f208950 34 API calls 4 library calls 96747->96884 96749 1ef1f22ca74 96754 1ef1f229610 34 API calls 96749->96754 96750->96744 96890 1ef1f208950 34 API calls 4 library calls 96753->96890 96757 1ef1f22ca80 96754->96757 96755 1ef1f22ccd3 96882 1ef1f205630 34 API calls _Strcoll 96755->96882 96756 1ef1f22cd88 96885 1ef1f205630 34 API calls _Strcoll 96756->96885 96761 1ef1f22ca8c 96757->96761 96773 1ef1f22cdd7 96757->96773 96762 1ef1f229610 34 API calls 96761->96762 96785 1ef1f22ca94 96762->96785 96763 1ef1f22cce3 96767 1ef1f22ccf2 96763->96767 96768 1ef1f22d270 96763->96768 96764 1ef1f22cd98 96769 1ef1f22cda7 96764->96769 96770 1ef1f22d28d 96764->96770 96765 1ef1f22cef2 96891 1ef1f205630 34 API calls _Strcoll 96765->96891 96883 1ef1f1ced70 6 API calls __std_exception_destroy 96767->96883 96896 1ef1f204110 32 API calls 96768->96896 96886 1ef1f1ced70 6 API calls __std_exception_destroy 96769->96886 96897 1ef1f204110 32 API calls 96770->96897 96771 1ef1f22cf02 96775 1ef1f22cf11 96771->96775 96776 1ef1f22d2c7 96771->96776 96887 1ef1f208950 34 API calls 4 library calls 96773->96887 96892 1ef1f1ced70 6 API calls __std_exception_destroy 96775->96892 96899 1ef1f204110 32 API calls 96776->96899 96777 1ef1f22d27d 96781 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 96777->96781 96778 1ef1f22d29a 96783 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 96778->96783 96781->96770 96788 1ef1f22d2aa 96783->96788 96878 1ef1f208950 34 API calls 4 library calls 96785->96878 96786 1ef1f22d2d4 96790 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 96786->96790 96787 1ef1f22ce3d 96888 1ef1f205630 34 API calls _Strcoll 96787->96888 96898 1ef1f204110 32 API calls 96788->96898 96793 1ef1f22d2e4 96790->96793 96900 1ef1f204110 32 API calls 96793->96900 96794 1ef1f22ce4d 96794->96788 96795 1ef1f22ce5c 96794->96795 96889 1ef1f1ced70 6 API calls __std_exception_destroy 96795->96889 96796 1ef1f22d2b7 96799 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 96796->96799 96799->96776 96800 1ef1f22cb02 96879 1ef1f205630 34 API calls _Strcoll 96800->96879 96801 1ef1f22d2f1 96803 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 96801->96803 96806 1ef1f22d301 96803->96806 96805 1ef1f22cb12 96807 1ef1f22cb21 96805->96807 96808 1ef1f22d21a 96805->96808 96901 1ef1f204110 32 API calls 96806->96901 96880 1ef1f1ced70 6 API calls __std_exception_destroy 96807->96880 96893 1ef1f204110 32 API calls 96808->96893 96811 1ef1f22d226 96814 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 96811->96814 96812 1ef1f22d30e 96817 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 96812->96817 96816 1ef1f22d236 96814->96816 96815->96738 96894 1ef1f204110 32 API calls 96816->96894 96818 1ef1f22d31e 96817->96818 96902 1ef1f204110 32 API calls 96818->96902 96820 1ef1f22d243 96822 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 96820->96822 96824 1ef1f22d253 96822->96824 96823 1ef1f22d32b 96825 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 96823->96825 96895 1ef1f20a710 32 API calls 96824->96895 96826 1ef1f22d33b 96825->96826 96828 1ef1f22d260 96829 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 96828->96829 96829->96768 96831 1ef1f20b32f 96830->96831 96832 1ef1f20b395 96830->96832 96835 1ef1f1f24f0 34 API calls 96831->96835 96833 1ef1f20b401 96832->96833 96834 1ef1f20b39e 96832->96834 96903 1ef1f1f24f0 96833->96903 96837 1ef1f20b3cf 96834->96837 96838 1ef1f20b3ac 96834->96838 96836 1ef1f20b34d 96835->96836 96840 1ef1f1e0fb0 34 API calls 96836->96840 96912 1ef1f20e150 34 API calls 2 library calls 96837->96912 96841 1ef1f1f24f0 34 API calls 96838->96841 96844 1ef1f20b382 96840->96844 96845 1ef1f20b3c7 96841->96845 96844->96744 96845->96744 96846 1ef1f1e0fb0 34 API calls 96847 1ef1f20b455 96846->96847 96847->96744 96849 1ef1f229633 96848->96849 96853 1ef1f229680 96848->96853 96913 1ef1f22abc0 96849->96913 96851 1ef1f22abc0 34 API calls 96851->96853 96852 1ef1f229638 96852->96853 96854 1ef1f22abc0 34 API calls 96852->96854 96853->96851 96865 1ef1f2296d3 96853->96865 96855 1ef1f229647 96854->96855 96856 1ef1f22965d 96855->96856 96857 1ef1f22abc0 34 API calls 96855->96857 96858 1ef1f24cb70 _Strcoll 3 API calls 96856->96858 96860 1ef1f229656 96857->96860 96861 1ef1f22967a 96858->96861 96859 1ef1f2297d8 96862 1ef1f24cb70 _Strcoll 3 API calls 96859->96862 96860->96853 96860->96856 96861->96743 96863 1ef1f22992b 96862->96863 96863->96743 96864 1ef1f22abc0 34 API calls 96864->96865 96865->96859 96865->96864 96867 1ef1f20a835 96866->96867 96868 1ef1f20a911 96867->96868 96869 1ef1f20a868 96867->96869 96877 1ef1f20a8c0 96867->96877 96932 1ef1f1cb890 34 API calls 96868->96932 96870 1ef1f24cb98 std::_Facet_Register 34 API calls 96869->96870 96872 1ef1f20a88c 96870->96872 96874 1ef1f1dfe50 34 API calls 96872->96874 96875 1ef1f20a8a8 96874->96875 96876 1ef1f1e0840 34 API calls 96875->96876 96876->96877 96877->96749 96878->96800 96879->96805 96880->96815 96881->96755 96882->96763 96883->96815 96884->96756 96885->96764 96886->96815 96887->96787 96888->96794 96889->96815 96890->96765 96891->96771 96892->96815 96893->96811 96894->96820 96895->96828 96896->96777 96897->96778 96898->96796 96899->96786 96900->96801 96901->96812 96902->96823 96904 1ef1f1e0fb0 34 API calls 96903->96904 96905 1ef1f1f2523 96904->96905 96906 1ef1f24cb98 std::_Facet_Register 34 API calls 96905->96906 96907 1ef1f1f2538 96906->96907 96908 1ef1f1dfe50 34 API calls 96907->96908 96909 1ef1f1f2555 96908->96909 96910 1ef1f24cb70 _Strcoll 3 API calls 96909->96910 96911 1ef1f1f256e 96910->96911 96911->96846 96912->96845 96914 1ef1f22abe3 96913->96914 96915 1ef1f22abdd 96913->96915 96916 1ef1f22abfa 96914->96916 96929 1ef1f1f1370 34 API calls 96914->96929 96917 1ef1f22ac67 96915->96917 96930 1ef1f20b010 34 API calls 4 library calls 96915->96930 96916->96915 96919 1ef1f22ac94 96916->96919 96917->96852 96931 1ef1f1ccc70 34 API calls 96919->96931 96921 1ef1f22acd6 96922 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 96921->96922 96923 1ef1f22ace7 96922->96923 96924 1ef1f1e5990 34 API calls 96923->96924 96927 1ef1f22ad15 96923->96927 96924->96927 96925 1ef1f22adc0 96925->96852 96926 1ef1f22abc0 34 API calls 96926->96927 96927->96925 96927->96926 96928 1ef1f1e5990 34 API calls 96927->96928 96928->96927 96929->96916 96930->96917 96931->96921 96933 1ef1f1e1925 96934 1ef1f24cb98 std::_Facet_Register 34 API calls 96933->96934 96935 1ef1f1e1937 96934->96935 96936 1ef1f1dfe50 34 API calls 96935->96936 96937 1ef1f1e1951 96936->96937 96938 1ef1f24cb70 _Strcoll 3 API calls 96937->96938 96939 1ef1f1e1a33 96938->96939 96940 1ef1f226bb7 96941 1ef1f226bc1 96940->96941 96946 1ef1f2270b0 96941->96946 96944 1ef1f24cb70 _Strcoll 3 API calls 96945 1ef1f226f13 96944->96945 96950 1ef1f226bd0 96946->96950 96951 1ef1f2270ef 96946->96951 96947 1ef1f227368 96965 1ef1f1f9930 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll 96947->96965 96948 1ef1f2272ed 96948->96950 96967 1ef1f2289c0 34 API calls 96948->96967 96950->96944 96951->96947 96951->96948 96964 1ef1f1e0dc0 34 API calls 96951->96964 96952 1ef1f227389 96966 1ef1f2288e0 34 API calls 96952->96966 96954 1ef1f22739f 96955 1ef1f1e4740 34 API calls 96954->96955 96956 1ef1f2273b2 96955->96956 96957 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 96956->96957 96957->96948 96959 1ef1f2273ea 96960 1ef1f1e4740 34 API calls 96959->96960 96961 1ef1f2273fd 96960->96961 96962 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 96961->96962 96963 1ef1f22740e 96962->96963 96964->96951 96965->96952 96966->96954 96967->96959 96968 1ef1f237db8 96969 1ef1f237c1c _fread_nolock 31 API calls 96968->96969 96971 1ef1f237dd7 96969->96971 96970 1ef1f237ddf 96971->96970 96976 1ef1f237e18 96971->96976 96990 1ef1f237d3c 31 API calls _fread_nolock 96971->96990 96973 1ef1f237e59 96979 1ef1f237c44 96973->96979 96976->96970 96976->96973 96991 1ef1f23c8f0 31 API calls 2 library calls 96976->96991 96977 1ef1f237e4d 96977->96973 96992 1ef1f23cfdc 5 API calls 2 library calls 96977->96992 96980 1ef1f237c1c _fread_nolock 31 API calls 96979->96980 96981 1ef1f237c69 96980->96981 96982 1ef1f237d0a 96981->96982 96983 1ef1f237c79 96981->96983 97002 1ef1f23b128 31 API calls 2 library calls 96982->97002 96985 1ef1f237c97 96983->96985 96988 1ef1f237cb5 96983->96988 97001 1ef1f23b128 31 API calls 2 library calls 96985->97001 96987 1ef1f237ca5 96987->96970 96988->96987 96993 1ef1f23dc0c 96988->96993 96990->96976 96991->96977 96992->96973 96994 1ef1f23dc3c 96993->96994 97003 1ef1f23da40 96994->97003 96996 1ef1f23dc55 96999 1ef1f23dc7b 96996->96999 97010 1ef1f22db64 31 API calls 4 library calls 96996->97010 96998 1ef1f23dc90 96998->96987 96999->96998 97011 1ef1f22db64 31 API calls 4 library calls 96999->97011 97001->96987 97002->96987 97004 1ef1f23da97 97003->97004 97007 1ef1f23da69 97003->97007 97005 1ef1f23dab0 97004->97005 97008 1ef1f23db07 97004->97008 97017 1ef1f22fb20 31 API calls _invalid_parameter_noinfo 97005->97017 97007->96996 97008->97007 97012 1ef1f23db60 97008->97012 97010->96999 97011->96998 97018 1ef1f243b78 97012->97018 97015 1ef1f23db9e SetFilePointerEx 97016 1ef1f23db8d __std_fs_open_handle _fread_nolock 97015->97016 97016->97007 97017->97007 97019 1ef1f243b96 97018->97019 97020 1ef1f243b81 97018->97020 97026 1ef1f23db87 97019->97026 97032 1ef1f2340ac 5 API calls _get_daylight 97019->97032 97030 1ef1f2340ac 5 API calls _get_daylight 97020->97030 97022 1ef1f243b86 97031 1ef1f2340cc 5 API calls _get_daylight 97022->97031 97025 1ef1f243bd1 97033 1ef1f2340cc 5 API calls _get_daylight 97025->97033 97026->97015 97026->97016 97028 1ef1f243bd9 97034 1ef1f22fbec 31 API calls _invalid_parameter_noinfo 97028->97034 97030->97022 97031->97026 97032->97025 97033->97028 97034->97026 97035 1ef1f1f11c0 97036 1ef1f1f11d8 97035->97036 97038 1ef1f1f11e4 _Yarn 97035->97038 97037 1ef1f1f11f5 _Yarn 97038->97037 97039 1ef1f1f132e 97038->97039 97042 1ef1f22f3fc 97038->97042 97039->97037 97041 1ef1f22f3fc _fread_nolock 33 API calls 97039->97041 97041->97037 97045 1ef1f22f41c 97042->97045 97044 1ef1f22f414 97044->97038 97046 1ef1f22f446 97045->97046 97053 1ef1f22f475 97045->97053 97047 1ef1f22f492 97046->97047 97048 1ef1f22f455 memcpy_s 97046->97048 97046->97053 97054 1ef1f22f19c 97047->97054 97069 1ef1f2340cc 5 API calls _get_daylight 97048->97069 97051 1ef1f22f46a 97070 1ef1f22fbec 31 API calls _invalid_parameter_noinfo 97051->97070 97053->97044 97058 1ef1f22f1cb memcpy_s 97054->97058 97061 1ef1f22f1e5 97054->97061 97055 1ef1f22f1d5 97091 1ef1f2340cc 5 API calls _get_daylight 97055->97091 97057 1ef1f22f1da 97092 1ef1f22fbec 31 API calls _invalid_parameter_noinfo 97057->97092 97058->97055 97058->97061 97067 1ef1f22f23a _Yarn memcpy_s 97058->97067 97061->97053 97062 1ef1f22f3bd memcpy_s 97155 1ef1f2340cc 5 API calls _get_daylight 97062->97155 97063 1ef1f237c1c _fread_nolock 31 API calls 97063->97067 97067->97061 97067->97062 97067->97063 97071 1ef1f23ba50 97067->97071 97093 1ef1f2340cc 5 API calls _get_daylight 97067->97093 97094 1ef1f22fbec 31 API calls _invalid_parameter_noinfo 97067->97094 97095 1ef1f23d5f0 97067->97095 97069->97051 97070->97053 97072 1ef1f23ba6d 97071->97072 97076 1ef1f23ba98 97071->97076 97181 1ef1f2340cc 5 API calls _get_daylight 97072->97181 97074 1ef1f23ba72 97182 1ef1f22fbec 31 API calls _invalid_parameter_noinfo 97074->97182 97077 1ef1f23bad4 97076->97077 97083 1ef1f23ba7d 97076->97083 97183 1ef1f23cfdc 5 API calls 2 library calls 97076->97183 97079 1ef1f237c1c _fread_nolock 31 API calls 97077->97079 97080 1ef1f23bae6 97079->97080 97156 1ef1f23d4d0 97080->97156 97082 1ef1f23baf3 97082->97083 97084 1ef1f237c1c _fread_nolock 31 API calls 97082->97084 97083->97067 97085 1ef1f23bb28 97084->97085 97085->97083 97086 1ef1f237c1c _fread_nolock 31 API calls 97085->97086 97087 1ef1f23bb34 97086->97087 97087->97083 97088 1ef1f237c1c _fread_nolock 31 API calls 97087->97088 97089 1ef1f23bb41 97088->97089 97090 1ef1f237c1c _fread_nolock 31 API calls 97089->97090 97090->97083 97091->97057 97092->97061 97093->97067 97094->97067 97096 1ef1f23d631 97095->97096 97097 1ef1f23d618 97095->97097 97099 1ef1f23da0b 97096->97099 97104 1ef1f23d67c 97096->97104 97201 1ef1f2340ac 5 API calls _get_daylight 97097->97201 97220 1ef1f2340ac 5 API calls _get_daylight 97099->97220 97101 1ef1f23d61d 97202 1ef1f2340cc 5 API calls _get_daylight 97101->97202 97102 1ef1f23da10 97221 1ef1f2340cc 5 API calls _get_daylight 97102->97221 97106 1ef1f23d685 97104->97106 97107 1ef1f23d626 97104->97107 97111 1ef1f23d6b6 97104->97111 97203 1ef1f2340ac 5 API calls _get_daylight 97106->97203 97107->97067 97108 1ef1f23d691 97222 1ef1f22fbec 31 API calls _invalid_parameter_noinfo 97108->97222 97110 1ef1f23d68a 97204 1ef1f2340cc 5 API calls _get_daylight 97110->97204 97114 1ef1f23d6dd 97111->97114 97115 1ef1f23d717 97111->97115 97116 1ef1f23d6ea 97111->97116 97114->97116 97121 1ef1f23d706 97114->97121 97208 1ef1f23dedc 97115->97208 97205 1ef1f2340ac 5 API calls _get_daylight 97116->97205 97120 1ef1f23d6ef 97206 1ef1f2340cc 5 API calls _get_daylight 97120->97206 97193 1ef1f247c7c 97121->97193 97122 1ef1f23b550 __free_lconv_num 5 API calls 97125 1ef1f23d732 97122->97125 97128 1ef1f23b550 __free_lconv_num 5 API calls 97125->97128 97127 1ef1f23d6f6 97207 1ef1f22fbec 31 API calls _invalid_parameter_noinfo 97127->97207 97130 1ef1f23d739 97128->97130 97132 1ef1f23d741 97130->97132 97133 1ef1f23d75c 97130->97133 97131 1ef1f23d845 GetConsoleMode 97134 1ef1f23d859 97131->97134 97136 1ef1f23d8b2 _fread_nolock 97131->97136 97212 1ef1f2340cc 5 API calls _get_daylight 97132->97212 97214 1ef1f23dcb0 31 API calls 2 library calls 97133->97214 97134->97136 97138 1ef1f23d863 ReadConsoleW 97134->97138 97139 1ef1f23d8a6 97136->97139 97142 1ef1f23d9d1 __std_fs_open_handle 97136->97142 97138->97139 97147 1ef1f23d887 __std_fs_open_handle 97138->97147 97144 1ef1f23d916 97139->97144 97149 1ef1f23d93b 97139->97149 97154 1ef1f23d701 97139->97154 97140 1ef1f23b550 __free_lconv_num 5 API calls 97140->97107 97141 1ef1f23d746 97213 1ef1f2340ac 5 API calls _get_daylight 97141->97213 97146 1ef1f23d9dc 97142->97146 97142->97147 97216 1ef1f23d208 31 API calls 4 library calls 97144->97216 97218 1ef1f2340cc 5 API calls _get_daylight 97146->97218 97147->97154 97215 1ef1f234040 5 API calls 2 library calls 97147->97215 97149->97154 97217 1ef1f23d048 31 API calls _fread_nolock 97149->97217 97152 1ef1f23d9e1 97219 1ef1f2340ac 5 API calls _get_daylight 97152->97219 97154->97140 97155->97057 97157 1ef1f23d4fa 97156->97157 97161 1ef1f23d52a 97156->97161 97184 1ef1f2340ac 5 API calls _get_daylight 97157->97184 97159 1ef1f23d4ff 97185 1ef1f2340cc 5 API calls _get_daylight 97159->97185 97160 1ef1f23d543 97186 1ef1f2340ac 5 API calls _get_daylight 97160->97186 97161->97160 97165 1ef1f23d581 97161->97165 97164 1ef1f23d507 97164->97082 97166 1ef1f23d59f 97165->97166 97167 1ef1f23d58a 97165->97167 97174 1ef1f23d5d1 97166->97174 97175 1ef1f23d5bc 97166->97175 97189 1ef1f2340ac 5 API calls _get_daylight 97167->97189 97168 1ef1f23d548 97187 1ef1f2340cc 5 API calls _get_daylight 97168->97187 97171 1ef1f23d58f 97190 1ef1f2340cc 5 API calls _get_daylight 97171->97190 97172 1ef1f23d550 97188 1ef1f22fbec 31 API calls _invalid_parameter_noinfo 97172->97188 97178 1ef1f23d5f0 _fread_nolock 33 API calls 97174->97178 97191 1ef1f2340cc 5 API calls _get_daylight 97175->97191 97178->97164 97179 1ef1f23d5c1 97192 1ef1f2340ac 5 API calls _get_daylight 97179->97192 97181->97074 97182->97083 97183->97077 97184->97159 97185->97164 97186->97168 97187->97172 97188->97164 97189->97171 97190->97172 97191->97179 97192->97164 97194 1ef1f247c85 97193->97194 97195 1ef1f247c92 97193->97195 97223 1ef1f2340cc 5 API calls _get_daylight 97194->97223 97198 1ef1f23d826 97195->97198 97224 1ef1f2340cc 5 API calls _get_daylight 97195->97224 97198->97131 97198->97136 97199 1ef1f247cc9 97225 1ef1f22fbec 31 API calls _invalid_parameter_noinfo 97199->97225 97201->97101 97202->97107 97203->97110 97204->97108 97205->97120 97206->97127 97207->97154 97211 1ef1f23deeb std::_Facet_Register wcsftime 97208->97211 97210 1ef1f23d728 97210->97122 97211->97210 97226 1ef1f2340cc 5 API calls _get_daylight 97211->97226 97212->97141 97213->97154 97214->97121 97215->97154 97216->97154 97217->97154 97218->97152 97219->97154 97220->97102 97221->97108 97222->97107 97223->97198 97224->97199 97225->97198 97226->97210 97227 1ef1f220ddb RegOpenKeyExA 97231 1ef1f220e05 RegQueryValueExA 97227->97231 97234 1ef1f220e44 _Receive_impl 97227->97234 97228 1ef1f220ed4 RegCloseKey 97229 1ef1f220eda 97228->97229 97232 1ef1f24cb70 _Strcoll 3 API calls 97229->97232 97231->97234 97233 1ef1f220eed 97232->97233 97234->97228 97234->97229 97235 1ef1f23749c 97236 1ef1f2374b2 97235->97236 97237 1ef1f2374cd 97235->97237 97264 1ef1f2340cc 5 API calls _get_daylight 97236->97264 97237->97236 97239 1ef1f2374e6 97237->97239 97241 1ef1f2374ec 97239->97241 97242 1ef1f237509 97239->97242 97240 1ef1f2374b7 97265 1ef1f22fbec 31 API calls _invalid_parameter_noinfo 97240->97265 97266 1ef1f2340cc 5 API calls _get_daylight 97241->97266 97259 1ef1f2416e0 97242->97259 97246 1ef1f2374c3 97250 1ef1f237783 97255 1ef1f2375c6 97255->97246 97286 1ef1f241724 31 API calls _isindst 97255->97286 97256 1ef1f237566 97256->97246 97285 1ef1f241724 31 API calls _isindst 97256->97285 97260 1ef1f23750e 97259->97260 97261 1ef1f2416ef 97259->97261 97267 1ef1f2407f8 97260->97267 97262 1ef1f241708 97261->97262 97287 1ef1f241550 97261->97287 97264->97240 97265->97246 97266->97246 97268 1ef1f240801 97267->97268 97269 1ef1f237523 97267->97269 97363 1ef1f2340cc 5 API calls _get_daylight 97268->97363 97269->97250 97273 1ef1f240828 97269->97273 97271 1ef1f240806 97364 1ef1f22fbec 31 API calls _invalid_parameter_noinfo 97271->97364 97274 1ef1f240831 97273->97274 97278 1ef1f237534 97273->97278 97365 1ef1f2340cc 5 API calls _get_daylight 97274->97365 97276 1ef1f240836 97366 1ef1f22fbec 31 API calls _invalid_parameter_noinfo 97276->97366 97278->97250 97279 1ef1f240858 97278->97279 97280 1ef1f240861 97279->97280 97281 1ef1f237545 97279->97281 97367 1ef1f2340cc 5 API calls _get_daylight 97280->97367 97281->97250 97281->97255 97281->97256 97283 1ef1f240866 97368 1ef1f22fbec 31 API calls _invalid_parameter_noinfo 97283->97368 97285->97246 97286->97246 97308 1ef1f249d94 97287->97308 97289 1ef1f2415a7 97291 1ef1f23dedc wcsftime 5 API calls 97289->97291 97301 1ef1f2415bc 97289->97301 97307 1ef1f2415ab 97289->97307 97290 1ef1f241650 97355 1ef1f24114c 33 API calls 7 library calls 97290->97355 97293 1ef1f2415fe 97291->97293 97296 1ef1f249d94 wcsftime 33 API calls 97293->97296 97303 1ef1f241606 97293->97303 97295 1ef1f2415c4 97297 1ef1f23b550 __free_lconv_num 5 API calls 97295->97297 97299 1ef1f241628 97296->97299 97300 1ef1f2415cc 97297->97300 97298 1ef1f23b550 __free_lconv_num 5 API calls 97298->97301 97302 1ef1f241631 97299->97302 97299->97303 97304 1ef1f24cb70 _Strcoll 3 API calls 97300->97304 97317 1ef1f2413c8 97301->97317 97306 1ef1f23b550 __free_lconv_num 5 API calls 97302->97306 97303->97298 97305 1ef1f2415dc 97304->97305 97305->97262 97306->97307 97307->97290 97307->97301 97315 1ef1f249c9c 97308->97315 97309 1ef1f249cd3 97356 1ef1f2340cc 5 API calls _get_daylight 97309->97356 97311 1ef1f249cd8 97357 1ef1f22fbec 31 API calls _invalid_parameter_noinfo 97311->97357 97314 1ef1f249ce4 97314->97289 97315->97308 97315->97309 97315->97314 97358 1ef1f249c04 33 API calls wcsftime 97315->97358 97359 1ef1f2462e8 31 API calls 2 library calls 97315->97359 97318 1ef1f2413dc wcsftime 97317->97318 97319 1ef1f240858 _get_daylight 31 API calls 97318->97319 97320 1ef1f2413fb 97319->97320 97321 1ef1f2407f8 _get_daylight 31 API calls 97320->97321 97323 1ef1f24153b 97320->97323 97322 1ef1f24140c 97321->97322 97322->97323 97325 1ef1f240828 _get_daylight 31 API calls 97322->97325 97324 1ef1f249d94 wcsftime 33 API calls 97323->97324 97326 1ef1f2415a7 97324->97326 97327 1ef1f24141d 97325->97327 97328 1ef1f2415ab 97326->97328 97330 1ef1f2415bc 97326->97330 97333 1ef1f23dedc wcsftime 5 API calls 97326->97333 97327->97323 97329 1ef1f241425 97327->97329 97328->97330 97332 1ef1f241650 97328->97332 97331 1ef1f23b550 __free_lconv_num 5 API calls 97329->97331 97336 1ef1f2413c8 wcsftime 33 API calls 97330->97336 97347 1ef1f241431 memcpy_s wcsftime 97331->97347 97362 1ef1f24114c 33 API calls 7 library calls 97332->97362 97335 1ef1f2415fe 97333->97335 97338 1ef1f241606 97335->97338 97339 1ef1f249d94 wcsftime 33 API calls 97335->97339 97337 1ef1f2415c4 97336->97337 97340 1ef1f23b550 __free_lconv_num 5 API calls 97337->97340 97341 1ef1f23b550 __free_lconv_num 5 API calls 97338->97341 97342 1ef1f241628 97339->97342 97343 1ef1f2415cc 97340->97343 97341->97330 97342->97338 97344 1ef1f241631 97342->97344 97345 1ef1f24cb70 _Strcoll 3 API calls 97343->97345 97348 1ef1f23b550 __free_lconv_num 5 API calls 97344->97348 97346 1ef1f2415dc 97345->97346 97346->97295 97349 1ef1f241510 wcsftime 97347->97349 97350 1ef1f244cb4 _Getctype 31 API calls 97347->97350 97348->97328 97349->97295 97351 1ef1f2414e2 97350->97351 97360 1ef1f241660 33 API calls wcsftime 97351->97360 97353 1ef1f2414f9 97361 1ef1f241660 33 API calls wcsftime 97353->97361 97355->97295 97356->97311 97357->97314 97358->97315 97359->97315 97360->97353 97361->97349 97362->97337 97363->97271 97364->97269 97365->97276 97366->97278 97367->97283 97368->97281 97369 1ef1f219fe0 97370 1ef1f21a073 97369->97370 97371 1ef1f1cd6c0 34 API calls 97370->97371 97372 1ef1f21a098 _Receive_impl 97371->97372 97373 1ef1f1ce9a0 38 API calls 97372->97373 97374 1ef1f21a5e7 97372->97374 97375 1ef1f21a104 memcpy_s 97373->97375 97482 1ef1f1ce0f0 35 API calls Concurrency::cancel_current_task 97374->97482 97378 1ef1f2291d0 65 API calls 97375->97378 97387 1ef1f21a146 97375->97387 97377 1ef1f24cb70 _Strcoll 3 API calls 97379 1ef1f21a1d9 97377->97379 97380 1ef1f21a229 97378->97380 97382 1ef1f21a4d9 97380->97382 97383 1ef1f21a26d 97380->97383 97381 1ef1f21a60f 97483 1ef1f1ccc70 34 API calls 97381->97483 97481 1ef1f1f19c0 32 API calls 97382->97481 97433 1ef1f2279c0 97383->97433 97387->97374 97432 1ef1f21a1a7 _Receive_impl 97387->97432 97388 1ef1f21a636 97390 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 97388->97390 97389 1ef1f21a2a2 97392 1ef1f21a2bf 97389->97392 97393 1ef1f21a342 97389->97393 97391 1ef1f21a647 97390->97391 97484 1ef1f1ccc70 34 API calls 97391->97484 97392->97381 97394 1ef1f21a2f1 97392->97394 97440 1ef1f226110 97393->97440 97396 1ef1f225f50 35 API calls 97394->97396 97399 1ef1f21a2fe 97396->97399 97398 1ef1f21a356 97403 1ef1f21a3f0 97398->97403 97404 1ef1f21a36d 97398->97404 97401 1ef1f1e0fb0 34 API calls 97399->97401 97400 1ef1f21a670 97402 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 97400->97402 97405 1ef1f21a31e 97401->97405 97413 1ef1f21a684 97402->97413 97408 1ef1f226110 34 API calls 97403->97408 97404->97391 97406 1ef1f21a39f 97404->97406 97465 1ef1f1f0cd0 32 API calls 97405->97465 97455 1ef1f225f50 97406->97455 97410 1ef1f21a404 97408->97410 97412 1ef1f226110 34 API calls 97410->97412 97411 1ef1f21a3ac 97414 1ef1f1e0fb0 34 API calls 97411->97414 97415 1ef1f21a413 97412->97415 97485 1ef1f1ccc70 34 API calls 97413->97485 97419 1ef1f21a3cc 97414->97419 97467 1ef1f204500 97415->97467 97418 1ef1f21a6ae 97421 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 97418->97421 97466 1ef1f1f0cd0 32 API calls 97419->97466 97420 1ef1f21a423 97420->97413 97423 1ef1f21a456 97420->97423 97424 1ef1f21a6c2 97421->97424 97425 1ef1f225f50 35 API calls 97423->97425 97426 1ef1f21a463 97425->97426 97427 1ef1f1dfe50 34 API calls 97426->97427 97428 1ef1f21a473 97427->97428 97429 1ef1f1e0fb0 34 API calls 97428->97429 97430 1ef1f21a4a2 97429->97430 97480 1ef1f1f0cd0 32 API calls 97430->97480 97432->97377 97434 1ef1f1e0840 34 API calls 97433->97434 97435 1ef1f2279f6 97434->97435 97486 1ef1f22aeb0 97435->97486 97439 1ef1f227a65 97439->97389 97441 1ef1f2261ae 97440->97441 97443 1ef1f22612f 97440->97443 97646 1ef1f2280c0 34 API calls 97441->97646 97446 1ef1f22616a 97443->97446 97644 1ef1f228180 34 API calls 97443->97644 97444 1ef1f2261c8 97445 1ef1f1e4740 34 API calls 97444->97445 97447 1ef1f2261db 97445->97447 97446->97398 97449 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 97447->97449 97452 1ef1f2261ec 97449->97452 97450 1ef1f22618f 97645 1ef1f228240 34 API calls 3 library calls 97450->97645 97453 1ef1f22619d 97454 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 97453->97454 97454->97441 97456 1ef1f1f2080 32 API calls 97455->97456 97458 1ef1f225f62 97455->97458 97456->97458 97457 1ef1f225f90 97457->97411 97458->97457 97647 1ef1f1ccc70 34 API calls 97458->97647 97460 1ef1f225fd6 97461 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 97460->97461 97462 1ef1f225fe7 97461->97462 97463 1ef1f226017 97462->97463 97648 1ef1f22efd8 6 API calls 3 library calls 97462->97648 97463->97411 97465->97432 97466->97432 97468 1ef1f20453d 97467->97468 97469 1ef1f20457e 97467->97469 97470 1ef1f20455c 97468->97470 97471 1ef1f1e15c0 34 API calls 97468->97471 97472 1ef1f1e4670 34 API calls 97469->97472 97470->97420 97471->97470 97473 1ef1f20459e 97472->97473 97474 1ef1f1e4740 34 API calls 97473->97474 97475 1ef1f2045b1 97474->97475 97476 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 97475->97476 97477 1ef1f2045c2 97476->97477 97478 1ef1f2045f6 97477->97478 97649 1ef1f2597f0 32 API calls __std_fs_directory_iterator_open 97477->97649 97478->97420 97480->97432 97481->97387 97483->97388 97484->97400 97485->97418 97487 1ef1f22af04 97486->97487 97549 1ef1f233fc4 97487->97549 97490 1ef1f229610 34 API calls 97491 1ef1f22b011 97490->97491 97554 1ef1f217f10 97491->97554 97493 1ef1f24cb70 _Strcoll 3 API calls 97495 1ef1f227a59 97493->97495 97496 1ef1f228b70 97495->97496 97497 1ef1f228e81 97496->97497 97501 1ef1f228bbb memcpy_s 97496->97501 97562 1ef1f22c4d0 97497->97562 97499 1ef1f228eb4 97500 1ef1f229610 34 API calls 97499->97500 97507 1ef1f228ec0 97500->97507 97618 1ef1f204f50 34 API calls 97501->97618 97503 1ef1f228c0b 97509 1ef1f229610 34 API calls 97503->97509 97504 1ef1f228fc8 _Receive_impl 97506 1ef1f1e0840 34 API calls 97504->97506 97516 1ef1f2290b6 97504->97516 97520 1ef1f229160 97504->97520 97543 1ef1f2291b7 97504->97543 97505 1ef1f228e7c _Receive_impl 97508 1ef1f24cb70 _Strcoll 3 API calls 97505->97508 97510 1ef1f22907c 97506->97510 97507->97504 97624 1ef1f208950 34 API calls 4 library calls 97507->97624 97511 1ef1f22910c 97508->97511 97519 1ef1f228c27 97509->97519 97512 1ef1f1e0fb0 34 API calls 97510->97512 97511->97439 97512->97516 97514 1ef1f228e15 97524 1ef1f1e0840 34 API calls 97514->97524 97536 1ef1f228e6f 97514->97536 97515 1ef1f228dcd 97518 1ef1f1e0840 34 API calls 97515->97518 97516->97505 97516->97520 97517 1ef1f228f33 97625 1ef1f205630 34 API calls _Strcoll 97517->97625 97523 1ef1f228de8 97518->97523 97547 1ef1f228db4 _Receive_impl 97519->97547 97619 1ef1f208950 34 API calls 4 library calls 97519->97619 97628 1ef1f204110 32 API calls 97520->97628 97531 1ef1f1e0fb0 34 API calls 97523->97531 97524->97523 97526 1ef1f228f42 _Receive_impl 97527 1ef1f229188 97526->97527 97526->97543 97626 1ef1f24eae0 6 API calls _Yarn 97526->97626 97629 1ef1f204110 32 API calls 97527->97629 97528 1ef1f229178 97532 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 97528->97532 97531->97536 97532->97527 97534 1ef1f2291a7 97538 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 97534->97538 97535 1ef1f228c99 97620 1ef1f205630 34 API calls _Strcoll 97535->97620 97623 1ef1f204d70 34 API calls _Receive_impl 97536->97623 97537 1ef1f228fba 97627 1ef1f24eae0 6 API calls _Yarn 97537->97627 97538->97543 97541 1ef1f228ca9 97541->97520 97542 1ef1f228cbe _Receive_impl 97541->97542 97542->97527 97621 1ef1f24eae0 6 API calls _Yarn 97542->97621 97545 1ef1f228d29 97622 1ef1f24eae0 6 API calls _Yarn 97545->97622 97547->97514 97547->97515 97548 1ef1f228d37 _Receive_impl 97548->97527 97548->97547 97550 1ef1f2381fc _Getctype 31 API calls 97549->97550 97551 1ef1f233fcd 97550->97551 97552 1ef1f23a488 _Getctype 31 API calls 97551->97552 97553 1ef1f22afea 97552->97553 97553->97490 97555 1ef1f217f47 97554->97555 97556 1ef1f217f1e 97554->97556 97555->97493 97556->97555 97561 1ef1f1ccc70 34 API calls 97556->97561 97558 1ef1f217f7e 97559 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 97558->97559 97560 1ef1f217f8f 97559->97560 97561->97558 97563 1ef1f22c54d 97562->97563 97630 1ef1f208950 34 API calls 4 library calls 97563->97630 97565 1ef1f22d182 97631 1ef1f205630 34 API calls _Strcoll 97565->97631 97567 1ef1f22d192 97568 1ef1f22d1fd 97567->97568 97569 1ef1f22d19d 97567->97569 97633 1ef1f204110 32 API calls 97568->97633 97632 1ef1f1ced70 6 API calls __std_exception_destroy 97569->97632 97571 1ef1f22d209 97573 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 97571->97573 97574 1ef1f22d219 97573->97574 97634 1ef1f204110 32 API calls 97574->97634 97576 1ef1f22d226 97577 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 97576->97577 97578 1ef1f22d236 97577->97578 97635 1ef1f204110 32 API calls 97578->97635 97580 1ef1f22d243 97581 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 97580->97581 97583 1ef1f22d253 97581->97583 97582 1ef1f22d1b1 97584 1ef1f24cb70 _Strcoll 3 API calls 97582->97584 97636 1ef1f20a710 32 API calls 97583->97636 97585 1ef1f22d1e6 97584->97585 97585->97499 97587 1ef1f22d260 97588 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 97587->97588 97589 1ef1f22d270 97588->97589 97637 1ef1f204110 32 API calls 97589->97637 97591 1ef1f22d27d 97592 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 97591->97592 97593 1ef1f22d28d 97592->97593 97638 1ef1f204110 32 API calls 97593->97638 97595 1ef1f22d29a 97596 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 97595->97596 97597 1ef1f22d2aa 97596->97597 97639 1ef1f204110 32 API calls 97597->97639 97599 1ef1f22d2b7 97600 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 97599->97600 97601 1ef1f22d2c7 97600->97601 97640 1ef1f204110 32 API calls 97601->97640 97603 1ef1f22d2d4 97604 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 97603->97604 97605 1ef1f22d2e4 97604->97605 97641 1ef1f204110 32 API calls 97605->97641 97607 1ef1f22d2f1 97618->97503 97619->97535 97620->97541 97621->97545 97622->97548 97623->97505 97624->97517 97625->97526 97626->97537 97627->97504 97628->97528 97629->97534 97630->97565 97631->97567 97632->97582 97633->97571 97634->97576 97635->97580 97636->97587 97637->97591 97638->97595 97639->97599 97640->97603 97641->97607 97644->97450 97645->97453 97646->97444 97647->97460 97648->97462 97649->97477 97650 1ef1f216480 97715 1ef1f219760 GetCurrentProcess OpenProcessToken 97650->97715 97653 1ef1f2164a4 98258 1ef1f219aa0 35 API calls 2 library calls 97653->98258 97654 1ef1f2164ce 97720 1ef1f225970 GetCurrentProcess OpenProcessToken 97654->97720 97658 1ef1f2164ae 98259 1ef1f224740 62 API calls _Strcoll 97658->98259 97660 1ef1f225970 8 API calls 97661 1ef1f2164e6 97660->97661 97728 1ef1f221ff0 97661->97728 97662 1ef1f2164b7 97664 1ef1f2164c2 ExitProcess 97662->97664 97664->97654 97665 1ef1f2164f0 97902 1ef1f216eb0 97665->97902 97667 1ef1f216576 _Receive_impl 97668 1ef1f2165b4 OpenMutexA 97667->97668 97673 1ef1f216746 97667->97673 97669 1ef1f2165f9 CreateMutexA 97668->97669 97670 1ef1f2165ed ExitProcess 97668->97670 97671 1ef1f216629 97669->97671 97670->97669 97906 1ef1f219be0 97671->97906 97675 1ef1f216632 ExitProcess 97676 1ef1f21663e 97675->97676 97934 1ef1f1db820 LoadLibraryA 97676->97934 97716 1ef1f2197b8 GetTokenInformation 97715->97716 97717 1ef1f2197f4 97715->97717 97716->97717 97718 1ef1f24cb70 _Strcoll 3 API calls 97717->97718 97719 1ef1f2164a0 97718->97719 97719->97653 97719->97654 97721 1ef1f2259db LookupPrivilegeValueW 97720->97721 97723 1ef1f225a46 97720->97723 97722 1ef1f2259fc AdjustTokenPrivileges 97721->97722 97721->97723 97722->97723 97724 1ef1f225a5a 97723->97724 97725 1ef1f225a4e CloseHandle 97723->97725 97726 1ef1f24cb70 _Strcoll 3 API calls 97724->97726 97725->97724 97727 1ef1f2164da 97726->97727 97727->97660 98262 1ef1f220c30 GetCurrentHwProfileW 97728->98262 97732 1ef1f2220f9 97733 1ef1f222143 97732->97733 98592 1ef1f22de34 33 API calls 97732->98592 98284 1ef1f227550 97733->98284 97736 1ef1f222153 97739 1ef1f22219c 97736->97739 97741 1ef1f2221cc _Yarn _Receive_impl 97736->97741 98593 1ef1f236cc0 97736->98593 97738 1ef1f22229a _Receive_impl 97740 1ef1f24cb70 _Strcoll 3 API calls 97738->97740 97739->97741 97742 1ef1f236cc0 31 API calls 97739->97742 97743 1ef1f2222bf 97740->97743 97741->97738 97744 1ef1f2222dc 97741->97744 97742->97739 97743->97665 98296 1ef1f220500 97744->98296 97903 1ef1f216ed2 97902->97903 97904 1ef1f205760 35 API calls 97903->97904 97905 1ef1f216ee6 97904->97905 97905->97667 98871 1ef1f21f890 GetUserGeoID GetGeoInfoA 97906->98871 97908 1ef1f1f24f0 34 API calls 97909 1ef1f219c9f 97908->97909 97911 1ef1f1deda0 34 API calls 97909->97911 97910 1ef1f219c25 _Strcoll 97910->97908 97932 1ef1f219e28 _Receive_impl 97910->97932 97912 1ef1f219ce6 97911->97912 97914 1ef1f1deda0 34 API calls 97912->97914 97913 1ef1f24cb70 _Strcoll 3 API calls 97915 1ef1f21662e 97913->97915 97916 1ef1f219d23 97914->97916 97915->97675 97915->97676 97917 1ef1f1e0fb0 34 API calls 97916->97917 97918 1ef1f219d4d WSAStartup 97917->97918 97919 1ef1f219d67 socket 97918->97919 97918->97932 97932->97913 97933 1ef1f219fc9 97932->97933 97935 1ef1f1db925 6 API calls 97934->97935 97936 1ef1f1dc7d9 __vcrt_FlsSetValue 97934->97936 97935->97936 97951 1ef1f1dbce6 _Receive_impl 97935->97951 97937 1ef1f24cb70 _Strcoll 3 API calls 97936->97937 97938 1ef1f1dc816 97937->97938 97958 1ef1f1dc8c0 CreateToolhelp32Snapshot 97938->97958 97939 1ef1f211bf0 34 API calls 97939->97951 97940 1ef1f1e22d0 34 API calls 97940->97951 97941 1ef1f1de3a0 34 API calls 97941->97951 97942 1ef1f1e25a0 34 API calls 97942->97951 97943 1ef1f1deda0 34 API calls 97943->97951 97944 1ef1f1e3990 34 API calls 97944->97951 97945 1ef1f1e0fb0 34 API calls 97945->97951 97946 1ef1f24cb98 34 API calls std::_Facet_Register 97946->97951 97948 1ef1f1e0840 34 API calls 97948->97951 97949 1ef1f1dc837 97953 1ef1f1e4670 34 API calls 97949->97953 97950 1ef1f1dc88a 97951->97936 97951->97939 97951->97940 97951->97941 97951->97942 97951->97943 97951->97944 97951->97945 97951->97946 97951->97948 97951->97949 97951->97950 98891 1ef1f1f9100 34 API calls std::_Facet_Register 97951->98891 98892 1ef1f1e9d50 34 API calls 2 library calls 97951->98892 98258->97658 98259->97662 98263 1ef1f220c7a 98262->98263 98265 1ef1f220cd9 98262->98265 98602 1ef1f211bf0 98263->98602 98266 1ef1f24cb70 _Strcoll 3 API calls 98265->98266 98268 1ef1f220d51 98266->98268 98270 1ef1f220250 98268->98270 98269 1ef1f220c89 98269->98265 98611 1ef1f22de34 33 API calls 98269->98611 98627 1ef1f219920 98270->98627 98274 1ef1f2202f3 memcpy_s _Receive_impl 98275 1ef1f220417 98274->98275 98283 1ef1f220341 98274->98283 98638 1ef1f212490 54 API calls 98274->98638 98276 1ef1f24cb70 _Strcoll 3 API calls 98278 1ef1f2203fe 98276->98278 98278->97732 98279 1ef1f22037d 98639 1ef1f2125f0 53 API calls 2 library calls 98279->98639 98281 1ef1f2203a4 98640 1ef1f1de100 98281->98640 98283->98276 98285 1ef1f227698 98284->98285 98288 1ef1f227599 98284->98288 98657 1ef1f1cb870 34 API calls 98285->98657 98289 1ef1f2275d8 98288->98289 98290 1ef1f227636 98288->98290 98291 1ef1f2275fa _Yarn 98288->98291 98292 1ef1f24cb98 std::_Facet_Register 34 API calls 98289->98292 98294 1ef1f2275f1 98289->98294 98293 1ef1f24cb98 std::_Facet_Register 34 API calls 98290->98293 98291->97736 98292->98294 98293->98291 98294->98291 98656 1ef1f1cb7b0 34 API calls 2 library calls 98294->98656 98297 1ef1f220559 memcpy_s 98296->98297 98298 1ef1f24cb98 std::_Facet_Register 34 API calls 98297->98298 98299 1ef1f2205c3 98298->98299 98300 1ef1f220608 EnumDisplayDevicesW 98299->98300 98305 1ef1f2206c9 98300->98305 98308 1ef1f220625 _Receive_impl 98300->98308 98301 1ef1f211bf0 34 API calls 98301->98308 98303 1ef1f2206d1 98304 1ef1f24cb70 _Strcoll 3 API calls 98303->98304 98309 1ef1f2207ee 98304->98309 98305->98303 98306 1ef1f1e0dc0 34 API calls 98305->98306 98306->98305 98307 1ef1f220691 EnumDisplayDevicesW 98307->98305 98307->98308 98308->98301 98308->98307 98310 1ef1f22080f 98308->98310 98658 1ef1f227d70 34 API calls 2 library calls 98308->98658 98311 1ef1f220420 RegGetValueA 98309->98311 98312 1ef1f22049d 98311->98312 98313 1ef1f24cb70 _Strcoll 3 API calls 98312->98313 98314 1ef1f2204df 98313->98314 98315 1ef1f220820 98314->98315 98316 1ef1f2208af 98315->98316 98319 1ef1f2208c0 _Receive_impl 98315->98319 98317 1ef1f1e51e0 34 API calls 98316->98317 98317->98319 98318 1ef1f1e0dc0 34 API calls 98318->98319 98319->98318 98320 1ef1f22099e 98319->98320 98324 1ef1f220c0b 98319->98324 98659 1ef1f25b3c4 GetNativeSystemInfo 98320->98659 98322 1ef1f2209a3 98660 1ef1f205760 98322->98660 98325 1ef1f220a44 98326 1ef1f1e0dc0 34 API calls 98325->98326 98327 1ef1f220a8e 98326->98327 98328 1ef1f1e0dc0 34 API calls 98327->98328 98329 1ef1f220ae8 _Receive_impl 98328->98329 98329->98324 98330 1ef1f24cb70 _Strcoll 3 API calls 98329->98330 98331 1ef1f220bee 98330->98331 98592->97732 98594 1ef1f236cfa 98593->98594 98595 1ef1f236cd9 98593->98595 98596 1ef1f2381fc _Getctype 31 API calls 98594->98596 98595->97736 98597 1ef1f236cff 98596->98597 98598 1ef1f23a488 _Getctype 31 API calls 98597->98598 98599 1ef1f236d18 98598->98599 98599->98595 98870 1ef1f23ddc0 31 API calls 3 library calls 98599->98870 98601 1ef1f236d4e 98601->97736 98603 1ef1f211c3e 98602->98603 98609 1ef1f211c1f _Receive_impl 98602->98609 98612 1ef1f1d4c00 98603->98612 98604 1ef1f24cb70 _Strcoll 3 API calls 98606 1ef1f211cde 98604->98606 98606->98269 98607 1ef1f211c67 98624 1ef1f211d00 34 API calls 2 library calls 98607->98624 98609->98604 98610 1ef1f211cec 98609->98610 98611->98269 98613 1ef1f1d4d24 98612->98613 98615 1ef1f1d4c26 98612->98615 98626 1ef1f1cb870 34 API calls 98613->98626 98616 1ef1f1d4d1f 98615->98616 98617 1ef1f1d4c8a 98615->98617 98618 1ef1f1d4ce2 98615->98618 98623 1ef1f1d4c31 _Yarn 98615->98623 98625 1ef1f1cb7b0 34 API calls 2 library calls 98616->98625 98617->98616 98620 1ef1f1d4c97 98617->98620 98621 1ef1f24cb98 std::_Facet_Register 34 API calls 98618->98621 98622 1ef1f24cb98 std::_Facet_Register 34 API calls 98620->98622 98621->98623 98622->98623 98623->98607 98624->98609 98625->98613 98644 1ef1f217d40 98627->98644 98629 1ef1f219a82 98651 1ef1f217b50 34 API calls Concurrency::cancel_current_task 98629->98651 98632 1ef1f21996d 98632->98629 98633 1ef1f1d4c00 34 API calls 98632->98633 98634 1ef1f2199de 98633->98634 98634->98629 98635 1ef1f219a47 _Receive_impl 98634->98635 98636 1ef1f24cb70 _Strcoll 3 API calls 98635->98636 98637 1ef1f219a6c GetVolumeInformationW 98636->98637 98637->98274 98638->98279 98639->98281 98642 1ef1f1de148 98640->98642 98641 1ef1f1de1ac 98641->98283 98642->98641 98643 1ef1f1e15c0 34 API calls 98642->98643 98643->98641 98645 1ef1f217dbf 98644->98645 98648 1ef1f217da0 98644->98648 98645->98648 98654 1ef1f1e57d0 34 API calls 4 library calls 98645->98654 98650 1ef1f217ed5 98648->98650 98652 1ef1f259884 GetCurrentDirectoryW 98648->98652 98655 1ef1f1e57d0 34 API calls 4 library calls 98648->98655 98650->98632 98653 1ef1f259896 __std_fs_open_handle 98652->98653 98653->98648 98654->98648 98655->98648 98656->98285 98658->98308 98659->98322 98661 1ef1f205825 98660->98661 98664 1ef1f205790 _Yarn 98660->98664 98665 1ef1f209b20 35 API calls 4 library calls 98661->98665 98663 1ef1f20583a 98663->98325 98664->98325 98665->98663 98870->98601 98872 1ef1f1dfc80 34 API calls 98871->98872 98873 1ef1f21f905 GetGeoInfoA 98872->98873 98875 1ef1f1dfc80 34 API calls 98873->98875 98876 1ef1f21f938 98875->98876 98876->97910 98891->97951 98892->97951 99425 1ef1f201340 99426 1ef1f1ce9a0 38 API calls 99425->99426 99427 1ef1f20139f 99426->99427 99428 1ef1f1ce9a0 38 API calls 99427->99428 99429 1ef1f201c14 99428->99429 99430 1ef1f1cd390 34 API calls 99429->99430 99440 1ef1f202036 _Receive_impl 99429->99440 99432 1ef1f201c4a 99430->99432 99431 1ef1f24cb70 _Strcoll 3 API calls 99433 1ef1f202061 99431->99433 99434 1ef1f1cd220 35 API calls 99432->99434 99435 1ef1f201c58 99434->99435 99488 1ef1f204150 99435->99488 99438 1ef1f219830 92 API calls 99439 1ef1f201d1d 99438->99439 99439->99440 99441 1ef1f20207d 99439->99441 99440->99431 99442 1ef1f1e4670 34 API calls 99441->99442 99443 1ef1f2020a5 99442->99443 99444 1ef1f1e4740 34 API calls 99443->99444 99445 1ef1f2020ba 99444->99445 99446 1ef1f24f198 Concurrency::cancel_current_task 2 API calls 99445->99446 99447 1ef1f2020cd 99446->99447 99448 1ef1f1ce080 35 API calls 99447->99448 99449 1ef1f2020dd 99448->99449 99450 1ef1f1ce080 35 API calls 99449->99450 99451 1ef1f2020ef 99450->99451 99452 1ef1f1ce080 35 API calls 99451->99452 99453 1ef1f2020ff 99452->99453 99454 1ef1f1ce080 35 API calls 99453->99454 99455 1ef1f202127 99454->99455 99456 1ef1f1cce20 2 API calls 99455->99456 99457 1ef1f202139 99456->99457 99458 1ef1f1ce080 35 API calls 99457->99458 99459 1ef1f20214f 99458->99459 99460 1ef1f1cce20 2 API calls 99459->99460 99461 1ef1f202161 99460->99461 99462 1ef1f1cd390 34 API calls 99461->99462 99463 1ef1f2021b7 99462->99463 99464 1ef1f1cd220 35 API calls 99463->99464 99465 1ef1f2021c8 99464->99465 99466 1ef1f1cd6c0 34 API calls 99465->99466 99467 1ef1f2026c6 99466->99467 99468 1ef1f1cd6c0 34 API calls 99467->99468 99469 1ef1f20290d 99468->99469 99470 1ef1f218f60 92 API calls 99469->99470 99471 1ef1f20291e 99470->99471 99492 1ef1f1e0120 54 API calls 4 library calls 99471->99492 99473 1ef1f202c3e 99493 1ef1f1e43d0 34 API calls 3 library calls 99473->99493 99475 1ef1f202c7e 99484 1ef1f203623 99475->99484 99494 1ef1f1ce900 42 API calls _Strcoll 99475->99494 99477 1ef1f202c9a 99478 1ef1f203737 99477->99478 99477->99484 99479 1ef1f1cce20 2 API calls 99478->99479 99480 1ef1f20373c 99479->99480 99495 1ef1f1ce0f0 35 API calls Concurrency::cancel_current_task 99480->99495 99485 1ef1f24cb70 _Strcoll 3 API calls 99484->99485 99487 1ef1f203708 99485->99487 99489 1ef1f204176 99488->99489 99490 1ef1f205760 35 API calls 99489->99490 99491 1ef1f201c6b 99490->99491 99491->99438 99492->99473 99493->99475 99494->99477 99496 1ef1f2431a1 99508 1ef1f24a234 99496->99508 99509 1ef1f2381fc _Getctype 31 API calls 99508->99509 99511 1ef1f24a23d 99509->99511 99513 1ef1f237bc4 31 API calls __std_fs_directory_iterator_open 99511->99513 99514 1ef1f1e1795 99515 1ef1f24cb98 std::_Facet_Register 34 API calls 99514->99515 99516 1ef1f1e17a7 99515->99516 99517 1ef1f24cb98 std::_Facet_Register 34 API calls 99516->99517 99518 1ef1f1e17d6 99517->99518 99523 1ef1f1f8140 99518->99523 99521 1ef1f24cb70 _Strcoll 3 API calls 99522 1ef1f1e1a33 99521->99522 99524 1ef1f1e17fc 99523->99524 99525 1ef1f1f8172 99523->99525 99524->99521 99526 1ef1f24cb98 std::_Facet_Register 34 API calls 99525->99526 99527 1ef1f1f818d 99526->99527 99528 1ef1f1dfe50 34 API calls 99527->99528 99529 1ef1f1f81ab 99528->99529 99530 1ef1f1e1730 3 API calls 99529->99530 99531 1ef1f1f81ba 99530->99531 99532 1ef1f1f8140 34 API calls 99531->99532 99533 1ef1f1f81ff 99532->99533 99534 1ef1f1f8140 34 API calls 99533->99534 99534->99524 99535 1ef1f226929 99536 1ef1f226954 99535->99536 99549 1ef1f22693f 99535->99549 99537 1ef1f226b20 99536->99537 99538 1ef1f22695d 99536->99538 99539 1ef1f226b89 99537->99539 99544 1ef1f2265d0 3 API calls 99537->99544 99545 1ef1f1e5b00 34 API calls 99538->99545 99546 1ef1f2269ba memcpy_s 99538->99546 99540 1ef1f2265d0 3 API calls 99539->99540 99540->99549 99541 1ef1f24cb70 _Strcoll 3 API calls 99543 1ef1f226f13 99541->99543 99542 1ef1f226aaa 99547 1ef1f2265d0 3 API calls 99542->99547 99544->99537 99545->99546 99546->99542 99548 1ef1f2265d0 3 API calls 99546->99548 99547->99549 99548->99546 99549->99541 99550 1ef1f1d58f3 99556 1ef1f1cd8f0 99550->99556 99552 1ef1f1d5926 FindNextFileW 99553 1ef1f1d5944 99552->99553 99554 1ef1f24cb70 _Strcoll 3 API calls 99553->99554 99555 1ef1f1d596b 99554->99555 99557 1ef1f1cd908 _Receive_impl 99556->99557 99557->99552 99558 7ff617e71940 99561 7ff617e717d0 99558->99561 99560 7ff617e7195d 99577 7ff617e717b0 99561->99577 99565 7ff617e718d8 99572 7ff617e71917 _CallMemberFunction0 99565->99572 99635 7ff617e6a560 99565->99635 99569 7ff617e71970 94 API calls 99576 7ff617e717e2 _CallMemberFunction0 99569->99576 99571 7ff617e6a560 59 API calls 99571->99572 99572->99560 99575 7ff617e6a560 59 API calls 99575->99576 99576->99565 99576->99569 99576->99575 99583 7ff617ea21cc 99576->99583 99586 7ff617e77980 99576->99586 99656 7ff617ea22ac GetSystemTimeAsFileTime 99577->99656 99580 7ff617ea21f8 99658 7ff617ea5cb8 GetLastError 99580->99658 99584 7ff617ea5cb8 _Getctype 47 API calls 99583->99584 99585 7ff617ea21d5 99584->99585 99585->99576 99587 7ff617e779b7 std::ios_base::_Init 99586->99587 99691 7ff617e77c00 99587->99691 99637 7ff617e6a598 char_traits 99635->99637 100297 7ff617e679a0 99637->100297 99641 7ff617e6a8eb 99642 7ff617eb5500 allocator 8 API calls 99641->99642 99643 7ff617e6a903 99642->99643 99645 7ff617e71970 99643->99645 99644 7ff617e6a64c Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::width 100301 7ff617e67da0 99644->100301 99646 7ff617e679a0 59 API calls 99645->99646 99647 7ff617e719b1 99646->99647 99655 7ff617e71a17 Concurrency::details::WorkQueue::IsStructuredEmpty 99647->99655 100332 7ff617e6a940 85 API calls 5 library calls 99647->100332 99648 7ff617e67da0 50 API calls 99649 7ff617e71bd2 99648->99649 99650 7ff617e67950 59 API calls 99649->99650 99652 7ff617e71bed 99650->99652 99653 7ff617eb5500 allocator 8 API calls 99652->99653 99654 7ff617e71908 99653->99654 99654->99571 99655->99648 99657 7ff617e717c3 99656->99657 99657->99580 99659 7ff617ea5cf9 FlsSetValue 99658->99659 99660 7ff617ea5cdc FlsGetValue 99658->99660 99662 7ff617ea5ce9 99659->99662 99663 7ff617ea5d0b 99659->99663 99661 7ff617ea5cf3 99660->99661 99660->99662 99661->99659 99664 7ff617ea5d65 SetLastError 99662->99664 99681 7ff617ea5798 11 API calls 3 library calls 99663->99681 99666 7ff617ea2205 99664->99666 99667 7ff617ea5d85 99664->99667 99666->99576 99689 7ff617ea5324 47 API calls 2 library calls 99667->99689 99668 7ff617ea5d1a 99670 7ff617ea5d38 FlsSetValue 99668->99670 99671 7ff617ea5d28 FlsSetValue 99668->99671 99672 7ff617ea5d44 FlsSetValue 99670->99672 99673 7ff617ea5d56 99670->99673 99675 7ff617ea5d31 99671->99675 99672->99675 99688 7ff617ea5a68 11 API calls _Getctype 99673->99688 99682 7ff617ea5810 99675->99682 99678 7ff617ea5d5e 99680 7ff617ea5810 __free_lconv_mon 11 API calls 99678->99680 99680->99664 99681->99668 99683 7ff617ea5815 RtlFreeHeap 99682->99683 99684 7ff617ea5844 99682->99684 99683->99684 99685 7ff617ea5830 GetLastError 99683->99685 99684->99662 99686 7ff617ea583d __free_lconv_mon 99685->99686 99690 7ff617ea5920 11 API calls memcpy_s 99686->99690 99688->99678 99690->99684 99692 7ff617e77c13 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 99691->99692 99767 7ff617e784e0 99692->99767 99697 7ff617e66610 99698 7ff617e66637 std::ios_base::_Init Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock char_traits 99697->99698 99844 7ff617e6ac90 99698->99844 99701 7ff617e76330 99876 7ff617e784b0 99701->99876 99704 7ff617e66450 99773 7ff617e78870 99767->99773 99770 7ff617e78440 99819 7ff617e78820 99770->99819 99774 7ff617e788a1 99773->99774 99777 7ff617e78bc0 99774->99777 99778 7ff617e78be2 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init 99777->99778 99783 7ff617e7c470 99778->99783 99780 7ff617e78c19 UnDecorator::getVbTableType 99781 7ff617eb5500 allocator 8 API calls 99780->99781 99782 7ff617e77c33 99781->99782 99782->99770 99788 7ff617e7c770 99783->99788 99785 7ff617e7c497 UnDecorator::getVbTableType 99786 7ff617eb5500 allocator 8 API calls 99785->99786 99787 7ff617e7c4fe 99786->99787 99787->99780 99793 7ff617e7fd80 99788->99793 99794 7ff617e7c788 99793->99794 99795 7ff617e7fdae 99793->99795 99797 7ff617e6cc20 99794->99797 99807 7ff617e64160 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::_Facet_Register 99795->99807 99798 7ff617e6cc31 99797->99798 99799 7ff617e6cc35 allocator 99797->99799 99798->99785 99800 7ff617e6cc4d 99799->99800 99801 7ff617e6cc41 99799->99801 99803 7ff617e6cc58 99800->99803 99804 7ff617e6cc64 99800->99804 99816 7ff617e64210 99801->99816 99808 7ff617e6cd80 99803->99808 99806 7ff617e64210 allocator 14 API calls 99804->99806 99806->99798 99807->99794 99809 7ff617e6cda8 99808->99809 99810 7ff617e6cda3 99808->99810 99812 7ff617e64210 allocator 14 API calls 99809->99812 99811 7ff617e64160 allocator RtlPcToFileHeader RaiseException 99810->99811 99811->99809 99813 7ff617e6cdb3 99812->99813 99814 7ff617ea2154 _invalid_parameter_noinfo_noreturn 47 API calls 99813->99814 99815 7ff617e6cdd4 99813->99815 99814->99813 99815->99798 99817 7ff617eb5554 std::_Facet_Register 14 API calls 99816->99817 99818 7ff617e64223 99817->99818 99818->99798 99820 7ff617e78851 99819->99820 99823 7ff617e78b40 99820->99823 99824 7ff617e78b62 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init 99823->99824 99829 7ff617e7c3d0 99824->99829 99826 7ff617e78b99 UnDecorator::getVbTableType 99827 7ff617eb5500 allocator 8 API calls 99826->99827 99828 7ff617e779c4 99827->99828 99828->99697 99834 7ff617e7c700 99829->99834 99831 7ff617e7c3f7 UnDecorator::getVbTableType 99832 7ff617eb5500 allocator 8 API calls 99831->99832 99833 7ff617e7c45e 99832->99833 99833->99826 99839 7ff617e7fd40 99834->99839 99837 7ff617e6cc20 allocator 50 API calls 99838 7ff617e7c720 99837->99838 99838->99831 99840 7ff617e7c718 99839->99840 99841 7ff617e7fd6e 99839->99841 99840->99837 99843 7ff617e64160 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::_Facet_Register 99841->99843 99843->99840 99857 7ff617e6c520 99844->99857 99848 7ff617e6acd5 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init 99849 7ff617e6c520 std::ios_base::_Init 8 API calls 99848->99849 99854 7ff617e6ad11 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock UnDecorator::getVbTableType 99848->99854 99850 7ff617e6ad8a 99849->99850 99862 7ff617e6c470 99850->99862 99855 7ff617eb5500 allocator 8 API calls 99854->99855 99856 7ff617e6665c 99855->99856 99856->99701 99858 7ff617e6c542 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init _Min_value _Max_value 99857->99858 99859 7ff617eb5500 allocator 8 API calls 99858->99859 99860 7ff617e6acc6 99859->99860 99860->99848 99861 7ff617e64310 50 API calls std::_Xinvalid_argument 99860->99861 99861->99848 99864 7ff617e6c4ac _Max_value 99862->99864 99863 7ff617eb5500 allocator 8 API calls 99865 7ff617e6ad9f 99863->99865 99864->99863 99866 7ff617e6cac0 99865->99866 99869 7ff617e6a910 99866->99869 99872 7ff617e6c5f0 99869->99872 99873 7ff617e6c608 allocator 99872->99873 99874 7ff617e6cc20 allocator 50 API calls 99873->99874 99879 7ff617e7bd20 99876->99879 99880 7ff617e7bd67 99879->99880 99881 7ff617e7bd8c 99880->99881 99889 7ff617e7c730 50 API calls Concurrency::details::WorkQueue::IsStructuredEmpty 99880->99889 99884 7ff617eb5500 allocator 8 API calls 99881->99884 99883 7ff617e7bdc6 Concurrency::details::WorkQueue::IsStructuredEmpty Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock UnDecorator::getVbTableType 99890 7ff617e7f9f0 50 API calls 2 library calls 99883->99890 99885 7ff617e76360 99884->99885 99885->99704 99887 7ff617e7be52 99889->99883 99890->99887 100298 7ff617e679bd std::ios_base::good 100297->100298 100300 7ff617e679e4 std::ios_base::good 100298->100300 100310 7ff617e694c0 59 API calls allocator 100298->100310 100300->99644 100302 7ff617e67dbc std::ios_base::good 100301->100302 100311 7ff617e69670 100302->100311 100305 7ff617e67950 100326 7ff617ebb640 __uncaught_exceptions 100305->100326 100307 7ff617e6795e 100309 7ff617e6798d 100307->100309 100330 7ff617e695a0 50 API calls 2 library calls 100307->100330 100309->99641 100310->100300 100312 7ff617e69697 100311->100312 100315 7ff617e65820 100312->100315 100316 7ff617e6587a 100315->100316 100317 7ff617e65900 100315->100317 100319 7ff617e6588f std::make_error_code 100316->100319 100323 7ff617eb77d4 RtlPcToFileHeader RaiseException 100316->100323 100317->100305 100324 7ff617e657c0 50 API calls std::ios_base::_Init 100319->100324 100321 7ff617e658ef 100325 7ff617eb77d4 RtlPcToFileHeader RaiseException 100321->100325 100323->100319 100324->100321 100325->100317 100326->100307 100327 7ff617ec74e4 100326->100327 100331 7ff617eb7cb8 8 API calls __vcrt_FlsGetValue 100327->100331 100329 7ff617ec74ed 100329->100307 100330->100309 100331->100329 100332->99655 100333 1ef1f2298ee 100338 1ef1f22a1e0 100333->100338 100336 1ef1f24cb70 _Strcoll 3 API calls 100337 1ef1f22992b 100336->100337 100340 1ef1f22a206 100338->100340 100339 1ef1f22a232 100342 1ef1f22abc0 34 API calls 100339->100342 100340->100339 100347 1ef1f20b010 34 API calls 4 library calls 100340->100347 100344 1ef1f22a297 100342->100344 100343 1ef1f2298f6 100343->100336 100344->100343 100345 1ef1f1e5990 34 API calls 100344->100345 100346 1ef1f22abc0 34 API calls 100344->100346 100345->100344 100346->100344 100347->100339 100348 1ef1f22662b 100349 1ef1f226651 100348->100349 100350 1ef1f22663c 100348->100350 100351 1ef1f22665a 100349->100351 100365 1ef1f22681f 100349->100365 100352 1ef1f24cb70 _Strcoll 3 API calls 100350->100352 100353 1ef1f1dfc80 34 API calls 100351->100353 100366 1ef1f2266b2 100351->100366 100354 1ef1f226f13 100352->100354 100353->100366 100355 1ef1f2268cf 100356 1ef1f2270b0 34 API calls 100355->100356 100358 1ef1f2268e8 100356->100358 100357 1ef1f2270b0 34 API calls 100357->100365 100363 1ef1f2265d0 3 API calls 100358->100363 100359 1ef1f226782 100362 1ef1f2270b0 34 API calls 100359->100362 100360 1ef1f2265d0 3 API calls 100360->100365 100361 1ef1f2270b0 34 API calls 100361->100366 100364 1ef1f2267bb 100362->100364 100363->100350 100368 1ef1f2265d0 3 API calls 100364->100368 100365->100355 100365->100357 100365->100360 100366->100359 100366->100361 100367 1ef1f2265d0 3 API calls 100366->100367 100367->100366 100368->100350

                                                                      Executed Functions

                                                                      Function 000001EF1F21FB30 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 225windowCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Object$DeleteMetricsSystem$CreateSelectStream_$CapsCompatibleCriticalDeviceReleaseSection$BitmapEnterLeaveReadResetSizeStream
                                                                      • String ID:
                                                                      • API String ID: 3214587331-3916222277
                                                                      • Opcode ID: e8e9b911cd9b9f557c011d0a693391b94df579aa06795856880fde4b09ecdcd5
                                                                      • Instruction ID: cf79a5d2d06bf636c98b8bd750f278b3069d8099b6a9c0f48313e4842629aeb4
                                                                      • Opcode Fuzzy Hash: e8e9b911cd9b9f557c011d0a693391b94df579aa06795856880fde4b09ecdcd5
                                                                      • Instruction Fuzzy Hash: 26B13173618BC4C6E764DB21E8547DEB3A5FBAAB80F404629DE9943B55DF38C086CB01
                                                                      Function 000001EF1F2598C0 Relevance: 27.2, APIs: 18, Instructions: 229fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 40 1ef1f2598c0-1ef1f259900 41 1ef1f259915-1ef1f25991e 40->41 42 1ef1f259902-1ef1f259909 40->42 44 1ef1f259920-1ef1f259923 41->44 45 1ef1f25993a-1ef1f25993c 41->45 42->41 43 1ef1f25990b-1ef1f259910 42->43 48 1ef1f259b94-1ef1f259bba call 1ef1f24cb70 43->48 44->45 49 1ef1f259925-1ef1f25992d 44->49 46 1ef1f259b92 45->46 47 1ef1f259942-1ef1f259946 45->47 46->48 53 1ef1f25994c-1ef1f25994f 47->53 54 1ef1f259a1d-1ef1f259a44 call 1ef1f259c94 47->54 50 1ef1f259933-1ef1f259936 49->50 51 1ef1f25992f-1ef1f259931 49->51 50->45 51->45 51->50 56 1ef1f259963-1ef1f259975 GetFileAttributesExW 53->56 57 1ef1f259951-1ef1f259959 53->57 64 1ef1f259a66-1ef1f259a6f 54->64 65 1ef1f259a46-1ef1f259a4f 54->65 61 1ef1f2599c8-1ef1f2599d7 56->61 62 1ef1f259977-1ef1f259980 call 1ef1f272160 56->62 57->56 59 1ef1f25995b-1ef1f25995d 57->59 59->54 59->56 63 1ef1f2599db-1ef1f2599dd 61->63 62->48 77 1ef1f259986-1ef1f259998 FindFirstFileW 62->77 67 1ef1f2599df-1ef1f2599e7 63->67 68 1ef1f2599e9-1ef1f259a17 63->68 72 1ef1f259b23-1ef1f259b2c 64->72 73 1ef1f259a75-1ef1f259a8d GetFileInformationByHandleEx 64->73 69 1ef1f259a5f-1ef1f259a61 65->69 70 1ef1f259a51-1ef1f259a59 call 1ef1f272138 65->70 67->54 67->68 68->46 68->54 69->48 70->69 95 1ef1f259bd5-1ef1f259bda call 1ef1f237bc4 70->95 74 1ef1f259b7b-1ef1f259b7d 72->74 75 1ef1f259b2e-1ef1f259b42 GetFileInformationByHandleEx 72->75 78 1ef1f259ab5-1ef1f259ace 73->78 79 1ef1f259a8f-1ef1f259a9b call 1ef1f272160 73->79 86 1ef1f259b7f-1ef1f259b83 74->86 87 1ef1f259bbb-1ef1f259bbf 74->87 80 1ef1f259b44-1ef1f259b50 call 1ef1f272160 75->80 81 1ef1f259b68-1ef1f259b78 75->81 84 1ef1f2599a5-1ef1f2599c6 FindClose 77->84 85 1ef1f25999a-1ef1f2599a0 call 1ef1f272160 77->85 78->72 82 1ef1f259ad0-1ef1f259ad4 78->82 98 1ef1f259aae-1ef1f259ab0 79->98 99 1ef1f259a9d-1ef1f259aa8 call 1ef1f272138 79->99 80->98 110 1ef1f259b56-1ef1f259b61 call 1ef1f272138 80->110 81->74 93 1ef1f259ad6-1ef1f259af0 GetFileInformationByHandleEx 82->93 94 1ef1f259b1c 82->94 84->63 85->48 86->46 97 1ef1f259b85-1ef1f259b90 call 1ef1f272138 86->97 91 1ef1f259bc1-1ef1f259bcc call 1ef1f272138 87->91 92 1ef1f259bce-1ef1f259bd3 87->92 91->92 91->95 92->48 103 1ef1f259b13-1ef1f259b1a 93->103 104 1ef1f259af2-1ef1f259afe call 1ef1f272160 93->104 100 1ef1f259b20 94->100 117 1ef1f259bdb-1ef1f259be0 call 1ef1f237bc4 95->117 97->46 97->95 98->48 99->98 118 1ef1f259be7-1ef1f259bef call 1ef1f237bc4 99->118 100->72 103->100 104->98 120 1ef1f259b00-1ef1f259b0b call 1ef1f272138 104->120 123 1ef1f259b63 110->123 124 1ef1f259be1-1ef1f259be6 call 1ef1f237bc4 110->124 117->124 120->117 131 1ef1f259b11 120->131 123->98 124->118 131->98
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
                                                                      • String ID:
                                                                      • API String ID: 2398595512-0
                                                                      • Opcode ID: 9b9cafa6476ba7d57e6375b49b2d31870033937920a690a77e8b0d8031f3f21f
                                                                      • Instruction ID: 25d6908ea74a0ee20ce090144d1f8f9f681d3a9ce64d9482510d6cde4a9a6b4a
                                                                      • Opcode Fuzzy Hash: 9b9cafa6476ba7d57e6375b49b2d31870033937920a690a77e8b0d8031f3f21f
                                                                      • Instruction Fuzzy Hash: 80914D33314AC9C6FA648F25E4547DD3391AFA77B0F1447389EB6476E5DA38C8828A02
                                                                      Function 000001EF1F221660 Relevance: 26.6, APIs: 4, Strings: 10, Instructions: 2133timeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: InformationTimeZone
                                                                      • String ID: %d-%m-%Y, %H:%M:%S$[UTC$computer_name$cpu$gpu$ram$system$time$timezone$user_name
                                                                      • API String ID: 565725191-1610854563
                                                                      • Opcode ID: 1fe095e091ca18269d05a5b9bd0bb51583a8f5c1e491c85e2abcf543d409da54
                                                                      • Instruction ID: 7f91c901ff5a8f2eea0641c947e00e37a3ff22104014ad6c9e57b8517aa51429
                                                                      • Opcode Fuzzy Hash: 1fe095e091ca18269d05a5b9bd0bb51583a8f5c1e491c85e2abcf543d409da54
                                                                      • Instruction Fuzzy Hash: BF238F33614BC485EB21CF24E8503DD77A1FBA9798F505229EEAD57B9ADB78C281C700
                                                                      Function 000001EF1F221FF0 Relevance: 22.5, APIs: 3, Strings: 9, Instructions: 1516COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Name$DevicesDisplayEnum$ComputerCurrentFileGlobalMemoryModuleProfileStatusUserValuewcsftime
                                                                      • String ID: %d-%m-%Y, %H:%M:%S$computer_name$cpu$gpu$ram$system$time$timezone$user_name
                                                                      • API String ID: 2509368203-1182675529
                                                                      • Opcode ID: 6c01c5b4889c0ced54e0e8f157e212984f9dff6cfe7159bfa7e664528e928200
                                                                      • Instruction ID: 71cfed05e515e4dd2e7c2119c2544797803f366a3c08cab9865f2742864088fa
                                                                      • Opcode Fuzzy Hash: 6c01c5b4889c0ced54e0e8f157e212984f9dff6cfe7159bfa7e664528e928200
                                                                      • Instruction Fuzzy Hash: 75F26D33614BC489DB21CF24E8503DD77A1FBA9798F409229EE9D57BA9DB78C681C700
                                                                      Function 000001EF1F1DB820 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 862libraryloaderCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1197 1ef1f1db820-1ef1f1db91f LoadLibraryA 1198 1ef1f1db925-1ef1f1dbce0 GetProcAddress * 6 1197->1198 1199 1ef1f1dc7e0-1ef1f1dc7ea 1197->1199 1198->1199 1202 1ef1f1dbce6-1ef1f1dbce9 1198->1202 1200 1ef1f1dc7ec-1ef1f1dc7ee 1199->1200 1201 1ef1f1dc7f9-1ef1f1dc7fc 1199->1201 1200->1201 1203 1ef1f1dc7fe-1ef1f1dc801 call 1ef1f272158 1201->1203 1204 1ef1f1dc807-1ef1f1dc836 call 1ef1f24cb70 1201->1204 1202->1199 1205 1ef1f1dbcef-1ef1f1dbcf2 1202->1205 1203->1204 1205->1199 1209 1ef1f1dbcf8-1ef1f1dbcfb 1205->1209 1209->1199 1210 1ef1f1dbd01-1ef1f1dbd04 1209->1210 1210->1199 1212 1ef1f1dbd0a-1ef1f1dbd0d 1210->1212 1212->1199 1213 1ef1f1dbd13-1ef1f1dbd27 1212->1213 1213->1199 1215 1ef1f1dbd2d-1ef1f1dbd39 1213->1215 1215->1199 1216 1ef1f1dbd3f-1ef1f1dbd48 1215->1216 1217 1ef1f1dbd50-1ef1f1dbd64 1216->1217 1218 1ef1f1dbd69-1ef1f1dbd6b 1217->1218 1219 1ef1f1dc7c7-1ef1f1dc7d3 1218->1219 1220 1ef1f1dbd71-1ef1f1dbd8f 1218->1220 1219->1217 1221 1ef1f1dc7d9 1219->1221 1220->1219 1223 1ef1f1dbd95-1ef1f1dbda7 1220->1223 1221->1199 1224 1ef1f1dbdad 1223->1224 1225 1ef1f1dc7b3-1ef1f1dc7c2 1223->1225 1226 1ef1f1dbdb2-1ef1f1dbe03 call 1ef1f24cb98 1224->1226 1225->1219 1231 1ef1f1dbe09-1ef1f1dbe10 1226->1231 1232 1ef1f1dc082 1226->1232 1231->1232 1233 1ef1f1dbe16-1ef1f1dbf0f call 1ef1f211bf0 call 1ef1f1e22d0 call 1ef1f1e25a0 1231->1233 1234 1ef1f1dc084-1ef1f1dc08b 1232->1234 1260 1ef1f1dbf10-1ef1f1dbf18 1233->1260 1236 1ef1f1dc301-1ef1f1dc33d 1234->1236 1237 1ef1f1dc091-1ef1f1dc098 1234->1237 1245 1ef1f1dc5d7-1ef1f1dc5d9 1236->1245 1246 1ef1f1dc343-1ef1f1dc351 1236->1246 1237->1236 1239 1ef1f1dc09e-1ef1f1dc18b call 1ef1f211bf0 call 1ef1f1e22d0 call 1ef1f1e25a0 1237->1239 1272 1ef1f1dc192-1ef1f1dc19a 1239->1272 1251 1ef1f1dc785-1ef1f1dc79b call 1ef1f1de3a0 1245->1251 1252 1ef1f1dc5df-1ef1f1dc708 call 1ef1f1e5330 call 1ef1f1deda0 call 1ef1f1e5330 call 1ef1f1deda0 call 1ef1f1e0fb0 call 1ef1f24cb98 call 1ef1f1f9100 1245->1252 1249 1ef1f1dc357-1ef1f1dc35e 1246->1249 1250 1ef1f1dc5d0-1ef1f1dc5d3 1246->1250 1249->1250 1257 1ef1f1dc364-1ef1f1dc458 call 1ef1f211bf0 call 1ef1f1e22d0 call 1ef1f1e25a0 1249->1257 1250->1245 1255 1ef1f1dc5d5 1250->1255 1267 1ef1f1dbdb0 1251->1267 1268 1ef1f1dc7a1-1ef1f1dc7ac 1251->1268 1348 1ef1f1dc70a-1ef1f1dc70c 1252->1348 1349 1ef1f1dc714-1ef1f1dc727 call 1ef1f1e0840 1252->1349 1255->1245 1288 1ef1f1dc460-1ef1f1dc467 1257->1288 1260->1260 1265 1ef1f1dbf1a-1ef1f1dbf74 call 1ef1f1e5330 call 1ef1f1e3990 call 1ef1f1e0fb0 1260->1265 1294 1ef1f1dbfa7-1ef1f1dbfd1 1265->1294 1295 1ef1f1dbf76-1ef1f1dbf87 1265->1295 1267->1226 1268->1225 1272->1272 1277 1ef1f1dc19c-1ef1f1dc1f5 call 1ef1f1e5330 call 1ef1f1e3990 call 1ef1f1e0fb0 1272->1277 1308 1ef1f1dc228-1ef1f1dc252 1277->1308 1309 1ef1f1dc1f7-1ef1f1dc208 1277->1309 1288->1288 1292 1ef1f1dc469-1ef1f1dc4c2 call 1ef1f1e5330 call 1ef1f1e3990 call 1ef1f1e0fb0 1288->1292 1356 1ef1f1dc4f5-1ef1f1dc51e 1292->1356 1357 1ef1f1dc4c4-1ef1f1dc4d5 1292->1357 1303 1ef1f1dc009-1ef1f1dc02f 1294->1303 1304 1ef1f1dbfd3-1ef1f1dbfe7 1294->1304 1299 1ef1f1dbf89-1ef1f1dbf9c 1295->1299 1300 1ef1f1dbfa2 call 1ef1f24cb90 1295->1300 1299->1300 1306 1ef1f1dc891-1ef1f1dc896 call 1ef1f22fc0c 1299->1306 1300->1294 1314 1ef1f1dc067-1ef1f1dc080 1303->1314 1315 1ef1f1dc031-1ef1f1dc045 1303->1315 1311 1ef1f1dbfe9-1ef1f1dbffc 1304->1311 1312 1ef1f1dc002-1ef1f1dc007 call 1ef1f24cb90 1304->1312 1319 1ef1f1dc897-1ef1f1dc89c call 1ef1f22fc0c 1306->1319 1320 1ef1f1dc28a-1ef1f1dc2b0 1308->1320 1321 1ef1f1dc254-1ef1f1dc268 1308->1321 1316 1ef1f1dc20a-1ef1f1dc21d 1309->1316 1317 1ef1f1dc223 call 1ef1f24cb90 1309->1317 1311->1312 1311->1319 1312->1303 1314->1234 1325 1ef1f1dc047-1ef1f1dc05a 1315->1325 1326 1ef1f1dc060-1ef1f1dc065 call 1ef1f24cb90 1315->1326 1316->1317 1333 1ef1f1dc8a3-1ef1f1dc8a8 call 1ef1f22fc0c 1316->1333 1317->1308 1328 1ef1f1dc89d-1ef1f1dc8a2 call 1ef1f22fc0c 1319->1328 1329 1ef1f1dc2e8-1ef1f1dc2fa 1320->1329 1330 1ef1f1dc2b2-1ef1f1dc2c6 1320->1330 1336 1ef1f1dc26a-1ef1f1dc27d 1321->1336 1337 1ef1f1dc283-1ef1f1dc288 call 1ef1f24cb90 1321->1337 1325->1326 1325->1328 1326->1314 1328->1333 1329->1236 1340 1ef1f1dc2c8-1ef1f1dc2db 1330->1340 1341 1ef1f1dc2e1-1ef1f1dc2e6 call 1ef1f24cb90 1330->1341 1347 1ef1f1dc8a9-1ef1f1dc8ae call 1ef1f22fc0c 1333->1347 1336->1337 1336->1347 1337->1320 1340->1341 1352 1ef1f1dc8af-1ef1f1dc8b4 call 1ef1f22fc0c 1340->1352 1341->1329 1347->1352 1359 1ef1f1dc83d-1ef1f1dc88a call 1ef1f1e0a00 call 1ef1f1e4670 call 1ef1f1e4740 call 1ef1f24f198 1348->1359 1360 1ef1f1dc712 1348->1360 1371 1ef1f1dc72b-1ef1f1dc737 1349->1371 1379 1ef1f1dc8b5-1ef1f1dc8ba call 1ef1f22fc0c 1352->1379 1362 1ef1f1dc554-1ef1f1dc57a 1356->1362 1363 1ef1f1dc520-1ef1f1dc534 1356->1363 1367 1ef1f1dc4d7-1ef1f1dc4ea 1357->1367 1368 1ef1f1dc4f0 call 1ef1f24cb90 1357->1368 1394 1ef1f1dc88b-1ef1f1dc890 call 1ef1f22fc0c 1359->1394 1360->1371 1377 1ef1f1dc57c-1ef1f1dc590 1362->1377 1378 1ef1f1dc5b0-1ef1f1dc5c9 1362->1378 1372 1ef1f1dc536-1ef1f1dc549 1363->1372 1373 1ef1f1dc54f call 1ef1f24cb90 1363->1373 1367->1368 1367->1379 1368->1356 1374 1ef1f1dc75e-1ef1f1dc768 call 1ef1f1e9d50 1371->1374 1375 1ef1f1dc739-1ef1f1dc75c 1371->1375 1372->1373 1383 1ef1f1dc837-1ef1f1dc83c call 1ef1f22fc0c 1372->1383 1373->1362 1385 1ef1f1dc76d-1ef1f1dc77e call 1ef1f1e0fb0 1374->1385 1375->1385 1388 1ef1f1dc5ab call 1ef1f24cb90 1377->1388 1389 1ef1f1dc592-1ef1f1dc5a5 1377->1389 1378->1250 1383->1359 1385->1251 1388->1378 1389->1388 1389->1394 1394->1306
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressProc$Library$FreeLoad
                                                                      • String ID: cannot use push_back() with $system$vault
                                                                      • API String ID: 2449869053-1741236777
                                                                      • Opcode ID: a8895f8ee5662b26eb4cafeb8e2736f8212f0785648f1076f3dc1bff4ccec1b7
                                                                      • Instruction ID: 8e9664670b3715e5b7dd7424828b0ef88e0fd78594a9ca75fd3eeafb350b2b9a
                                                                      • Opcode Fuzzy Hash: a8895f8ee5662b26eb4cafeb8e2736f8212f0785648f1076f3dc1bff4ccec1b7
                                                                      • Instruction Fuzzy Hash: D4923833205BC889DB618F29E8843DD73A4FB99798F104229DE9D5BB99EF74C685C700
                                                                      Function 000001EF1F216480 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 173synchronizationCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1483 1ef1f216480-1ef1f2164a2 call 1ef1f219760 1486 1ef1f2164a4-1ef1f2164cd call 1ef1f219aa0 call 1ef1f224740 call 1ef1f1dfb00 ExitProcess 1483->1486 1487 1ef1f2164ce-1ef1f216580 call 1ef1f225970 * 2 call 1ef1f221ff0 call 1ef1f216eb0 1483->1487 1486->1487 1502 1ef1f216582-1ef1f216594 1487->1502 1503 1ef1f2165b4-1ef1f2165eb OpenMutexA 1487->1503 1506 1ef1f2165af call 1ef1f24cb90 1502->1506 1507 1ef1f216596-1ef1f2165a9 1502->1507 1504 1ef1f2165f9-1ef1f216630 CreateMutexA call 1ef1f2109f0 call 1ef1f219be0 1503->1504 1505 1ef1f2165ed-1ef1f2165f8 ExitProcess 1503->1505 1518 1ef1f216632-1ef1f21663d ExitProcess 1504->1518 1519 1ef1f21663e-1ef1f2166a1 call 1ef1f2222f0 call 1ef1f1db820 call 1ef1f1dc8c0 call 1ef1f1dcf60 call 1ef1f1ddc90 call 1ef1f1dacc0 call 1ef1f200d70 call 1ef1f203a60 call 1ef1f1d1100 call 1ef1f1d9090 call 1ef1f1d7940 call 1ef1f2170e0 call 1ef1f1da1f0 call 1ef1f1d5a90 call 1ef1f1d2e30 call 1ef1f1d5d60 call 1ef1f21e9f0 1504->1519 1505->1504 1506->1503 1507->1506 1510 1ef1f216746-1ef1f21674b call 1ef1f22fc0c 1507->1510 1515 1ef1f21674c-1ef1f216751 call 1ef1f22fc0c 1510->1515 1518->1519 1556 1ef1f2166a6-1ef1f2166b6 call 1ef1f215a80 1519->1556 1560 1ef1f2166b8-1ef1f2166c4 ReleaseMutex call 1ef1f272138 1556->1560 1561 1ef1f2166ca-1ef1f2166d1 1556->1561 1560->1561 1562 1ef1f2166d3-1ef1f2166d8 call 1ef1f216760 1561->1562 1563 1ef1f2166d9-1ef1f2166e5 1561->1563 1562->1563 1566 1ef1f216715-1ef1f216745 call 1ef1f24cb70 1563->1566 1567 1ef1f2166e7-1ef1f2166f9 1563->1567 1569 1ef1f216710 call 1ef1f24cb90 1567->1569 1570 1ef1f2166fb-1ef1f21670e 1567->1570 1569->1566 1570->1515 1570->1569
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Process$Exit$MutexOpenToken$CreateCurrentFileInformationInitializeModuleName
                                                                      • String ID: SeDebugPrivilege$SeImpersonatePrivilege
                                                                      • API String ID: 470559343-3768118664
                                                                      • Opcode ID: f362d8e3b8d40b5d244b3b549658b0e81101f08c6b8f359de49cab7a4651f29d
                                                                      • Instruction ID: 2a7dc0e1d6b6e2e7d470e00284d1c82138470c3b3100be9e0d12763613b29d87
                                                                      • Opcode Fuzzy Hash: f362d8e3b8d40b5d244b3b549658b0e81101f08c6b8f359de49cab7a4651f29d
                                                                      • Instruction Fuzzy Hash: EB619673508AC8C1FA20A764E4553DE6360FFA5750F50463DEEAD82AD7DF28C0C78A16
                                                                      Function 000001EF1F24114C Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335timeCOMMONLIBRARYCODE
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1574 1ef1f24114c-1ef1f241187 call 1ef1f2407e8 call 1ef1f2407f0 call 1ef1f240858 1581 1ef1f2413b1-1ef1f2413fd call 1ef1f22fc3c call 1ef1f2407e8 call 1ef1f2407f0 call 1ef1f240858 1574->1581 1582 1ef1f24118d-1ef1f241198 call 1ef1f2407f8 1574->1582 1609 1ef1f241403-1ef1f24140e call 1ef1f2407f8 1581->1609 1610 1ef1f24153b-1ef1f2415a9 call 1ef1f22fc3c call 1ef1f249d94 1581->1610 1582->1581 1587 1ef1f24119e-1ef1f2411a8 1582->1587 1590 1ef1f2411ca-1ef1f2411ce 1587->1590 1591 1ef1f2411aa-1ef1f2411ad 1587->1591 1594 1ef1f2411d1-1ef1f2411d9 1590->1594 1593 1ef1f2411b0-1ef1f2411bb 1591->1593 1596 1ef1f2411c6-1ef1f2411c8 1593->1596 1597 1ef1f2411bd-1ef1f2411c4 1593->1597 1594->1594 1598 1ef1f2411db-1ef1f2411ee call 1ef1f23dedc 1594->1598 1596->1590 1601 1ef1f2411f7-1ef1f241205 1596->1601 1597->1593 1597->1596 1604 1ef1f241206-1ef1f241212 call 1ef1f23b550 1598->1604 1605 1ef1f2411f0-1ef1f2411f2 call 1ef1f23b550 1598->1605 1614 1ef1f241219-1ef1f241221 1604->1614 1605->1601 1609->1610 1618 1ef1f241414-1ef1f24141f call 1ef1f240828 1609->1618 1626 1ef1f2415ab-1ef1f2415b2 1610->1626 1627 1ef1f2415b7-1ef1f2415ba 1610->1627 1614->1614 1617 1ef1f241223-1ef1f241234 call 1ef1f2462e8 1614->1617 1617->1581 1628 1ef1f24123a-1ef1f241290 call 1ef1f25f960 * 4 call 1ef1f241068 1617->1628 1618->1610 1629 1ef1f241425-1ef1f24142c call 1ef1f23b550 1618->1629 1630 1ef1f241647-1ef1f24164a 1626->1630 1631 1ef1f2415f1-1ef1f241604 call 1ef1f23dedc 1627->1631 1632 1ef1f2415bc 1627->1632 1685 1ef1f241292-1ef1f241296 1628->1685 1639 1ef1f241431-1ef1f24143f call 1ef1f272258 1629->1639 1635 1ef1f2415bf call 1ef1f2413c8 1630->1635 1636 1ef1f241650-1ef1f241658 call 1ef1f24114c 1630->1636 1648 1ef1f241606 1631->1648 1649 1ef1f24160f-1ef1f24162a call 1ef1f249d94 1631->1649 1632->1635 1650 1ef1f2415c4-1ef1f2415f0 call 1ef1f23b550 call 1ef1f24cb70 1635->1650 1636->1650 1646 1ef1f241445-1ef1f241448 1639->1646 1652 1ef1f241510-1ef1f24153a call 1ef1f2407e0 call 1ef1f2407d0 call 1ef1f2407d8 1646->1652 1653 1ef1f24144e-1ef1f24146f 1646->1653 1654 1ef1f241608-1ef1f24160d call 1ef1f23b550 1648->1654 1669 1ef1f241631-1ef1f241643 call 1ef1f23b550 1649->1669 1670 1ef1f24162c-1ef1f24162f 1649->1670 1658 1ef1f241471-1ef1f241477 1653->1658 1659 1ef1f24147a-1ef1f241481 1653->1659 1654->1632 1658->1659 1665 1ef1f241483-1ef1f24148b 1659->1665 1666 1ef1f241495 1659->1666 1665->1666 1675 1ef1f24148d-1ef1f241493 1665->1675 1674 1ef1f241497-1ef1f24150b call 1ef1f25f960 * 4 call 1ef1f244cb4 call 1ef1f241660 * 2 1666->1674 1669->1630 1670->1654 1674->1652 1675->1674 1688 1ef1f24129c-1ef1f2412a0 1685->1688 1689 1ef1f241298 1685->1689 1688->1685 1691 1ef1f2412a2-1ef1f2412c7 call 1ef1f233f10 1688->1691 1689->1688 1697 1ef1f2412ca-1ef1f2412ce 1691->1697 1700 1ef1f2412d0-1ef1f2412db 1697->1700 1701 1ef1f2412dd-1ef1f2412e1 1697->1701 1700->1701 1703 1ef1f2412e3-1ef1f2412e7 1700->1703 1701->1697 1704 1ef1f241368-1ef1f24136c 1703->1704 1705 1ef1f2412e9-1ef1f241311 call 1ef1f233f10 1703->1705 1709 1ef1f241373-1ef1f241380 1704->1709 1710 1ef1f24136e-1ef1f241370 1704->1710 1716 1ef1f241313 1705->1716 1717 1ef1f24132f-1ef1f241333 1705->1717 1711 1ef1f241382-1ef1f241398 call 1ef1f241068 1709->1711 1712 1ef1f24139b-1ef1f2413aa call 1ef1f2407e0 call 1ef1f2407d0 1709->1712 1710->1709 1711->1712 1712->1581 1720 1ef1f241316-1ef1f24131d 1716->1720 1717->1704 1722 1ef1f241335-1ef1f241353 call 1ef1f233f10 1717->1722 1720->1717 1723 1ef1f24131f-1ef1f24132d 1720->1723 1728 1ef1f24135f-1ef1f241366 1722->1728 1723->1717 1723->1720 1728->1704 1729 1ef1f241355-1ef1f241359 1728->1729 1729->1704 1730 1ef1f24135b 1729->1730 1730->1728
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                      • String ID: Eastern Standard Time$Eastern Summer Time
                                                                      • API String ID: 355007559-239921721
                                                                      • Opcode ID: 81739166be4aa7f83f73f8b5c4c772bb7cbf832f5b2b22088efdd0610fe74ccd
                                                                      • Instruction ID: 00f0e386eb2160e3e526a11b996a9db8bfc0e2aa1ff62a670ad9ad31ee56573e
                                                                      • Opcode Fuzzy Hash: 81739166be4aa7f83f73f8b5c4c772bb7cbf832f5b2b22088efdd0610fe74ccd
                                                                      • Instruction Fuzzy Hash: EDD1BB377002D8C6E720EF26D4407ED77A1EB74B84F54813AAE6947A95DA78C8C38742
                                                                      Function 000001EF1F21F200 Relevance: 13.9, APIs: 9, Instructions: 408networkfileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1731 1ef1f21f200-1ef1f21f39e 1732 1ef1f21f3a0-1ef1f21f3a7 1731->1732 1732->1732 1733 1ef1f21f3a9-1ef1f21f3dc call 1ef1f1e5330 InternetOpenA 1732->1733 1736 1ef1f21f3e2-1ef1f21f3f8 1733->1736 1737 1ef1f21f475-1ef1f21f48c 1733->1737 1740 1ef1f21f400-1ef1f21f408 1736->1740 1738 1ef1f21f491-1ef1f21f4b8 InternetOpenUrlA 1737->1738 1739 1ef1f21f48e 1737->1739 1741 1ef1f21f4e9-1ef1f21f514 HttpQueryInfoW 1738->1741 1742 1ef1f21f4ba-1ef1f21f4e4 1738->1742 1739->1738 1743 1ef1f21f40a-1ef1f21f41b 1740->1743 1744 1ef1f21f43b-1ef1f21f474 call 1ef1f24cb70 1740->1744 1746 1ef1f21f54f-1ef1f21f5aa HttpQueryInfoW 1741->1746 1747 1ef1f21f516-1ef1f21f54a 1741->1747 1742->1740 1748 1ef1f21f436 call 1ef1f24cb90 1743->1748 1749 1ef1f21f41d-1ef1f21f430 1743->1749 1751 1ef1f21f5d8-1ef1f21f5ee InternetQueryDataAvailable 1746->1751 1752 1ef1f21f5ac-1ef1f21f5c2 call 1ef1f233f10 1746->1752 1747->1746 1748->1744 1749->1748 1755 1ef1f21f875-1ef1f21f87a call 1ef1f22fc0c 1749->1755 1757 1ef1f21f7d3-1ef1f21f826 InternetCloseHandle 1751->1757 1758 1ef1f21f5f4-1ef1f21f5f9 1751->1758 1752->1751 1765 1ef1f21f5c4-1ef1f21f5d3 call 1ef1f1e51e0 1752->1765 1767 1ef1f21f87b-1ef1f21f880 call 1ef1f1cb7b0 1755->1767 1764 1ef1f21f82f-1ef1f21f838 1757->1764 1762 1ef1f21f600-1ef1f21f606 1758->1762 1762->1757 1766 1ef1f21f60c-1ef1f21f626 1762->1766 1764->1744 1769 1ef1f21f83e-1ef1f21f84f 1764->1769 1765->1751 1771 1ef1f21f699-1ef1f21f6b1 InternetReadFile 1766->1771 1772 1ef1f21f628-1ef1f21f62e 1766->1772 1769->1748 1774 1ef1f21f855-1ef1f21f868 1769->1774 1776 1ef1f21f6b7-1ef1f21f6bc 1771->1776 1777 1ef1f21f78d-1ef1f21f794 1771->1777 1778 1ef1f21f630-1ef1f21f637 1772->1778 1779 1ef1f21f65c-1ef1f21f65f call 1ef1f24cb98 1772->1779 1774->1755 1782 1ef1f21f86a 1774->1782 1776->1777 1783 1ef1f21f6c2-1ef1f21f6cd 1776->1783 1777->1757 1784 1ef1f21f796-1ef1f21f7a7 1777->1784 1778->1767 1785 1ef1f21f63d-1ef1f21f648 call 1ef1f24cb98 1778->1785 1786 1ef1f21f664-1ef1f21f694 call 1ef1f25f960 1779->1786 1782->1748 1787 1ef1f21f6ff-1ef1f21f719 call 1ef1f1e5cb0 1783->1787 1788 1ef1f21f6cf-1ef1f21f6fd call 1ef1f25f2c0 1783->1788 1789 1ef1f21f7c2-1ef1f21f7cf call 1ef1f24cb90 1784->1789 1790 1ef1f21f7a9-1ef1f21f7bc 1784->1790 1795 1ef1f21f86f-1ef1f21f874 call 1ef1f22fc0c 1785->1795 1798 1ef1f21f64e-1ef1f21f65a 1785->1798 1786->1771 1804 1ef1f21f71a-1ef1f21f721 1787->1804 1788->1804 1789->1757 1790->1789 1790->1795 1795->1755 1798->1786 1806 1ef1f21f723-1ef1f21f734 1804->1806 1807 1ef1f21f764 1804->1807 1808 1ef1f21f74f-1ef1f21f762 call 1ef1f24cb90 1806->1808 1809 1ef1f21f736-1ef1f21f749 1806->1809 1810 1ef1f21f766-1ef1f21f77c InternetQueryDataAvailable 1807->1810 1808->1810 1809->1795 1809->1808 1810->1757 1812 1ef1f21f77e-1ef1f21f788 1810->1812 1812->1762
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Internet$Query$AvailableDataHttpInfoOpen$CloseConcurrency::cancel_current_taskFileHandleRead
                                                                      • String ID:
                                                                      • API String ID: 1475545111-0
                                                                      • Opcode ID: a8fd5c2a05c31689c3ffe3aa40e597784d98751f13c577de619849379d124548
                                                                      • Instruction ID: 1a86592b459eb336e869a00da53d8e79138da294c3499244a66ea9ce5cd08c61
                                                                      • Opcode Fuzzy Hash: a8fd5c2a05c31689c3ffe3aa40e597784d98751f13c577de619849379d124548
                                                                      • Instruction Fuzzy Hash: C2025033A18BD8C5E710CB69E84079E77A5FBA5794F104229EEAC57B99DF78C082C701
                                                                      Function 000001EF1F25E968 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1814 1ef1f25e968-1ef1f25e9db call 1ef1f25e54c 1817 1ef1f25e9f5-1ef1f25e9ff call 1ef1f24397c 1814->1817 1818 1ef1f25e9dd-1ef1f25e9e6 call 1ef1f2340ac 1814->1818 1823 1ef1f25ea01-1ef1f25ea18 call 1ef1f2340ac call 1ef1f2340cc 1817->1823 1824 1ef1f25ea1a-1ef1f25ea83 CreateFileW 1817->1824 1825 1ef1f25e9e9-1ef1f25e9f0 call 1ef1f2340cc 1818->1825 1823->1825 1827 1ef1f25ea85-1ef1f25ea8b 1824->1827 1828 1ef1f25eb00-1ef1f25eb0b GetFileType 1824->1828 1842 1ef1f25ed36-1ef1f25ed56 1825->1842 1833 1ef1f25eacd-1ef1f25eafb call 1ef1f272160 call 1ef1f234040 1827->1833 1834 1ef1f25ea8d-1ef1f25ea91 1827->1834 1830 1ef1f25eb0d-1ef1f25eb48 call 1ef1f272160 call 1ef1f234040 call 1ef1f272138 1828->1830 1831 1ef1f25eb5e-1ef1f25eb65 1828->1831 1830->1825 1861 1ef1f25eb4e-1ef1f25eb59 call 1ef1f2340cc 1830->1861 1839 1ef1f25eb6d-1ef1f25eb70 1831->1839 1840 1ef1f25eb67-1ef1f25eb6b 1831->1840 1833->1825 1834->1833 1838 1ef1f25ea93-1ef1f25eacb CreateFileW 1834->1838 1838->1828 1838->1833 1845 1ef1f25eb76-1ef1f25ebcb call 1ef1f243894 1839->1845 1847 1ef1f25eb72 1839->1847 1840->1845 1854 1ef1f25ebcd-1ef1f25ebd9 call 1ef1f25e754 1845->1854 1855 1ef1f25ebea-1ef1f25ec1b call 1ef1f25e2cc 1845->1855 1847->1845 1854->1855 1863 1ef1f25ebdb 1854->1863 1865 1ef1f25ec21-1ef1f25ec63 1855->1865 1866 1ef1f25ec1d-1ef1f25ec1f 1855->1866 1861->1825 1867 1ef1f25ebdd-1ef1f25ebe5 call 1ef1f23b6c8 1863->1867 1869 1ef1f25ec85-1ef1f25ec90 1865->1869 1870 1ef1f25ec65-1ef1f25ec69 1865->1870 1866->1867 1867->1842 1871 1ef1f25ec96-1ef1f25ec9a 1869->1871 1872 1ef1f25ed34 1869->1872 1870->1869 1874 1ef1f25ec6b-1ef1f25ec80 1870->1874 1871->1872 1875 1ef1f25eca0-1ef1f25ece5 call 1ef1f272138 CreateFileW 1871->1875 1872->1842 1874->1869 1879 1ef1f25ed1a-1ef1f25ed2f 1875->1879 1880 1ef1f25ece7-1ef1f25ed15 call 1ef1f272160 call 1ef1f234040 call 1ef1f243abc 1875->1880 1879->1872 1880->1879
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                      • String ID:
                                                                      • API String ID: 1617910340-0
                                                                      • Opcode ID: 484b9744f6cc28d441a3ba22cd2a9bb849a09fc1e06d845b9773f87c4c6ec638
                                                                      • Instruction ID: 52ad8fe43f2207e33b9987f3fdb4d4877ae583730ad4ad588340d6372a365cfa
                                                                      • Opcode Fuzzy Hash: 484b9744f6cc28d441a3ba22cd2a9bb849a09fc1e06d845b9773f87c4c6ec638
                                                                      • Instruction Fuzzy Hash: 36C19D37720AC8C6EB10CFA4C4916EC3761FB69BA8F015229DF6A977A5CB34C492C701
                                                                      Function 000001EF1F218F60 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 451fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1912 1ef1f218f60-1ef1f218fe5 call 1ef1f1ce9a0 1915 1ef1f218ff1-1ef1f218ff4 1912->1915 1916 1ef1f218fe7-1ef1f218fe9 1912->1916 1919 1ef1f218ff6-1ef1f219002 1915->1919 1920 1ef1f219007-1ef1f219020 call 1ef1f25f960 1915->1920 1917 1ef1f219700-1ef1f219716 call 1ef1f1ce0f0 1916->1917 1918 1ef1f218fef 1916->1918 1927 1ef1f219717-1ef1f21971c call 1ef1f22fc0c 1917->1927 1918->1919 1922 1ef1f21967f-1ef1f2196ab call 1ef1f24cb70 1919->1922 1929 1ef1f219022 1920->1929 1930 1ef1f219025-1ef1f21908b call 1ef1f2291d0 1920->1930 1935 1ef1f21971d-1ef1f219751 call 1ef1f1cba80 call 1ef1f1ccc70 call 1ef1f24f198 1927->1935 1929->1930 1936 1ef1f219091-1ef1f219099 1930->1936 1937 1ef1f219485-1ef1f2194bf call 1ef1f1f4da0 call 1ef1f1f4cc0 1930->1937 1938 1ef1f21909b 1936->1938 1939 1ef1f21909e call 1ef1f223b30 1936->1939 1951 1ef1f2194c1-1ef1f2194d2 call 1ef1f1e51e0 1937->1951 1952 1ef1f2194de-1ef1f21956c call 1ef1f1f4da0 call 1ef1f2276a0 1937->1952 1938->1939 1946 1ef1f2190a3-1ef1f2190c1 call 1ef1f223cf0 1939->1946 1957 1ef1f2190c7-1ef1f2190dd 1946->1957 1958 1ef1f21919c-1ef1f2191b6 GetFileSize 1946->1958 1960 1ef1f2194d7 1951->1960 1952->1935 1981 1ef1f219572-1ef1f219576 call 1ef1f1f2080 1952->1981 1962 1ef1f2190df-1ef1f2190f3 1957->1962 1963 1ef1f219113-1ef1f219197 call 1ef1f1f19c0 1957->1963 1964 1ef1f2191b8-1ef1f2191db 1958->1964 1965 1ef1f2191dd-1ef1f2191f3 1958->1965 1960->1952 1970 1ef1f2190f5-1ef1f219108 1962->1970 1971 1ef1f21910e call 1ef1f24cb90 1962->1971 1982 1ef1f21966b-1ef1f21967a call 1ef1f25ac3c 1963->1982 1966 1ef1f219242-1ef1f21928b SetFilePointer call 1ef1f272188 1964->1966 1967 1ef1f219225-1ef1f21923d call 1ef1f1e5b00 1965->1967 1968 1ef1f2191f5-1ef1f219223 call 1ef1f25f960 1965->1968 1984 1ef1f2193a2-1ef1f2193c6 1966->1984 1985 1ef1f219291-1ef1f2192e3 1966->1985 1967->1966 1968->1966 1970->1927 1970->1971 1971->1963 1987 1ef1f21957b-1ef1f21957e 1981->1987 1982->1922 1992 1ef1f2193c8-1ef1f2193dc 1984->1992 1993 1ef1f2193fc-1ef1f219480 call 1ef1f1f19c0 1984->1993 1994 1ef1f2192e5-1ef1f2192f9 1985->1994 1995 1ef1f219319-1ef1f21939d call 1ef1f1f19c0 1985->1995 1990 1ef1f219580-1ef1f2195a7 1987->1990 1991 1ef1f2195ad-1ef1f219667 call 1ef1f1f19c0 1987->1991 1990->1991 1996 1ef1f2196ac-1ef1f2196af 1990->1996 1991->1982 2000 1ef1f2193f7 call 1ef1f24cb90 1992->2000 2001 1ef1f2193de-1ef1f2193f1 1992->2001 1993->1982 2005 1ef1f219314 call 1ef1f24cb90 1994->2005 2006 1ef1f2192fb-1ef1f21930e 1994->2006 1995->1982 2002 1ef1f2196b1-1ef1f2196b8 1996->2002 2003 1ef1f2196ba-1ef1f2196cb 1996->2003 2000->1993 2001->1927 2001->2000 2008 1ef1f2196cf-1ef1f2196ff call 1ef1f1cba80 call 1ef1f1ccc70 call 1ef1f24f198 2002->2008 2003->2008 2005->1995 2006->1927 2006->2005 2008->1917
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: File$PointerReadSize
                                                                      • String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                      • API String ID: 404940565-15404121
                                                                      • Opcode ID: 1155261fbd582eca2877628c12e7991cbb896ea92d8834a4a784601f3d110b66
                                                                      • Instruction ID: 03c08eb7e991266ad44b0a3f88b3ba5f93c1e318fdad68b4f310e19dea1c65b3
                                                                      • Opcode Fuzzy Hash: 1155261fbd582eca2877628c12e7991cbb896ea92d8834a4a784601f3d110b66
                                                                      • Instruction Fuzzy Hash: F5320533614BC8C9EB20CF24D8903DD37A1FBA5748F54822ADE5D97A99EB74C686C701
                                                                      Function 000001EF1F2413C8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMONLIBRARYCODE
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2136 1ef1f2413c8-1ef1f2413fd call 1ef1f2407e8 call 1ef1f2407f0 call 1ef1f240858 2143 1ef1f241403-1ef1f24140e call 1ef1f2407f8 2136->2143 2144 1ef1f24153b-1ef1f2415a9 call 1ef1f22fc3c call 1ef1f249d94 2136->2144 2143->2144 2149 1ef1f241414-1ef1f24141f call 1ef1f240828 2143->2149 2155 1ef1f2415ab-1ef1f2415b2 2144->2155 2156 1ef1f2415b7-1ef1f2415ba 2144->2156 2149->2144 2157 1ef1f241425-1ef1f24143f call 1ef1f23b550 call 1ef1f272258 2149->2157 2158 1ef1f241647-1ef1f24164a 2155->2158 2159 1ef1f2415f1-1ef1f241604 call 1ef1f23dedc 2156->2159 2160 1ef1f2415bc 2156->2160 2170 1ef1f241445-1ef1f241448 2157->2170 2162 1ef1f2415bf call 1ef1f2413c8 2158->2162 2163 1ef1f241650-1ef1f241658 call 1ef1f24114c 2158->2163 2172 1ef1f241606 2159->2172 2173 1ef1f24160f-1ef1f24162a call 1ef1f249d94 2159->2173 2160->2162 2174 1ef1f2415c4-1ef1f2415f0 call 1ef1f23b550 call 1ef1f24cb70 2162->2174 2163->2174 2175 1ef1f241510-1ef1f24153a call 1ef1f2407e0 call 1ef1f2407d0 call 1ef1f2407d8 2170->2175 2176 1ef1f24144e-1ef1f24146f 2170->2176 2177 1ef1f241608-1ef1f24160d call 1ef1f23b550 2172->2177 2190 1ef1f241631-1ef1f241643 call 1ef1f23b550 2173->2190 2191 1ef1f24162c-1ef1f24162f 2173->2191 2180 1ef1f241471-1ef1f241477 2176->2180 2181 1ef1f24147a-1ef1f241481 2176->2181 2177->2160 2180->2181 2186 1ef1f241483-1ef1f24148b 2181->2186 2187 1ef1f241495 2181->2187 2186->2187 2195 1ef1f24148d-1ef1f241493 2186->2195 2194 1ef1f241497-1ef1f24150b call 1ef1f25f960 * 4 call 1ef1f244cb4 call 1ef1f241660 * 2 2187->2194 2190->2158 2191->2177 2194->2175 2195->2194
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                      • String ID: Eastern Standard Time$Eastern Summer Time
                                                                      • API String ID: 3458911817-239921721
                                                                      • Opcode ID: 8c7917a29c397fa3200ed5a7405142a85cef7c6524de68c4b18d81a385570565
                                                                      • Instruction ID: 834384f64b61a60f5da5eb44784598ef2909bbe4c2a37bda54140e1faf814845
                                                                      • Opcode Fuzzy Hash: 8c7917a29c397fa3200ed5a7405142a85cef7c6524de68c4b18d81a385570565
                                                                      • Instruction Fuzzy Hash: 8D517A337006C8C6E710DF25E8816DD77A0FB78784F54413EAE6947AA6DB78C8828B42
                                                                      Function 000001EF1F23749C Relevance: 9.2, APIs: 6, Instructions: 227COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2215 1ef1f23749c-1ef1f2374b0 2216 1ef1f2374b2-1ef1f2374be call 1ef1f2340cc call 1ef1f22fbec 2215->2216 2217 1ef1f2374cd-1ef1f2374e4 2215->2217 2227 1ef1f2374c3 2216->2227 2217->2216 2219 1ef1f2374e6-1ef1f2374ea 2217->2219 2221 1ef1f2374fa-1ef1f237507 2219->2221 2222 1ef1f2374ec-1ef1f2374f8 call 1ef1f2340cc 2219->2222 2221->2222 2223 1ef1f237509 call 1ef1f2416e0 2221->2223 2222->2227 2229 1ef1f23750e-1ef1f237525 call 1ef1f2407f8 2223->2229 2230 1ef1f2374c5-1ef1f2374cc 2227->2230 2233 1ef1f237783-1ef1f23779b call 1ef1f22fc3c 2229->2233 2234 1ef1f23752b-1ef1f237536 call 1ef1f240828 2229->2234 2234->2233 2239 1ef1f23753c-1ef1f237547 call 1ef1f240858 2234->2239 2239->2233 2242 1ef1f23754d-1ef1f237564 2239->2242 2243 1ef1f2375c6-1ef1f2375d3 call 1ef1f240b6c 2242->2243 2244 1ef1f237566-1ef1f23757f call 1ef1f240b6c 2242->2244 2243->2230 2249 1ef1f2375d9-1ef1f2375df 2243->2249 2244->2230 2250 1ef1f237585-1ef1f237588 2244->2250 2253 1ef1f2375e1-1ef1f2375eb call 1ef1f241724 2249->2253 2254 1ef1f2375fe 2249->2254 2251 1ef1f23758e-1ef1f237598 call 1ef1f241724 2250->2251 2252 1ef1f23777c-1ef1f23777e 2250->2252 2251->2252 2264 1ef1f23759e-1ef1f2375b4 call 1ef1f240b6c 2251->2264 2252->2230 2253->2254 2265 1ef1f2375ed-1ef1f2375fc 2253->2265 2255 1ef1f237602-1ef1f23762f 2254->2255 2258 1ef1f237631-1ef1f237638 2255->2258 2259 1ef1f23763a-1ef1f23767b 2255->2259 2258->2259 2262 1ef1f237687-1ef1f2376d2 2259->2262 2263 1ef1f23767d-1ef1f237684 2259->2263 2267 1ef1f2376d4-1ef1f2376db 2262->2267 2268 1ef1f2376de-1ef1f2376f8 2262->2268 2263->2262 2264->2230 2272 1ef1f2375ba-1ef1f2375c1 2264->2272 2265->2255 2267->2268 2270 1ef1f237725 2268->2270 2271 1ef1f2376fa-1ef1f237723 2268->2271 2270->2252 2273 1ef1f237727-1ef1f23775c 2270->2273 2271->2252 2272->2252 2274 1ef1f237779 2273->2274 2275 1ef1f23775e-1ef1f237777 2273->2275 2274->2252 2275->2252
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 1405656091-0
                                                                      • Opcode ID: 842d06e59cb7d0c874962108e89d6781c57040cb1ba9c53ec58eb2fa30030a5a
                                                                      • Instruction ID: db088179bdd6d643de3ac14e9e5f70594fb3a02e20f78cdac37c09b81c3b2d54
                                                                      • Opcode Fuzzy Hash: 842d06e59cb7d0c874962108e89d6781c57040cb1ba9c53ec58eb2fa30030a5a
                                                                      • Instruction Fuzzy Hash: B381A7F37042C9CBEB588F25C9513EC77A5EB68788F04913DDE194A785EB38D5828741
                                                                      Function 000001EF1F228B70 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 410COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2276 1ef1f228b70-1ef1f228bb5 2277 1ef1f228e81-1ef1f228ebb call 1ef1f22c4d0 call 1ef1f229610 2276->2277 2278 1ef1f228bbb-1ef1f228be5 call 1ef1f25f960 2276->2278 2287 1ef1f228ec0-1ef1f228ec6 2277->2287 2284 1ef1f228bf4-1ef1f228c2d call 1ef1f204f50 call 1ef1f22b600 call 1ef1f229610 2278->2284 2285 1ef1f228be7-1ef1f228bf0 2278->2285 2314 1ef1f228c33-1ef1f228cb8 call 1ef1f1e5330 call 1ef1f2050b0 call 1ef1f208950 call 1ef1f205630 2284->2314 2315 1ef1f228dc4-1ef1f228dcb 2284->2315 2285->2284 2289 1ef1f229057-1ef1f22905b 2287->2289 2290 1ef1f228ecc-1ef1f228f4b call 1ef1f1e5330 call 1ef1f2050b0 call 1ef1f208950 call 1ef1f205630 2287->2290 2293 1ef1f229061-1ef1f2290be call 1ef1f1e0840 call 1ef1f1e0fb0 2289->2293 2294 1ef1f229129-1ef1f229130 2289->2294 2339 1ef1f228f51-1ef1f228f59 2290->2339 2340 1ef1f22919b-1ef1f2291b7 call 1ef1f204110 call 1ef1f24f198 2290->2340 2297 1ef1f2290fd-1ef1f229128 call 1ef1f24cb70 2293->2297 2323 1ef1f2290c0-1ef1f2290d5 2293->2323 2296 1ef1f229132-1ef1f229147 2294->2296 2294->2297 2302 1ef1f229149-1ef1f22915c 2296->2302 2303 1ef1f2290ec-1ef1f2290f8 call 1ef1f24cb90 2296->2303 2308 1ef1f229166-1ef1f22916b call 1ef1f22fc0c 2302->2308 2309 1ef1f22915e 2302->2309 2303->2297 2331 1ef1f22916c-1ef1f229188 call 1ef1f204110 call 1ef1f24f198 2308->2331 2309->2303 2314->2331 2370 1ef1f228cbe-1ef1f228cc6 2314->2370 2320 1ef1f228e15-1ef1f228e18 2315->2320 2321 1ef1f228dcd-1ef1f228e13 call 1ef1f1e0840 2315->2321 2327 1ef1f228e70-1ef1f228e7c call 1ef1f204d70 2320->2327 2328 1ef1f228e1a-1ef1f228e5b call 1ef1f1e0840 2320->2328 2342 1ef1f228e60-1ef1f228e6f call 1ef1f1e0fb0 2321->2342 2323->2303 2330 1ef1f2290d7-1ef1f2290ea 2323->2330 2327->2297 2328->2342 2330->2303 2330->2308 2359 1ef1f229189-1ef1f22918e call 1ef1f22fc0c 2331->2359 2346 1ef1f228f5b-1ef1f228f6c 2339->2346 2347 1ef1f228f8c-1ef1f228fd1 call 1ef1f24eae0 * 2 2339->2347 2360 1ef1f2291b8-1ef1f2291bd call 1ef1f22fc0c 2340->2360 2342->2327 2353 1ef1f228f87 call 1ef1f24cb90 2346->2353 2354 1ef1f228f6e-1ef1f228f81 2346->2354 2378 1ef1f229005-1ef1f229018 2347->2378 2379 1ef1f228fd3-1ef1f228fe5 2347->2379 2353->2347 2354->2353 2354->2360 2377 1ef1f22918f-1ef1f229194 call 1ef1f22fc0c 2359->2377 2376 1ef1f2291be-1ef1f2291c3 call 1ef1f22fc0c 2360->2376 2374 1ef1f228cfa-1ef1f228d40 call 1ef1f24eae0 * 2 2370->2374 2375 1ef1f228cc8-1ef1f228cda 2370->2375 2405 1ef1f228d42-1ef1f228d53 2374->2405 2406 1ef1f228d73-1ef1f228d85 2374->2406 2380 1ef1f228cf5 call 1ef1f24cb90 2375->2380 2381 1ef1f228cdc-1ef1f228cef 2375->2381 2398 1ef1f229195-1ef1f22919a call 1ef1f22fc0c 2377->2398 2387 1ef1f22901a-1ef1f22902c 2378->2387 2388 1ef1f22904c-1ef1f229052 2378->2388 2385 1ef1f229000 call 1ef1f24cb90 2379->2385 2386 1ef1f228fe7-1ef1f228ffa 2379->2386 2380->2374 2381->2359 2381->2380 2385->2378 2386->2376 2386->2385 2389 1ef1f229047 call 1ef1f24cb90 2387->2389 2390 1ef1f22902e-1ef1f229041 2387->2390 2388->2289 2389->2388 2390->2389 2396 1ef1f229160-1ef1f229165 call 1ef1f22fc0c 2390->2396 2396->2308 2398->2340 2407 1ef1f228d55-1ef1f228d68 2405->2407 2408 1ef1f228d6e call 1ef1f24cb90 2405->2408 2409 1ef1f228db9-1ef1f228dbf 2406->2409 2410 1ef1f228d87-1ef1f228d99 2406->2410 2407->2377 2407->2408 2408->2406 2409->2315 2411 1ef1f228db4 call 1ef1f24cb90 2410->2411 2412 1ef1f228d9b-1ef1f228dae 2410->2412 2411->2409 2412->2398 2412->2411
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __std_exception_destroy
                                                                      • String ID: value
                                                                      • API String ID: 2453523683-494360628
                                                                      • Opcode ID: 4de1543864837dac50646e154f92d6689d7275dc2861293a9144eb5aa3cd25cf
                                                                      • Instruction ID: 9216b3d8d5507844dd4289491caf3163b4ae2a3e9d0fb4e92ad7f79fc778e513
                                                                      • Opcode Fuzzy Hash: 4de1543864837dac50646e154f92d6689d7275dc2861293a9144eb5aa3cd25cf
                                                                      • Instruction Fuzzy Hash: 35029E33614BC8C5EB00CB79D4843DD6761EBA57A4F50522AFEAE42ADADF68C1C6C701
                                                                      Function 000001EF1F1DC8C0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328processCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                      • String ID: [PID:
                                                                      • API String ID: 420147892-2210602247
                                                                      • Opcode ID: 14b2d3b6a66368e226afe159713d3a60639ca9888d2490b22d3054de2e5a24a7
                                                                      • Instruction ID: fb3b6f409e175522d06dfbc8a4e45b1b357dd6d9bb2fc4f0207585099b28a791
                                                                      • Opcode Fuzzy Hash: 14b2d3b6a66368e226afe159713d3a60639ca9888d2490b22d3054de2e5a24a7
                                                                      • Instruction Fuzzy Hash: 19E1B273614BC485EB20CB25E8843DD67A5F7A97A4F504629EE9D17B9ADF38C282C700
                                                                      Function 000001EF1F225970 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                                      • String ID:
                                                                      • API String ID: 3038321057-0
                                                                      • Opcode ID: 29a02e95aae9899e0029659e102052f54fff5397b51cb33b914b83ea41570e5f
                                                                      • Instruction ID: 919975c62d43eb4ff5d3d1d40975fcd50f4ace6fbc436a0d9d9c5f0635ec830b
                                                                      • Opcode Fuzzy Hash: 29a02e95aae9899e0029659e102052f54fff5397b51cb33b914b83ea41570e5f
                                                                      • Instruction Fuzzy Hash: 9E216F32218BC4C6E7608B51F45538EB3A0FB99B90F558139EE9A47B58DF7CC586CB40
                                                                      Function 000001EF1F201340 Relevance: 6.8, Strings: 5, Instructions: 599COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: cannot use push_back() with $directory_iterator::directory_iterator$exists$prefs.js$status
                                                                      • API String ID: 0-2713369562
                                                                      • Opcode ID: 53790456a874fa8d934425cf399f2cc19141f737087bb70a23a5d81461913800
                                                                      • Instruction ID: ab6c8e3ad2baa54d614c4a2a80fe94df3dc581f6b40856ae707290047c784c95
                                                                      • Opcode Fuzzy Hash: 53790456a874fa8d934425cf399f2cc19141f737087bb70a23a5d81461913800
                                                                      • Instruction Fuzzy Hash: 71520433609FC884E6B19B15E8813DEB3A4FB99784F50522ADEDC52B59EF78C195CB00
                                                                      Function 000001EF1F1DACC0 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 671COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Cred$EnumerateFree
                                                                      • String ID: cannot use push_back() with
                                                                      • API String ID: 3403564193-4122110429
                                                                      • Opcode ID: 78d1baae23a78e78b123628c26e2bfc16b87e4e7df7f4aaeddd4b720fddcf75b
                                                                      • Instruction ID: a9a779d86573ffe7af89537ed57f13538b8e6dd0248501c99e3942c0005aad2c
                                                                      • Opcode Fuzzy Hash: 78d1baae23a78e78b123628c26e2bfc16b87e4e7df7f4aaeddd4b720fddcf75b
                                                                      • Instruction Fuzzy Hash: 7D626B33614BC889EB20CF25E8943DD77A1F799798F504229EEAD17B99DB78C285C700
                                                                      Function 000001EF1F22C55A Relevance: 5.6, Strings: 4, Instructions: 566COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: array$object$object key$object separator
                                                                      • API String ID: 0-2277530871
                                                                      • Opcode ID: d3ec8f3c87a8cefc780fc128593a1fbd9028268d58b26d19438fcc692d430b3e
                                                                      • Instruction ID: 75ab610d409191b33e810e05bc92a9329094ea9cbfffa16a77d03e69bdf8b648
                                                                      • Opcode Fuzzy Hash: d3ec8f3c87a8cefc780fc128593a1fbd9028268d58b26d19438fcc692d430b3e
                                                                      • Instruction Fuzzy Hash: 0342E073610AC8D6EB10DF74C4513ED2361FBA5794F80222AEE5D97A9ADF74C286C342
                                                                      Function 00007FF617E634C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47nativeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: MemoryVirtual$ProtectQuery
                                                                      • String ID: 0
                                                                      • API String ID: 1355999870-4108050209
                                                                      • Opcode ID: 89413ede3b1e85be20c8f272e65a27b8bfe40e2a2e38e4141ba162e5d23f76ce
                                                                      • Instruction ID: 1959cccd4fea658946f26227c0a0b3379998833e50531e435f0c666b9c0f7aa8
                                                                      • Opcode Fuzzy Hash: 89413ede3b1e85be20c8f272e65a27b8bfe40e2a2e38e4141ba162e5d23f76ce
                                                                      • Instruction Fuzzy Hash: 18212C36618F858AE7508B28F45575A77A0FB89BB4F500335EAAD83BA9DF7CD144CB00
                                                                      Function 000001EF1F211EA0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CryptDataFreeLocalUnprotect
                                                                      • String ID:
                                                                      • API String ID: 1561624719-0
                                                                      • Opcode ID: 534917215b691bdf8008ca3940d01222a19eb5e5d5bf9c8332b99172fc4e0cb2
                                                                      • Instruction ID: 72c6a04f9a48602c377dc52ed6cbce3cdfce70fb7a4a8175bdd4ec8720db9821
                                                                      • Opcode Fuzzy Hash: 534917215b691bdf8008ca3940d01222a19eb5e5d5bf9c8332b99172fc4e0cb2
                                                                      • Instruction Fuzzy Hash: 6D414533618BC4CAE3208F74E4403DD37A4FB6978CF444229EE8856E8ADB79C5A5C745
                                                                      Function 000001EF1F2213B0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: DriveLogicalStrings
                                                                      • String ID:
                                                                      • API String ID: 2022863570-0
                                                                      • Opcode ID: 05563d9c9f8d9765ab942f76f343afa8ceddb3167ad04ffcdfa04968ca2d4d44
                                                                      • Instruction ID: 67496f16bcd5dace04e217778ed6d94ab782141b5ecb37c30bd0766686b5861d
                                                                      • Opcode Fuzzy Hash: 05563d9c9f8d9765ab942f76f343afa8ceddb3167ad04ffcdfa04968ca2d4d44
                                                                      • Instruction Fuzzy Hash: 8F414C33A18BC4C2E710CF25E88439E7764FBA5784F545229EE8823A69DB78D5D2DB40
                                                                      Function 000001EF1F220110 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: NameUser
                                                                      • String ID:
                                                                      • API String ID: 2645101109-0
                                                                      • Opcode ID: 5706546f313706de72a237bf98d2ae5729b4666c4094d2ca0903643dc08702f3
                                                                      • Instruction ID: 55cde317db66f6b3ae73647098af1c9c72d5fc686b163439dcf832b68bdc1192
                                                                      • Opcode Fuzzy Hash: 5706546f313706de72a237bf98d2ae5729b4666c4094d2ca0903643dc08702f3
                                                                      • Instruction Fuzzy Hash: 6D015E336186C482E720CF25E85139EA3A5FBA8788F440229AE9D42659DBBCC1D58B41
                                                                      Function 000001EF1F220820 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: cores
                                                                      • API String ID: 0-2370456839
                                                                      • Opcode ID: 58cf42691204f16d4da541265847817d2eacf75c695bb747bdd7a219ffcded3a
                                                                      • Instruction ID: 966c482650d8dd23d923e3f9be190d3fa6f27bfe35f642fc38cf1562b4fe0050
                                                                      • Opcode Fuzzy Hash: 58cf42691204f16d4da541265847817d2eacf75c695bb747bdd7a219ffcded3a
                                                                      • Instruction Fuzzy Hash: 7FC1D473E14BC48AE710CB78D4413DD6761EBA97A8F505329EEAC16A9ADB78C1C6C340
                                                                      Function 000001EF1F2270B0 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: \u%04x
                                                                      • API String ID: 0-2916071157
                                                                      • Opcode ID: 06a80ac53363f504e8d291dc153b6a47b21947aca11156197ff4547b1ef6832f
                                                                      • Instruction ID: bd379e206f0325985b642b27a0be2ecb43f6008ac17e508463d50e90cc39c774
                                                                      • Opcode Fuzzy Hash: 06a80ac53363f504e8d291dc153b6a47b21947aca11156197ff4547b1ef6832f
                                                                      • Instruction Fuzzy Hash: 2081CD336086C8C2EB54DB25D5507EE6761FBA5B80F84803EDF6A83B95DB38C596C341
                                                                      Function 000001EF1F22662B Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: ":
                                                                      • API String ID: 0-3662656813
                                                                      • Opcode ID: 896a4f67027aaf01e5dfe48ac692d3832c0c554c68eb6b2fca54ea41666aa8bb
                                                                      • Instruction ID: 4381ea5fdf3366d150af1f55d4b9428b97f926a08531950d9801dfd807b0fb8e
                                                                      • Opcode Fuzzy Hash: 896a4f67027aaf01e5dfe48ac692d3832c0c554c68eb6b2fca54ea41666aa8bb
                                                                      • Instruction Fuzzy Hash: 06911277304A89C1DB209F26D09479E6761FB98BC8F40901ACFAE47B65DF39C599CB02
                                                                      Function 000001EF1F1E22D0 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 000001EF1F1E2359
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                                                                      • API String ID: 0-1713319389
                                                                      • Opcode ID: 0e1e18df8e43834f8c2d261b7060e305521bf1430a60c216941d6cdd0af00934
                                                                      • Instruction ID: aea03c6c649078aa8ca9837e4b3986b10cc4cc147088bb8e1953713aff16b844
                                                                      • Opcode Fuzzy Hash: 0e1e18df8e43834f8c2d261b7060e305521bf1430a60c216941d6cdd0af00934
                                                                      • Instruction Fuzzy Hash: E141D0736196E48AD702CB3984113BD7FB1E366B88F1C81A2DBD487747C62DC256DB10
                                                                      Function 000001EF1F1DCF60 Relevance: .7, Instructions: 715COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2ee64277ec26fa9eb8a19cf9b95fe07225f7ac9934d4029661373a1f8689ff59
                                                                      • Instruction ID: 2420dfd167b1fae8bcfb867d3539a6f97484ec0d1a849d6a977962e2b8fcbe91
                                                                      • Opcode Fuzzy Hash: 2ee64277ec26fa9eb8a19cf9b95fe07225f7ac9934d4029661373a1f8689ff59
                                                                      • Instruction Fuzzy Hash: F5724B73615BC8C9EB20CB69E8403DD73A1F799798F504229EE9C67B99DB78C281C700
                                                                      Function 000001EF1F1CF1C0 Relevance: .3, Instructions: 344COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a03f6542dbe3f7e8697fb30417c9446664b9eff22dd70cdc3f0f468801734f4b
                                                                      • Instruction ID: eaf0a8cacf3aa9fa000ba53a59a86a4970d3b58049d57cd0e44fec7345b9f6b9
                                                                      • Opcode Fuzzy Hash: a03f6542dbe3f7e8697fb30417c9446664b9eff22dd70cdc3f0f468801734f4b
                                                                      • Instruction Fuzzy Hash: 4BF12D73A15FC88AEB208B69E44139D77A4F79C7A8F104319EEDC57B99EB78C1918700
                                                                      Function 000001EF1F1CF8B0 Relevance: .3, Instructions: 336COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c0a5ce49bdf3c9232aa9b921f9dd6628f2cc835ac63ebea273df0551bc5cf4d6
                                                                      • Instruction ID: 82a226638c6fb8d760ecbf96746f62da8ec735131afbd5b7667f3169825bdadc
                                                                      • Opcode Fuzzy Hash: c0a5ce49bdf3c9232aa9b921f9dd6628f2cc835ac63ebea273df0551bc5cf4d6
                                                                      • Instruction Fuzzy Hash: BEF13C73605FC88AEB208B69E44139D77A1F79C7A8F104319EEEC57B99EB78C1918740
                                                                      Function 000001EF1F218B30 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 194windowCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 702 1ef1f218b30-1ef1f218b6b call 1ef1f2188b0 705 1ef1f218bac 702->705 706 1ef1f218b6d-1ef1f218b7c EnterCriticalSection 702->706 709 1ef1f218bb1-1ef1f218bcf call 1ef1f24cb70 705->709 707 1ef1f218bd0-1ef1f218bea LeaveCriticalSection GdipGetImageEncodersSize 706->707 708 1ef1f218b7e-1ef1f218ba0 GdiplusStartup 706->708 707->705 710 1ef1f218bec-1ef1f218bff 707->710 708->707 711 1ef1f218ba2-1ef1f218ba6 LeaveCriticalSection 708->711 713 1ef1f218c01-1ef1f218c0a call 1ef1f218640 710->713 714 1ef1f218c3b-1ef1f218c49 call 1ef1f2366e4 710->714 711->705 720 1ef1f218c38 713->720 721 1ef1f218c0c-1ef1f218c16 713->721 722 1ef1f218c50-1ef1f218c5a 714->722 723 1ef1f218c4b-1ef1f218c4e 714->723 720->714 725 1ef1f218c22-1ef1f218c36 call 1ef1f24d830 721->725 726 1ef1f218c18 721->726 724 1ef1f218c5e 722->724 723->724 727 1ef1f218c61-1ef1f218c64 724->727 725->727 726->725 729 1ef1f218c70-1ef1f218c7e GdipGetImageEncoders 727->729 730 1ef1f218c66-1ef1f218c6b 727->730 733 1ef1f218c84-1ef1f218c8d 729->733 734 1ef1f218dc9-1ef1f218dce 729->734 732 1ef1f218dde-1ef1f218de1 730->732 737 1ef1f218e04-1ef1f218e06 732->737 738 1ef1f218de3-1ef1f218de7 732->738 735 1ef1f218cbf 733->735 736 1ef1f218c8f-1ef1f218c9d 733->736 734->732 741 1ef1f218cc6-1ef1f218cd6 735->741 739 1ef1f218ca0-1ef1f218cab 736->739 737->709 740 1ef1f218df0-1ef1f218e02 call 1ef1f22efd8 738->740 742 1ef1f218cb8-1ef1f218cbd 739->742 743 1ef1f218cad-1ef1f218cb2 739->743 740->737 745 1ef1f218cef-1ef1f218d0b 741->745 746 1ef1f218cd8-1ef1f218ce9 741->746 742->735 742->739 743->742 747 1ef1f218d6d-1ef1f218d71 743->747 749 1ef1f218d78-1ef1f218db7 GdipCreateBitmapFromHBITMAP GdipSaveImageToStream 745->749 750 1ef1f218d0d-1ef1f218d66 GdipCreateBitmapFromScan0 GdipSaveImageToStream 745->750 746->734 746->745 747->741 751 1ef1f218dd0-1ef1f218ddd GdipDisposeImage 749->751 752 1ef1f218db9 749->752 753 1ef1f218d76 750->753 754 1ef1f218d68-1ef1f218d6b 750->754 751->732 755 1ef1f218dbc-1ef1f218dc3 GdipDisposeImage 752->755 753->751 754->755 755->734
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream
                                                                      • String ID: &
                                                                      • API String ID: 1703174404-3042966939
                                                                      • Opcode ID: e0228fc8eea7d5b1ef60bb9784c8d30ef67e4de2cf218bbc2f582390e882f76a
                                                                      • Instruction ID: cd12e1aa8a7008fd216d302035492f0e0b8b2b3452c5700d76aa32bf95fbe88f
                                                                      • Opcode Fuzzy Hash: e0228fc8eea7d5b1ef60bb9784c8d30ef67e4de2cf218bbc2f582390e882f76a
                                                                      • Instruction Fuzzy Hash: 69916A33605BC8DAEB20CF20D8807DD37A4FB75B98F548229EE2987B94DB74C5868345
                                                                      Function 000001EF1F219BE0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 250networkCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1405 1ef1f219be0-1ef1f219c37 call 1ef1f21f890 1408 1ef1f219c39-1ef1f219c41 1405->1408 1409 1ef1f219c7d-1ef1f219d61 call 1ef1f1f24f0 call 1ef1f1e5330 call 1ef1f1deda0 call 1ef1f1e5330 call 1ef1f1deda0 call 1ef1f1e0fb0 WSAStartup 1405->1409 1411 1ef1f219c45-1ef1f219c4d 1408->1411 1422 1ef1f219e28 1409->1422 1441 1ef1f219d67-1ef1f219d8b socket 1409->1441 1413 1ef1f219c4f 1411->1413 1414 1ef1f219c52-1ef1f219c62 1411->1414 1413->1414 1415 1ef1f219c74-1ef1f219c7b 1414->1415 1416 1ef1f219c64-1ef1f219c6e call 1ef1f25fd00 1414->1416 1415->1409 1415->1411 1416->1415 1416->1422 1425 1ef1f219e2a-1ef1f219e32 1422->1425 1427 1ef1f219e34-1ef1f219e45 1425->1427 1428 1ef1f219e65-1ef1f219ea9 call 1ef1f24cb70 1425->1428 1431 1ef1f219e60 call 1ef1f24cb90 1427->1431 1432 1ef1f219e47-1ef1f219e5a 1427->1432 1431->1428 1432->1431 1436 1ef1f219fcf-1ef1f219fd4 call 1ef1f22fc0c 1432->1436 1442 1ef1f219fd5-1ef1f219fda call 1ef1f22fc0c 1436->1442 1443 1ef1f219e22 WSACleanup 1441->1443 1444 1ef1f219d91-1ef1f219dbe htons 1441->1444 1443->1422 1446 1ef1f219dc4-1ef1f219dd4 call 1ef1f227890 1444->1446 1447 1ef1f219ecd-1ef1f219efe call 1ef1f218e10 call 1ef1f1dfb70 1444->1447 1453 1ef1f219dd6 1446->1453 1454 1ef1f219dd9-1ef1f219e06 inet_pton connect 1446->1454 1461 1ef1f219f00-1ef1f219f16 1447->1461 1462 1ef1f219f36-1ef1f219f53 call 1ef1f218e10 1447->1462 1453->1454 1456 1ef1f219eaa-1ef1f219eb4 1454->1456 1457 1ef1f219e0c-1ef1f219e13 1454->1457 1456->1447 1459 1ef1f219eb6-1ef1f219ebf 1456->1459 1457->1446 1460 1ef1f219e15-1ef1f219e1c closesocket 1457->1460 1466 1ef1f219ec1 1459->1466 1467 1ef1f219ec4-1ef1f219ecc call 1ef1f1e15c0 1459->1467 1460->1443 1463 1ef1f219f31 call 1ef1f24cb90 1461->1463 1464 1ef1f219f18-1ef1f219f2b 1461->1464 1469 1ef1f219f58-1ef1f219f7c call 1ef1f1dfb70 1462->1469 1463->1462 1464->1442 1464->1463 1466->1467 1467->1447 1474 1ef1f219fb8-1ef1f219fc4 1469->1474 1475 1ef1f219f7e-1ef1f219f94 1469->1475 1474->1425 1476 1ef1f219f96-1ef1f219fa9 1475->1476 1477 1ef1f219fab-1ef1f219fb0 call 1ef1f24cb90 1475->1477 1476->1477 1478 1ef1f219fc9-1ef1f219fce call 1ef1f22fc0c 1476->1478 1477->1474 1478->1436
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
                                                                      • String ID: geo$system
                                                                      • API String ID: 213021568-2364779556
                                                                      • Opcode ID: aa2f5169524634d7e9323b3215f6a4000117be42a2ae9b0de516e33c6e21ac9c
                                                                      • Instruction ID: 8ed4e67a8e0840513a81258f9a8192be974195b2bea3438a77a83de6ff5cc544
                                                                      • Opcode Fuzzy Hash: aa2f5169524634d7e9323b3215f6a4000117be42a2ae9b0de516e33c6e21ac9c
                                                                      • Instruction Fuzzy Hash: 89C18B73B05BC8C5EB00DBA4D4503DD33A2EB65B98F41422ADE7D57AA9DA74C587C301
                                                                      Function 000001EF1F223B30 Relevance: 13.6, APIs: 9, Instructions: 117COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1887 1ef1f223b30-1ef1f223b92 GetCurrentProcess GetProcessId RmStartSession 1888 1ef1f223c91 1887->1888 1889 1ef1f223b98-1ef1f223bbd RmRegisterResources 1887->1889 1892 1ef1f223c93-1ef1f223cb6 call 1ef1f24cb70 1888->1892 1890 1ef1f223bc3-1ef1f223bf9 RmGetList 1889->1890 1891 1ef1f223c88-1ef1f223c8b RmEndSession 1889->1891 1893 1ef1f223bff-1ef1f223c04 1890->1893 1894 1ef1f223cd4 1890->1894 1891->1888 1893->1894 1896 1ef1f223c0a-1ef1f223c30 call 1ef1f2366e4 1893->1896 1897 1ef1f223cd7-1ef1f223cdf RmEndSession 1894->1897 1896->1897 1901 1ef1f223c36-1ef1f223c58 RmGetList 1896->1901 1897->1892 1902 1ef1f223c5a-1ef1f223c5d 1901->1902 1903 1ef1f223ccc-1ef1f223ccf call 1ef1f22efd8 1901->1903 1902->1903 1905 1ef1f223c5f-1ef1f223c68 1902->1905 1903->1894 1905->1891 1906 1ef1f223c6a 1905->1906 1907 1ef1f223c70-1ef1f223c7f 1906->1907 1908 1ef1f223c81-1ef1f223c86 1907->1908 1909 1ef1f223cb7-1ef1f223cca call 1ef1f22efd8 RmEndSession 1907->1909 1908->1891 1908->1907 1909->1888
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Session$ListProcess$CurrentRegisterResourcesStart
                                                                      • String ID:
                                                                      • API String ID: 3299295986-0
                                                                      • Opcode ID: fd498ee3de36280c394abacf9467fc5b9ce5ac8d70b1b0db778499f5d870b0f3
                                                                      • Instruction ID: f7025b5583b9dbdd195ea3a7c9c874774bef52300f50b12f02985c7c119d66e1
                                                                      • Opcode Fuzzy Hash: fd498ee3de36280c394abacf9467fc5b9ce5ac8d70b1b0db778499f5d870b0f3
                                                                      • Instruction Fuzzy Hash: CC512932705AD8CAF714CFA4E4546DD73A1FB69788F50413EEE1AA3B98DA34C8468B41
                                                                      Function 000001EF1F23D5F0 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2018 1ef1f23d5f0-1ef1f23d616 2019 1ef1f23d631-1ef1f23d635 2018->2019 2020 1ef1f23d618-1ef1f23d62c call 1ef1f2340ac call 1ef1f2340cc 2018->2020 2022 1ef1f23da0b-1ef1f23da17 call 1ef1f2340ac call 1ef1f2340cc 2019->2022 2023 1ef1f23d63b-1ef1f23d642 2019->2023 2037 1ef1f23da22 2020->2037 2040 1ef1f23da1d call 1ef1f22fbec 2022->2040 2023->2022 2026 1ef1f23d648-1ef1f23d676 2023->2026 2026->2022 2029 1ef1f23d67c-1ef1f23d683 2026->2029 2032 1ef1f23d685-1ef1f23d697 call 1ef1f2340ac call 1ef1f2340cc 2029->2032 2033 1ef1f23d69c-1ef1f23d69f 2029->2033 2032->2040 2034 1ef1f23d6a5-1ef1f23d6ab 2033->2034 2035 1ef1f23da07-1ef1f23da09 2033->2035 2034->2035 2039 1ef1f23d6b1-1ef1f23d6b4 2034->2039 2041 1ef1f23da25-1ef1f23da3c 2035->2041 2037->2041 2039->2032 2043 1ef1f23d6b6-1ef1f23d6db 2039->2043 2040->2037 2047 1ef1f23d6dd-1ef1f23d6df 2043->2047 2048 1ef1f23d70e-1ef1f23d715 2043->2048 2051 1ef1f23d706-1ef1f23d70c 2047->2051 2052 1ef1f23d6e1-1ef1f23d6e8 2047->2052 2049 1ef1f23d717-1ef1f23d73f call 1ef1f23dedc call 1ef1f23b550 * 2 2048->2049 2050 1ef1f23d6ea-1ef1f23d701 call 1ef1f2340ac call 1ef1f2340cc call 1ef1f22fbec 2048->2050 2079 1ef1f23d741-1ef1f23d757 call 1ef1f2340cc call 1ef1f2340ac 2049->2079 2080 1ef1f23d75c-1ef1f23d787 call 1ef1f23dcb0 2049->2080 2083 1ef1f23d894 2050->2083 2055 1ef1f23d78c-1ef1f23d7a3 2051->2055 2052->2050 2052->2051 2056 1ef1f23d7a5-1ef1f23d7ad 2055->2056 2057 1ef1f23d81e-1ef1f23d828 call 1ef1f247c7c 2055->2057 2056->2057 2060 1ef1f23d7af-1ef1f23d7b1 2056->2060 2070 1ef1f23d8b2 2057->2070 2071 1ef1f23d82e-1ef1f23d843 2057->2071 2060->2057 2064 1ef1f23d7b3-1ef1f23d7c9 2060->2064 2064->2057 2068 1ef1f23d7cb-1ef1f23d7d7 2064->2068 2068->2057 2073 1ef1f23d7d9-1ef1f23d7db 2068->2073 2075 1ef1f23d8b7-1ef1f23d8cf call 1ef1f272188 2070->2075 2071->2070 2076 1ef1f23d845-1ef1f23d857 GetConsoleMode 2071->2076 2073->2057 2078 1ef1f23d7dd-1ef1f23d7f5 2073->2078 2087 1ef1f23d8d5-1ef1f23d8d7 2075->2087 2076->2070 2082 1ef1f23d859-1ef1f23d861 2076->2082 2078->2057 2085 1ef1f23d7f7-1ef1f23d803 2078->2085 2079->2083 2080->2055 2082->2075 2089 1ef1f23d863-1ef1f23d885 ReadConsoleW 2082->2089 2084 1ef1f23d897-1ef1f23d8a1 call 1ef1f23b550 2083->2084 2084->2041 2085->2057 2093 1ef1f23d805-1ef1f23d807 2085->2093 2095 1ef1f23d9d1-1ef1f23d9da call 1ef1f272160 2087->2095 2096 1ef1f23d8dd-1ef1f23d8e5 2087->2096 2090 1ef1f23d8a6-1ef1f23d8b0 2089->2090 2091 1ef1f23d887 call 1ef1f272160 2089->2091 2102 1ef1f23d8f2-1ef1f23d907 2090->2102 2106 1ef1f23d88d-1ef1f23d88f call 1ef1f234040 2091->2106 2093->2057 2101 1ef1f23d809-1ef1f23d819 2093->2101 2112 1ef1f23d9dc-1ef1f23d9f2 call 1ef1f2340cc call 1ef1f2340ac 2095->2112 2113 1ef1f23d9f7-1ef1f23d9fa 2095->2113 2096->2095 2104 1ef1f23d8eb 2096->2104 2101->2057 2102->2084 2105 1ef1f23d909-1ef1f23d914 2102->2105 2104->2102 2109 1ef1f23d916-1ef1f23d92f call 1ef1f23d208 2105->2109 2110 1ef1f23d93b-1ef1f23d943 2105->2110 2106->2083 2120 1ef1f23d934-1ef1f23d936 2109->2120 2115 1ef1f23d945-1ef1f23d957 2110->2115 2116 1ef1f23d9bf-1ef1f23d9cc call 1ef1f23d048 2110->2116 2112->2083 2113->2106 2118 1ef1f23da00-1ef1f23da02 2113->2118 2121 1ef1f23d9b2-1ef1f23d9ba 2115->2121 2122 1ef1f23d959 2115->2122 2116->2120 2118->2084 2120->2084 2121->2084 2125 1ef1f23d95e-1ef1f23d965 2122->2125 2127 1ef1f23d9a1-1ef1f23d9ac 2125->2127 2128 1ef1f23d967-1ef1f23d96b 2125->2128 2127->2121 2130 1ef1f23d96d-1ef1f23d974 2128->2130 2131 1ef1f23d987 2128->2131 2130->2131 2132 1ef1f23d976-1ef1f23d97a 2130->2132 2133 1ef1f23d98d-1ef1f23d99d 2131->2133 2132->2131 2134 1ef1f23d97c-1ef1f23d985 2132->2134 2133->2125 2135 1ef1f23d99f 2133->2135 2134->2133 2135->2121
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 47550b20993fbd762e226fa4ca9e05ae32b1ced83bd225dda60327e294bd4ee8
                                                                      • Instruction ID: e3177463ba6d0c5d0c1a120742b41b94aee815ca217e35954610e72af36a1d0a
                                                                      • Opcode Fuzzy Hash: 47550b20993fbd762e226fa4ca9e05ae32b1ced83bd225dda60327e294bd4ee8
                                                                      • Instruction Fuzzy Hash: DCC1D1B32047CDC3E7619B15D4503ED7BA0EFA9B80F9541A9DE6A07395DA78C8CB8702
                                                                      Function 000001EF1F218990 Relevance: 9.0, APIs: 6, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
                                                                      • String ID:
                                                                      • API String ID: 4268643673-0
                                                                      • Opcode ID: 83031f1c3d95a3b59bc2a22e43b72ccd41805d9851eefa9cc92077698de98015
                                                                      • Instruction ID: 94a9c794a64856a99fd07087481d58f804a64d9a088bd18d6248059b4d9ee0c3
                                                                      • Opcode Fuzzy Hash: 83031f1c3d95a3b59bc2a22e43b72ccd41805d9851eefa9cc92077698de98015
                                                                      • Instruction Fuzzy Hash: 1E114633501BD4C1EB10DF24E88019D73A4FB66FA4B684329DE69462A4DF34C897C746
                                                                      Function 00007FF617E77980 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 120COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF617E77C00: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00007FF617E77C0E
                                                                        • Part of subcall function 00007FF617E66610: char_traits.LIBCPMTD ref: 00007FF617E6663D
                                                                        • Part of subcall function 00007FF617E77DC0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF617E77ED5
                                                                      • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF617E77AFA
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: Concurrency::details::_CriticalLock::_ProcessorReentrantScoped_lockScoped_lock::~_Virtual$Concurrency::RootRoot::char_traits
                                                                      • String ID: EnterCriticalSection$LeaveCriticalSection$LoadAcceleratorsA$LoadAcceleratorsW
                                                                      • API String ID: 2378420206-1394853731
                                                                      • Opcode ID: 04327c45c70a67150be1c73c2e078c6eac2a998af2c452a8fcebf7652b8d46cf
                                                                      • Instruction ID: 2821deffe2c161f9a05c5a3cc4c190fdf0fab90ed93935ab7bb1378959b73f40
                                                                      • Opcode Fuzzy Hash: 04327c45c70a67150be1c73c2e078c6eac2a998af2c452a8fcebf7652b8d46cf
                                                                      • Instruction Fuzzy Hash: 2151022255DDC295EA30DB54E4513EFA3A0FBD5B54F401032E28DC7AABDE2CD645CB80
                                                                      Function 000001EF1F21E9F0 Relevance: 6.4, APIs: 4, Instructions: 417networkCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: recv$Cleanupclosesocket
                                                                      • String ID:
                                                                      • API String ID: 146070474-0
                                                                      • Opcode ID: 8617c0c3cb97ca130137414e1e59b4641afa0d81757e1cfab694a00b388a34e4
                                                                      • Instruction ID: 6f7bea7f930642d63733a398e913e7c590f01510739da19bf24f07fc368aaac5
                                                                      • Opcode Fuzzy Hash: 8617c0c3cb97ca130137414e1e59b4641afa0d81757e1cfab694a00b388a34e4
                                                                      • Instruction Fuzzy Hash: 33128173A18BC8C1EA21DB14E4543DE6761FBA9790F504229EEBD46ADADF78C4C2C701
                                                                      Function 00007FF617E77FD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF617E780EF
                                                                      • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF617E78197
                                                                        • Part of subcall function 00007FF617EB77D4: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF617EB651B), ref: 00007FF617EB7824
                                                                        • Part of subcall function 00007FF617EB77D4: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF617EB651B), ref: 00007FF617EB7865
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$ExceptionFileHeaderRaise
                                                                      • String ID: 1.3.1.zlib-ng
                                                                      • API String ID: 543713560-992988628
                                                                      • Opcode ID: 8956c29817721c66e9a5c783700e556b24576ee2f69ddabf96bd024d6e1e8483
                                                                      • Instruction ID: 2b21c2cd36b34f11f6d67a666a70a5359d4b796b562a2ab6ba46ef0d8d3e9cb2
                                                                      • Opcode Fuzzy Hash: 8956c29817721c66e9a5c783700e556b24576ee2f69ddabf96bd024d6e1e8483
                                                                      • Instruction Fuzzy Hash: AD61C83261CAC286E670DB14E4513ABB3A0FBD8754F904136E6CD83A9ADF3CD645CB80
                                                                      Function 000001EF1F220420 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Value
                                                                      • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                      • API String ID: 3702945584-1787575317
                                                                      • Opcode ID: 848e5551118642d687fb9cd25162ca569aafd51f714130a4cf12862d48b99029
                                                                      • Instruction ID: 65f07dc72a10feaef434ff3585cb445ff1d4b312d05c03c21da75e30fd589383
                                                                      • Opcode Fuzzy Hash: 848e5551118642d687fb9cd25162ca569aafd51f714130a4cf12862d48b99029
                                                                      • Instruction Fuzzy Hash: 1F113032118BC4C2D710CF21F45139AB3A4FBA9794F914229EE9847B59DFBCC195CB40
                                                                      Function 000001EF1F22B090 Relevance: 4.9, APIs: 3, Instructions: 440COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID:
                                                                      • API String ID: 118556049-0
                                                                      • Opcode ID: 44d4abd68d1500e908a8f15b917e2edf606cc9c21f599a0dace8c81027a59553
                                                                      • Instruction ID: acbc8497b16e241a2c7578b9ebafa346fab9de1ab90576b1cf6c8bbbc2dfb770
                                                                      • Opcode Fuzzy Hash: 44d4abd68d1500e908a8f15b917e2edf606cc9c21f599a0dace8c81027a59553
                                                                      • Instruction Fuzzy Hash: 55F19F73211BC8C2DA24CB25E4547AD63A4FB68BE4F58462DAFBD47B95DB38C192C301
                                                                      Function 000001EF1F21ED77 Relevance: 4.7, APIs: 3, Instructions: 182networkCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Cleanupclosesocketrecv
                                                                      • String ID:
                                                                      • API String ID: 3447645871-0
                                                                      • Opcode ID: 609ff855d8c389044ae14b46d5b4c35e90766f3e6cfc784a2336127d0299b595
                                                                      • Instruction ID: 6d6ae0197ef173e638e945292402accd6886761ec7348bb5a3627df0690ed90b
                                                                      • Opcode Fuzzy Hash: 609ff855d8c389044ae14b46d5b4c35e90766f3e6cfc784a2336127d0299b595
                                                                      • Instruction Fuzzy Hash: D8917173A18BC8C1EA208B14E4543DE6761EBA97A0F504329DEBD47ADADF79C4C2C701
                                                                      Function 000001EF1F221111 Relevance: 4.7, APIs: 3, Instructions: 163registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CloseEnumOpen
                                                                      • String ID:
                                                                      • API String ID: 1332880857-0
                                                                      • Opcode ID: 866ecde12c4900e59f76d10c61653feda9dac359a6bfa9f0c5534175a3217374
                                                                      • Instruction ID: b6d0e8f49bf6e542d4c598861b5e66ee262e8cb633d7e7704fa741be3e81f477
                                                                      • Opcode Fuzzy Hash: 866ecde12c4900e59f76d10c61653feda9dac359a6bfa9f0c5534175a3217374
                                                                      • Instruction Fuzzy Hash: 57717273A04BC8C5EB10CB65E48479D6761FBA57A8F200329EEB957AD9DB78D0C2C701
                                                                      Function 00007FF617E6D7F0 Relevance: 4.6, APIs: 3, Instructions: 112COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF617E6D8DD
                                                                      • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF617E6D9C0
                                                                      • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF617E6D9E9
                                                                        • Part of subcall function 00007FF617E66610: char_traits.LIBCPMTD ref: 00007FF617E6663D
                                                                        • Part of subcall function 00007FF617E6DAA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF617E6DAB8
                                                                        • Part of subcall function 00007FF617E6DB00: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF617E6DB13
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: Concurrency::details::Work$EmptyQueue::Structured$Base::ContextIdentityQueue$char_traits
                                                                      • String ID:
                                                                      • API String ID: 2573577243-0
                                                                      • Opcode ID: f26d7d76682de479d1a510b7515a2100360f65aa1e8371ebd0398830a94be955
                                                                      • Instruction ID: 9e2f83c7a61aa72506414b2ee21b68c5d446549d303970fcfeaebbf10585daac
                                                                      • Opcode Fuzzy Hash: f26d7d76682de479d1a510b7515a2100360f65aa1e8371ebd0398830a94be955
                                                                      • Instruction Fuzzy Hash: 6051F96261DFC691DA20DB15E4513ABB3A0FBC5B94F804032E6CD87B6BDE2CD585CB40
                                                                      Function 000001EF1F2210A0 Relevance: 4.6, APIs: 3, Instructions: 96registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: EnumOpen
                                                                      • String ID:
                                                                      • API String ID: 3231578192-0
                                                                      • Opcode ID: f2e07ec76756ed61d5ea5d4f7ada0feb90a09d0fd6799f6eeab6a948dfa74451
                                                                      • Instruction ID: 04413f953b3ab420173499a202f87b1050031207d01175b2dfc7ebdbbf8db053
                                                                      • Opcode Fuzzy Hash: f2e07ec76756ed61d5ea5d4f7ada0feb90a09d0fd6799f6eeab6a948dfa74451
                                                                      • Instruction Fuzzy Hash: BE317F33610BC8C5E720CBA5E850BDE7364FB65798F600229EEA957A54DB78C1D6C700
                                                                      Function 00007FF617E717D0 Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: CallFunction0Member$char_traits
                                                                      • String ID:
                                                                      • API String ID: 1927575840-0
                                                                      • Opcode ID: b3a0a285e39b8cf687cbf5e33b540a6d49c497df54d9ecd142d2dcea34095149
                                                                      • Instruction ID: 06c08c9a1363a20654b27ce8025fb2516ef5429984cb7ecb03d772a9f2f00c3e
                                                                      • Opcode Fuzzy Hash: b3a0a285e39b8cf687cbf5e33b540a6d49c497df54d9ecd142d2dcea34095149
                                                                      • Instruction Fuzzy Hash: 24312E62A0DF4285E720DB15E44116B77E2FBC9BA4F505135E28DC76ABDE3CE641CB80
                                                                      Function 000001EF1F220DDB Relevance: 4.6, APIs: 3, Instructions: 68registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CloseOpenQueryValue
                                                                      • String ID:
                                                                      • API String ID: 3677997916-0
                                                                      • Opcode ID: bb72164ad1160d40e3a75e7481e2f4229b5a897f4fd7f573111bd3cb0f92ed32
                                                                      • Instruction ID: 64fb7f79da6fd18a76224ddca9cbc2d8c9cbe20d95559b627e2665106e5d39e7
                                                                      • Opcode Fuzzy Hash: bb72164ad1160d40e3a75e7481e2f4229b5a897f4fd7f573111bd3cb0f92ed32
                                                                      • Instruction Fuzzy Hash: AA218F73614BC8C1EB50CB25E05139EB361FBEA7D4F40522AEEAD42A99DE2CC1C5CB01
                                                                      Function 00007FF617E782A0 Relevance: 4.6, APIs: 3, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: ProcessToken$CurrentInformationOpen
                                                                      • String ID:
                                                                      • API String ID: 2743777493-0
                                                                      • Opcode ID: 722ab832dbefb05b570a67b2cccdef345e5e387398dfdff30b5f0e262e84267a
                                                                      • Instruction ID: ef0182c0ec98e9a9dd0814d2f73598fca2357eb48755a99042639e0b30a214cd
                                                                      • Opcode Fuzzy Hash: 722ab832dbefb05b570a67b2cccdef345e5e387398dfdff30b5f0e262e84267a
                                                                      • Instruction Fuzzy Hash: 6B21602262CA8181EB40DB15E4513AFBBA0FB91B54F941035F78E83A9BDF3DD508CB40
                                                                      Function 000001EF1F21F890 Relevance: 4.6, APIs: 3, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Info$User
                                                                      • String ID:
                                                                      • API String ID: 2017065092-0
                                                                      • Opcode ID: d34c2ece54cb3812040e4eef0477fed434900964bc97860851aa3e607d5351a2
                                                                      • Instruction ID: 9f74e49a397e7cec6e9c5987b38a04d88823fee2b84d6ee23742715801c164b5
                                                                      • Opcode Fuzzy Hash: d34c2ece54cb3812040e4eef0477fed434900964bc97860851aa3e607d5351a2
                                                                      • Instruction Fuzzy Hash: AE1179326187C582E7109F61F41475EB3A1FBA6B88F045228EF8503B59DF7CD5918B85
                                                                      Function 000001EF1F219760 Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ProcessToken$CurrentInformationOpen
                                                                      • String ID:
                                                                      • API String ID: 2743777493-0
                                                                      • Opcode ID: 5cf106d3b2ffd2a7e9a61a7f883b18dc6c947c023f1ec599732081f4b0d6fdce
                                                                      • Instruction ID: dc922429fadc789af41500e97c1a77bfb8a41a513cd738dc4a4d89439a9e09ca
                                                                      • Opcode Fuzzy Hash: 5cf106d3b2ffd2a7e9a61a7f883b18dc6c947c023f1ec599732081f4b0d6fdce
                                                                      • Instruction Fuzzy Hash: 4711FC32618BC482E7509F15F84034EB2A0FB95B80F555129EEA997B68CF38C446CB45
                                                                      Function 000001EF1F243270 Relevance: 4.5, APIs: 3, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Process$CurrentExitTerminate
                                                                      • String ID:
                                                                      • API String ID: 1703294689-0
                                                                      • Opcode ID: f80d91bcf93e8424b3640f1b7356e3f7b22acd1ad7b3684da8aa45f97133e79c
                                                                      • Instruction ID: b499fad7580ff09ef6e6d55dbb7fa181c67c5a9ec258363ec20366ca0b7a7515
                                                                      • Opcode Fuzzy Hash: f80d91bcf93e8424b3640f1b7356e3f7b22acd1ad7b3684da8aa45f97133e79c
                                                                      • Instruction Fuzzy Hash: 1BD067363006CCD2FA18AB70A8992DD22256F7A701F10593CCD22467D7CD698CCA5612
                                                                      Function 000001EF1F1DF350 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 153COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID:
                                                                      • API String ID: 118556049-3916222277
                                                                      • Opcode ID: 6c07074f43804ca48068e3669103e1ea88a4ad1301297c00d1ef59d492acbb63
                                                                      • Instruction ID: 8ddbca3c840375d905bcafbf043e21ee1032061d26cfdbcbb9f50e09666dfcca
                                                                      • Opcode Fuzzy Hash: 6c07074f43804ca48068e3669103e1ea88a4ad1301297c00d1ef59d492acbb63
                                                                      • Instruction Fuzzy Hash: E9512773204B88D6EA158F2AD15839C33A0FB68B94F58462ADF5D57BA5CF79D1A3C300
                                                                      Function 000001EF1F220C30 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CurrentProfile
                                                                      • String ID: Unknown
                                                                      • API String ID: 2104809126-1654365787
                                                                      • Opcode ID: 23c938e7993db7c49b129263db71837a29bf102ed93c0002fe98e8a6915ab8d6
                                                                      • Instruction ID: d800211d065984d42d610de19a1bcc61d0fbd8919bd55328da205596a22cdc38
                                                                      • Opcode Fuzzy Hash: 23c938e7993db7c49b129263db71837a29bf102ed93c0002fe98e8a6915ab8d6
                                                                      • Instruction Fuzzy Hash: 4031BE33628BC4C6E711CB24E4503DEA360FBA9744F545229EFD916A5ADB7CC6D6CB00
                                                                      Function 00007FF617E6FAE0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @
                                                                      • API String ID: 0-2766056989
                                                                      • Opcode ID: b337b7728e22acf7a85b468339197ec44de5b842342dd1561fc2dcb21d3dd529
                                                                      • Instruction ID: 4145e7aebf99cfd1849475c40c6d5536b6b358d343394f36a630b3730cb827c1
                                                                      • Opcode Fuzzy Hash: b337b7728e22acf7a85b468339197ec44de5b842342dd1561fc2dcb21d3dd529
                                                                      • Instruction Fuzzy Hash: 3B31B87661DB818AD760DB25E45062BBBE0F788B94F500525FB8D83B5ADF3CD6408F40
                                                                      Function 000001EF1F1E51E0 Relevance: 3.2, APIs: 2, Instructions: 192COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID:
                                                                      • API String ID: 118556049-0
                                                                      • Opcode ID: 1c6e8d4d7363a70b3ba52969144ac9adb36c42fe63d4cefd70ba9a4a2fc8c6fb
                                                                      • Instruction ID: 157528522dd08e234f65ef0ee1e7e932540d804c61a960d47688f7c2c1e006a4
                                                                      • Opcode Fuzzy Hash: 1c6e8d4d7363a70b3ba52969144ac9adb36c42fe63d4cefd70ba9a4a2fc8c6fb
                                                                      • Instruction Fuzzy Hash: 8251D773311BC8C5EE259B15E5003DD6391AB64BE4F5806399E6E9BBD7EA78C4C39300
                                                                      Function 000001EF1F218E10 Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FolderFreeKnownPathTask
                                                                      • String ID:
                                                                      • API String ID: 969438705-0
                                                                      • Opcode ID: 580e4ec995c025e236e0119286df238f7e33c8c91af7f6f13076045bdd61eb5d
                                                                      • Instruction ID: 0c9b3e357ad8154c7141bf50c70271f4016ff7e477212ef88e68685b9df9617c
                                                                      • Opcode Fuzzy Hash: 580e4ec995c025e236e0119286df238f7e33c8c91af7f6f13076045bdd61eb5d
                                                                      • Instruction Fuzzy Hash: 16315373914BC481E720CB29E49039EA761FBA97A4F545329FEAC42A95DB78C1C28B40
                                                                      Function 000001EF1F22E614 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: cb30a7c2c620b97f400ef9b33bc0fdb0214d80daa24a11497eeb67f4fc095207
                                                                      • Instruction ID: e4086214194c9e83d2b3f40be06655902624b4d35b5ccc009d23798c6c318ecf
                                                                      • Opcode Fuzzy Hash: cb30a7c2c620b97f400ef9b33bc0fdb0214d80daa24a11497eeb67f4fc095207
                                                                      • Instruction Fuzzy Hash: 1A319C33210AC8C2EB54DB54E8513ED6361AFB4B80F98053DEE29873D2EA78C5869302
                                                                      Function 000001EF1F217390 Relevance: 3.1, APIs: 2, Instructions: 69registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CloseOpen
                                                                      • String ID:
                                                                      • API String ID: 47109696-0
                                                                      • Opcode ID: f079ec761da95b766b8b6afbeec7fda29d97571b2deafd3f5d4343d11bd09f0c
                                                                      • Instruction ID: c7346454ee244b110cfb3782aa1aad931c8c356127901de9aa31194f37f39816
                                                                      • Opcode Fuzzy Hash: f079ec761da95b766b8b6afbeec7fda29d97571b2deafd3f5d4343d11bd09f0c
                                                                      • Instruction Fuzzy Hash: CB21B433B15AC8C5EA509B21E4403DEA760EFA9BD4F441239EE5D83B99DA28C5C2C705
                                                                      Function 000001EF1F21664C Relevance: 3.1, APIs: 2, Instructions: 58synchronizationCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
                                                                      • String ID:
                                                                      • API String ID: 420082584-0
                                                                      • Opcode ID: a37b51bf11844fede821996e29e0b0eb991c5f59063565115c5bd1381c00078c
                                                                      • Instruction ID: 5bf20048add0b86153ab6c0af0fa1caf1e42f187b69fbefcb5276c57c703455b
                                                                      • Opcode Fuzzy Hash: a37b51bf11844fede821996e29e0b0eb991c5f59063565115c5bd1381c00078c
                                                                      • Instruction Fuzzy Hash: D421B173A48ACCC1F921B3B4E02A3DD1660AFB6791F54463CEDB9915C7DE1880C38527
                                                                      Function 000001EF1F21667D Relevance: 3.0, APIs: 2, Instructions: 47synchronizationCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CloseHandleMutexReleaserecv
                                                                      • String ID:
                                                                      • API String ID: 2659716615-0
                                                                      • Opcode ID: f7759426930724b6cecb2256aca7aa0a691b844007321e003cd8510a4262878b
                                                                      • Instruction ID: 8db6fb08352680310967c5506726d72b8eaf1cfac7f7535102e47afcf5f8ed6b
                                                                      • Opcode Fuzzy Hash: f7759426930724b6cecb2256aca7aa0a691b844007321e003cd8510a4262878b
                                                                      • Instruction Fuzzy Hash: 8911E0B3A08ACCC1FA20B728E02A3DD1250EFB6790F44063CEEB9815D7DE1880C38617
                                                                      Function 000001EF1F23DB60 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorFileLastPointer
                                                                      • String ID:
                                                                      • API String ID: 2976181284-0
                                                                      • Opcode ID: 7e9ab1c6d8c64915d6648e9c143c2363700413bfa3c055332623f50353a46816
                                                                      • Instruction ID: 205c6a22b2e83feaf721a64d68a102d10051d3cbdce9c1a1c0b97ff198e351f1
                                                                      • Opcode Fuzzy Hash: 7e9ab1c6d8c64915d6648e9c143c2363700413bfa3c055332623f50353a46816
                                                                      • Instruction Fuzzy Hash: 6211A773314BC8C2DA108B25E45429D6362FB65BF4F944369EE79477D9CF78C0928702
                                                                      Function 00007FF617E6D750 Relevance: 3.0, APIs: 2, Instructions: 33libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID:
                                                                      • API String ID: 2574300362-0
                                                                      • Opcode ID: bd71bcfb797b50c55a6df7201416778f22323b2fa91c79af38a8b0c2d0370c92
                                                                      • Instruction ID: 7de576a5132c4d214ff4dfe91d2c501eb4f7d3c45d0ab4cea0030982cac1066c
                                                                      • Opcode Fuzzy Hash: bd71bcfb797b50c55a6df7201416778f22323b2fa91c79af38a8b0c2d0370c92
                                                                      • Instruction Fuzzy Hash: F701F77651CB8589DA60CB11E48032BBBE0F788BA4F501535F6CE82B69CF3CD2948B04
                                                                      Function 000001EF1F24CB98 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                      • String ID:
                                                                      • API String ID: 1173176844-0
                                                                      • Opcode ID: 267b89f17236609d1417f10d46edbd95984192d968a560c5371d581f7ac22313
                                                                      • Instruction ID: 1ef1e1758e1eee9c319e40e16cb1d6c08eedb7848857f2cb680714efc7c107a4
                                                                      • Opcode Fuzzy Hash: 267b89f17236609d1417f10d46edbd95984192d968a560c5371d581f7ac22313
                                                                      • Instruction Fuzzy Hash: 16E0EC736516DDC2F928677AD8252FC00844F39770E1C1B3D5D7506AC3E994C4D38552
                                                                      Function 00007FF617EA5810 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RtlFreeHeap.NTDLL(?,?,00007FF617EA5929,00007FF617EAACD6,?,?,?,00007FF617EAB053,?,?,00000000,00007FF617EAB9B9,?,?,?,00007FF617EAB8EB), ref: 00007FF617EA5826
                                                                      • GetLastError.KERNEL32(?,?,00007FF617EA5929,00007FF617EAACD6,?,?,?,00007FF617EAB053,?,?,00000000,00007FF617EAB9B9,?,?,?,00007FF617EAB8EB), ref: 00007FF617EA5830
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFreeHeapLast
                                                                      • String ID:
                                                                      • API String ID: 485612231-0
                                                                      • Opcode ID: d1c0f4e6f877c9d6cfcd8a19c59eeb7a423ced942baaa3383c8ac58c4f15d072
                                                                      • Instruction ID: 0b8c293a0c095965a26312ee34cdd3a1f8e74430de6e2403080bd1e3bbcacef6
                                                                      • Opcode Fuzzy Hash: d1c0f4e6f877c9d6cfcd8a19c59eeb7a423ced942baaa3383c8ac58c4f15d072
                                                                      • Instruction Fuzzy Hash: 12E08C55F08E0283FF086BB2689607A27F15F84F32F144430CC0DCA2A3EF2CA8819300
                                                                      Function 000001EF1F23B550 Relevance: 2.5, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorFreeHeapLast
                                                                      • String ID:
                                                                      • API String ID: 485612231-0
                                                                      • Opcode ID: 47cbcda289b4926f8a5fa232dbc04e0ffd722977d505590b0caac84d58b1b127
                                                                      • Instruction ID: 132f8ecb2641f4850398c1460d770d2e74223fdaebaa42c318db66877afb28d2
                                                                      • Opcode Fuzzy Hash: 47cbcda289b4926f8a5fa232dbc04e0ffd722977d505590b0caac84d58b1b127
                                                                      • Instruction Fuzzy Hash: 11E08CB2B012CCC3FE1867F2D8492AC02516F7A740F0801788D35C2292ED2449C64202
                                                                      Function 000001EF1F22D450 Relevance: 1.7, APIs: 1, Instructions: 189COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID:
                                                                      • API String ID: 118556049-0
                                                                      • Opcode ID: 3de0bb872a4ced99b3461719a247294919f5c6187df7bd8ce26f5719ef776ffe
                                                                      • Instruction ID: b7490dae6a47ea621e4468921570d7e9d7b82d1e77ee873f08b9e79f944ab3d8
                                                                      • Opcode Fuzzy Hash: 3de0bb872a4ced99b3461719a247294919f5c6187df7bd8ce26f5719ef776ffe
                                                                      • Instruction Fuzzy Hash: 0361AD73200AC8C5EB259F16E1643AC23A1AB24F98F94852DDE6D8B7D5DA78C8D7C301
                                                                      Function 000001EF1F1CE150 Relevance: 1.7, APIs: 1, Instructions: 175COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __std_fs_directory_iterator_open
                                                                      • String ID:
                                                                      • API String ID: 4007087469-0
                                                                      • Opcode ID: 09c3d12c3065ae4d5b18b4ab33df85c87bef0ef2a9e7eedf7ec5a3e7bda915f9
                                                                      • Instruction ID: 8d0d898eb5050a39abca89f5d3cf17651bd28d94b89992023513b63e6f99a2e2
                                                                      • Opcode Fuzzy Hash: 09c3d12c3065ae4d5b18b4ab33df85c87bef0ef2a9e7eedf7ec5a3e7bda915f9
                                                                      • Instruction Fuzzy Hash: 6E61B173B00AC8C5FB10DBA9D4913EC23A1EB65798F505639DE2967AD5DA34C8D78340
                                                                      Function 000001EF1F1E5B00 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID:
                                                                      • API String ID: 118556049-0
                                                                      • Opcode ID: 5f734f89e121393218bfa89cd2150b654cdf271e265cf260d8858e63b9b3724d
                                                                      • Instruction ID: b5a1e3fd5ccd7fff6fc29b3a216159e10818fbf486eaae8c7b02724b92589ed9
                                                                      • Opcode Fuzzy Hash: 5f734f89e121393218bfa89cd2150b654cdf271e265cf260d8858e63b9b3724d
                                                                      • Instruction Fuzzy Hash: 5641AE73304BC8C5EA119F16E4443DD6366BBA8BD4F580639DFAE5B796EA38C0829304
                                                                      Function 000001EF1F1E9ED0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID:
                                                                      • API String ID: 118556049-0
                                                                      • Opcode ID: d243ac50de2c8c9fea6c29278dfef3fc0bb35fb888659e4b002118cf497ee55e
                                                                      • Instruction ID: 4d67eb7ccc8949b4e76d12dc14d4b84fb2cfa8fb63cc363e4b439ba2e67bfa08
                                                                      • Opcode Fuzzy Hash: d243ac50de2c8c9fea6c29278dfef3fc0bb35fb888659e4b002118cf497ee55e
                                                                      • Instruction Fuzzy Hash: 0931D173301AC881ED15DB16E4046DE6790BB64BE4F944A39AE6E27BD6CE39C0839300
                                                                      Function 000001EF1F1E5CB0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID:
                                                                      • API String ID: 118556049-0
                                                                      • Opcode ID: 06537a7ba540c1a5300730ad9c59412aaea285a4b1102b37b414c66f630cb10d
                                                                      • Instruction ID: 3310f8cd4b934f80ff6691c0fdb3051369f7f291c5fbcebf9a5e5ce0d4bffe66
                                                                      • Opcode Fuzzy Hash: 06537a7ba540c1a5300730ad9c59412aaea285a4b1102b37b414c66f630cb10d
                                                                      • Instruction Fuzzy Hash: 6141C173300BC8C5EE11DB16E5083DDA251BB64BD4F5446399EAE9BBD6EA38C183A700
                                                                      Function 000001EF1F1E15C0 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID:
                                                                      • API String ID: 118556049-0
                                                                      • Opcode ID: c8f35241680a78ad30887ff165a9545e894890fe3596c2921fb291b78a2a9208
                                                                      • Instruction ID: 9c90ba73ba31bf1582ccacc9dd1839670c80436a3c4f7c4a56edcac279717aee
                                                                      • Opcode Fuzzy Hash: c8f35241680a78ad30887ff165a9545e894890fe3596c2921fb291b78a2a9208
                                                                      • Instruction Fuzzy Hash: 1A31D373701AC8C5FE169B56E5103ED12919B29FE4F5806399E2E27BD7EA74C4D3A300
                                                                      Function 000001EF1F23BA50 Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 62a68b64f697a3323ce5c67975f603dd912b7630c4b3619a8df593f8b8e10b11
                                                                      • Instruction ID: 908bc45acdaabbc018143d645bf7cd79b63393a1f8b4adfa314d8c704d8b15e0
                                                                      • Opcode Fuzzy Hash: 62a68b64f697a3323ce5c67975f603dd912b7630c4b3619a8df593f8b8e10b11
                                                                      • Instruction Fuzzy Hash: 7241D4B31046C8C7EA348F15D56139D73A0FB7AB80F180169DEA687694CB28C483C753
                                                                      Function 000001EF1F1E5990 Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID:
                                                                      • API String ID: 118556049-0
                                                                      • Opcode ID: e041cf908c7806a460978dffd14b77cdf62e9f26ca05f709f980f8a42ad1ed41
                                                                      • Instruction ID: 1beb3d530acf88dc2f48a29ce47156079a9afd12b968c662e520c2a83b9c8a47
                                                                      • Opcode Fuzzy Hash: e041cf908c7806a460978dffd14b77cdf62e9f26ca05f709f980f8a42ad1ed41
                                                                      • Instruction Fuzzy Hash: D83102733017C8C4EE119B16E5843CC6351AFA4BD4F184639AE6E5BBC6EA78C0C3A300
                                                                      Function 000001EF1F220250 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: InformationVolume
                                                                      • String ID:
                                                                      • API String ID: 2039140958-0
                                                                      • Opcode ID: 08e4572989bba9d8d59fddbb911f8b4ea3613f7b15f1e0c28b03354269a55b2f
                                                                      • Instruction ID: 5b4f6df284079f727a0e9a1e664b8f89ad3d14dd11403fd9ed8ec85153534dfe
                                                                      • Opcode Fuzzy Hash: 08e4572989bba9d8d59fddbb911f8b4ea3613f7b15f1e0c28b03354269a55b2f
                                                                      • Instruction Fuzzy Hash: 0A516C33A14BC4C6E710CB68D4803DD7765FBA9788F504229EFAC53A99DB78C586C741
                                                                      Function 00007FF617E77DC0 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF617E7B970: _Byte_length.LIBCPMTD ref: 00007FF617E7B9F6
                                                                      • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF617E77ED5
                                                                        • Part of subcall function 00007FF617E7BA40: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF617E7BA6A
                                                                        • Part of subcall function 00007FF617E7BAA0: _Byte_length.LIBCPMTD ref: 00007FF617E7BB26
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: Byte_lengthConcurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
                                                                      • String ID:
                                                                      • API String ID: 2675252387-0
                                                                      • Opcode ID: 8cf2c1331036d997b2d5cbdfd09f9a6dace60c7598b65e1a7ef6aa7a93a04358
                                                                      • Instruction ID: 794d5259026a629820f8bf3f001c667a06def822b1d9ea9b9920191837edfccd
                                                                      • Opcode Fuzzy Hash: 8cf2c1331036d997b2d5cbdfd09f9a6dace60c7598b65e1a7ef6aa7a93a04358
                                                                      • Instruction Fuzzy Hash: 7F513C3261DEC595EA60EB14E4503DBB3A1FBC4B94F804036E68D87B6ADE3CD549CB40
                                                                      Function 00007FF617E6BA90 Relevance: 1.6, APIs: 1, Instructions: 95COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF617E6C520: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF617E6C53D
                                                                        • Part of subcall function 00007FF617E6C520: _Max_value.LIBCPMTD ref: 00007FF617E6C562
                                                                        • Part of subcall function 00007FF617E6C520: _Min_value.LIBCPMTD ref: 00007FF617E6C590
                                                                      • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF617E6BB3C
                                                                        • Part of subcall function 00007FF617E64310: std::_Xinvalid_argument.LIBCPMT ref: 00007FF617E6431B
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: Concurrency::details::EmptyQueue::StructuredWork$Max_valueMin_valueXinvalid_argumentstd::_
                                                                      • String ID:
                                                                      • API String ID: 142707115-0
                                                                      • Opcode ID: 60dc388cca3665f00380207ba0fc440bb0a5f3e9cb1ca1dbde5340a79cbc7bc9
                                                                      • Instruction ID: 0743ac8e55b6fedb170bc77ff141a2233042d9d87d90a601c254d2a7e76f86d0
                                                                      • Opcode Fuzzy Hash: 60dc388cca3665f00380207ba0fc440bb0a5f3e9cb1ca1dbde5340a79cbc7bc9
                                                                      • Instruction Fuzzy Hash: 8C519F36629FC581DA60DB56F49026BB7A1F7C9B94F101026FB8E83B2ADF3CD5508B40
                                                                      Function 000001EF1F1D4E90 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 000001EF1F1D4FAE
                                                                        • Part of subcall function 000001EF1F1CB7B0: __std_exception_copy.LIBVCRUNTIME ref: 000001EF1F1CB7F8
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task__std_exception_copy
                                                                      • String ID:
                                                                      • API String ID: 317858897-0
                                                                      • Opcode ID: 2b26ec282fc8c4ed485fce7933239b66542e7d8fb1000ec4d107d023d18fdfd6
                                                                      • Instruction ID: f7639f8ec3e8d013afe683f210587d31c207fe6e0ec942b9e3591206acda6bf6
                                                                      • Opcode Fuzzy Hash: 2b26ec282fc8c4ed485fce7933239b66542e7d8fb1000ec4d107d023d18fdfd6
                                                                      • Instruction Fuzzy Hash: 2331A073A01AD8C1EE18DB19E1143EC62A0AB64BB4F2447399E7D57BE5EB78C4D38340
                                                                      Function 000001EF1F1DFE50 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 000001EF1F1DFF58
                                                                        • Part of subcall function 000001EF1F1CB7B0: __std_exception_copy.LIBVCRUNTIME ref: 000001EF1F1CB7F8
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task__std_exception_copy
                                                                      • String ID:
                                                                      • API String ID: 317858897-0
                                                                      • Opcode ID: 7b80adb482ef6766f29c128180fde28b413faead996806e72a29ec464a59cb0e
                                                                      • Instruction ID: 3074a79ad7eec4c39e128256950250dd411ad90eda4e814a8d8638b1d0be24eb
                                                                      • Opcode Fuzzy Hash: 7b80adb482ef6766f29c128180fde28b413faead996806e72a29ec464a59cb0e
                                                                      • Instruction Fuzzy Hash: 3F21E333A01BC8C1EA18EB15E1443EC22A0AF64BA4F2446399E7C57BD2EA78C5D39340
                                                                      Function 000001EF1F23D4D0 Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 90e282629e3327800b1a09ea2473f0e2941ce1167cc6a0942764be9094e0e12c
                                                                      • Instruction ID: 71528e70e5cf53f5ca2038fffe50e430cab9e99c34d73f8b153e1fb340562ed1
                                                                      • Opcode Fuzzy Hash: 90e282629e3327800b1a09ea2473f0e2941ce1167cc6a0942764be9094e0e12c
                                                                      • Instruction Fuzzy Hash: 493192B36146DCC3FB155B59C8513DC2650AF68B68F9101AE9E35473D2DA78C8C78712
                                                                      Function 00007FF617E6F580 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8832b93c38650351119958a3682aaab50e8cbc8b9dc0623d89af5356b64ee8a2
                                                                      • Instruction ID: 183624c26ddc3f8efd2e60a4d01191c1cb528fe7459779f87571b31b5ad1febb
                                                                      • Opcode Fuzzy Hash: 8832b93c38650351119958a3682aaab50e8cbc8b9dc0623d89af5356b64ee8a2
                                                                      • Instruction Fuzzy Hash: E031D56662CBC181DA509B56E45076FB7A0FB85BE4F401036FBCD87BAADE6CD5008B80
                                                                      Function 000001EF1F2431A1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: HandleModule$AddressFreeLibraryProc
                                                                      • String ID:
                                                                      • API String ID: 3947729631-0
                                                                      • Opcode ID: 530d5f225501611c07fa3f753d7d8dc80cca454b0254b6cc05cb90d306267795
                                                                      • Instruction ID: 9aa2ca28ada104de980428314091e2ceeea437e29de04f4b242a02d1eb82f7a4
                                                                      • Opcode Fuzzy Hash: 530d5f225501611c07fa3f753d7d8dc80cca454b0254b6cc05cb90d306267795
                                                                      • Instruction Fuzzy Hash: A9213D32A016C8CAEB25DFA8D4443EC37A0EB64718F544639DE2907AD5DBB4CD86DB41
                                                                      Function 000001EF1F25E208 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: c41a516aab5bbd5a0cb5ee3d8915c07e5e449c965519035ee3790c186b832703
                                                                      • Instruction ID: cfaf37704c635386c2d21bb0f155cc7c838503c1d918d961ad924c4658b1b4d8
                                                                      • Opcode Fuzzy Hash: c41a516aab5bbd5a0cb5ee3d8915c07e5e449c965519035ee3790c186b832703
                                                                      • Instruction Fuzzy Hash: 95219973214AC4C7D7658F18D4403ED76A1EBA4B54F548238DF79876E9DB39C8868F01
                                                                      Function 000001EF1F25C510 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 6080b6f5c7735027f4532a4154f17099be5a1c2b37b88469d38b788aa2f2ab04
                                                                      • Instruction ID: 9bcdc9e47f63a83dfcc9a673ae81bde92ca71d5ee43b15a62d5fd52eb03d2694
                                                                      • Opcode Fuzzy Hash: 6080b6f5c7735027f4532a4154f17099be5a1c2b37b88469d38b788aa2f2ab04
                                                                      • Instruction Fuzzy Hash: F6117833618AC8C3EA609F61D4007FDA2A0FFA5B84F544539EE94476A6DB79C5C38B42
                                                                      Function 00007FF617E6E170 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 292d0802afc3662b8a44df9434c69ee7ab1bc2423aa3cf29da608adeab93335d
                                                                      • Instruction ID: 83baa2c533de5f2f007dcbf6fac9ac7afeaf55a406d5dab3406e80f3e51e30a4
                                                                      • Opcode Fuzzy Hash: 292d0802afc3662b8a44df9434c69ee7ab1bc2423aa3cf29da608adeab93335d
                                                                      • Instruction Fuzzy Hash: 5E212F2251CEC181DAA0DB11E4513ABA7E1FB99B94F945535F7CEC3A9ADF2CD2448B00
                                                                      Function 00007FF617E7BBF0 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF617E7BC1C
                                                                        • Part of subcall function 00007FF617E7F7D0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF617E7F846
                                                                        • Part of subcall function 00007FF617E7F7D0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF617E7F855
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Concurrency::details::EmptyQueue::StructuredWork
                                                                      • String ID:
                                                                      • API String ID: 2595383736-0
                                                                      • Opcode ID: d187d2a0eb802e6f176a8c328b985804572825bb7962f1620d6111e602d056cd
                                                                      • Instruction ID: 40d279cdcc41c451d9b78d0c73e937d952d444f22c90d12b8c2c0622c7661533
                                                                      • Opcode Fuzzy Hash: d187d2a0eb802e6f176a8c328b985804572825bb7962f1620d6111e602d056cd
                                                                      • Instruction Fuzzy Hash: A7210336618F8981DA10DB15F48125BB7A5FBC9B94F501126FA8D83B6ADF3CD150CB40
                                                                      Function 00007FF617E78750 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF617E7875E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: Concurrency::details::EmptyQueue::StructuredWork
                                                                      • String ID:
                                                                      • API String ID: 1865873047-0
                                                                      • Opcode ID: f8c7e8331dde7540c220ec2cf53b80f18e0f368c2e7c04878d69dbed098d0d54
                                                                      • Instruction ID: 2784f948be718de423fb134cd97afd922346f52dff12ea3d9504c5c1777eddb6
                                                                      • Opcode Fuzzy Hash: f8c7e8331dde7540c220ec2cf53b80f18e0f368c2e7c04878d69dbed098d0d54
                                                                      • Instruction Fuzzy Hash: 7A117236619F8881DB609B1AE49031EB7A1F7C9F94F505126EBCD87B6ACF3CC5508B00
                                                                      Function 00007FF617E7BAA0 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF617E7BB70: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF617E7BB7E
                                                                      • _Byte_length.LIBCPMTD ref: 00007FF617E7BB26
                                                                        • Part of subcall function 00007FF617E7BBF0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF617E7BC1C
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: Byte_lengthConcurrency::details::Concurrency::details::_CriticalEmptyLock::_Queue::ReentrantScoped_lockScoped_lock::~_StructuredWork
                                                                      • String ID:
                                                                      • API String ID: 3730899627-0
                                                                      • Opcode ID: 44c7796c75c25c5c7709d50e7aab81eaeec602659a9d168cd4e954b65d0e7a9e
                                                                      • Instruction ID: 1ddf0c13802f4c8231ebb1528851b1c0122918c2ac2d36cd361ebc842e925148
                                                                      • Opcode Fuzzy Hash: 44c7796c75c25c5c7709d50e7aab81eaeec602659a9d168cd4e954b65d0e7a9e
                                                                      • Instruction Fuzzy Hash: 3F11F222528F8582DA50DB25F49119BB7A0FBC5B90FA00122FBCD83B6ADF3CD5118F80
                                                                      Function 00007FF617E7B970 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _Byte_length.LIBCPMTD ref: 00007FF617E7B9F6
                                                                        • Part of subcall function 00007FF617E7BBF0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF617E7BC1C
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: Byte_lengthConcurrency::details::EmptyQueue::StructuredWork
                                                                      • String ID:
                                                                      • API String ID: 2180140624-0
                                                                      • Opcode ID: 3d721e314f6597f4f5539cc87ca23b51fab7460f1361a429639f5c59ef1ee461
                                                                      • Instruction ID: 78cb0204200091120f156edfa2a721407b27eb700783e403c2dc9957829bae66
                                                                      • Opcode Fuzzy Hash: 3d721e314f6597f4f5539cc87ca23b51fab7460f1361a429639f5c59ef1ee461
                                                                      • Instruction Fuzzy Hash: 1C11E02252CE8182DA50DB25F49119BB7A4FBC5B90FA00122FBCD83B6ADF3CD151CB40
                                                                      Function 00007FF617E67E40 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF617E67E74
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: Concurrency::details::EmptyQueue::StructuredWork
                                                                      • String ID:
                                                                      • API String ID: 1865873047-0
                                                                      • Opcode ID: 30fd8099ffd4be0d4f69dd9a583985dde0d8b0850e5991a20b1c7c05a0df383f
                                                                      • Instruction ID: c5a07bf0607ff7ec47b5a279878d746e80baf829f06b9e6d975943adcb94477d
                                                                      • Opcode Fuzzy Hash: 30fd8099ffd4be0d4f69dd9a583985dde0d8b0850e5991a20b1c7c05a0df383f
                                                                      • Instruction Fuzzy Hash: 8C112E66618F8181DA20DB15E05036BA7A0FBC9BE4F040135FB8D87B6ACF3CD6448B40
                                                                      Function 000001EF1F21ADC0 Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: send
                                                                      • String ID:
                                                                      • API String ID: 2809346765-0
                                                                      • Opcode ID: af342f55a76444dc29af71e8fb4152a83f454f5b800a0383b076c9e997804f61
                                                                      • Instruction ID: 505f0f48318d768731f5427b32fc2fc7da81478c4f0810f0fe67acc4e9ef208e
                                                                      • Opcode Fuzzy Hash: af342f55a76444dc29af71e8fb4152a83f454f5b800a0383b076c9e997804f61
                                                                      • Instruction Fuzzy Hash: EA01D636B18AC8C1DB509F1AF54025EA3A0FB98FD4F485135EF6D43B49DB28C8928B04
                                                                      Function 00007FF617E6F6A0 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: type_info::_name_internal_method
                                                                      • String ID:
                                                                      • API String ID: 3713626258-0
                                                                      • Opcode ID: 76e54cbdeb55244470ca4b8c1149c975881fede5f5229d85922bdbd701fbbbd6
                                                                      • Instruction ID: 23af845820ee1ead9fe3e981d5806dbb110d6464331c0c2965b5850e724048ec
                                                                      • Opcode Fuzzy Hash: 76e54cbdeb55244470ca4b8c1149c975881fede5f5229d85922bdbd701fbbbd6
                                                                      • Instruction Fuzzy Hash: FB01FA7662CF8681DA409B16F45026BB3A1FB84BD0F406431FBCD8775ADF6CE5108B40
                                                                      Function 00007FF617E6CD80 Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo_noreturn
                                                                      • String ID:
                                                                      • API String ID: 3668304517-0
                                                                      • Opcode ID: 5b003b8cca513f1d9bd291702dbd346b7f7ce6d2eb4d71e1a0a6965b61c62195
                                                                      • Instruction ID: c4a9c8afcae62db3af56882a24a2bc36d9dc7be2b33751dc86f6dfc9475c2dab
                                                                      • Opcode Fuzzy Hash: 5b003b8cca513f1d9bd291702dbd346b7f7ce6d2eb4d71e1a0a6965b61c62195
                                                                      • Instruction Fuzzy Hash: 25011662A19F8541D6609B25E44131BA7D4FB85BA8F501231F79D82BE6DF2CD6508704
                                                                      Function 000001EF1F1D58F3 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileFindNext
                                                                      • String ID:
                                                                      • API String ID: 2029273394-0
                                                                      • Opcode ID: c09ff1b7f36846cd2f70e20038cef65db65028f9499b4e4cc306786389cb5efe
                                                                      • Instruction ID: eac3d2f97daba33d51fb3994fdc87d2699407efc4e7bb0d1d6a03869a9552747
                                                                      • Opcode Fuzzy Hash: c09ff1b7f36846cd2f70e20038cef65db65028f9499b4e4cc306786389cb5efe
                                                                      • Instruction Fuzzy Hash: 32014F37218AC4C1EA70CB56F85439E6364FBD9B94F804066CE9D53B59DE38C887CB00
                                                                      Function 00007FF617E7C9F0 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF617E7CA33
                                                                        • Part of subcall function 00007FF617E6A910: allocator.LIBCONCRTD ref: 00007FF617E6A92B
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: Concurrency::details::EmptyQueue::StructuredWorkallocator
                                                                      • String ID:
                                                                      • API String ID: 1755220593-0
                                                                      • Opcode ID: 0be8727490954b9d9608c68c0c3e94e3c05ef35cc3da3c80f663008593293bb7
                                                                      • Instruction ID: ff894a8450da1de5d50a362dcfa01c6b77fc6c7d4dd0878a30a95b43665a04c3
                                                                      • Opcode Fuzzy Hash: 0be8727490954b9d9608c68c0c3e94e3c05ef35cc3da3c80f663008593293bb7
                                                                      • Instruction Fuzzy Hash: 60012036619F8486CA60DB4AF89111EB7A5F7C9B94F504125FBCD83B29DF3CD6618B00
                                                                      Function 000001EF1F22ED2C Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 8baf8acf487f5caa78a15ef12004ef049afcc069522c3c2ef46e844b516c0117
                                                                      • Instruction ID: 0d5f480d37e9dc9a83c4a873a614c3921df11ed555ec9239890be27714b267a8
                                                                      • Opcode Fuzzy Hash: 8baf8acf487f5caa78a15ef12004ef049afcc069522c3c2ef46e844b516c0117
                                                                      • Instruction Fuzzy Hash: 04E09273215AC9C2EB256BA5E1413ECA1689F287B0F54473DAF34876C6DA2484D25602
                                                                      Function 00007FF617EB5554 Relevance: 1.5, APIs: 1, Instructions: 21COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                                      • String ID:
                                                                      • API String ID: 680105476-0
                                                                      • Opcode ID: eab2c86477353e2fdf37daf347e1d7af9a32534bc8376d8c7edc6a9f128f6aaa
                                                                      • Instruction ID: 202e5ffa7afad49b45f036b96a18a161af9cb60595d994d5512b02afe334ea4b
                                                                      • Opcode Fuzzy Hash: eab2c86477353e2fdf37daf347e1d7af9a32534bc8376d8c7edc6a9f128f6aaa
                                                                      • Instruction Fuzzy Hash: EDE0EC40E0AF0B06F92863A5545517B06D50F4CF72E3C5730EA7ECA2D7ED1CF4954510
                                                                      Function 00007FF617E7BA40 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF617E7BA6A
                                                                        • Part of subcall function 00007FF617E77FD0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF617E780EF
                                                                        • Part of subcall function 00007FF617E77FD0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF617E78197
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
                                                                      • String ID:
                                                                      • API String ID: 2443641946-0
                                                                      • Opcode ID: a00cf0b1ec4db13d273557ccddcb421bc2b4e8bce47aca48317bcbe3f147d040
                                                                      • Instruction ID: d100bdca4eded802387fadc73a7c47a17383d5c4d875c31e0904234dbe88eb72
                                                                      • Opcode Fuzzy Hash: a00cf0b1ec4db13d273557ccddcb421bc2b4e8bce47aca48317bcbe3f147d040
                                                                      • Instruction Fuzzy Hash: 4EF07472518A8086D660EB55E45115FB7A0F7C87A4F001125FACD87B2ADF7CD6508F44
                                                                      Function 000001EF1F2597D0 Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileFindNext
                                                                      • String ID:
                                                                      • API String ID: 2029273394-0
                                                                      • Opcode ID: 4177796e15072c585db232ab642f29accb6d05ea1f689265af403d42f2bb1474
                                                                      • Instruction ID: caf8158746696eb564800f48a0aea92d2bcee1213a5c78f515c8d0813d9c7b77
                                                                      • Opcode Fuzzy Hash: 4177796e15072c585db232ab642f29accb6d05ea1f689265af403d42f2bb1474
                                                                      • Instruction Fuzzy Hash: 8CC04C26F155C9C1E6541B729C4228A1294BB77740F404139CE15C4191D92C81D74E13
                                                                      Function 00007FF617E6A910 Relevance: 1.5, APIs: 1, Instructions: 9COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: allocator
                                                                      • String ID:
                                                                      • API String ID: 3447690668-0
                                                                      • Opcode ID: 69c9719d4dd52abe98a264028dc470e26ea7d52536d19f2f10ff87e1f9baad59
                                                                      • Instruction ID: 83a8c9c48701239b64b339a3b602c5174fffd6d77cebef4fa547436dd984dadf
                                                                      • Opcode Fuzzy Hash: 69c9719d4dd52abe98a264028dc470e26ea7d52536d19f2f10ff87e1f9baad59
                                                                      • Instruction Fuzzy Hash: ADC0E966A29F8581CA44EB16F88101A7764F7D8BD0F90A425FA9E53729DF2CD1658B00
                                                                      Function 000001EF1F25B3C4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: InfoNativeSystem
                                                                      • String ID:
                                                                      • API String ID: 1721193555-0
                                                                      • Opcode ID: 5d96549d17151685d9874b2efd5e6665c09aeaad6767ec6861ada1b691878f94
                                                                      • Instruction ID: ffbc00073c7d86b4daf9357ab908ce130b74a62088eabbbc9e2eb62726a32660
                                                                      • Opcode Fuzzy Hash: 5d96549d17151685d9874b2efd5e6665c09aeaad6767ec6861ada1b691878f94
                                                                      • Instruction Fuzzy Hash: B9B09236A148C0C3C611EB04E8560497331FBA6B0CFD00110EA9D42664CE2CCA2A8E00
                                                                      Function 000001EF1F23DEDC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocHeap
                                                                      • String ID:
                                                                      • API String ID: 4292702814-0
                                                                      • Opcode ID: ad1b43cdb7c3550550fd4afa13c905d117ea5c1f34bfd66f5f885cc22fb7391c
                                                                      • Instruction ID: 57b171e445f0f794d552ccda691c45e7438047869adac21573859d9896bcf766
                                                                      • Opcode Fuzzy Hash: ad1b43cdb7c3550550fd4afa13c905d117ea5c1f34bfd66f5f885cc22fb7391c
                                                                      • Instruction Fuzzy Hash: 3EF0FEB73152CDC6FA545771D8613ED22909F78760F89567C9D36862C1D968C4C38112
                                                                      Function 00007FF617EA64BC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • HeapAlloc.KERNEL32(?,?,00000028,00007FF617EB5573,?,?,?,00007FF617E610A8), ref: 00007FF617EA64FA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: AllocHeap
                                                                      • String ID:
                                                                      • API String ID: 4292702814-0
                                                                      • Opcode ID: 31f5e82480b86c694179d874989cf1b3d096565e770f3be7cb9178f83f4d8f72
                                                                      • Instruction ID: 7f5dc261cbaa8d27914d22c20cdfc3990e213bf7c411b3bc0d87cb42ea16654b
                                                                      • Opcode Fuzzy Hash: 31f5e82480b86c694179d874989cf1b3d096565e770f3be7cb9178f83f4d8f72
                                                                      • Instruction Fuzzy Hash: E6F08C51F0CA0789FE652772980167B13E06F86FB1F090A30DC2ECA2E7EE2CE4408A10
                                                                      Function 00007FF617E626C0 Relevance: 1.3, APIs: 1, Instructions: 17memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491951277.00007FF617E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617E60000, based on PE: true
                                                                      • Associated: 00000000.00000002.1491932782.00007FF617E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF617ECB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492032274.00007FF61817D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492204407.00007FF618189000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1492224787.00007FF61818C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff617e60000_unique.jbxd
                                                                      Similarity
                                                                      • API ID: AllocVirtual
                                                                      • String ID:
                                                                      • API String ID: 4275171209-0
                                                                      • Opcode ID: bb55d3c25760e0320b4c92f21841f287c01ac31988aa5e77e6438427710fe636
                                                                      • Instruction ID: 2d9afc91fb588891481da5a4cd4c451dc1c43fa18bcc909c29de6a8d89755fce
                                                                      • Opcode Fuzzy Hash: bb55d3c25760e0320b4c92f21841f287c01ac31988aa5e77e6438427710fe636
                                                                      • Instruction Fuzzy Hash: 90E0C276A1CB8586DA208B15E44071BBBA4F799B94F200525EBCD82B29CF7DD6548B40

                                                                      Non-executed Functions

                                                                      Function 000001EF1F230D98 Relevance: 49.1, APIs: 25, Strings: 2, Instructions: 1888COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: memcpy_s$_invalid_parameter_noinfo
                                                                      • String ID: $
                                                                      • API String ID: 2880407647-227171996
                                                                      • Opcode ID: df87294ae73204ead43c2230939cbb6a00851c436377c9d63da8146f7a05de15
                                                                      • Instruction ID: e600fcecd2062334895509d6a90c62de183f4c70300d7367b5c67898eced9d41
                                                                      • Opcode Fuzzy Hash: df87294ae73204ead43c2230939cbb6a00851c436377c9d63da8146f7a05de15
                                                                      • Instruction Fuzzy Hash: 0703C2B36102C8CBE7758F25D9507EE37A1FB69788F10512ADE1697B88D735CA82CB01
                                                                      Function 000001EF1F2243F0 Relevance: 34.3, APIs: 18, Strings: 1, Instructions: 1015stringmemorynativeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: lstrcpy$lstrcat$AllocateInitLockMemoryObjectStringUnicodeVirtual$AcquireEnumerateFolderFreeInitializeKnownLoadedModulesPathReleaseTaskUninitialize
                                                                      • String ID: 0
                                                                      • API String ID: 1424456515-4108050209
                                                                      • Opcode ID: 871c8db82c018933de821c7e5ee4dab024f04bf961e7293322aa2c5c5a8db519
                                                                      • Instruction ID: af562f2879bee8244d5418662cc7524ad0da6aa407cff6d910ae30c37f965da4
                                                                      • Opcode Fuzzy Hash: 871c8db82c018933de821c7e5ee4dab024f04bf961e7293322aa2c5c5a8db519
                                                                      • Instruction Fuzzy Hash: 06C2A736626FC88AD7908F69E88169DB3B5F788B88F105219EECD57B18EF38C155C740
                                                                      Function 000001EF1F1A6180 Relevance: 30.2, Strings: 24, Instructions: 238COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID: BOOTNXT$autorun.inf$boot.ini$boot.sdi$bootfont.bin$bootmgfw.efi$bootmgr$bootsect.bak$bootstat.dat$d3d9caps.dat$desktop.ini$gdipfontcachev1.dat$iconcache.db$indexervolumeguid$mib.bin$ntldr$ntuser.dat$ntuser.dat.log$ntuser.ini$reagent.xml$thumbs.db$winre.wim$winsipolicy.p7b$wpsettings.dat
                                                                      • API String ID: 118556049-850610325
                                                                      • Opcode ID: dea6d34053270f54165e7821960ee4cc20a6cc02140d0cf59d37aac2e2ba149c
                                                                      • Instruction ID: da98d6b52c7ecf41fe631e2031d652f486ba7ff6d1a9401f6954b046a17a023d
                                                                      • Opcode Fuzzy Hash: dea6d34053270f54165e7821960ee4cc20a6cc02140d0cf59d37aac2e2ba149c
                                                                      • Instruction Fuzzy Hash: 7AC14473D60BCD84E721DB35DC923E95321FBFA384F60631A6D8865856EBA4A3C5C340
                                                                      Function 000001EF1F1EC820 Relevance: 29.3, APIs: 2, Strings: 14, Instructions: 1339COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 000001EF1F1EDEA1
                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 000001EF1F1EDF4F
                                                                        • Part of subcall function 000001EF1F1CB930: __std_exception_copy.LIBVCRUNTIME ref: 000001EF1F1CB973
                                                                        • Part of subcall function 000001EF1F24F198: RtlPcToFileHeader.KERNEL32 ref: 000001EF1F24F1E8
                                                                        • Part of subcall function 000001EF1F24F198: RaiseException.KERNEL32 ref: 000001EF1F24F229
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task$ExceptionFileHeaderRaise__std_exception_copy
                                                                      • String ID: "$#base$#include$*$/$No closed word$Unexpected eof$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
                                                                      • API String ID: 145623376-3561477107
                                                                      • Opcode ID: e1fb44af09d5265b52bc700c18f1e0b665796307b88a6a3ec42f7556474d5ffc
                                                                      • Instruction ID: 048b259fddfe9f77155632718d2a65920daf42cac04ff01c2ba965193f79f206
                                                                      • Opcode Fuzzy Hash: e1fb44af09d5265b52bc700c18f1e0b665796307b88a6a3ec42f7556474d5ffc
                                                                      • Instruction Fuzzy Hash: A8D25D73201AC8C9EB619F24D8543DD33A1FB65798F84412ADE5E2BA9ADF74C6C6D300
                                                                      Function 000001EF1F1A5DB0 Relevance: 25.2, Strings: 20, Instructions: 202COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID: #recycle$$recycle.bin$$windows.~bt$$windows.~ws$$winreagent$All users$AppData$Application Data$Boot$PerfLogs$Program Files$Program Files (x86)$ProgramData$System Volume Information$Windows$Windows.old$Windows.~bt$bootmgr$config.msi$ntldr
                                                                      • API String ID: 118556049-2722463023
                                                                      • Opcode ID: b349f0743e28fad41dd0cf6d04c419ecc5bc303b8eb5692233894048f4044c83
                                                                      • Instruction ID: 7e9804365856d5c82752382b507436f94f22eef707c6d8ebc385e967055a85f8
                                                                      • Opcode Fuzzy Hash: b349f0743e28fad41dd0cf6d04c419ecc5bc303b8eb5692233894048f4044c83
                                                                      • Instruction Fuzzy Hash: 2BA14573D60FDD84E711DB35DC823E95321FBFA388F60631AAD9866856EB64A2C5C340
                                                                      Function 000001EF1F1EE320 Relevance: 24.1, APIs: 2, Strings: 11, Instructions: 1388COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID: #base$#include$No closed word$Unexpected eof$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
                                                                      • API String ID: 118556049-1838291449
                                                                      • Opcode ID: 680b7df58fea4b095c02cd41ffb0843881cef1913b656ad0361896acb1ddca19
                                                                      • Instruction ID: 8202ca398a49f1fb41b13db5d2e67970eb4307a4ed463ffc27c79c901973aa8c
                                                                      • Opcode Fuzzy Hash: 680b7df58fea4b095c02cd41ffb0843881cef1913b656ad0361896acb1ddca19
                                                                      • Instruction Fuzzy Hash: 4CE25B73201BC8C9EB718F24D8543ED23A1EB65B98F45412ADE5E1BA9ADF74C6C6D300
                                                                      Function 000001EF1F223CF0 Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 351nativelibraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Handle$Query$CloseInformationProcessSystem$AddressCurrentFinalModuleNameObjectOpenPathProc
                                                                      • String ID: File$NtDuplicateObject$ntdll.dll
                                                                      • API String ID: 2729825427-3955674919
                                                                      • Opcode ID: 29b8755b41df6b2d885039064fcf97b48faa31fbfe035c7d26f92b0c8bdecf9b
                                                                      • Instruction ID: 28f18f63aa91fb4f4667f2f5bd8a656f26d5b41e612ae4a4b77e22c4e8880de7
                                                                      • Opcode Fuzzy Hash: 29b8755b41df6b2d885039064fcf97b48faa31fbfe035c7d26f92b0c8bdecf9b
                                                                      • Instruction Fuzzy Hash: 9CE1B273714AC8C9FB00CBA5D4103ED27B1EB65B88F408129DE6D97B9ADF78C58A8301
                                                                      Function 000001EF1F20F040 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 218COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Initialize
                                                                      • String ID: @
                                                                      • API String ID: 2538663250-2766056989
                                                                      • Opcode ID: 51a3142d8d5f26322b3a8525074c9bde09a9fc806b8d02ebc27a6b845aabe09a
                                                                      • Instruction ID: ef3cae129e68b433e3b18562f8fd68de11d8ad9c86ad1afbfc5abe823ea9f88c
                                                                      • Opcode Fuzzy Hash: 51a3142d8d5f26322b3a8525074c9bde09a9fc806b8d02ebc27a6b845aabe09a
                                                                      • Instruction Fuzzy Hash: D5A18973B04AC8CAE710CF64E40079D77B1FBA9B98F004229DE6A57A98DB39C1968745
                                                                      Function 000001EF1F2486F0 Relevance: 22.2, APIs: 8, Strings: 4, Instructions: 1156COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: s$s$?$$j%
                                                                      • API String ID: 3215553584-1997487030
                                                                      • Opcode ID: d7f83457da4c3e3b32f3b759ac70e557949627dbed151290640d8c5a3e20f7d8
                                                                      • Instruction ID: 5496c22491b160ddcffa9e6340a839477dbc05a89af6bce2556981e4141556e6
                                                                      • Opcode Fuzzy Hash: d7f83457da4c3e3b32f3b759ac70e557949627dbed151290640d8c5a3e20f7d8
                                                                      • Instruction Fuzzy Hash: 4DA2D2737142D8CBE725CF64D440BED37A1FB74788F405129DE2A67A88D7B49A82CB41
                                                                      Function 000001EF1F2151E0 Relevance: 21.5, APIs: 1, Strings: 11, Instructions: 465COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ExecuteShell
                                                                      • String ID: .cmd$.exe$.exe$.ps1$.vbs$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$open$runas
                                                                      • API String ID: 587946157-4093014531
                                                                      • Opcode ID: ddd4c35cac104fd5c0bc8725230d3c325b14ca8019773d0ba1a3df29e84f68a2
                                                                      • Instruction ID: 96fa5cb35e6048698441acac6e5fe5f36d1e9242673bcf2ffb1a1f27d393de52
                                                                      • Opcode Fuzzy Hash: ddd4c35cac104fd5c0bc8725230d3c325b14ca8019773d0ba1a3df29e84f68a2
                                                                      • Instruction Fuzzy Hash: 0E22B173A10BC8C5EB10DF28E8813DD27A1FB94798F50522AEE6D47AA9DB74C1C6C741
                                                                      Function 000001EF1F224740 Relevance: 16.6, APIs: 8, Strings: 1, Instructions: 839stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: lstrcatlstrcpy$Object$AcquireAllocateInitializeLockMemoryUninitializeVirtual
                                                                      • String ID: 0
                                                                      • API String ID: 3636535045-4108050209
                                                                      • Opcode ID: 148f1cac526a25eedb59746f716de0c0cfa115320cfb54a3382c2084b1ee678e
                                                                      • Instruction ID: 0f4812ccd71731dd72ec1ea35c3555f6b6ce3a3516ec20f81631f3ce5e16b03d
                                                                      • Opcode Fuzzy Hash: 148f1cac526a25eedb59746f716de0c0cfa115320cfb54a3382c2084b1ee678e
                                                                      • Instruction Fuzzy Hash: 73B2983662AFC48AD7808F69E88155EB7B5F788B88F106219FECD57B18EB38C154C740
                                                                      Function 000001EF1F21AE50 Relevance: 13.2, APIs: 2, Strings: 4, Instructions: 2695COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID: cannot compare iterators of different containers$cannot use push_back() with $type must be string, but is $value
                                                                      • API String ID: 118556049-2711811579
                                                                      • Opcode ID: ea88d1a773ee75e0a64725fff508dd48958dffa6bfda602257c9859f01315e0d
                                                                      • Instruction ID: 24864871751dc139e2c12f37f7f539b6ddafe0f81e0380833eae75c4bd49debf
                                                                      • Opcode Fuzzy Hash: ea88d1a773ee75e0a64725fff508dd48958dffa6bfda602257c9859f01315e0d
                                                                      • Instruction Fuzzy Hash: B8535B33604BC8C9DB70DF24D8903DD23A5FB65758F50962ADE6D5BA9AEF348286C301
                                                                      Function 000001EF1F246F14 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
                                                                      • String ID: utf8
                                                                      • API String ID: 3069159798-905460609
                                                                      • Opcode ID: 4309449c26b629e9b6de698707476955217e9cbe9722d2e68f3c85218e94a805
                                                                      • Instruction ID: e881189ca83051078402abebdb7b804af5028f9bb464e0787003ae9a10354eff
                                                                      • Opcode Fuzzy Hash: 4309449c26b629e9b6de698707476955217e9cbe9722d2e68f3c85218e94a805
                                                                      • Instruction Fuzzy Hash: AC9199732007C8C6EB249F61D8417DD67A4EBB4B80F4481399EB987785DBB8C997C742
                                                                      Function 000001EF1F24795C Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                      • String ID:
                                                                      • API String ID: 2591520935-0
                                                                      • Opcode ID: 5eb0d27aa7dc3a9912447742f13a9ce850b1caaedf69b48f01ffc0c9247ee539
                                                                      • Instruction ID: 533d43b2b1e9a9473e580e5e1235c24c58f3e2ea1d85c66555115297c82eb799
                                                                      • Opcode Fuzzy Hash: 5eb0d27aa7dc3a9912447742f13a9ce850b1caaedf69b48f01ffc0c9247ee539
                                                                      • Instruction Fuzzy Hash: 1F7147337006D8CAFB109B60D8517EC33A0BF79B48F4445398E7957B95EBB88986C362
                                                                      Function 000001EF1F204710 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 410COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __std_exception_destroy
                                                                      • String ID: value
                                                                      • API String ID: 2453523683-494360628
                                                                      • Opcode ID: 28ce3664ced69345c44a20b0c25082befce6cc779f60b6314a591e609d66e394
                                                                      • Instruction ID: c684bfc5e738887ba2dd31f998cad2cfce41844644c23e5eff99d68fa5e80d46
                                                                      • Opcode Fuzzy Hash: 28ce3664ced69345c44a20b0c25082befce6cc779f60b6314a591e609d66e394
                                                                      • Instruction Fuzzy Hash: 2D02B033A14BC8C5EB00CB74D4903DD6760EBA57A4F50522AFEAD43AEADB68C0C6C301
                                                                      Function 000001EF1F22F920 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                      • String ID:
                                                                      • API String ID: 1239891234-0
                                                                      • Opcode ID: c7f70f128318b326f672a7b0d6647dc5eb587961ea58d1b4d09a7c2ba848fd84
                                                                      • Instruction ID: 09d5f55b215a5eb69078c97e6eecd224a1cdee26b588061b4fd9cfe4d35d9a4f
                                                                      • Opcode Fuzzy Hash: c7f70f128318b326f672a7b0d6647dc5eb587961ea58d1b4d09a7c2ba848fd84
                                                                      • Instruction Fuzzy Hash: 5F312F33214BC4C5DB608B25E8507DD73A4FBA5754F500229EEAD43BA9DF38C186CB01
                                                                      Function 000001EF1F1D9090 Relevance: 8.4, Strings: 6, Instructions: 916COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: content$directory_iterator::directory_iterator$exists$filename$files$key
                                                                      • API String ID: 0-2980817763
                                                                      • Opcode ID: 372a0f8b2676df317ff7edebaf64bc24315962dde7ff9212df00aefb89c8fef5
                                                                      • Instruction ID: f435949f98fbbed6047d6d07792026814f3c26872b03197ee49518885d0e9b94
                                                                      • Opcode Fuzzy Hash: 372a0f8b2676df317ff7edebaf64bc24315962dde7ff9212df00aefb89c8fef5
                                                                      • Instruction Fuzzy Hash: FBA25A73611BC889DB218F24D8943DD33A5FBA9758F504629EEAD1BB99EF74C281C340
                                                                      Function 000001EF1F1D7B8D Relevance: 7.4, Strings: 5, Instructions: 1142COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: config$content$filename$status$users
                                                                      • API String ID: 0-2677590375
                                                                      • Opcode ID: 0ead2873f2b42795492d5873a47f0c2e82fdfbe96deb9bd760e1f33f126642a8
                                                                      • Instruction ID: a70ae6a2314306e00dceb6f79df4248d997e64ab6cc587533dce81f0ee80cf96
                                                                      • Opcode Fuzzy Hash: 0ead2873f2b42795492d5873a47f0c2e82fdfbe96deb9bd760e1f33f126642a8
                                                                      • Instruction Fuzzy Hash: 68C26E73611BC889DB31DF24D8943DD2361FBA5798F40522ADE9D5BA9AEF34C686C300
                                                                      Function 000001EF1F25BB14 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 000001EF1F25BB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                      • API String ID: 389471666-631824599
                                                                      • Opcode ID: e8ffe009acab376759065dd43441e42d099b308a5e20a56206d0bc25ee25ae09
                                                                      • Instruction ID: 9fbe319afb17e4bcd80e4db9691489f551fe0b9068ad5a9ad401bd4b72c3cfd6
                                                                      • Opcode Fuzzy Hash: e8ffe009acab376759065dd43441e42d099b308a5e20a56206d0bc25ee25ae09
                                                                      • Instruction Fuzzy Hash: CD113D33210BC8D7E7149B26D6943ED32A0FB65344F544129CE6982AA5EF78D0E5CB12
                                                                      Function 000001EF1F1D02E0 Relevance: 7.0, Strings: 5, Instructions: 747COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __std_fs_convert_wide_to_narrow$__std_fs_code_page
                                                                      • String ID: content$directory_iterator::directory_iterator$exists$filename$status
                                                                      • API String ID: 3645842244-3429737954
                                                                      • Opcode ID: 54f852f075973074e8b36a464f45daae2d147409958a63309f7fac4ff7c5b95c
                                                                      • Instruction ID: 78e34e90c51d28344e38ad2e5e1d6551d5de054af8f836fce26c88693c0f395d
                                                                      • Opcode Fuzzy Hash: 54f852f075973074e8b36a464f45daae2d147409958a63309f7fac4ff7c5b95c
                                                                      • Instruction Fuzzy Hash: 33728E33601BC8C9EB219F34D8843DD6360FBA9798F545229DE9D57AA9EF74C686C300
                                                                      Function 000001EF1F248777 Relevance: 6.4, Strings: 5, Instructions: 198COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN$?$
                                                                      • API String ID: 3215553584-1387705338
                                                                      • Opcode ID: 5bfe81fbe56545cd112a2c5bf7b1515692a0682ac3cc98352d19caed2fd731ff
                                                                      • Instruction ID: 217fa09ad910af7c8132ed5fde3d28f243e8d1a362e3ecbc21e52025ad696686
                                                                      • Opcode Fuzzy Hash: 5bfe81fbe56545cd112a2c5bf7b1515692a0682ac3cc98352d19caed2fd731ff
                                                                      • Instruction Fuzzy Hash: 5F71F373B242C9C6E725CF68D4407ED7791BBB4394F0046399E269AAC4D6F8D982CA02
                                                                      Function 000001EF1F237348 Relevance: 6.1, APIs: 4, Instructions: 83memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Virtual$AllocInfoProtectQuerySystem
                                                                      • String ID:
                                                                      • API String ID: 3562403962-0
                                                                      • Opcode ID: 324fd5cd604fef47d1152131e1f7c01459585a6c12e9a2e3e67a5e0172bc20d3
                                                                      • Instruction ID: 707b96550c8c3e6bd177b3e5c384c5ab1e603283039a0329b3fea49ca5d0531d
                                                                      • Opcode Fuzzy Hash: 324fd5cd604fef47d1152131e1f7c01459585a6c12e9a2e3e67a5e0172bc20d3
                                                                      • Instruction Fuzzy Hash: 63313532310AC8DEDB20CF35D8547DC23A5FB59B98F85412AEE6987B58DB38D686C701
                                                                      Function 000001EF1F24DC18 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                      • String ID:
                                                                      • API String ID: 2933794660-0
                                                                      • Opcode ID: f06392d29159ea5021ae0933302a5494cfde722d0989828b5d6bd782ea4d1856
                                                                      • Instruction ID: c86a513e2c009b9b2cca36f9f778bd05c89241a6b8b14d0a35771c8df41af35a
                                                                      • Opcode Fuzzy Hash: f06392d29159ea5021ae0933302a5494cfde722d0989828b5d6bd782ea4d1856
                                                                      • Instruction Fuzzy Hash: A8110A32711B848AEB00CB60E8543A833A4F76A758F440A25EE6D467A4DF78D1968241
                                                                      Function 000001EF1F208950 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 376COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __std_exception_copy
                                                                      • String ID: parse_error$value
                                                                      • API String ID: 592178966-1739288027
                                                                      • Opcode ID: 4851d699a5fe3ee1621fabd9ca858f3f45b2256afb1c17ab6489a68ee2915630
                                                                      • Instruction ID: faaa8f1cba6d6b062748ecdbae38e9cb149cd952cadd3d73285018ad29b50827
                                                                      • Opcode Fuzzy Hash: 4851d699a5fe3ee1621fabd9ca858f3f45b2256afb1c17ab6489a68ee2915630
                                                                      • Instruction Fuzzy Hash: 7CF1A373710AC8D5EB00DF74D8513DD2362FBA5398F90522AAE6C57A9ADBB4C1C6C341
                                                                      Function 000001EF1F1DA1F0 Relevance: 5.6, Strings: 4, Instructions: 609COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: content$directory_iterator::directory_iterator$exists$filename
                                                                      • API String ID: 0-1400943384
                                                                      • Opcode ID: 8cdcfcabf416a846f8b709d67d1ed5e4de1a3e15bb52bcf2c0d2cb9766d0ef1a
                                                                      • Instruction ID: a581f2cd40785bdf0a1d6878f22245efad7b0ca202412ac5c2943fdb27d2d9a9
                                                                      • Opcode Fuzzy Hash: 8cdcfcabf416a846f8b709d67d1ed5e4de1a3e15bb52bcf2c0d2cb9766d0ef1a
                                                                      • Instruction Fuzzy Hash: EB525A73611BC8CAEB20CF29E8443DD63A1FB95798F405229EE9D57B99EB74C582C700
                                                                      Function 000001EF1F22B68A Relevance: 5.6, Strings: 4, Instructions: 563COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __std_exception_destroy
                                                                      • String ID: array$object$object key$object separator
                                                                      • API String ID: 2453523683-2277530871
                                                                      • Opcode ID: ff9f8e2d7a503b8ed2932d8375cdb56464cfdfd71d6bfc1e017697cb417a1a11
                                                                      • Instruction ID: 722ceb731c91ac1dcd501a3a888315bcc2704cc6c26408a811345764376235e6
                                                                      • Opcode Fuzzy Hash: ff9f8e2d7a503b8ed2932d8375cdb56464cfdfd71d6bfc1e017697cb417a1a11
                                                                      • Instruction Fuzzy Hash: AF32B033624AC8D6EB00DF74C4913ED2361FFB5784F80262AEE595769AEB64C286C741
                                                                      Function 000001EF1F2419B8 Relevance: 5.5, APIs: 3, Instructions: 1005COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 1286766494-0
                                                                      • Opcode ID: 3362572290862af57679fdc4baef7ebaaf60df3fe4e64099d27ff34f0326e21c
                                                                      • Instruction ID: 66b073e7a5b03e99ac93d34c5c081fc01916f1fdab57ec7bbc58e6babcda27db
                                                                      • Opcode Fuzzy Hash: 3362572290862af57679fdc4baef7ebaaf60df3fe4e64099d27ff34f0326e21c
                                                                      • Instruction Fuzzy Hash: 9892CF332047C8C6E7658F65D9502AD37A1FF76788F248129DF9907B98DBB8C992C702
                                                                      Function 000001EF1F208F53 Relevance: 5.4, Strings: 4, Instructions: 408COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: array$object$object key$object separator
                                                                      • API String ID: 0-2277530871
                                                                      • Opcode ID: 983b4e23c340c712356940ba6535c820086c6c5144e5b99ac71a0b9a66a45a14
                                                                      • Instruction ID: efa10247247f816e56b4a1d6f45c870b14b396d66fb8369f9ba1bd4047a57c5f
                                                                      • Opcode Fuzzy Hash: 983b4e23c340c712356940ba6535c820086c6c5144e5b99ac71a0b9a66a45a14
                                                                      • Instruction Fuzzy Hash: AB02D173624ACCD6EB10DB34C4553ED2322FBA5784F80122AEE5E57A9ADF65C2C6C341
                                                                      Function 000001EF1F232CD0 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: memcpy_s
                                                                      • String ID:
                                                                      • API String ID: 1502251526-0
                                                                      • Opcode ID: e899307af8ea146bffc4d3d3e4071cf966dfaa801a3502f7d3bb1face14528cf
                                                                      • Instruction ID: 606affe88bf0cc1ce725a600eacc0d44f4f073518344c698e7870d442340976a
                                                                      • Opcode Fuzzy Hash: e899307af8ea146bffc4d3d3e4071cf966dfaa801a3502f7d3bb1face14528cf
                                                                      • Instruction Fuzzy Hash: 9DC1D3B37146C8C7EB24CF19E0447AEB7A1F7A9B84F448129DF5A47784D639E982CB40
                                                                      Function 000001EF1F2473D8 Relevance: 4.7, APIs: 3, Instructions: 167COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: InfoLocale$ErrorLastValue_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 1791019856-0
                                                                      • Opcode ID: 90d945be40b20d5b5a3c3d7ca8cbaa30e5ffd7f5627642ea07c20393f480da84
                                                                      • Instruction ID: d2e394694fa30e9fd4999cd68260abfaef6ff7295e30e60119d6df50411ab44e
                                                                      • Opcode Fuzzy Hash: 90d945be40b20d5b5a3c3d7ca8cbaa30e5ffd7f5627642ea07c20393f480da84
                                                                      • Instruction Fuzzy Hash: DD615C732006C9C6EB349F11E5903ED63A1FBB4744F448139CFBA9B691DAB8D492CB42
                                                                      Function 000001EF1F2106A6 Relevance: 4.4, Strings: 3, Instructions: 653COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 2OWqJZldB3s=$port$rXwr2/Mp0kvTmn+hdCWeFmDWltFpcKXkn/UOvH+3cNE=
                                                                      • API String ID: 0-1454942929
                                                                      • Opcode ID: 13142f87b2511d2cf5765ed835205468a3a3f595768c387b348a2c7557cc377c
                                                                      • Instruction ID: 7276b68adb930684e2ee421b9c233542df0fb40b0d6faddc4ab12dcb97a59dbe
                                                                      • Opcode Fuzzy Hash: 13142f87b2511d2cf5765ed835205468a3a3f595768c387b348a2c7557cc377c
                                                                      • Instruction Fuzzy Hash: 93724F73A29BC885D660CB25E4403DEA3A4FBE9784F505229EFDD53B59EB38C185CB04
                                                                      Function 000001EF1F1D6130 Relevance: 3.9, Strings: 2, Instructions: 1357COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Software$exists
                                                                      • API String ID: 0-2364128853
                                                                      • Opcode ID: bb1535ce0510b26616edaa2cdd06f56ed1262f790a8e31855c2113042d70fe95
                                                                      • Instruction ID: e91ca087a75e218dcf0fb9402087c86f58a500a96b9b530c165efe58f5dcaa09
                                                                      • Opcode Fuzzy Hash: bb1535ce0510b26616edaa2cdd06f56ed1262f790a8e31855c2113042d70fe95
                                                                      • Instruction Fuzzy Hash: 78D26E73A10BC8C9EB218F29D8543DD63B0FBA9798F105629EE9D57B99DB74C582C300
                                                                      Function 000001EF1F1EE130 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 310COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID: conditional not closed
                                                                      • API String ID: 118556049-2481790218
                                                                      • Opcode ID: 6badf6fec46ba2b691236dfdb1554856c9d1a8cc0d10f8e91f431355c325565f
                                                                      • Instruction ID: eec0f10a795329bfd9a1271b1665f7d38a48120aa3dcb3a0bdd0327994c47014
                                                                      • Opcode Fuzzy Hash: 6badf6fec46ba2b691236dfdb1554856c9d1a8cc0d10f8e91f431355c325565f
                                                                      • Instruction Fuzzy Hash: 6BD16D73601BC8C4EB22CF20E8403ED77A5FB69784F55412ADE9917A9ADB78C6D2D700
                                                                      Function 000001EF1F23C1A8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: InfoLocale
                                                                      • String ID: GetLocaleInfoEx
                                                                      • API String ID: 2299586839-2904428671
                                                                      • Opcode ID: 0fc81d44bec917c2802c26d4724ac6a513cb7d03bb6cf24fcfbb40603345bdc0
                                                                      • Instruction ID: 3c8a0c4b2a86483e5310942ee682e1238243f7a2fecf1132fac0f8dccaa383e2
                                                                      • Opcode Fuzzy Hash: 0fc81d44bec917c2802c26d4724ac6a513cb7d03bb6cf24fcfbb40603345bdc0
                                                                      • Instruction Fuzzy Hash: 9601AC72300AC8C6E7048B56F4006CEA760EFBABD0F544139DE5913B99CE3CC5828741
                                                                      Function 000001EF1F216760 Relevance: 3.4, APIs: 2, Instructions: 391COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ExecuteFileModuleNameShell
                                                                      • String ID:
                                                                      • API String ID: 1703432166-0
                                                                      • Opcode ID: fe5f936ad51912396a16051190f235964faa5b999b91d0fd8144819332c0c722
                                                                      • Instruction ID: cd104816e422e206192b43c3f9efed98d43f957c0757fe6f10cbafca1711884a
                                                                      • Opcode Fuzzy Hash: fe5f936ad51912396a16051190f235964faa5b999b91d0fd8144819332c0c722
                                                                      • Instruction Fuzzy Hash: 1E121B73625FC88ADB508F29E88069EB3A4F798794F505229EEDD57B58EB38C191C700
                                                                      Function 000001EF1F23F7F4 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ExceptionRaise_clrfp
                                                                      • String ID:
                                                                      • API String ID: 15204871-0
                                                                      • Opcode ID: 57a16f90b848e9bfce21c4af82cc5806e79d9fd20c8b8e6b755f3e4c735a4a33
                                                                      • Instruction ID: e8beafdcf45cd855fefde0549dc4a4c5ce7030194083ed4d17b70038dbd87c10
                                                                      • Opcode Fuzzy Hash: 57a16f90b848e9bfce21c4af82cc5806e79d9fd20c8b8e6b755f3e4c735a4a33
                                                                      • Instruction Fuzzy Hash: 23B13CB3600BC8CBE719CF29D44579C7BA0F758B48F158966DEA9877A8CB39C492C701
                                                                      Function 000001EF1F1D5EE0 Relevance: 3.1, APIs: 2, Instructions: 145encryptionCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CryptDataFreeLocalUnprotect
                                                                      • String ID:
                                                                      • API String ID: 1561624719-0
                                                                      • Opcode ID: 954457113285778d50c821c121948cd4730c0b879fdcd44a177dc9180500489d
                                                                      • Instruction ID: 1ea4d4d86480b6227f3cd1818fb514bf70d94b131538c1971e0e590b82daf45f
                                                                      • Opcode Fuzzy Hash: 954457113285778d50c821c121948cd4730c0b879fdcd44a177dc9180500489d
                                                                      • Instruction Fuzzy Hash: B0617A73B10BC4DAEB10CF74E4543DD33B1EB6978CF008229EE9956A89DB78C5969340
                                                                      Function 000001EF1F2121C0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CryptDataFreeLocalProtect
                                                                      • String ID:
                                                                      • API String ID: 2714945720-0
                                                                      • Opcode ID: 6da8b2380d1e6afdbe15ad09ed0a82a6e20629f9e1f2d0947d1afcdde56a6e99
                                                                      • Instruction ID: dc283d74b7e14fc1416ef49d355a8e1b299a9656de8ac8f99af511dc6d80d535
                                                                      • Opcode Fuzzy Hash: 6da8b2380d1e6afdbe15ad09ed0a82a6e20629f9e1f2d0947d1afcdde56a6e99
                                                                      • Instruction Fuzzy Hash: F7414633618BC4CAE3208F74E4503DD37A4FB6978CF444229EE8856E8ADB79C5A5C744
                                                                      Function 000001EF1F2128C0 Relevance: 3.0, Strings: 2, Instructions: 529COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: %$+
                                                                      • API String ID: 0-2626897407
                                                                      • Opcode ID: 6ebca456c64798718904c68f0384751ff12128c15bec015e12c461bf84b58bbb
                                                                      • Instruction ID: c572095b40f17471fa9f678ca00b1b3b2da32e358520fc69e4b2b2ef7dde1819
                                                                      • Opcode Fuzzy Hash: 6ebca456c64798718904c68f0384751ff12128c15bec015e12c461bf84b58bbb
                                                                      • Instruction Fuzzy Hash: 6A224A73B18AC8CAFB21CB64D4503ED6361EF66788F444239EE6957BC9DA38C486C345
                                                                      Function 000001EF1F2429F4 Relevance: 2.9, Strings: 2, Instructions: 358COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: a/p$am/pm
                                                                      • API String ID: 0-3206640213
                                                                      • Opcode ID: dad867be523f7f4d56baa7635c1cdc645b8584f083e4b69fc353e0e6fb1d2414
                                                                      • Instruction ID: f07969c3b731922137cf27a610484ffb07f6e48f46d33cb731610582a60253b3
                                                                      • Opcode Fuzzy Hash: dad867be523f7f4d56baa7635c1cdc645b8584f083e4b69fc353e0e6fb1d2414
                                                                      • Instruction Fuzzy Hash: 29E19A336006C8C5E768CF66C5547ED22A0FF76784F55412EEE2A47AD8DBB8C9C29302
                                                                      Function 000001EF1F1CFEE0 Relevance: 2.7, Strings: 2, Instructions: 226COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: dumps$emoji
                                                                      • API String ID: 0-2873254224
                                                                      • Opcode ID: f8535acecb17c690f06c0e0ba6f1687d176f0130c3836bd27bf140364c5ef847
                                                                      • Instruction ID: bbb0061d81415bc7cd455152a6de3425859b821505bd2e557a1935fbae6287fd
                                                                      • Opcode Fuzzy Hash: f8535acecb17c690f06c0e0ba6f1687d176f0130c3836bd27bf140364c5ef847
                                                                      • Instruction Fuzzy Hash: F7B12C33929BC886D761CB25E88029EB7B4F799784F545315FECD22B59EB38C291CB00
                                                                      Function 000001EF1F244D78 Relevance: 1.9, APIs: 1, Instructions: 373COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Info
                                                                      • String ID:
                                                                      • API String ID: 1807457897-0
                                                                      • Opcode ID: 887f096ba579c82ce3addeca72037ef6bfed22f3c0b28203f2db4495cb1e4078
                                                                      • Instruction ID: 067a0dbe00df39124291cb4635a0e06ccc33c9cca86fb9e60db20c16f9a58b7f
                                                                      • Opcode Fuzzy Hash: 887f096ba579c82ce3addeca72037ef6bfed22f3c0b28203f2db4495cb1e4078
                                                                      • Instruction Fuzzy Hash: 0512AD73A08BC8C6E751CF28D4053ED77A4FB68748F459229EFA886692EB74D1C6C301
                                                                      Function 000001EF1F20CF70 Relevance: 1.7, APIs: 1, Instructions: 232COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID:
                                                                      • API String ID: 118556049-0
                                                                      • Opcode ID: 474e3a437ea233f98959df63cb75406d1df34f3a045781f6baf1a50faa7e5945
                                                                      • Instruction ID: 85d924ad258e6709e6c6a868dfc0fc4f9ad5ebd6d2250e8ded241b7e84d40c19
                                                                      • Opcode Fuzzy Hash: 474e3a437ea233f98959df63cb75406d1df34f3a045781f6baf1a50faa7e5945
                                                                      • Instruction Fuzzy Hash: A7A17533606BD9C9EB008BA9D4903EC67B0E769B48F94452ADF9E53B59DB39C092C341
                                                                      Function 000001EF1F20CC50 Relevance: 1.7, APIs: 1, Instructions: 221COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID:
                                                                      • API String ID: 118556049-0
                                                                      • Opcode ID: 8e26d5924d2bdda6809c7ba14e83fc4a85feecd9e9e7ccd546660065fe342c69
                                                                      • Instruction ID: 7cb013c8ddcddebfa0fb33f5bf060b2816671307c04189d93ce55cc2ad76286e
                                                                      • Opcode Fuzzy Hash: 8e26d5924d2bdda6809c7ba14e83fc4a85feecd9e9e7ccd546660065fe342c69
                                                                      • Instruction Fuzzy Hash: DBA15573615BD8C9EB00CBA9D4803EC67B0F769B48F54852ADF9A53B59DB39C092C341
                                                                      Function 000001EF1F20C930 Relevance: 1.7, APIs: 1, Instructions: 221COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID:
                                                                      • API String ID: 118556049-0
                                                                      • Opcode ID: c119fda8a9de2da8aa704513d54b9ca19ba9b462ee068ab1662025d9693643fb
                                                                      • Instruction ID: eb2ed130b12ce67c5f0d8c37aec928c97bbe9dea1bd3aabdd96d625f0d93bb17
                                                                      • Opcode Fuzzy Hash: c119fda8a9de2da8aa704513d54b9ca19ba9b462ee068ab1662025d9693643fb
                                                                      • Instruction Fuzzy Hash: 8BA14473605BD8C9EB00CBAAD4903EC67B0F769B48F54842ADF9A57B59DB39C092C350
                                                                      Function 000001EF1F20C300 Relevance: 1.7, APIs: 1, Instructions: 214COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID:
                                                                      • API String ID: 118556049-0
                                                                      • Opcode ID: ab935af1eedc93a965aa02f57c9afe097d336cb0155c139ee9fc26cc7237c962
                                                                      • Instruction ID: d240806a758deaf54b90d435987c2a1d7587fa7041c37510b20632d3be454e09
                                                                      • Opcode Fuzzy Hash: ab935af1eedc93a965aa02f57c9afe097d336cb0155c139ee9fc26cc7237c962
                                                                      • Instruction Fuzzy Hash: 6FA16773615BD8CAEB108B69D4803EC67B0F769B48F54442ACF9E67B55DB39C092C350
                                                                      Function 000001EF1F20D2A0 Relevance: 1.7, APIs: 1, Instructions: 210COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID:
                                                                      • API String ID: 118556049-0
                                                                      • Opcode ID: adea9a2f053ff77c94f107ab8ec5be1b99452ae781f7e1d9d0e1f39d926e6c83
                                                                      • Instruction ID: fd8aff5c850a25662010a1f8e4aff3ff5803cbb0d9968744649aa5570356c2eb
                                                                      • Opcode Fuzzy Hash: adea9a2f053ff77c94f107ab8ec5be1b99452ae781f7e1d9d0e1f39d926e6c83
                                                                      • Instruction Fuzzy Hash: B1A15533602BD8CAEB108BA9D4903EC67B0E769B48F94442ACF9E57B55DB39D092C340
                                                                      Function 000001EF1F247620 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorLastValue$InfoLocale
                                                                      • String ID:
                                                                      • API String ID: 673564084-0
                                                                      • Opcode ID: 1d8e405bb44b78bdea7029598407ccfb6a808eb35fd889ed9364ebfb982fc4a2
                                                                      • Instruction ID: 965c759ce4fc7b1e5027ad0c01d7574b11a975762663ce48dbbac4f8b7f3afa4
                                                                      • Opcode Fuzzy Hash: 1d8e405bb44b78bdea7029598407ccfb6a808eb35fd889ed9364ebfb982fc4a2
                                                                      • Instruction Fuzzy Hash: 973181332007C9C6EB24CB25E4513DE73A2FBB9784F40813D9EBA87295DB78D5928701
                                                                      Function 000001EF1F247270 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorLast$EnumLocalesSystemValue
                                                                      • String ID:
                                                                      • API String ID: 3029459697-0
                                                                      • Opcode ID: 58800bb6c4d0d9c609f2f6f306793987a7a581936cd52f064e9451565f60872b
                                                                      • Instruction ID: 4f5d7ea75cdc92ffb7af99d7f85dcda3f3c0583a8afc78e8c8514469c5b670cb
                                                                      • Opcode Fuzzy Hash: 58800bb6c4d0d9c609f2f6f306793987a7a581936cd52f064e9451565f60872b
                                                                      • Instruction Fuzzy Hash: BA118E73A146C8CAEB15DF66D0407DC7BA1FBA0BA0F444129EE76472D4CAA8C5D2C741
                                                                      Function 000001EF1F1F9A10 Relevance: 1.6, Strings: 1, Instructions: 304COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: .
                                                                      • API String ID: 0-248832578
                                                                      • Opcode ID: 3daecdbd55c9c22db29b6e9ecc3dd405d8fe90d94cda49bc0af5f93eb4a6cfc3
                                                                      • Instruction ID: 3f2a92f6375f5c73e2425298a44e5d47e2ac4f8a8aed03fdff8cdec62bb015ed
                                                                      • Opcode Fuzzy Hash: 3daecdbd55c9c22db29b6e9ecc3dd405d8fe90d94cda49bc0af5f93eb4a6cfc3
                                                                      • Instruction Fuzzy Hash: 07C18333600BC8C6EB64EF29D8443ED63A2FB657A4F94422ADE5A53794DB74C8C6C740
                                                                      Function 000001EF1F247828 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorLast$InfoLocaleValue
                                                                      • String ID:
                                                                      • API String ID: 3796814847-0
                                                                      • Opcode ID: a206680715a2a1e8ed04527063a7d486e32d99efc1662854cd7c3fa16e13c692
                                                                      • Instruction ID: e976c715603b325d58180dbadebbb3bd32bd3963ab8364833f3acf6c2afbbc38
                                                                      • Opcode Fuzzy Hash: a206680715a2a1e8ed04527063a7d486e32d99efc1662854cd7c3fa16e13c692
                                                                      • Instruction Fuzzy Hash: BE1123337106D8C7E7788726E040B9E2AA0EBB4764F144639DE7A476C4E766C8C3D701
                                                                      Function 000001EF1F247340 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorLast$EnumLocalesSystemValue
                                                                      • String ID:
                                                                      • API String ID: 3029459697-0
                                                                      • Opcode ID: fd6ab9fb082eedb8b2c8f5dae22463227a7604b7e6560a2cecb061507bc0ecca
                                                                      • Instruction ID: 24be08ce8a47f913dac4b65b39ae8a48a10d8054e709c4872eae195330d8c690
                                                                      • Opcode Fuzzy Hash: fd6ab9fb082eedb8b2c8f5dae22463227a7604b7e6560a2cecb061507bc0ecca
                                                                      • Instruction Fuzzy Hash: E201B1736042C8C6EB105F15E440BDD7AE2EB70BA4F458239DE71472C4CBB884C28702
                                                                      Function 000001EF1F20F1B5 Relevance: 1.5, APIs: 1, Instructions: 34comCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: BlanketCreateInstanceProxy
                                                                      • String ID:
                                                                      • API String ID: 1899829610-0
                                                                      • Opcode ID: a787f5c70b0da52dd39980db2e05650dfd34504bfd18cc3456a54f99b4034af6
                                                                      • Instruction ID: 503f52dfdda9e4352049bd01973f20edd97dff226d5ceb0ac3318a5541b98213
                                                                      • Opcode Fuzzy Hash: a787f5c70b0da52dd39980db2e05650dfd34504bfd18cc3456a54f99b4034af6
                                                                      • Instruction Fuzzy Hash: 92014B33701AD8CAFB22DBA5E4013ED67A1ABA9758F40012A8E5A53A54EB39C1878345
                                                                      Function 000001EF1F23BC68 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: EnumLocalesSystem
                                                                      • String ID:
                                                                      • API String ID: 2099609381-0
                                                                      • Opcode ID: f8325550294e071d185dd7c07cc84b153cedbfbab89d167ada8b5b9da10e3d51
                                                                      • Instruction ID: 03f880702e9fa53477d7fe69af20fee77ad87d7ee0d47e46d9064348704a5142
                                                                      • Opcode Fuzzy Hash: f8325550294e071d185dd7c07cc84b153cedbfbab89d167ada8b5b9da10e3d51
                                                                      • Instruction Fuzzy Hash: 40F03CB7300AC8C3E704DB15F8916DD2365FBA9B80F549039EE6983365CE3CC9928B45
                                                                      Function 000001EF1F247F00 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: HeapProcess
                                                                      • String ID:
                                                                      • API String ID: 54951025-0
                                                                      • Opcode ID: 2bd217787b85c097b3ccba094d4d30ef76119dd789487d52041f712bc5b72eb7
                                                                      • Instruction ID: 783645c4bd8abd1e6e6874e24215f7f636b937673204c6cc274dc7b37229536e
                                                                      • Opcode Fuzzy Hash: 2bd217787b85c097b3ccba094d4d30ef76119dd789487d52041f712bc5b72eb7
                                                                      • Instruction Fuzzy Hash: 4BB09235E03AC9C6EA082B12EC8A34823A4BF69B10F88412CCC1C41320DB2C08E66B22
                                                                      Function 000001EF1F1C83D0 Relevance: .8, Instructions: 795COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 47f8a865815a333fb31a3139213f52897c50bd5da47d4749d87050c12ea7adb8
                                                                      • Instruction ID: 6b64e41833ab57b5c0a2af491202727e2ec5fda4a899e00908ae829e294be632
                                                                      • Opcode Fuzzy Hash: 47f8a865815a333fb31a3139213f52897c50bd5da47d4749d87050c12ea7adb8
                                                                      • Instruction Fuzzy Hash: 2BA2A336615FD88AD7408FAAEC8119D73BAF7587A8B101629EFCC57F19EBB4C1548700
                                                                      Function 000001EF1F1F66A0 Relevance: .4, Instructions: 361COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ff8ff783da37649173626c7f7158936b22345755ff077d27462f74136c1878ba
                                                                      • Instruction ID: 17126736b6a9572c6b285ccd700ec933fbabd9e5d716c324ae151a4fbb5d18cb
                                                                      • Opcode Fuzzy Hash: ff8ff783da37649173626c7f7158936b22345755ff077d27462f74136c1878ba
                                                                      • Instruction Fuzzy Hash: 4EC104B37246E887E71ACF66D9546ADB762F7E4BE0F45C124DE4613B88D638C846C700
                                                                      Function 000001EF1F1A6610 Relevance: .3, Instructions: 346COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e1c655470eb6c7bb81691da43902db7f2885c5918c2f618bc683406a0d28f36b
                                                                      • Instruction ID: ef1f147810291bf8ef768d4a9b3fe5d4bad9e688569c287570664e115ea184d2
                                                                      • Opcode Fuzzy Hash: e1c655470eb6c7bb81691da43902db7f2885c5918c2f618bc683406a0d28f36b
                                                                      • Instruction Fuzzy Hash: 9C12C632515FC88AD7618F29E84139AB3A4F799748F505329EECC67B19EB38C295CB04
                                                                      Function 000001EF1F20FDB0 Relevance: .3, Instructions: 323COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 34fb1097c6f2363caac24c1e5b45ae24c1a6ca50cb597d280e611698873f3a91
                                                                      • Instruction ID: 10ae0e196f0d6c2e56d174c7384386da8483dcc8a8201edbe12a4240d9036712
                                                                      • Opcode Fuzzy Hash: 34fb1097c6f2363caac24c1e5b45ae24c1a6ca50cb597d280e611698873f3a91
                                                                      • Instruction Fuzzy Hash: 42C1C3B3A146948BE355CF2DD40195D7BA0F398B84F40A629EF56C3B01E778E9A5CF80
                                                                      Function 000001EF1F238C34 Relevance: .3, Instructions: 309COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 4023145424-0
                                                                      • Opcode ID: f39b52ed8424437b231758bdb93ffc4f840ea96165d05f634ae1d9fa5926c97e
                                                                      • Instruction ID: a101ba8f241b461974841b013ba09a5c452cda59e3d6d6311d1cd5dbccd6cb3e
                                                                      • Opcode Fuzzy Hash: f39b52ed8424437b231758bdb93ffc4f840ea96165d05f634ae1d9fa5926c97e
                                                                      • Instruction Fuzzy Hash: ADC1E8B73046C8C6EB60DB61D4103EE77A1FBB9B88F504179DE6A4B694DB74C586C302
                                                                      Function 000001EF1F23088C Relevance: .3, Instructions: 287COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 58993cc49f4dd608ba7a820bbbd73e261f21bf312b089c0bcad54f873d9ee38f
                                                                      • Instruction ID: e108e935e92fbeb6a0bae19f411d44c26e390ce05abc4b50dee15ce747f7cf29
                                                                      • Opcode Fuzzy Hash: 58993cc49f4dd608ba7a820bbbd73e261f21bf312b089c0bcad54f873d9ee38f
                                                                      • Instruction Fuzzy Hash: F091E2B33142CCC7EA28CB25E0607EE1690AF69B9CF14057D9E7E4B7C5D92CC4879622
                                                                      Function 000001EF1F2358D0 Relevance: .3, Instructions: 285COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 29683b013f8ac11bc27aba6a7a5ac6f6d500d56baa688bda10aee56a2ac3d60c
                                                                      • Instruction ID: 2e019d67c13683b0fa24b298048284fc134a1fdaeefc68e07cf91e48ebfdd506
                                                                      • Opcode Fuzzy Hash: 29683b013f8ac11bc27aba6a7a5ac6f6d500d56baa688bda10aee56a2ac3d60c
                                                                      • Instruction Fuzzy Hash: 0CC1D0B32006CAC7EB28CF25C4517AD37A0EFA9B48F144269CE690B795DB35C883D742
                                                                      Function 000001EF1F246984 Relevance: .3, Instructions: 271COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorLast$Value_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 1500699246-0
                                                                      • Opcode ID: 8359977cf5bdbaae4c5aab83856ae08c3cfc9e43f61b49509031a229a49b9122
                                                                      • Instruction ID: 306ad2e61c06d071098cb0e4909b5aec0b3e6742ee6dfd0904cfea5caa94bdbd
                                                                      • Opcode Fuzzy Hash: 8359977cf5bdbaae4c5aab83856ae08c3cfc9e43f61b49509031a229a49b9122
                                                                      • Instruction Fuzzy Hash: 3BB1AEB3210ADCC6EB64DF21D4217DD77A1EB74B88F408139DE6587A89DBB8C5828742
                                                                      Function 000001EF1F235044 Relevance: .2, Instructions: 247COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 961d3e7eb4dbe1c42d41fae25b585760f3c2351026af9e0dc6bb8535c2ebc898
                                                                      • Instruction ID: 582b4f21cf340fbc393e2d88ab436328452ad22a13d229465b71de9b606326d9
                                                                      • Opcode Fuzzy Hash: 961d3e7eb4dbe1c42d41fae25b585760f3c2351026af9e0dc6bb8535c2ebc898
                                                                      • Instruction Fuzzy Hash: 12B171B31147C9C6E7648F29C4513AC3BB0EBADB48F240169CE9E47399DB75C582C742
                                                                      Function 000001EF1F237060 Relevance: .2, Instructions: 207COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 091f4ed8b1e5dd1d34995432db1c011eef8551be6e7d0024f18eedab46e94d23
                                                                      • Instruction ID: afe4c8590c37985538a86f253f8d020271269d699e86e59eb49b93124bd2bfcc
                                                                      • Opcode Fuzzy Hash: 091f4ed8b1e5dd1d34995432db1c011eef8551be6e7d0024f18eedab46e94d23
                                                                      • Instruction Fuzzy Hash: C88182B3610AD8C6EF64CF65D4913AD2360FB58B98F14466AEE6E97B95CF34C082C301
                                                                      Function 000001EF1F1A6D20 Relevance: .2, Instructions: 203COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 881b6d5b2af3ae56bb85f0ec379a2b79ee645c04a68fd9e631602ee47c2f7095
                                                                      • Instruction ID: 211abfefc6bfdacc5ef9b49d38e87915931dc4d801ab3632765bd6a9b63cea5e
                                                                      • Opcode Fuzzy Hash: 881b6d5b2af3ae56bb85f0ec379a2b79ee645c04a68fd9e631602ee47c2f7095
                                                                      • Instruction Fuzzy Hash: 84B1F332A15FC88AD7118FA9E84029DB3B5F7997A8F145225EE8C63F19EBB4C195C700
                                                                      Function 000001EF1F25E2CC Relevance: .2, Instructions: 183COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 0101b5bfc7e861b0726451e18251d4484926b191a0e7c85200f779e0e00e1385
                                                                      • Instruction ID: 340b07307da32572ddaf3a65f19506074b1d9f648ebdac3b430d579285647a9e
                                                                      • Opcode Fuzzy Hash: 0101b5bfc7e861b0726451e18251d4484926b191a0e7c85200f779e0e00e1385
                                                                      • Instruction Fuzzy Hash: 8A61C133714AD8C7F7688F28C4543FD6681AF64770F18863DEE75876E5E669C8828A02
                                                                      Function 000001EF1F2101F0 Relevance: .2, Instructions: 174COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8564914535ee6488183395aa034df85c3b96b43cc627a35cfc23d0d483c1855f
                                                                      • Instruction ID: 65eb4c72257156b6bee6a07060891ad35d1df3d064797327c03943e7215abce1
                                                                      • Opcode Fuzzy Hash: 8564914535ee6488183395aa034df85c3b96b43cc627a35cfc23d0d483c1855f
                                                                      • Instruction Fuzzy Hash: 7D61DD2321E2C48BD30EDF7C589106D7F61D3B7908388469DEA85EBB4BC504C95ACBA6
                                                                      Function 000001EF1F23EE06 Relevance: .2, Instructions: 160COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8361dc49c257ca5c58a7e22c82553e287cd3153b8e2e7dc21ca7117d7e5b9edd
                                                                      • Instruction ID: bb59d82646e6bb4efe90be664b9a029fc7319960434a495955365a794fd8d694
                                                                      • Opcode Fuzzy Hash: 8361dc49c257ca5c58a7e22c82553e287cd3153b8e2e7dc21ca7117d7e5b9edd
                                                                      • Instruction Fuzzy Hash: C451E6B3208BC4C7DB74CB19D4403AD6691FB697D4F504239DEA943B99D77DC48A8B02
                                                                      Function 000001EF1F218230 Relevance: .2, Instructions: 156COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 08e682c8f50e6a31ebca66eccf7bc014078cfb37ed238d168109819e35b8cd79
                                                                      • Instruction ID: 38b78d58d521853dddc1bf4e2614913fe8cd270128da360d5879900a8343f44d
                                                                      • Opcode Fuzzy Hash: 08e682c8f50e6a31ebca66eccf7bc014078cfb37ed238d168109819e35b8cd79
                                                                      • Instruction Fuzzy Hash: AC51E5A3B056C443DB248B49F842796F7A5FB987C5F00A12AEE8D57B58EB3CD5818700
                                                                      Function 000001EF1F234A00 Relevance: .1, Instructions: 145COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                                                                      • Instruction ID: 637f7b93704c94973db58b95e3e8dc45dd579f120d05380ea4f375e5cb57f603
                                                                      • Opcode Fuzzy Hash: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                                                                      • Instruction Fuzzy Hash: FE51A2BB6106D8C7E7248B29C06079D37A1EBA9F58F3441E9CE581B7A4D736C883C742
                                                                      Function 000001EF1F2347FC Relevance: .1, Instructions: 145COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
                                                                      • Instruction ID: 81dc6ef6fc736f455628be589684c2e8ed082aff61ddbed79611f89e5acabcb1
                                                                      • Opcode Fuzzy Hash: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
                                                                      • Instruction Fuzzy Hash: 6E5191BB610AD8C7E7248F29C4507AC37A1EB69F58F2441A9CE99077A8C736CC93C741
                                                                      Function 000001EF1F249EA0 Relevance: .1, Instructions: 126COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorFreeHeapLast
                                                                      • String ID:
                                                                      • API String ID: 485612231-0
                                                                      • Opcode ID: 7d3dc9fee99d1a793cda94341ed908f3bcfa2b26da772502c09f4d0e1d5ddaa1
                                                                      • Instruction ID: 17757e87b505acaacb84753d81f67889f8fb885962547451ca63a3e212f111ff
                                                                      • Opcode Fuzzy Hash: 7d3dc9fee99d1a793cda94341ed908f3bcfa2b26da772502c09f4d0e1d5ddaa1
                                                                      • Instruction Fuzzy Hash: DA418173311AD882EF04CF6AD92469D6391B768FD0F49903ADE1987B58DA7DC5838300
                                                                      Function 000001EF1F272158 Relevance: .1, Instructions: 84COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2295f239adf1388c64878ca58765f9266ebdeed47219a3e9e064689d8b0f3c14
                                                                      • Instruction ID: 2c65cf3bc0a46090b8eeaa0f20db610698f1f9bf91ed558e0d11c3441db336b7
                                                                      • Opcode Fuzzy Hash: 2295f239adf1388c64878ca58765f9266ebdeed47219a3e9e064689d8b0f3c14
                                                                      • Instruction Fuzzy Hash: A431E4AB54DAC88AF3534B78CC6528D3F90BBB3F04B4D816EDF90861C7E55518868B53
                                                                      Function 000001EF1F272160 Relevance: .1, Instructions: 79COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e5475de88c30e4da7700ce0d73f9b88d01c18df29cf835ab149d96aba6dc9f3d
                                                                      • Instruction ID: b734056802d91c18dc538860dbdc10da6e2185a1d6858c0ad57597229fdf8043
                                                                      • Opcode Fuzzy Hash: e5475de88c30e4da7700ce0d73f9b88d01c18df29cf835ab149d96aba6dc9f3d
                                                                      • Instruction Fuzzy Hash: 4431D4AB54DAC88AF3534B78CC6528D3E90BBB3F04B4D816EDF90861C7E55608868B53
                                                                      Function 000001EF1F272138 Relevance: .1, Instructions: 78COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ba256123bc96f6e3f742fa23820658b676d3a0366c9ddb9c92781a93f555a0f9
                                                                      • Instruction ID: 748c3fa613348fa7af2fc9dd7a807cbdbb8ebaa63e6404d823a693969df0d374
                                                                      • Opcode Fuzzy Hash: ba256123bc96f6e3f742fa23820658b676d3a0366c9ddb9c92781a93f555a0f9
                                                                      • Instruction Fuzzy Hash: 2A31C1AB54DAC886F3928B78CD6539D2F90BBB3F04F0D91AEDF90861D7A54508424B43
                                                                      Function 000001EF1F272398 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: db6ef5ff4efb3e8432d6a1c264e429b5929ea475b2ea2b4a4b5f05bd04cf37f5
                                                                      • Instruction ID: 2f256c58e6821a219e64e33306b9050a82b32f0e757f296ea32b561bd8a4d249
                                                                      • Opcode Fuzzy Hash: db6ef5ff4efb3e8432d6a1c264e429b5929ea475b2ea2b4a4b5f05bd04cf37f5
                                                                      • Instruction Fuzzy Hash: 502147B750DAC84BE3530F78CD6629D3F91ABB3B00F4E82BDDF90021C7A55918874A12
                                                                      Function 000001EF1F2722D8 Relevance: .1, Instructions: 58COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 621a476faf91e54c4cc03539473d8505f5c368e1576c38102583692f8d871d13
                                                                      • Instruction ID: cd1b819b214100c9e1a61aaa431b24f50ff02d7a9444202f79674c60420eaa36
                                                                      • Opcode Fuzzy Hash: 621a476faf91e54c4cc03539473d8505f5c368e1576c38102583692f8d871d13
                                                                      • Instruction Fuzzy Hash: 21111BF740EAC84BF3924B78CD6629D3F909BB3F05F4D81AEDF90421C7A51958465A03
                                                                      Function 000001EF1F24C220 Relevance: .0, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2013e6b94b2d003a30e75ea77be44ea9f3ccf8fece6d65ea3e8959b5fc900595
                                                                      • Instruction ID: 4720cf45a9dd3b5f9c65ff322af4acd8e62f2fabbd012852e9838febbd58552b
                                                                      • Opcode Fuzzy Hash: 2013e6b94b2d003a30e75ea77be44ea9f3ccf8fece6d65ea3e8959b5fc900595
                                                                      • Instruction Fuzzy Hash: 3DF04F726146D88BDBE48F2CE84265977D0E728380F90802DDA9987B04D63C84A28F95
                                                                      Function 000001EF1F20ED30 Relevance: 28.7, APIs: 19, Instructions: 177processCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CloseHandle$Process32Token$InformationNextOpenProcess$ConvertCreateErrorFirstLastSnapshotStringToolhelp32
                                                                      • String ID:
                                                                      • API String ID: 3925315391-0
                                                                      • Opcode ID: 9cfa9a338c49679a1929b549c81fccef5f16dbb46e3a6c3e399b60bd0c466e0c
                                                                      • Instruction ID: 1969116887bce41cb484bad10fe57b8a751ab56364f9f5c85136579172e3b4b8
                                                                      • Opcode Fuzzy Hash: 9cfa9a338c49679a1929b549c81fccef5f16dbb46e3a6c3e399b60bd0c466e0c
                                                                      • Instruction Fuzzy Hash: D9816033215BC8C2EB108B11E84479EB3A5FBA9B94F404129EE6947B99DF79C5C6CB01
                                                                      Function 000001EF1F22FDCC Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 407COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: 0$0$0
                                                                      • API String ID: 3215553584-3137946472
                                                                      • Opcode ID: c13ea352d321776aceeea9581779599aef3778c14aa0c6b54d648fb53a65a266
                                                                      • Instruction ID: b00946d5df5109f1951eb976265dcf05d9ca9d5007560540cdbb497989dfcda7
                                                                      • Opcode Fuzzy Hash: c13ea352d321776aceeea9581779599aef3778c14aa0c6b54d648fb53a65a266
                                                                      • Instruction Fuzzy Hash: EFE1D6732056CDCAF761CF28C0907ED2B95DB76B88F54406ECEA8477D6C62989DB8312
                                                                      Function 000001EF1F214C60 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 159COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                      • String ID: bad locale name$false$true
                                                                      • API String ID: 164343898-1062449267
                                                                      • Opcode ID: ac14ec4081e7218eb524f80c83b8b839b3b5ebd962557539344c6cba77ef8f3b
                                                                      • Instruction ID: 8cb0e1fba9dbf5853b42958f7bdc104d54dbedfa5ca06b9067e3d78c43aa49b8
                                                                      • Opcode Fuzzy Hash: ac14ec4081e7218eb524f80c83b8b839b3b5ebd962557539344c6cba77ef8f3b
                                                                      • Instruction Fuzzy Hash: 5D714833B02BC4CAEB159FA0D4503EC33A5EFA5708F54413D9E6867A99DB348592D34A
                                                                      Function 000001EF1F23BCE4 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressFreeLibraryProc
                                                                      • String ID: api-ms-$ext-ms-
                                                                      • API String ID: 3013587201-537541572
                                                                      • Opcode ID: c6120ce6c378417c8061f2daa80316ce8b84504fe2d3d9dfde353b277e126bba
                                                                      • Instruction ID: e65cb3f3e029cffea6b6aa6eea16048b7e4ebc7757930821361e0bed616ef298
                                                                      • Opcode Fuzzy Hash: c6120ce6c378417c8061f2daa80316ce8b84504fe2d3d9dfde353b277e126bba
                                                                      • Instruction Fuzzy Hash: 8741BF73321AD8C2EA15DF16D8447DD2391BF6ABA0F89423DDE2947784DE38C4878301
                                                                      Function 000001EF1F215090 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81networkfileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Internet$CloseFileHandleOpenRead
                                                                      • String ID: File Downloader
                                                                      • API String ID: 4038090926-3631955488
                                                                      • Opcode ID: d760029ad861ea7f7ea2ffc299629ee0db5f3c755485599aed123bc73a668a15
                                                                      • Instruction ID: 1dd220e21875286b4896a1d839e1c68edb67ef10a82e986205fa83ba89ad9849
                                                                      • Opcode Fuzzy Hash: d760029ad861ea7f7ea2ffc299629ee0db5f3c755485599aed123bc73a668a15
                                                                      • Instruction Fuzzy Hash: 95318332614BC8C2E7208F15E8507DEB360FBA9BC4F444129EE5943B58DF78C582CB01
                                                                      Function 000001EF1F2332AC Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: f$p$p
                                                                      • API String ID: 3215553584-1995029353
                                                                      • Opcode ID: da133f4d1d1d50a9f8077a7ed93c78c5851a9c9ee1111e96f3e2a2a160aeb47c
                                                                      • Instruction ID: 01e9334ea9fb750e17cc6cb1f11bdd03c803d59d5529837087b5ebbb93359680
                                                                      • Opcode Fuzzy Hash: da133f4d1d1d50a9f8077a7ed93c78c5851a9c9ee1111e96f3e2a2a160aeb47c
                                                                      • Instruction Fuzzy Hash: A612B1B36042C9C7FB209B15D0547EEB691FBA8754F84416EEEA2467C4D739CEC28B06
                                                                      Function 000001EF1F2381FC Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Value$ErrorLast
                                                                      • String ID:
                                                                      • API String ID: 2506987500-0
                                                                      • Opcode ID: 9dbd973f53b5f3675d4cbee4168395d536b95caf7b78cb8abb3a36471aa361d6
                                                                      • Instruction ID: 3277b1f0e2ff66738939d56fce4dd6cfa335371f70d5ade086faa44bed4876dc
                                                                      • Opcode Fuzzy Hash: 9dbd973f53b5f3675d4cbee4168395d536b95caf7b78cb8abb3a36471aa361d6
                                                                      • Instruction Fuzzy Hash: 23217FB3304AC8C3FA54A772D6653ED52925FADBA0F1447BC9D364B6D6DE6884834202
                                                                      Function 000001EF1F24ABDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                      • String ID: CONOUT$
                                                                      • API String ID: 3230265001-3130406586
                                                                      • Opcode ID: 97ef1f90b5d1e549fd4d93c948d975b58c02b300c1de8e440893a5efab19f807
                                                                      • Instruction ID: ae8f02ff6ba2bf07be6ce7713684113c7c20f5f00734d0e503b06fd78651c947
                                                                      • Opcode Fuzzy Hash: 97ef1f90b5d1e549fd4d93c948d975b58c02b300c1de8e440893a5efab19f807
                                                                      • Instruction Fuzzy Hash: 35116032314AC4C6E7508B56E86439D73A0FBBABE4F444338EE6987794DF78C4868B45
                                                                      Function 000001EF1F25B73C Relevance: 9.2, APIs: 6, Instructions: 239COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide$CompareInfoString
                                                                      • String ID:
                                                                      • API String ID: 2984826149-0
                                                                      • Opcode ID: ab7e75f2883cad40e90fab743296f144bd79ee85a7c99ab5de0f741cdd8f7a66
                                                                      • Instruction ID: 855381286e2aa1d6d57c0005422007ee8d8f5565a296b6f5b33f2aee927b5ff9
                                                                      • Opcode Fuzzy Hash: ab7e75f2883cad40e90fab743296f144bd79ee85a7c99ab5de0f741cdd8f7a66
                                                                      • Instruction Fuzzy Hash: 08A1A0736006C8C6FB218F61D4143ED6691EF61BA4F584639DE780BBE5DB38C8868F42
                                                                      Function 000001EF1F25B3DC Relevance: 9.2, APIs: 6, Instructions: 206COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ByteCharMultiStringWide
                                                                      • String ID:
                                                                      • API String ID: 2829165498-0
                                                                      • Opcode ID: a17d41df7d4fcd83c170866fb1b58b26a6ae7521d63a390143938d7d4d5e554f
                                                                      • Instruction ID: 3dc2045bc0d787292406ff8c763447df515960285fbf92b4332cd22f016edced
                                                                      • Opcode Fuzzy Hash: a17d41df7d4fcd83c170866fb1b58b26a6ae7521d63a390143938d7d4d5e554f
                                                                      • Instruction Fuzzy Hash: C48150732007C4C6EB248F25D4507ED77A5FB64BA8F584629EE6947BE5DB38C4828F01
                                                                      Function 000001EF1F2303B8 Relevance: 9.2, APIs: 6, Instructions: 157COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: ca3f80eaf004f362beb8f5b3b26ae04cc2cf7c865ac26bc256f85fe2d54e20e3
                                                                      • Instruction ID: ffab01295298357a2c1bb02b74e90bb20fbb5f4b338cb6dadc8f59bcc2841a23
                                                                      • Opcode Fuzzy Hash: ca3f80eaf004f362beb8f5b3b26ae04cc2cf7c865ac26bc256f85fe2d54e20e3
                                                                      • Instruction Fuzzy Hash: BC512DB72046CCC7E752DF24D0603ED7795AB69B48F4580A9CFA847386DA2D8987C723
                                                                      Function 000001EF1F238374 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLastError.KERNEL32 ref: 000001EF1F238383
                                                                      • FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,000001EF1F2340D5,?,?,?,?,000001EF1F23B584), ref: 000001EF1F2383B9
                                                                      • FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,000001EF1F2340D5,?,?,?,?,000001EF1F23B584), ref: 000001EF1F2383E6
                                                                      • FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,000001EF1F2340D5,?,?,?,?,000001EF1F23B584), ref: 000001EF1F2383F7
                                                                      • FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,000001EF1F2340D5,?,?,?,?,000001EF1F23B584), ref: 000001EF1F238408
                                                                      • SetLastError.KERNEL32 ref: 000001EF1F238423
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Value$ErrorLast
                                                                      • String ID:
                                                                      • API String ID: 2506987500-0
                                                                      • Opcode ID: afe38cc287240995e2e9d2378547507dd5cbbb9e4fb21f15aad5b3e1c77e3c65
                                                                      • Instruction ID: cb628a18b89aa22b85f405a292570f4a40e779c335e16bdaeeaab43de781e1f3
                                                                      • Opcode Fuzzy Hash: afe38cc287240995e2e9d2378547507dd5cbbb9e4fb21f15aad5b3e1c77e3c65
                                                                      • Instruction Fuzzy Hash: 42115EB3244AC8C3F6549736D6513ED61915F68BA0F0847BC9D364B7D6DE6894C35202
                                                                      Function 000001EF1F1CDB90 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 281COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __std_exception_destroy$ApisFile__std_fs_code_page
                                                                      • String ID: ", "$: "
                                                                      • API String ID: 741338541-747220369
                                                                      • Opcode ID: 3bcd68f9814bb557ea8ccb814301d622da0953480bf9929bb401fa145b300977
                                                                      • Instruction ID: 39d01399b88b81a7f7bb589a6ee23b0b391e256ccdca668342971cf3f8e4d431
                                                                      • Opcode Fuzzy Hash: 3bcd68f9814bb557ea8ccb814301d622da0953480bf9929bb401fa145b300977
                                                                      • Instruction Fuzzy Hash: D5B1AD73700A88C5EB04DF65E0643EC33A1EB65B88F504529EE6D67B9ADF74C596C380
                                                                      Function 000001EF1F2432C8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                      • API String ID: 4061214504-1276376045
                                                                      • Opcode ID: db481cee700add6652efbd16517b6fad29b9a19914f0d4d044d41ba2919793f2
                                                                      • Instruction ID: 3eb0da43ff7ed4d50330478ec2e1a2788e9af35cd992068517d40ecf6fb1db97
                                                                      • Opcode Fuzzy Hash: db481cee700add6652efbd16517b6fad29b9a19914f0d4d044d41ba2919793f2
                                                                      • Instruction Fuzzy Hash: ACF04F322016C8C2EA108B25E45539D5360AFBA761F54132DCE7A496E4CF6CC5CA8741
                                                                      Function 000001EF1F2382D0 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Value
                                                                      • String ID:
                                                                      • API String ID: 3702945584-0
                                                                      • Opcode ID: 57084db86b0836779ab4eb8deac276869c24b17cf807aa1c82de5e2676fed3d6
                                                                      • Instruction ID: ca61afe8c7951cebd1bfc284e8c30f1c08b46b09db323d662029f176fb41d03d
                                                                      • Opcode Fuzzy Hash: 57084db86b0836779ab4eb8deac276869c24b17cf807aa1c82de5e2676fed3d6
                                                                      • Instruction Fuzzy Hash: 5B114CB3240ACDC3FA68A336C4613ED11814FA8760F484BBC5C364A3C2EA6894C35203
                                                                      Function 000001EF1F25D3EC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                      • API String ID: 3215553584-1196891531
                                                                      • Opcode ID: c93d0c80d14289c47e4e012ab7823fd63e1d2ef69c6c82be7162492af36b69b4
                                                                      • Instruction ID: 81d075972f1cbc62a23b408f0554473cbd809de569b1e7d37433be09db62f709
                                                                      • Opcode Fuzzy Hash: c93d0c80d14289c47e4e012ab7823fd63e1d2ef69c6c82be7162492af36b69b4
                                                                      • Instruction Fuzzy Hash: 16815EB3A082C8C6F7655F29D1603ED26A0AB31B48FD5802DDE26572B5D329D9C39F43
                                                                      Function 000001EF1F1F9E10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: __std_exception_destroy
                                                                      • String ID: at line $, column
                                                                      • API String ID: 2453523683-191570568
                                                                      • Opcode ID: aff05fec512d213ac151276bf263aa44aeb80c2bf31a07cec0c790d9dfc7e2bd
                                                                      • Instruction ID: e03f7e274d48ba0718b821b3e1d84c3f78a3f2465a6b45d3d5b9108c1687bb17
                                                                      • Opcode Fuzzy Hash: aff05fec512d213ac151276bf263aa44aeb80c2bf31a07cec0c790d9dfc7e2bd
                                                                      • Instruction Fuzzy Hash: BA51A073604BC4C1EA149B1AE59039E6761FBA5BE0F504229EFA917B9ADF38C4C28740
                                                                      Function 000001EF1F1CC910 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: std::_$GetctypeLocinfo::_Locinfo_ctorLockitLockit::_
                                                                      • String ID: bad locale name
                                                                      • API String ID: 1612978173-1405518554
                                                                      • Opcode ID: 97a67ff78dc1c9865f5140c0fd7da35d8d9f7c34203690876748439388acebb1
                                                                      • Instruction ID: aa6feb2357853a297e5f369d3217eb51e2c21b37821b28c88c73ded5606a5d0b
                                                                      • Opcode Fuzzy Hash: 97a67ff78dc1c9865f5140c0fd7da35d8d9f7c34203690876748439388acebb1
                                                                      • Instruction Fuzzy Hash: 6B514A33702BC8DAFB10DF60E4913EC3365EF64748F544039AE9927A95EB34C5969345
                                                                      Function 000001EF1F220F00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Open
                                                                      • String ID: ?
                                                                      • API String ID: 71445658-1684325040
                                                                      • Opcode ID: 830ab9ef9595898802f36f006ffe69e243d526fd7242f560466c698f4fdd17de
                                                                      • Instruction ID: e3ad19519577db14b58d4eeefb6a368065d2553fb9a471e8b8d6b652bc2c92d2
                                                                      • Opcode Fuzzy Hash: 830ab9ef9595898802f36f006ffe69e243d526fd7242f560466c698f4fdd17de
                                                                      • Instruction Fuzzy Hash: 2E41C473618BC481EB50CB25F48039EB3A0FBA5794F505229FEA942A99DF7CD1C5CB40
                                                                      Function 000001EF1F23A888 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileWrite$ConsoleErrorLastOutput
                                                                      • String ID:
                                                                      • API String ID: 2718003287-0
                                                                      • Opcode ID: 523722e26ffa46449d979bd975143a43a29be3ae997596a7a20ff96f8c1017ee
                                                                      • Instruction ID: 1da18c2fe2323ce59cc8b987f0a5d29c60ded28504b63a71f117bd8ceac8f5bd
                                                                      • Opcode Fuzzy Hash: 523722e26ffa46449d979bd975143a43a29be3ae997596a7a20ff96f8c1017ee
                                                                      • Instruction Fuzzy Hash: CED1CE77B15AC8CAE711CFA9D4402DC37B1FB68B98F04426ACE6997B99DA34C487C701
                                                                      Function 000001EF1F23B248 Relevance: 6.2, APIs: 4, Instructions: 218COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ConsoleErrorLastMode
                                                                      • String ID:
                                                                      • API String ID: 953036326-0
                                                                      • Opcode ID: 051a95757f3cd31bcbf302130b81a7499006cb3b8c40f8426fd2f443c90a72fc
                                                                      • Instruction ID: 724f929c9afce276e0dd688334574af0b0da84af09d0f8bdce7f05389e00a15b
                                                                      • Opcode Fuzzy Hash: 051a95757f3cd31bcbf302130b81a7499006cb3b8c40f8426fd2f443c90a72fc
                                                                      • Instruction Fuzzy Hash: FA91AFB37106D8C6F750CF65D4903ED2BA0BB69B88F58416DDE6A67A85CA38C4C3C712
                                                                      Function 000001EF1F224220 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: EnvironmentInitStringStringsUnicode$Free
                                                                      • String ID:
                                                                      • API String ID: 2488768755-0
                                                                      • Opcode ID: bb1e13abb34d8db19154faf70e7aa504caeaa5a602b499931474da21c2608b90
                                                                      • Instruction ID: 2fca15d10cd15d428e3c065ecdd68928e5fe21ebf83e91c48a4cfdacb57808d7
                                                                      • Opcode Fuzzy Hash: bb1e13abb34d8db19154faf70e7aa504caeaa5a602b499931474da21c2608b90
                                                                      • Instruction Fuzzy Hash: 68514A33A14BC8C2EB108F16E54039D7760FBA9B94F549229EFA903B95DF78D1E28705
                                                                      Function 000001EF1F1E0120 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocalestd::locale::_
                                                                      • String ID:
                                                                      • API String ID: 3698853521-0
                                                                      • Opcode ID: 7fc3597cd9704a6304594a27bb2dfeeca3e59ce2e728f14c12add50f8541c22a
                                                                      • Instruction ID: 387915e5e6e18bcc7b81337637741376f583a54ea100866f03dd64844d8b13f4
                                                                      • Opcode Fuzzy Hash: 7fc3597cd9704a6304594a27bb2dfeeca3e59ce2e728f14c12add50f8541c22a
                                                                      • Instruction Fuzzy Hash: D0413733211BC8C1EA11DB11E8453DD73A4FBA8B94F54063AEEAE177A6DF38C4828711
                                                                      Function 000001EF1F230274 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: f47f5365830de18e31c9f66efcfcebced3ed900e80df05c2fe820f8996efde49
                                                                      • Instruction ID: eb7935da3ba46b5d48f24fad7a31cfa4b201f499709a5d2026e2ecb03d473bca
                                                                      • Opcode Fuzzy Hash: f47f5365830de18e31c9f66efcfcebced3ed900e80df05c2fe820f8996efde49
                                                                      • Instruction Fuzzy Hash: 5F412EB3505AC8C7E752DF25C4203AC3BA4EB59F48F4980A9CE9D47386DA3D8486C327
                                                                      Function 000001EF1F2140C0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                                      • String ID:
                                                                      • API String ID: 1168246061-0
                                                                      • Opcode ID: f751cf97cbdb91efc437d10692cdb5900781dee89e6afe037389110580d2090b
                                                                      • Instruction ID: 25e516466632bd4159ec20ec2a96e48a57ba5988fe26618677cc5e00e1ca77c9
                                                                      • Opcode Fuzzy Hash: f751cf97cbdb91efc437d10692cdb5900781dee89e6afe037389110580d2090b
                                                                      • Instruction Fuzzy Hash: 2A415B33615AC8C0FA25DB15E8503DD6360FBA9B94F58013AAEAD876A5DE38C4C38712
                                                                      Function 000001EF1F1E1DD0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                                      • String ID:
                                                                      • API String ID: 1168246061-0
                                                                      • Opcode ID: deae80201b058b93dee9511eb23f4883bce05ec3d16f28b31309998fe1f492bf
                                                                      • Instruction ID: f353ecbad31ade09ea325f2ceee5a8bafaac5b4fc5af56ba8240d3fdafe60e6b
                                                                      • Opcode Fuzzy Hash: deae80201b058b93dee9511eb23f4883bce05ec3d16f28b31309998fe1f492bf
                                                                      • Instruction Fuzzy Hash: 6E416E33205BC8C1EA16DB15E4513DD63A0FBA8B94F580139AEAE677A6DA38C4C39711
                                                                      Function 000001EF1F214940 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                                      • String ID:
                                                                      • API String ID: 1168246061-0
                                                                      • Opcode ID: 225fe1b72370eebaf99dac6ca4c61f0c7a8ae1283e1f422937767657019483ac
                                                                      • Instruction ID: 4d7e8992dd209353fd7b113e1b1c435038b38e53a47de530efd658190c2ae464
                                                                      • Opcode Fuzzy Hash: 225fe1b72370eebaf99dac6ca4c61f0c7a8ae1283e1f422937767657019483ac
                                                                      • Instruction Fuzzy Hash: A7418E33215BC8C1EA21DF15E4503DD6360FB69B94F59023AAEAD4B7A5DE38C4C38716
                                                                      Function 000001EF1F1F39F0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                                      • String ID:
                                                                      • API String ID: 1168246061-0
                                                                      • Opcode ID: 268a738e79390acd07def2dc4d1be91678e0d7bbd421806bae9408622498fc9b
                                                                      • Instruction ID: 1cd6b26e6cce4e13cc158112d61b0a43b8022439d96080342168af750b012ea6
                                                                      • Opcode Fuzzy Hash: 268a738e79390acd07def2dc4d1be91678e0d7bbd421806bae9408622498fc9b
                                                                      • Instruction Fuzzy Hash: E3417C33201AC8C0EA14DB16E4503DD7760FBA8BA4F58023AEE9D577A5DA38C4878701
                                                                      Function 000001EF1F259BF0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Handle$AddressAttributesCloseErrorFeatureFileLastModulePresentProcProcessor__std_fs_open_handle
                                                                      • String ID:
                                                                      • API String ID: 156590933-0
                                                                      • Opcode ID: ab22cb6cb8c17ed70bd3674071cc7aa31663a6931c8f4e60418ec3b925b4023f
                                                                      • Instruction ID: 5118a73b1d0525bcba6d377558be6955ca359b47a5f910eb457c3b12ed62cb76
                                                                      • Opcode Fuzzy Hash: ab22cb6cb8c17ed70bd3674071cc7aa31663a6931c8f4e60418ec3b925b4023f
                                                                      • Instruction Fuzzy Hash: C31163733155C8C5EA504B25E0843EE76A1EB6A7B1F14162CAE77466F5DA28C4828E02
                                                                      Function 000001EF1F1CEAA0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 207COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: [json.exception.
                                                                      • API String ID: 0-791563284
                                                                      • Opcode ID: 78a245372a77efb9d66b48e9fa9c4a76d7df65eeb5a9fb1c9e82a4d6fda20a11
                                                                      • Instruction ID: 0952733014105455172ecfe92a9df392d045c6283ed409ec1dc69f3b2ccd399c
                                                                      • Opcode Fuzzy Hash: 78a245372a77efb9d66b48e9fa9c4a76d7df65eeb5a9fb1c9e82a4d6fda20a11
                                                                      • Instruction Fuzzy Hash: AD71B073B10BD885F700CB79E4513DD67A1EBA5B94F644229EE6927B9ADB78C0C28340
                                                                      Function 000001EF1F214EC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                      • String ID: bad locale name
                                                                      • API String ID: 3988782225-1405518554
                                                                      • Opcode ID: 81129f2ed46ceabdf519319c58bc1d5dd4462a5f530f5aa7f7f79172de3f4dca
                                                                      • Instruction ID: 4d189afa5b0833fe633ed7bf84aaae0d4f0c41c58a1a90f2ae6953a7933182f6
                                                                      • Opcode Fuzzy Hash: 81129f2ed46ceabdf519319c58bc1d5dd4462a5f530f5aa7f7f79172de3f4dca
                                                                      • Instruction Fuzzy Hash: 15512933701AC8C9EB14DFB1D4913EC33A4EF64B48F484039AE69A7A95DA34C596D34A
                                                                      Function 000001EF1F1F4780 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                      • String ID: bad locale name
                                                                      • API String ID: 3988782225-1405518554
                                                                      • Opcode ID: c85f5f4d0835978807908d786877568eeda184a6032ef30fff5fd87d8d9f5d51
                                                                      • Instruction ID: 9b1f7bcd4914b042131b9bd758dbc30df084d8df1311dffa08df63e6d9146ec4
                                                                      • Opcode Fuzzy Hash: c85f5f4d0835978807908d786877568eeda184a6032ef30fff5fd87d8d9f5d51
                                                                      • Instruction Fuzzy Hash: 55513633302AC8C9EB14DFA1D4903EC33A4EF64B58F444139EE9967A99DA34C5A69305
                                                                      Function 000001EF1F241068 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                      • String ID: ?
                                                                      • API String ID: 1286766494-1684325040
                                                                      • Opcode ID: ee72351df311ff027eaf8af198dd50b8868fef75caf7a1d708de55c1de70a8ab
                                                                      • Instruction ID: b9e12f755f1e3295d9e51b942c2f576ee7f765ff5201a315aee331b6c85422e0
                                                                      • Opcode Fuzzy Hash: ee72351df311ff027eaf8af198dd50b8868fef75caf7a1d708de55c1de70a8ab
                                                                      • Instruction Fuzzy Hash: E441B9333147C8C6FB659B25E4113AD6690EBB4BA4F24423DEE6946AD5DB78C4C38B02
                                                                      Function 000001EF1F23AF20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorFileLastWrite
                                                                      • String ID: U
                                                                      • API String ID: 442123175-4171548499
                                                                      • Opcode ID: 95c1b5a9b453dd21b53d1d3abd175e481a437f6821d85bbfa209bab1ceee3d57
                                                                      • Instruction ID: 2bc7fa2a2504db5ca34e0a45eeb117517754a2b846a07ccce12fbc243fdf3980
                                                                      • Opcode Fuzzy Hash: 95c1b5a9b453dd21b53d1d3abd175e481a437f6821d85bbfa209bab1ceee3d57
                                                                      • Instruction Fuzzy Hash: 00418E73715AC8C6DB208F65E4443EE67A0FBA8784F944139EE9D87B94DB78C482CB41
                                                                      Function 000001EF1F24F198 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ExceptionFileHeaderRaise
                                                                      • String ID: csm
                                                                      • API String ID: 2573137834-1018135373
                                                                      • Opcode ID: 4d2c4101b9d2858735cfea5a09a2e9289d44dfdbc7b24173af3d04f9105eea82
                                                                      • Instruction ID: 51bdf90be36677ee0490e600bc7d5f6d784d6367bec3ca413282e660b46808fc
                                                                      • Opcode Fuzzy Hash: 4d2c4101b9d2858735cfea5a09a2e9289d44dfdbc7b24173af3d04f9105eea82
                                                                      • Instruction Fuzzy Hash: 59112B33214BC882EB218B15F44429E77E4FBA9B94F584225DF9D07BA8DF78C592CB00
                                                                      Function 000001EF1F24D260 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1491364667.000001EF1F1A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001EF1F1A0000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1ef1f1a0000_unique.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AcquireExclusiveLock
                                                                      • String ID: kernel32.dll
                                                                      • API String ID: 4021432409-1793498882
                                                                      • Opcode ID: 48109a9d1cf83396031941df6aeb8639c1bea2b67534f88997658316a4ae9db1
                                                                      • Instruction ID: 82c2d6b5b11480b74b7de202969997202a8bbf63e5feefe14d01761682f96ca0
                                                                      • Opcode Fuzzy Hash: 48109a9d1cf83396031941df6aeb8639c1bea2b67534f88997658316a4ae9db1
                                                                      • Instruction Fuzzy Hash: 3501FB732009C8C2EB518B15E86479D33A0EB36B64F805329CD39522E4DB3A89C6DB02