Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
siveria.exe

Overview

General Information

Sample name:siveria.exe
Analysis ID:1565462
MD5:684b14726c07f5bb3ce6f89cad9a7a76
SHA1:9589893a3ccc46d6457422a9dfe4994388ac47a6
SHA256:8ddc8621f32587bf05d1f5e82c9a0fb0f61866596a67263cd4331639891025ff
Tags:exeuser-joju29
Infos:

Detection

CredGrabber, Meduza Stealer
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Suricata IDS alerts for network traffic
Yara detected CredGrabber
Yara detected Meduza Stealer
AI detected suspicious sample
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Suricata IDS alerts with low severity for network traffic
Terminates after testing mutex exists (may check infected machine status)
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • siveria.exe (PID: 7536 cmdline: "C:\Users\user\Desktop\siveria.exe" MD5: 684B14726C07F5BB3CE6F89CAD9A7A76)
  • cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "45.130.145.152", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt", "build_name": "Mazti", "links": "", "port": 15666}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1562865457.000002574121F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
    00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
      Process Memory Space: siveria.exe PID: 7536JoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
        Process Memory Space: siveria.exe PID: 7536JoeSecurity_CredGrabberYara detected CredGrabberJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.siveria.exe.257413e0000.0.raw.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
            0.2.siveria.exe.257413e0000.0.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-11-30T00:04:05.945323+010020494411A Network Trojan was detected192.168.2.94971245.130.145.15215666TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-11-30T00:04:05.945323+010020508061A Network Trojan was detected192.168.2.94971245.130.145.15215666TCP
              2024-11-30T00:04:06.065547+010020508061A Network Trojan was detected192.168.2.94971245.130.145.15215666TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-11-30T00:04:05.945323+010020508071A Network Trojan was detected192.168.2.94971245.130.145.15215666TCP
              2024-11-30T00:04:06.065547+010020508071A Network Trojan was detected192.168.2.94971245.130.145.15215666TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Found malware configuration
              Source: 0.2.siveria.exe.257413e0000.0.raw.unpackMalware Configuration Extractor: Meduza Stealer {"C2 url": "45.130.145.152", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt", "build_name": "Mazti", "links": "", "port": 15666}
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741457BA0 CryptUnprotectData,LocalFree,0_2_0000025741457BA0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741413A30 BCryptDestroyKey,0_2_0000025741413A30
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741417C20 CryptUnprotectData,LocalFree,0_2_0000025741417C20
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741457EC0 CryptProtectData,LocalFree,0_2_0000025741457EC0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414B5098 CryptProtectData,0_2_00000257414B5098
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414B5060 OpenProcessToken,CryptProtectData,BitBlt,0_2_00000257414B5060
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741458020 BCryptDecrypt,BCryptDecrypt,0_2_0000025741458020
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414583C0 BCryptCloseAlgorithmProvider,0_2_00000257414583C0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741458440 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,Concurrency::cancel_current_task,0_2_0000025741458440
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414B5688 BCryptSetProperty,0_2_00000257414B5688
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414B5668 BCryptOpenAlgorithmProvider,0_2_00000257414B5668
              Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.9:49713 version: TLS 1.2
              Source: siveria.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574149B500 FindClose,FindFirstFileExW,GetLastError,0_2_000002574149B500
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574149B5B0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_000002574149B5B0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414673F0 GetLogicalDriveStringsW,0_2_00000257414673F0
              Source: C:\Users\user\Desktop\siveria.exeFile opened: D:\sources\migration\Jump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: D:\sources\migration\wtr\Jump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.9:49712 -> 45.130.145.152:15666
              Source: Network trafficSuricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.9:49712 -> 45.130.145.152:15666
              Source: global trafficTCP traffic: 192.168.2.9:49712 -> 45.130.145.152:15666
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
              Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
              Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
              Source: Joe Sandbox ViewASN Name: ASBAXETNRU ASBAXETNRU
              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
              Source: unknownDNS query: name: api.ipify.org
              Source: unknownDNS query: name: api.ipify.org
              Source: Network trafficSuricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.9:49712 -> 45.130.145.152:15666
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741464A30 recv,recv,closesocket,WSACleanup,0_2_0000025741464A30
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
              Source: global trafficDNS traffic detected: DNS query: api.ipify.org
              Source: siveria.exe, 00000000.00000003.1562034882.0000025741C90000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1372912460.0000025741C81000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1562133641.0000025741C94000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1562071430.0000025741C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.microsoft.t/Regi
              Source: siveria.exe, 00000000.00000003.1373594803.000002573F99E000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000002.1562505384.000002573F9A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
              Source: siveria.exe, 00000000.00000003.1373594803.000002573F99E000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000002.1562505384.000002573F9A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/X
              Source: siveria.exe, 00000000.00000003.1384405385.00000257417A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.
              Source: siveria.exe, 00000000.00000003.1386314860.000002573F9C1000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1384405385.00000257417A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&cta
              Source: siveria.exe, 00000000.00000003.1384405385.00000257417A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
              Source: siveria.exe, 00000000.00000003.1386314860.000002573F9C1000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1384405385.00000257417A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
              Source: siveria.exe, 00000000.00000003.1374864253.00000257412C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: siveria.exe, 00000000.00000003.1374864253.00000257412C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: siveria.exe, 00000000.00000003.1374864253.00000257412C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: siveria.exe, 00000000.00000003.1386201147.000002573F9F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.microsoft.co
              Source: siveria.exe, 00000000.00000003.1386201147.000002573F9F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.microsoft.corU
              Source: siveria.exe, 00000000.00000003.1384405385.00000257417A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqd4plX4pbW1CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
              Source: siveria.exe, 00000000.00000003.1379901735.0000025742492000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378962971.000002574248A000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378544150.0000025741608000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1381952772.0000025742C73000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1379357422.000002573FA4D000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1379901735.0000025742509000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1379249955.00000257416C0000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378962971.0000025742435000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378544150.00000257416C8000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1380447917.0000025742511000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378962971.000002574243D000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1379456014.000002574130D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
              Source: siveria.exe, 00000000.00000003.1378962971.0000025742445000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: siveria.exe, 00000000.00000003.1378962971.0000025742445000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GNzbMA16ssY5
              Source: siveria.exe, 00000000.00000003.1386314860.000002573F9C1000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1384405385.00000257417A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_e149f5d53c9263616797a13067f7a114fa287709b159d0a5
              Source: siveria.exe, 00000000.00000003.1386314860.000002573F9C1000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1384405385.00000257417A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
              Source: siveria.exe, 00000000.00000003.1379901735.0000025742492000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378962971.000002574248A000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378544150.0000025741608000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1381952772.0000025742C73000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1379357422.000002573FA4D000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1379901735.0000025742509000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1379249955.00000257416C0000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378962971.0000025742435000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378544150.00000257416C8000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1380447917.0000025742511000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378962971.000002574243D000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1379456014.000002574130D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
              Source: siveria.exe, 00000000.00000003.1378962971.0000025742445000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.HCe2hc5EPKfq
              Source: siveria.exe, 00000000.00000003.1378962971.0000025742445000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.oX6J3D7V9Efv
              Source: siveria.exe, 00000000.00000003.1381952772.0000025742C7A000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1380447917.0000025742519000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378544150.0000025741610000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378544150.00000257416D0000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1379901735.000002574249A000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378962971.0000025742445000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: siveria.exe, 00000000.00000003.1378962971.0000025742445000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: siveria.exe, 00000000.00000003.1381952772.0000025742C7A000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1380447917.0000025742519000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378544150.0000025741610000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378544150.00000257416D0000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1379901735.000002574249A000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378962971.0000025742445000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
              Source: siveria.exe, 00000000.00000003.1381952772.0000025742C7A000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1380447917.0000025742519000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378544150.0000025741610000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378544150.00000257416D0000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1379901735.000002574249A000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378962971.0000025742445000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
              Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.9:49713 version: TLS 1.2
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741465B70 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,0_2_0000025741465B70
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741469D30 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,0_2_0000025741469D30
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574146A430 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,0_2_000002574146A430
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414B56F8 NtQuerySystemInformation,0_2_00000257414B56F8
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414B5720 NtQueryObject,0_2_00000257414B5720
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF7564034C0 NtQueryVirtualMemory,NtProtectVirtualMemory,0_2_00007FF7564034C0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414459700_2_0000025741445970
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414668600_2_0000025741466860
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741414B700_2_0000025741414B70
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741465B700_2_0000025741465B70
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574141CA100_2_000002574141CA10
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741412CA00_2_0000025741412CA0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574141ECB00_2_000002574141ECB0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741411B900_2_0000025741411B90
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741482E3C0_2_0000025741482E3C
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574140FE200_2_000002574140FE20
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574144D0800_2_000002574144D080
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414120B00_2_00000257414120B0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741429F800_2_0000025741429F80
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574146D0500_2_000002574146D050
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574145F0200_2_000002574145F020
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414680300_2_0000025741468030
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414463500_2_0000025741446350
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414253100_2_0000025741425310
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574147918C0_2_000002574147918C
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414652400_2_0000025741465240
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574141D5700_2_000002574141D570
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414104500_2_0000025741410450
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414676A00_2_00000257414676A0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574140F7300_2_000002574140F730
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574146C5CB0_2_000002574146C5CB
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574149B5B00_2_000002574149B5B0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414A06580_2_00000257414A0658
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574141E6100_2_000002574141E610
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414198CD0_2_00000257414198CD
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574145C8E00_2_000002574145C8E0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574147A9240_2_000002574147A924
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574147F7E60_2_000002574147F7E6
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574143B7800_2_000002574143B780
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574146A7800_2_000002574146A780
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574147579C0_2_000002574147579C
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741440AC00_2_0000025741440AC0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741431AF00_2_0000025741431AF0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741410A800_2_0000025741410A80
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741455AB00_2_0000025741455AB0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574143BAB00_2_000002574143BAB0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741458B000_2_0000025741458B00
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741486A680_2_0000025741486A68
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741413A300_2_0000025741413A30
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741437CEB0_2_0000025741437CEB
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741454D400_2_0000025741454D40
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741478D500_2_0000025741478D50
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741470D140_2_0000025741470D14
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574148BB900_2_000002574148BB90
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741455EF00_2_0000025741455EF0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741410E800_2_0000025741410E80
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741460E900_2_0000025741460E90
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574141BF400_2_000002574141BF40
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257413E5DB00_2_00000257413E5DB0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574141ADD00_2_000002574141ADD0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574143BDD00_2_000002574143BDD0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741417E700_2_0000025741417E70
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414830B80_2_00000257414830B8
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574147F0D80_2_000002574147F0D8
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574143C0F00_2_000002574143C0F0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257413E70E00_2_00000257413E70E0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414731500_2_0000025741473150
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414761640_2_0000025741476164
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574148C1280_2_000002574148C128
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574149FFBC0_2_000002574149FFBC
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414502C00_2_00000257414502C0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574145E2F00_2_000002574145E2F0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414871D80_2_00000257414871D8
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257413E61800_2_00000257413E6180
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414712200_2_0000025741471220
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414814E40_2_00000257414814E4
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574143B4800_2_000002574143B480
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414665400_2_0000025741466540
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414065100_2_0000025741406510
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414055200_2_0000025741405520
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414083D00_2_00000257414083D0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574148A3C80_2_000002574148A3C8
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414753940_2_0000025741475394
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414563A60_2_00000257414563A6
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574148A44F0_2_000002574148A44F
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574145B4200_2_000002574145B420
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574143C4200_2_000002574143C420
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574146A4300_2_000002574146A430
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414846E40_2_00000257414846E4
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414836A80_2_00000257414836A8
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414427500_2_0000025741442750
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414347200_2_0000025741434720
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414755980_2_0000025741475598
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257413E66100_2_00000257413E6610
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574147666C0_2_000002574147666C
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414886740_2_0000025741488674
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF7564487580_2_00007FF756448758
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF7564167300_2_00007FF756416730
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF75643F7EC0_2_00007FF75643F7EC
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF7564227B00_2_00007FF7564227B0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF7564407B40_2_00007FF7564407B4
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF7564468440_2_00007FF756446844
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF75644C8B40_2_00007FF75644C8B4
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF7564528CC0_2_00007FF7564528CC
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF75643C5500_2_00007FF75643C550
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF7564166E00_2_00007FF7564166E0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF7564473580_2_00007FF756447358
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF7564423EC0_2_00007FF7564423EC
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF75644A4480_2_00007FF75644A448
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF75643A1400_2_00007FF75643A140
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF7564381D00_2_00007FF7564381D0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF7564322E80_2_00007FF7564322E8
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF7564402A80_2_00007FF7564402A8
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF756437F900_2_00007FF756437F90
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF75644FF2C0_2_00007FF75644FF2C
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF75643AF560_2_00007FF75643AF56
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF75643CFA00_2_00007FF75643CFA0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF7564441100_2_00007FF756444110
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF7564230B00_2_00007FF7564230B0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF75645209C0_2_00007FF75645209C
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF756463DA00_2_00007FF756463DA0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF75643CEB20_2_00007FF75643CEB2
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF75643FBF40_2_00007FF75643FBF4
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF756439C100_2_00007FF756439C10
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF756432B970_2_00007FF756432B97
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF756438C300_2_00007FF756438C30
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF756434C300_2_00007FF756434C30
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF756446CD80_2_00007FF756446CD8
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF756449CD80_2_00007FF756449CD8
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF75643F9F00_2_00007FF75643F9F0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF7564139E00_2_00007FF7564139E0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF75644FA900_2_00007FF75644FA90
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF75643CA200_2_00007FF75643CA20
              Source: C:\Users\user\Desktop\siveria.exeCode function: String function: 0000025741416940 appears 41 times
              Source: C:\Users\user\Desktop\siveria.exeCode function: String function: 000002574140E1D0 appears 33 times
              Source: C:\Users\user\Desktop\siveria.exeCode function: String function: 0000025741478254 appears 34 times
              Source: C:\Users\user\Desktop\siveria.exeCode function: String function: 00007FF7564151F0 appears 69 times
              Source: C:\Users\user\Desktop\siveria.exeCode function: String function: 000002574140BA80 appears 32 times
              Source: C:\Users\user\Desktop\siveria.exeCode function: String function: 00000257414286B0 appears 54 times
              Source: classification engineClassification label: mal92.troj.spyw.winEXE@1/0@1/2
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574146B9B0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,0_2_000002574146B9B0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574141E610 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_000002574141E610
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741454D40 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,SysAllocStringByteLen,SysFreeString,SysAllocStringByteLen,SysFreeString,SysStringByteLen,SysStringByteLen,SysFreeString,SysFreeString,0_2_0000025741454D40
              Source: C:\Users\user\Desktop\siveria.exeMutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E69634A500445
              Source: siveria.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\siveria.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: vaultcli.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
              Source: C:\Users\user\Desktop\siveria.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: siveria.exeStatic PE information: Image base 0x140000000 > 0x60000000
              Source: siveria.exeStatic file information: File size 3341824 > 1048576
              Source: siveria.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x2bd800
              Source: siveria.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
              Source: siveria.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
              Source: siveria.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
              Source: siveria.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: siveria.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
              Source: siveria.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
              Source: siveria.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: siveria.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: siveria.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
              Source: siveria.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
              Source: siveria.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
              Source: siveria.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
              Source: siveria.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574141D570 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,0_2_000002574141D570
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574142CAB2 push rdi; retf 0004h0_2_000002574142CAB5
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF75643D8A1 push rdi; ret 0_2_00007FF75643D8A5
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF75643D2C0 push rcx; iretd 0_2_00007FF75643D2C1
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF75643DB8C push rdi; ret 0_2_00007FF75643DB90
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF75643DB93 push rcx; iretd 0_2_00007FF75643DB94
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574145C600 ExitProcess,OpenMutexA,ExitProcess,CreateMutexA,CreateMutexExA,ExitProcess,ReleaseMutex,CloseHandle,0_2_000002574145C600
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574149B500 FindClose,FindFirstFileExW,GetLastError,0_2_000002574149B500
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574149B5B0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_000002574149B5B0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00000257414673F0 GetLogicalDriveStringsW,0_2_00000257414673F0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741479038 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,0_2_0000025741479038
              Source: C:\Users\user\Desktop\siveria.exeFile opened: D:\sources\migration\Jump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: D:\sources\migration\wtr\Jump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696497155j
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696497155
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696497155t
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696497155
              Source: siveria.exe, 00000000.00000002.1562505384.000002573F9B6000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000002.1562865457.0000025741249000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000002.1562865457.000002574121F000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1373594803.000002573F9B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696497155]
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696497155|UE
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696497155o
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696497155
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696497155x
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696497155
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696497155h
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696497155p
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696497155n
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696497155d
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696497155x
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696497155
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696497155
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696497155
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696497155
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696497155}
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155^
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696497155u
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696497155f
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696497155
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696497155z
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696497155t
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696497155s
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696497155}
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696497155~
              Source: siveria.exe, 00000000.00000003.1376733365.0000025741779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696497155x
              Source: C:\Users\user\Desktop\siveria.exeAPI call chain: ExitProcess graph end nodegraph_0-93294
              Source: C:\Users\user\Desktop\siveria.exeAPI call chain: ExitProcess graph end nodegraph_0-93289
              Source: C:\Users\user\Desktop\siveria.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574146A430 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,0_2_000002574146A430
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574149D804 GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_000002574149D804
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574149D804 GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_000002574149D804
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574141D570 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,0_2_000002574141D570
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741489EEC GetProcessHeap,0_2_0000025741489EEC
              Source: C:\Users\user\Desktop\siveria.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741477F68 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0000025741477F68
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF756441E68 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF756441E68
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF756455AC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF756455AC0
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574145B420 ShellExecuteW,0_2_000002574145B420
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_00007FF756449AA0 cpuid 0_2_00007FF756449AA0
              Source: C:\Users\user\Desktop\siveria.exeCode function: EnumSystemLocalesW,0_2_000002574147DAE0
              Source: C:\Users\user\Desktop\siveria.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_0000025741488C04
              Source: C:\Users\user\Desktop\siveria.exeCode function: EnumSystemLocalesW,0_2_0000025741488F60
              Source: C:\Users\user\Desktop\siveria.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00000257414890C8
              Source: C:\Users\user\Desktop\siveria.exeCode function: GetLocaleInfoEx,FormatMessageA,0_2_000002574149B170
              Source: C:\Users\user\Desktop\siveria.exeCode function: GetLocaleInfoW,0_2_000002574147E020
              Source: C:\Users\user\Desktop\siveria.exeCode function: EnumSystemLocalesW,0_2_0000025741489030
              Source: C:\Users\user\Desktop\siveria.exeCode function: GetLocaleInfoW,0_2_0000025741489310
              Source: C:\Users\user\Desktop\siveria.exeCode function: GetLocaleInfoW,0_2_0000025741489518
              Source: C:\Users\user\Desktop\siveria.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0000025741489468
              Source: C:\Users\user\Desktop\siveria.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_000002574148964C
              Source: C:\Users\user\Desktop\siveria.exeCode function: GetLocaleInfoW,0_2_00007FF75644D758
              Source: C:\Users\user\Desktop\siveria.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF75644D88C
              Source: C:\Users\user\Desktop\siveria.exeCode function: GetLocaleInfoW,0_2_00007FF75644D550
              Source: C:\Users\user\Desktop\siveria.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00007FF75644D6A8
              Source: C:\Users\user\Desktop\siveria.exeCode function: GetLocaleInfoW,0_2_00007FF7564491E0
              Source: C:\Users\user\Desktop\siveria.exeCode function: EnumSystemLocalesW,0_2_00007FF75644D1A0
              Source: C:\Users\user\Desktop\siveria.exeCode function: EnumSystemLocalesW,0_2_00007FF75644D270
              Source: C:\Users\user\Desktop\siveria.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF75644D308
              Source: C:\Users\user\Desktop\siveria.exeCode function: EnumSystemLocalesW,0_2_00007FF756448E4C
              Source: C:\Users\user\Desktop\siveria.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00007FF75644CE44
              Source: C:\Users\user\Desktop\siveria.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyNameJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_000002574148F908 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_000002574148F908
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741466150 GetUserNameW,0_2_0000025741466150
              Source: C:\Users\user\Desktop\siveria.exeCode function: 0_2_0000025741482E3C _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_0000025741482E3C

              Stealing of Sensitive Information

              barindex
              Yara detected CredGrabber
              Source: Yara matchFile source: Process Memory Space: siveria.exe PID: 7536, type: MEMORYSTR
              Yara detected Meduza Stealer
              Source: Yara matchFile source: 0.2.siveria.exe.257413e0000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.siveria.exe.257413e0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.1562865457.000002574121F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: siveria.exe PID: 7536, type: MEMORYSTR
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: siveria.exe, 00000000.00000002.1562865457.000002574121F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Electrum-LTC\wallets
              Source: siveria.exe, 00000000.00000002.1562865457.000002574121F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectronCash\config
              Source: siveria.exe, 00000000.00000002.1562865457.0000025741249000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ny1aaXAgMjMuMDEgKHg2NCkgWzIzLjAxXQpNb3ppbGxhIEZpcmVmb3ggKHg2NCBlbi1VUykgWzExOC4wLjFdCk1vemlsbGEgTWFpbnRlbmFuY2UgU2VydmljZSBbMTE4LjAuMV0KTWljcm9zb2Z0IE9mZmljZSBQcm9mZXNzaW9uYWwgUGx1cyAyMDE5IC0gZW4tdXMgWzE2LjAuMTY4MjcuMjAxMzBdCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMjIgWDY0IEFkZGl0aW9uYWwgUnVudGltZSAtIDE0LjM2LjMyNTMyIFsxNC4zNi4zMjUzMl0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBMaWNlbnNpbmcgQ29tcG9uZW50IFsxNi4wLjE2ODI3LjIwMTMwXQpPZmZpY2UgMTYgQ2xpY2stdG8tUnVuIEV4dGVuc2liaWxpdHkgQ29tcG9uZW50IDY0LWJpdCBSZWdpc3RyYXRpb24gWzE2LjAuMTY4MjcuMjAwNTZdCkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkgWzIzLjAwNi4yMDMyMF0KTWljcm9zb2Z0IFZpc3VhbCBDKysgMjAyMiBYNjQgTWluaW11bSBSdW50aW1lIC0gMTQuMzYuMzI1MzIgWzE0LjM2LjMyNTMyXQpHb29nbGUgQ2hyb21lIFsxMTcuMC41OTM4LjEzNF0KTWljcm9zb2Z0IEVkZ2UgWzExNy4wLjIwNDUuNDddCk1pY3Jvc29mdCBFZGdlIFVwZGF0ZSBbMS4zLjE3Ny4xMV0KTWljcm9zb2Z0IEVkZ2UgV2ViVmlldzIgUnVudGltZSBbMTE3LjAuMjA0NS40N10KSmF2YSBBdXRvIFVwZGF0ZXIgWzIuOC4zODEuOV0KSmF2YSA4IFVwZGF0ZSAzODEgWzguMC4zODEwLjldCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMTUtMjAyMiBSZWRpc3RyaWJ1dGFibGUgKHg2NCkgLSAxNC4zNi4zMjUzMiBbMTQuMzYuMzI1MzIuMF0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBFeHRlbnNpYmlsaXR5IENvbXBvbmVudCBbMTYuMC4xNjgyNy4yMDEzMF0K
              Source: siveria.exe, 00000000.00000002.1562865457.000002574121F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Exodus\exodus.wallet
              Source: siveria.exe, 00000000.00000002.1562865457.000002574121F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
              Source: siveria.exe, 00000000.00000002.1562865457.000002574121F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
              Tries to harvest and steal Bitcoin Wallet information
              Source: C:\Users\user\Desktop\siveria.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\siveria.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\siveria.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCKJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Users\user\Desktop\siveria.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

              Remote Access Functionality

              barindex
              Yara detected CredGrabber
              Source: Yara matchFile source: Process Memory Space: siveria.exe PID: 7536, type: MEMORYSTR
              Yara detected Meduza Stealer
              Source: Yara matchFile source: 0.2.siveria.exe.257413e0000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.siveria.exe.257413e0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.1562865457.000002574121F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: siveria.exe PID: 7536, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
              Native API              		1
              DLL Side-Loading              		1
              Exploitation for Privilege Escalation              		1
              Access Token Manipulation              		1
              OS Credential Dumping              		12
              System Time Discovery              		Remote Services1
              Screen Capture              		21
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              Access Token Manipulation              		1
              Deobfuscate/Decode Files or Information              		LSASS Memory31
              Security Software Discovery              		Remote Desktop Protocol1
              Email Collection              		1
              Non-Standard Port              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              DLL Side-Loading              		2
              Obfuscated Files or Information              		Security Account Manager2
              Process Discovery              		SMB/Windows Admin Shares1
              Archive Collected Data              		2
              Ingress Tool Transfer              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              DLL Side-Loading              		NTDS1
              Account Discovery              		Distributed Component Object Model2
              Data from Local System              		2
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
              System Owner/User Discovery              		SSHKeylogging3
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
              System Network Configuration Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync3
              File and Directory Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem34
              System Information Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              No Antivirus matches

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://go.microsoft.corU0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              api.ipify.org
              		104.26.13.205
              		truefalse
                		high
                s-part-0035.t-0009.t-msedge.net
                		13.107.246.63
                		truefalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://api.ipify.org/false
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://duckduckgo.com/chrome_newtabsiveria.exe, 00000000.00000003.1374864253.00000257412C2000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://duckduckgo.com/ac/?q=siveria.exe, 00000000.00000003.1374864253.00000257412C2000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://go.microsoft.cosiveria.exe, 00000000.00000003.1386201147.000002573F9F9000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgsiveria.exe, 00000000.00000003.1386314860.000002573F9C1000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1384405385.00000257417A4000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://api.ipify.org/Xsiveria.exe, 00000000.00000003.1373594803.000002573F99E000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000002.1562505384.000002573F9A1000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&usiveria.exe, 00000000.00000003.1386314860.000002573F9C1000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1384405385.00000257417A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&ctasiveria.exe, 00000000.00000003.1386314860.000002573F9C1000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1384405385.00000257417A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://support.mozilla.org/products/firefoxgro.allizom.troppus.GNzbMA16ssY5siveria.exe, 00000000.00000003.1378962971.0000025742445000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=siveria.exe, 00000000.00000003.1374864253.00000257412C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgsiveria.exe, 00000000.00000003.1384405385.00000257417A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqd4plX4pbW1CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYisiveria.exe, 00000000.00000003.1384405385.00000257417A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://support.mozilla.orgsiveria.exe, 00000000.00000003.1379901735.0000025742492000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378962971.000002574248A000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378544150.0000025741608000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1381952772.0000025742C73000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1379357422.000002573FA4D000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1379901735.0000025742509000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1379249955.00000257416C0000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378962971.0000025742435000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378544150.00000257416C8000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1380447917.0000025742511000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1378962971.000002574243D000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1379456014.000002574130D000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_e149f5d53c9263616797a13067f7a114fa287709b159d0a5siveria.exe, 00000000.00000003.1386314860.000002573F9C1000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1384405385.00000257417A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://ns.microsoft.t/Regisiveria.exe, 00000000.00000003.1562034882.0000025741C90000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1372912460.0000025741C81000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1562133641.0000025741C94000.00000004.00000020.00020000.00000000.sdmp, siveria.exe, 00000000.00000003.1562071430.0000025741C90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brsiveria.exe, 00000000.00000003.1378962971.0000025742445000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.siveria.exe, 00000000.00000003.1384405385.00000257417A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://go.microsoft.corUsiveria.exe, 00000000.00000003.1386201147.000002573F9F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    104.26.13.205
                                                    		api.ipify.orgUnited States
                                                    		13335CLOUDFLARENETUSfalse
                                                    45.130.145.152
                                                    		unknownRussian Federation
                                                    		49392ASBAXETNRUtrue

                                                    General Information

                                                    Joe Sandbox version:41.0.0 Charoite
                                                    Analysis ID:1565462
                                                    Start date and time:2024-11-30 00:03:07 +01:00
                                                    Joe Sandbox product:CloudBasic
                                                    Overall analysis duration:0h 4m 38s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                    Number of analysed new started processes analysed:6
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Sample name:siveria.exe
                                                    Detection:MAL
                                                    Classification:mal92.troj.spyw.winEXE@1/0@1/2
                                                    EGA Information:
                                                    • Successful, ratio: 100%
                                                    HCA Information:
                                                    • Successful, ratio: 99%
                                                    • Number of executed functions: 105
                                                    • Number of non-executed functions: 134
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .exe
                                                    • Stop behavior analysis, all processes terminated

                                                    Warnings

                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
                                                    • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                    • Report size exceeded maximum capacity and may have missing network information.
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                    • VT rate limit hit for: siveria.exe

                                                    Simulations

                                                    Behavior and APIs

                                                    No simulations

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    104.26.13.2052b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                    • api.ipify.org/
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                    • api.ipify.org/
                                                    file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                    • api.ipify.org/
                                                    file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                    • api.ipify.org/
                                                    file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                    • api.ipify.org/
                                                    Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                                                    • api.ipify.org/
                                                    file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                    • api.ipify.org/
                                                    file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                                                    • api.ipify.org/
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                    • api.ipify.org/
                                                    file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, Stealc, VidarBrowse
                                                    • api.ipify.org/

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    api.ipify.orgweWHT1b7JO.dllGet hashmaliciousUnknownBrowse
                                                    • 104.26.13.205
                                                    Employee_Secure_Doc.pdfGet hashmaliciousUnknownBrowse
                                                    • 172.67.74.152
                                                    unique.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                    • 172.67.74.152
                                                    siveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                    • 104.26.12.205
                                                    https://google.lk/url?q=ernie.grue@nationalmi.com&nationalmi.com&sa=t&url=amp/s/i--iy.s3.us-east-1.amazonaws.com/vocabulary.html#ZXJuaWUuZ3J1ZUBuYXRpb25hbG1pLmNvbQ==Get hashmaliciousUnknownBrowse
                                                    • 104.26.12.205
                                                    Employee_Important_Message.pdfGet hashmaliciousUnknownBrowse
                                                    • 104.26.12.205
                                                    9arEd0o4IZ.exeGet hashmaliciousUnknownBrowse
                                                    • 104.26.12.205
                                                    IwSa5fjMWm.exeGet hashmaliciousUnknownBrowse
                                                    • 172.67.74.152
                                                    051qAVqlq9.exeGet hashmaliciousUnknownBrowse
                                                    • 104.26.12.205
                                                    rkGw58sHF5.exeGet hashmaliciousUnknownBrowse
                                                    • 104.26.12.205
                                                    s-part-0035.t-0009.t-msedge.netfile.exeGet hashmaliciousLummaC StealerBrowse
                                                    • 13.107.246.63
                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                    • 13.107.246.63
                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                    • 13.107.246.63
                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                    • 13.107.246.63
                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                    • 13.107.246.63
                                                    https://connect-customization-8722.my.site.com/mystore/Get hashmaliciousHTMLPhisherBrowse
                                                    • 13.107.246.63
                                                    Set-up.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 13.107.246.63
                                                    file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 13.107.246.63
                                                    file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 13.107.246.63
                                                    https://herald-review.com/users/logout-success/?expire=1626371676&referer_url=http://209.159.152.50Get hashmaliciousHTMLPhisherBrowse
                                                    • 13.107.246.63

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                    • 172.67.167.249
                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                    • 172.67.165.166
                                                    file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Nymaim, StealcBrowse
                                                    • 104.21.16.9
                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                    • 104.21.16.9
                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                    • 104.21.16.9
                                                    https://protect.checkpoint.com/v2/r01/___https://clickeu.actmkt.com/xd5/7-ai55b68h-a5f*~*-96gf-biba-/k*~*6/*~*c/kjha?jsw=sffmnfizfgDff9Dfmnfh*~*fgufgwvf8ffs9fmpfijfgvvfDDfrrflpfiyfgEvfrnflffixfgxffCff9nftzflxfiBfgCvf8ffsjfl9fikffCff9vftzfh*~*fimff8vf/vfqjfiffgufg*~*ff8nfrjfl9figfgyvfEnftnfjffinfgzvf8ffsvfmlfiofgxffEnfszflhfitfgCvf9vfszflvfgtfgwvf8DfszfmDfgDfg*~*ffafflffipfgxffBvfsDfrvfiffgvff9ffrnflrfllfgsff8vfrffrjfirfgsff7ffrnfrnflhfgsff9ffEffmffitfgsff7vfEvflDfihfgAff8fftnflzflrfikfgwvfsDfuvfiffgAff9vfqnfrnfihfiiff9ffsfflDflpfgBffBvftnflDfitfgyffBvfsfflzflrfikffBvftfflnflpfgCffBvfEvfmfflpfilfgxvfsffrzflrfihff8vfrvflrfmDfgvffDffrnfkzfllfgxfgwffrvfl9flpfgAfgwffqnfmjfipfiiff7vfqnflvfllfiiff8vfqnfmffllfgwfgwffqnflDfilfgDffEffDDfmffinfgxfgxvfsvfmffijfi9fg*~*ffvnfuvff====___.YzJ1OndhaXRha2VyZXByaW1hcnk6YzpvOjczN2NjZDA5MTMxODVlMzdkYWUzNjFjZjM4Yzg3Y2ZlOjc6ZjRkNToxN2E5YzZkNWIxZGY2MjgxODRlOTdhNmI5MDkxMDNmY2VkOTNmZGVmZWNhODNlZDEwNTdjNGFkZGY2ZGVlMDc5Omg6VDpUGet hashmaliciousUnknownBrowse
                                                    • 162.159.140.160
                                                    https://clienti.documentipostali.it/#/public/email/a703266c-62aa-4024-8f0c-254725c31c25-DD0015830773-D0002973415Get hashmaliciousUnknownBrowse
                                                    • 104.17.25.14
                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                    • 172.67.165.166
                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                    • 104.21.16.9
                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                    • 104.21.16.9
                                                    ASBAXETNRUunique.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                    • 45.130.145.152
                                                    siveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                    • 45.130.145.152
                                                    1732748284fd56a2da13edf4ae4b865c44fa6834581d27eb2edbfe3fc50ef131cb95db5639506.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                    • 45.135.232.38
                                                    mips.elfGet hashmaliciousUnknownBrowse
                                                    • 212.192.15.158
                                                    chelentano.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                    • 45.130.145.152
                                                    m2.exeGet hashmaliciousXmrigBrowse
                                                    • 194.87.31.45
                                                    9RM52QaURq.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                    • 45.130.145.152
                                                    HZ1BUCfTne.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                    • 45.130.145.152
                                                    9RM52QaURq.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                    • 45.130.145.152
                                                    bv2DbIiZeK.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                    • 45.130.145.152

                                                    JA3 Fingerprints

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    37f463bf4616ecd445d4a1937da06e19unique.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                    • 104.26.13.205
                                                    Fortexternal.exeGet hashmaliciousUnknownBrowse
                                                    • 104.26.13.205
                                                    siveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                    • 104.26.13.205
                                                    file.exeGet hashmaliciousClipboard HijackerBrowse
                                                    • 104.26.13.205
                                                    file.exeGet hashmaliciousClipboard HijackerBrowse
                                                    • 104.26.13.205
                                                    pPLD6OSn7O.exeGet hashmaliciousUnknownBrowse
                                                    • 104.26.13.205
                                                    pPLD6OSn7O.exeGet hashmaliciousUnknownBrowse
                                                    • 104.26.13.205
                                                    0b3SUiWz3y.exeGet hashmaliciousUnknownBrowse
                                                    • 104.26.13.205
                                                    ww7Oxm9pwx.exeGet hashmaliciousUnknownBrowse
                                                    • 104.26.13.205
                                                    file.exeGet hashmaliciousVidarBrowse
                                                    • 104.26.13.205

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    No created / dropped files found

                                                    Static File Info

                                                    General

                                                    File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                    Entropy (8bit):4.2279903870873
                                                    TrID:
                                                    • Win64 Executable GUI (202006/5) 92.65%
                                                    • Win64 Executable (generic) (12005/4) 5.51%
                                                    • Generic Win/DOS Executable (2004/3) 0.92%
                                                    • DOS Executable Generic (2002/1) 0.92%
                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                    File name:siveria.exe
                                                    File size:3'341'824 bytes
                                                    MD5:684b14726c07f5bb3ce6f89cad9a7a76
                                                    SHA1:9589893a3ccc46d6457422a9dfe4994388ac47a6
                                                    SHA256:8ddc8621f32587bf05d1f5e82c9a0fb0f61866596a67263cd4331639891025ff
                                                    SHA512:a6cfecead47b0f062e6fcfbed54db6d88fc901c5a0b592d6c249ab813471d87001313ddb6aa3086960cfd984f1be276de529f17cab383efa405db389664447a6
                                                    SSDEEP:49152:KfrmzI7OXBGuJYiMKEJCPrFIltns9QAZi:yM4uKiMZCPrsnbA
                                                    TLSH:0AF5AD6BEE5064F3D874D13488A3036BBA7A7481C37183875798672A5F527E42F3AF84
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N..f...5...5...5.x.4...5.x.4...5.x.4V..5A..4...5A..4...5A..4...52|.4$..52|.4...5By.4...5A..4...5...5...5Ay.4...5AyH5...5Ay.4...

                                                    File Icon

                                                    Icon Hash:00928e8e8686b000

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x140055a30
                                                    Entrypoint Section:.text
                                                    Digitally signed:false
                                                    Imagebase:0x140000000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0x67451F50 [Tue Nov 26 01:07:28 2024 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:6
                                                    OS Version Minor:0
                                                    File Version Major:6
                                                    File Version Minor:0
                                                    Subsystem Version Major:6
                                                    Subsystem Version Minor:0
                                                    Import Hash:de1751741e7d5e07ce98493d3f0130fc

                                                    Entrypoint Preview

                                                    Instruction
                                                    dec eax
                                                    sub esp, 28h
                                                    call 00007F5C747C4BBCh
                                                    dec eax
                                                    add esp, 28h
                                                    jmp 00007F5C747C3F3Fh
                                                    int3
                                                    int3
                                                    dec eax
                                                    sub esp, 28h
                                                    dec ebp
                                                    mov eax, dword ptr [ecx+38h]
                                                    dec eax
                                                    mov ecx, edx
                                                    dec ecx
                                                    mov edx, ecx
                                                    call 00007F5C747C40D2h
                                                    mov eax, 00000001h
                                                    dec eax
                                                    add esp, 28h
                                                    ret
                                                    int3
                                                    int3
                                                    int3
                                                    inc eax
                                                    push ebx
                                                    inc ebp
                                                    mov ebx, dword ptr [eax]
                                                    dec eax
                                                    mov ebx, edx
                                                    inc ecx
                                                    and ebx, FFFFFFF8h
                                                    dec esp
                                                    mov ecx, ecx
                                                    inc ecx
                                                    test byte ptr [eax], 00000004h
                                                    dec esp
                                                    mov edx, ecx
                                                    je 00007F5C747C40D5h
                                                    inc ecx
                                                    mov eax, dword ptr [eax+08h]
                                                    dec ebp
                                                    arpl word ptr [eax+04h], dx
                                                    neg eax
                                                    dec esp
                                                    add edx, ecx
                                                    dec eax
                                                    arpl ax, cx
                                                    dec esp
                                                    and edx, ecx
                                                    dec ecx
                                                    arpl bx, ax
                                                    dec edx
                                                    mov edx, dword ptr [eax+edx]
                                                    dec eax
                                                    mov eax, dword ptr [ebx+10h]
                                                    mov ecx, dword ptr [eax+08h]
                                                    dec eax
                                                    mov eax, dword ptr [ebx+08h]
                                                    test byte ptr [ecx+eax+03h], 0000000Fh
                                                    je 00007F5C747C40CDh
                                                    movzx eax, byte ptr [ecx+eax+03h]
                                                    and eax, FFFFFFF0h
                                                    dec esp
                                                    add ecx, eax
                                                    dec esp
                                                    xor ecx, edx
                                                    dec ecx
                                                    mov ecx, ecx
                                                    pop ebx
                                                    jmp 00007F5C747C3B06h
                                                    int3
                                                    inc eax
                                                    push ebx
                                                    dec eax
                                                    sub esp, 20h
                                                    dec eax
                                                    mov ebx, ecx
                                                    xor ecx, ecx
                                                    call dword ptr [0001563Fh]
                                                    dec eax
                                                    mov ecx, ebx
                                                    call dword ptr [0001562Eh]
                                                    call dword ptr [000155B0h]
                                                    dec eax
                                                    mov ecx, eax
                                                    mov edx, C0000409h
                                                    dec eax
                                                    add esp, 20h
                                                    pop ebx
                                                    dec eax
                                                    jmp dword ptr [00015624h]
                                                    dec eax
                                                    mov dword ptr [esp+00h], ecx

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x327b9c0x64.rdata
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x3320000x1e0.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x32c0000x57e4.pdata
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x3330000x1d38.reloc
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x320ef00x38.rdata
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x3211000x28.rdata
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x320db00x140.rdata
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x6b0000x330.rdata
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x10000x692f00x69400201d673c76ad9fae647f8cd6a278e333False0.4342200489904988data6.181155425260236IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                    .rdata0x6b0000x2bd6960x2bd800300000ebaf95e282a84dafb6aa5f647eunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .data0x3290000x2f1c0x16008e0cf2168d43982c322bc34eed94de2bFalse0.18980823863636365data3.2059756111359152IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .pdata0x32c0000x57e40x58004c0d14150dd6a4ac35b35408d7a8233dFalse0.47767223011363635data5.711183919097264IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .rsrc0x3320000x1e00x2000c1ab865bc43ec75ebd479502575ccefFalse0.525390625data4.700456763479242IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .reloc0x3330000x1d380x1e003d9cd06dc9d02c11c130514ad02ec0c5False0.6712239583333334data6.471011674882192IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                    RT_MANIFEST0x3320600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                    Imports

                                                    DLLImport
                                                    ntdll.dllRtlImageDirectoryEntryToData, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlCompareMemory, NtProtectVirtualMemory, RtlImageNtHeader, NtQueryVirtualMemory, RtlGetNtVersionNumbers
                                                    KERNEL32.dllGetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, FindNextFileW, FindFirstFileExW, FindClose, VirtualFree, VirtualAlloc, GetModuleHandleW, LoadLibraryA, ReadFile, WriteFile, CreateFileW, CloseHandle, GetProcAddress, GetCurrentProcess, VirtualQuery, EnterCriticalSection, GetModuleFileNameW, LeaveCriticalSection, MultiByteToWideChar, ExitProcess, WideCharToMultiByte, GetLastError, DeleteCriticalSection, SetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, GetSystemTimeAsFileTime, HeapAlloc, HeapFree, GetCurrentThreadId, GetStdHandle, GetFileType, FreeEnvironmentStringsW, RaiseException, HeapReAlloc, HeapSize, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, InitializeCriticalSectionAndSpinCount, FreeLibrary, LoadLibraryExW, LCMapStringW, GetLocaleInfoW, IsValidLocale, EnumSystemLocalesW, GetCPInfo, GetStringTypeW, IsValidCodePage, GetACP, GetOEMCP, GetModuleHandleExW, GetConsoleOutputCP, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, GetProcessHeap, SetStdHandle, ReadConsoleW, FlushFileBuffers, WriteConsoleW, QueryPerformanceCounter, GetCurrentProcessId, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, RtlUnwind, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetUserDefaultLCID, InitializeCriticalSectionEx, DecodePointer, LCMapStringEx
                                                    USER32.dllLoadAcceleratorsA, LoadAcceleratorsW
                                                    ADVAPI32.dllGetTokenInformation, OpenProcessToken

                                                    Possible Origin

                                                    Language of compilation systemCountry where language is spokenMap
                                                    EnglishUnited States

                                                    Network Behavior

                                                    Suricata IDS Alerts

                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                    2024-11-30T00:04:05.945323+01002049441ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt1192.168.2.94971245.130.145.15215666TCP
                                                    2024-11-30T00:04:05.945323+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.94971245.130.145.15215666TCP
                                                    2024-11-30T00:04:05.945323+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.94971245.130.145.15215666TCP
                                                    2024-11-30T00:04:06.065547+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.94971245.130.145.15215666TCP
                                                    2024-11-30T00:04:06.065547+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.94971245.130.145.15215666TCP

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Nov 30, 2024 00:04:00.294437885 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:00.414400101 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:00.414504051 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:01.123876095 CET49713443192.168.2.9104.26.13.205
                                                    Nov 30, 2024 00:04:01.123904943 CET44349713104.26.13.205192.168.2.9
                                                    Nov 30, 2024 00:04:01.124007940 CET49713443192.168.2.9104.26.13.205
                                                    Nov 30, 2024 00:04:01.145174026 CET49713443192.168.2.9104.26.13.205
                                                    Nov 30, 2024 00:04:01.145200014 CET44349713104.26.13.205192.168.2.9
                                                    Nov 30, 2024 00:04:02.410986900 CET44349713104.26.13.205192.168.2.9
                                                    Nov 30, 2024 00:04:02.411067963 CET49713443192.168.2.9104.26.13.205
                                                    Nov 30, 2024 00:04:02.487564087 CET49713443192.168.2.9104.26.13.205
                                                    Nov 30, 2024 00:04:02.487581968 CET44349713104.26.13.205192.168.2.9
                                                    Nov 30, 2024 00:04:02.487960100 CET44349713104.26.13.205192.168.2.9
                                                    Nov 30, 2024 00:04:02.488030910 CET49713443192.168.2.9104.26.13.205
                                                    Nov 30, 2024 00:04:02.489217043 CET49713443192.168.2.9104.26.13.205
                                                    Nov 30, 2024 00:04:02.535322905 CET44349713104.26.13.205192.168.2.9
                                                    Nov 30, 2024 00:04:02.866399050 CET44349713104.26.13.205192.168.2.9
                                                    Nov 30, 2024 00:04:02.866465092 CET44349713104.26.13.205192.168.2.9
                                                    Nov 30, 2024 00:04:02.866482019 CET49713443192.168.2.9104.26.13.205
                                                    Nov 30, 2024 00:04:02.866580009 CET49713443192.168.2.9104.26.13.205
                                                    Nov 30, 2024 00:04:02.866864920 CET49713443192.168.2.9104.26.13.205
                                                    Nov 30, 2024 00:04:02.866878986 CET44349713104.26.13.205192.168.2.9
                                                    Nov 30, 2024 00:04:05.945322990 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.065357924 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.065377951 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.065454006 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.065485954 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.065546036 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.065546989 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.065552950 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.065617085 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.065685987 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.065706968 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.065802097 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.065864086 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.065870047 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.065923929 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.065963030 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.066004992 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.185472012 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.185547113 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.185566902 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.185626030 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.185628891 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.185631990 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.185704947 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.185719967 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.185725927 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.185789108 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.185858965 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.185914993 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.185920000 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.185981989 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.186005116 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.186065912 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.186074972 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.186115026 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.186124086 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.186132908 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.186197042 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.305819988 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.305896044 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.305927992 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.305989981 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.306128025 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.306240082 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.306269884 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.306339025 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.306456089 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.306534052 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.306600094 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.306653023 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.306667089 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.306718111 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.306786060 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.306909084 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.306926012 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.306982994 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.307020903 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.307121038 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.307122946 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.307218075 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.307271957 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.307279110 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.307344913 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.307410955 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.307418108 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.307490110 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.307590008 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.307595968 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.307671070 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.307687044 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.307693005 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.307756901 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.307827950 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.307833910 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.307919025 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.307965994 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.307991028 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.308065891 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.308116913 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.308124065 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.308130980 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.308192968 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.308289051 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.308295012 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.308367968 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.426033020 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.426076889 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.426084042 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.426163912 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.426171064 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.426230907 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.426294088 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.426311016 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.426378012 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.426465988 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.426501036 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.426548958 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.426619053 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.426655054 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.426691055 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.426762104 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.426815033 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.426868916 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.426928997 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.426947117 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.426980019 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.427042007 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.427047968 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.427097082 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.427103043 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.427155972 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.427182913 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.427223921 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.427284002 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.427331924 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.427395105 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.427411079 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.427490950 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.427510023 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.427544117 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.427589893 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.427664042 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.427670002 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.427722931 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.427777052 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.427818060 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.427906990 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.427910089 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.427962065 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.428030014 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.428056955 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.428065062 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.428128004 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.428183079 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.428273916 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.428361893 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.428365946 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.428401947 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.428479910 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.428553104 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.428561926 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.428618908 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.428683043 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.428689957 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.428755999 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.428808928 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.428814888 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.428879976 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.428949118 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.428956032 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.429022074 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.429104090 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.429111958 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.429209948 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.429225922 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.429241896 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.429306030 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.429362059 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.429368019 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.429430008 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.429519892 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.429526091 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.429565907 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.429570913 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.429580927 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.429619074 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.429662943 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.429668903 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.429735899 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.429738998 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.429742098 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.429811001 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.429828882 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.429835081 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.429889917 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.429891109 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.429894924 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.429963112 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.429975986 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.429981947 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.430042982 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.430078030 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.430084944 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.430125952 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.430162907 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.430177927 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.430203915 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.430243015 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.430249929 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.430254936 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.430308104 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.546191931 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.546199083 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.546282053 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.546317101 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.546329975 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.546375990 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.546422005 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.546643019 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.546705961 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.546804905 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.546808958 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.546818972 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.546823025 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.546828032 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.546888113 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.546900034 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.546962976 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.547044992 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.547079086 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.547084093 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.547142029 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.547198057 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.547204018 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.547270060 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.547367096 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.547373056 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.547460079 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.547523022 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.547667027 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.547704935 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.547769070 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.547776937 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.547830105 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.547986984 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.547991991 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.548068047 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.548068047 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.548149109 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.548223972 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.548376083 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.548433065 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.548487902 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.548496962 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.548543930 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.548607111 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.548683882 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.548687935 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.548768997 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.548849106 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.548854113 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.548913956 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.549074888 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.549196005 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.549268007 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.549313068 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.549323082 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.549354076 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.549355984 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.549386024 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.549429893 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.549431086 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.549489975 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.549559116 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.549561024 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.549626112 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.549690008 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.549751043 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.549928904 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.549978971 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.549988985 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.550041914 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.550086975 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.550317049 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.550335884 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.550348043 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.550368071 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.550405979 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.550421953 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.550441027 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.550492048 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.550538063 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.550542116 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.550550938 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.550612926 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.550616026 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.550620079 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.550693989 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.550733089 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.550740004 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.550755978 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.550798893 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.550808907 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.550826073 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.550867081 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.550951004 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.550990105 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551002979 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551012993 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551062107 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.551104069 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551109076 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551129103 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.551167965 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551172972 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.551268101 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551273108 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551337004 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.551413059 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551455975 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551460981 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551470995 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551476955 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551496029 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551529884 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.551578045 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.551585913 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551592112 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551600933 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551646948 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.551666975 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551671982 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551706076 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551742077 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.551745892 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551786900 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.551815987 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.551821947 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551827908 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551857948 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551887035 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.551917076 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.551919937 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.552028894 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.552063942 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.552131891 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.552136898 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.552171946 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.552197933 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.552232027 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.552258968 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.552275896 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.552309990 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.552329063 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.552355051 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.552371979 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.552412987 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.552463055 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.552500010 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.552604914 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.552668095 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.552673101 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.552746058 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.552748919 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.552752972 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.552813053 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.552843094 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.552848101 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.552910089 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.552939892 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.552944899 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553000927 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.553067923 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553253889 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553263903 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553267956 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553318024 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.553345919 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553350925 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553360939 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553364992 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553407907 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.553436041 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553441048 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553443909 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.553487062 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553502083 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.553502083 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553544998 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.553579092 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.553599119 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553603888 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553675890 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.553675890 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553680897 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553741932 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553746939 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553750038 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.553838968 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.553843975 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553849936 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553889990 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553920984 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.553936005 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.553957939 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.553976059 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.554001093 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.554007053 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.554084063 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.554102898 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.554107904 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.554172993 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.554267883 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.554332972 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.554337978 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.554347038 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.554394960 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.554423094 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.554428101 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.554497957 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.666408062 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.666426897 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.666511059 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.666548967 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.666554928 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.666651964 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.666663885 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.666666985 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.666724920 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.666805983 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.666832924 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.666937113 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.667010069 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.667016029 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.667089939 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.667130947 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.667164087 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.667223930 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.667331934 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.667336941 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.667418003 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.667433023 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.667465925 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.667555094 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.667572975 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.667596102 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.667685032 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.667701960 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.667762995 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.667819977 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.667879105 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.667912960 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.667975903 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.668000937 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.668028116 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.668102026 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.668102980 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.668142080 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.668203115 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.668262005 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.668308973 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.668401957 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.668409109 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.668422937 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.668509960 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.668517113 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.668546915 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.668665886 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.668709040 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.668714046 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.668790102 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.668823957 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.668869972 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.668922901 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.668925047 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.669004917 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.669048071 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.669151068 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.669157028 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.669214964 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.669261932 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.669267893 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.669318914 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.669415951 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.669421911 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.669518948 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.669590950 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.669610977 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.669656992 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.669713020 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.669718027 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.669778109 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.669784069 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.669863939 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.669945002 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.669981003 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.669986963 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.670049906 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.670079947 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.670114994 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.670161963 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.670195103 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.670243979 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.670316935 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.670344114 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.670388937 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.670449972 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.670483112 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.670519114 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.670583010 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.670625925 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.670679092 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.670736074 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.670800924 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.670905113 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.670978069 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.671000957 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.671008110 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.671061993 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.671144962 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.671149969 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.671216011 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.671307087 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.671318054 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.671438932 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.671452045 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.671457052 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.671513081 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.671533108 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.671555996 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.671633005 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.671658993 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.671693087 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.671729088 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.671752930 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.671808004 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.671879053 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.671941042 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.671982050 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.672055960 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.672096014 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.672106981 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.672141075 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.672184944 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.672219038 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.672354937 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.672358990 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.672425985 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.672456980 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.672561884 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.672579050 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.672640085 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.672738075 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.672791958 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.672863960 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.672895908 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.672921896 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.673011065 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.673064947 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.673069954 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.673136950 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.673161030 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.673201084 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.673276901 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.673341990 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.673389912 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.673460960 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.673500061 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.673567057 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.673620939 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.673645020 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.673692942 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.673713923 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.673758030 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.673764944 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.673826933 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.673888922 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.673893929 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.673986912 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.674057007 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.674062014 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.674110889 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.674182892 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.674187899 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.674247026 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.674259901 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.674293995 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.674375057 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.674376965 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.674390078 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.674447060 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.674505949 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.674550056 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.674619913 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.674653053 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.674681902 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.674742937 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.674796104 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.674801111 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.674860954 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.674894094 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.674943924 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.674989939 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.675018072 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.675024986 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.675057888 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.675095081 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.675163031 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.675187111 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.675244093 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.675327063 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.675332069 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.675410986 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.675456047 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.675461054 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.675523996 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.675529003 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.675556898 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.675622940 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.675658941 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.675664902 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.675726891 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.675785065 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.675796032 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.675864935 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.675925016 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.675929070 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.675987959 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.675991058 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.676100016 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.676112890 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.676129103 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.676170111 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.676187992 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.676282883 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.676287889 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.676358938 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.676361084 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.676397085 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.676464081 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.676538944 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.676543951 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.676611900 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.676613092 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.676656961 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.676759958 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.676772118 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.676773071 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.676841021 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.676899910 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.676904917 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.676983118 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.677016973 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.677045107 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.677139044 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.677160978 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.677165031 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.677242041 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.677265882 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.677272081 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.677335024 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.677423000 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.677489996 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.677536011 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.677563906 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.677573919 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.677623987 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.677647114 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.677716017 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.677727938 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.677772999 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.677824974 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.677829981 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.677906036 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.677947044 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.677952051 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.678041935 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.678042889 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.678061008 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.678128004 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.678158045 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.678163052 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.678276062 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.678303957 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.678333998 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.678365946 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.678425074 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.678441048 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.678498983 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.678529978 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.678572893 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.678658009 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.678704977 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.678710938 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.678783894 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.678802013 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.678816080 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.678878069 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.678921938 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.678926945 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.678982973 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.679044962 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.679049969 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.679105043 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.679111004 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.679142952 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.679203987 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.679214954 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.679254055 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.679362059 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.679414034 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.679419041 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.679483891 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.679486990 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.679488897 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.679555893 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.679613113 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.679616928 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.679703951 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.679708004 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.679709911 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.679766893 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.679826975 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.679831982 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.679902077 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.679928064 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.679939032 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.680002928 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.680035114 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.680038929 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.680110931 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.680126905 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.680134058 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.680193901 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.680232048 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.680253029 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.680346012 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.680363894 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.680370092 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.680427074 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.680505037 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.680584908 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.680589914 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.680608034 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.680660963 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.680721998 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.680727005 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.680784941 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.680804014 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.680855036 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.680912018 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.680922985 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.680952072 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.680960894 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.681015015 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.681066990 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.681071997 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.681163073 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.681168079 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.681173086 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.681233883 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.681261063 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.681272984 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.681330919 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.681375980 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.681392908 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.681487083 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.681493998 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.681499958 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.681580067 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.681632042 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.681637049 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.681668043 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.681710958 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.681739092 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.717637062 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.717889071 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.786664009 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.786679983 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.786787033 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.786848068 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.786854029 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.786928892 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.787048101 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.787101984 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.787180901 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.787205935 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.787230015 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.787293911 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.787328959 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.787354946 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.787430048 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.787501097 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.787506104 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.787559032 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.787564993 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.787636995 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.787648916 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.787653923 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.787674904 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.787717104 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.787736893 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.787785053 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.787790060 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.787812948 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.787848949 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.787883043 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.787920952 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.787986040 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.787991047 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.788028002 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.788096905 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.788136959 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.788187981 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.788242102 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.788310051 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.788425922 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.788491964 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.788552046 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.788593054 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.788655996 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.788703918 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.788846970 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.788908958 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.789124012 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.789211035 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.789271116 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.789321899 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.789371967 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.789427042 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.789515972 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.789556980 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.789634943 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.789684057 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.789798021 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.789853096 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.789858103 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.789974928 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.790024042 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.790049076 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.790154934 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.790209055 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.790219069 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.790381908 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.790438890 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.790452003 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.790597916 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.790663004 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.790764093 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.790911913 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.790957928 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.790975094 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.791130066 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.791199923 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.791295052 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.791388988 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.791496992 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.791538954 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.791661024 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.791707039 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.791719913 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.791768074 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.791819096 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.791878939 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.791882038 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.792009115 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.792061090 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.792113066 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.792248964 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.792282104 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.792331934 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.792335033 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.792427063 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.792510986 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.792557001 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.792656898 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.792726040 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.792756081 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.792886019 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.792917967 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.792942047 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.792989969 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.793111086 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.793169975 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.793174028 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.793193102 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.793226957 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.793358088 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.793361902 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.793431044 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.793483973 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.793518066 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.793572903 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.793598890 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.793603897 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.793677092 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.793732882 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.793737888 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.793798923 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.793803930 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.793823957 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.793899059 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.793986082 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.793991089 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.794039965 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.794071913 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.794078112 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.794132948 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.794202089 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.794208050 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.794260025 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.794323921 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.794328928 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.794384956 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.794389009 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.794470072 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.794512987 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.794521093 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.794548035 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.794564962 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.794605970 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.794655085 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.794841051 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.794863939 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.794867992 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.794887066 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.794919968 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.794924021 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.794941902 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.794996977 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.795038939 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.795052052 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.795104980 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.795181036 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.795186043 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.795243979 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.795278072 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.795360088 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.795442104 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.795445919 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.795448065 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.795497894 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.795571089 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.795576096 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.795635939 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.795727015 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.795732975 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.795782089 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.795787096 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.795815945 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.795836926 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.795948982 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.795954943 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.796003103 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.796099901 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.796104908 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.796173096 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.796216011 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.796277046 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.796281099 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.796343088 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.796367884 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.796425104 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.796591997 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.796622992 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.796726942 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.796813965 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.796865940 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.796947002 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.796948910 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.797025919 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.797072887 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.797323942 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.797343969 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.797420025 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.797626972 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.797638893 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.797693014 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.797715902 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.797720909 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.797795057 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.797841072 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.797890902 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.797981024 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.797985077 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.798032045 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.798089027 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.798099995 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.798122883 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.798150063 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.798255920 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.798260927 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.798322916 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.798373938 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.798377991 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.798453093 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.798516035 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.798521042 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.798583984 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.798625946 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.798666954 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.798742056 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.798791885 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.798798084 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.798824072 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.798844099 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.798871994 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.798877001 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.798954010 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.798959017 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.799009085 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.799060106 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.799091101 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.799169064 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.799216032 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.799263954 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.799325943 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.799359083 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.799381018 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.799407959 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.799510956 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.799515963 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.799570084 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.799582005 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.799613953 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.799695015 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.799745083 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.799758911 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.799833059 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.799873114 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.799911022 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.799963951 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.800044060 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.800101042 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.800132990 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.800162077 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.800213099 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.800261974 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.800292969 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.800370932 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.800421953 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.800431967 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.800494909 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.800508976 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.800514936 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.800584078 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.800642014 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.800647020 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.800712109 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.800878048 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.800883055 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.800951004 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.801157951 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.801178932 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.801258087 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.801273108 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.801316023 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.801350117 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.801382065 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.801403046 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.801466942 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.801484108 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.801491022 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.801539898 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.801639080 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.801676035 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.801729918 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.801785946 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.801860094 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.801867008 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.801892042 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.801927090 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.801945925 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.801994085 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802022934 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802073002 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802073956 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.802109957 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802187920 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.802192926 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802201033 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802261114 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.802287102 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802292109 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802355051 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.802376032 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802381039 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802436113 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802438021 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.802440882 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802520037 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.802536011 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802548885 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802596092 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802598000 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.802634001 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802699089 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802700996 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.802704096 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802764893 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.802788019 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802793026 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802836895 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.802889109 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802894115 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802939892 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802946091 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.802977085 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.803005934 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.803076982 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803081989 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803128004 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.803128958 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803134918 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803177118 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.803235054 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803246021 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803277016 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803283930 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803334951 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.803378105 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803391933 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803423882 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803452969 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.803512096 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803520918 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803528070 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.803564072 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803565025 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.803653955 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.803672075 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803687096 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803704977 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803709030 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803731918 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.803750992 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.803797960 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803802013 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803848982 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803853035 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803859949 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.803908110 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.803982019 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803992033 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.803997993 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804019928 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804038048 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.804064035 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.804071903 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804090977 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.804099083 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804127932 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.804145098 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804188967 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.804239035 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804243088 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804282904 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804287910 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804301023 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.804336071 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.804354906 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804450989 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804455996 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804506063 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.804562092 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804570913 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804622889 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.804629087 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804635048 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804723978 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.804723978 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804737091 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804842949 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.804856062 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804867029 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804884911 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804889917 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804924011 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804925919 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.804966927 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.804975986 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.804986954 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.805059910 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805063009 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805109978 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.805195093 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805212021 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805229902 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805233002 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805249929 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805253983 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805289984 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.805290937 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805315971 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.805329084 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805381060 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.805404902 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805409908 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805457115 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805461884 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805475950 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.805510044 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.805545092 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805548906 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805602074 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.805615902 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805620909 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805670977 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.805713892 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805718899 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805764914 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805768967 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805774927 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.805821896 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.805881977 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805886030 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805896044 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805898905 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805933952 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.805979013 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805984974 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.805986881 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.806018114 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806036949 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806056976 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.806088924 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.806113958 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806119919 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806163073 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806169033 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.806183100 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806261063 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806266069 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806271076 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.806318998 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.806327105 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806333065 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806407928 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.806436062 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806444883 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806464911 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806468964 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806520939 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.806610107 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806615114 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806632042 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806644917 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806663990 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806668043 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806696892 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.806751013 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.806751966 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806756973 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806819916 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806823969 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806864977 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.806866884 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806915998 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806982994 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.806988001 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807019949 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.807025909 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807090044 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807090998 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.807178020 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.807215929 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807229996 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807301044 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.807318926 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807324886 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807398081 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807398081 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.807403088 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807454109 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.807472944 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807478905 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807523966 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.807549953 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807554007 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807600021 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.807631016 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807636023 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807661057 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807691097 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807692051 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.807733059 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.807758093 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807776928 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807837009 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807841063 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.807842016 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807895899 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.807939053 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807944059 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.807976007 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808010101 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.808068037 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.808068991 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808074951 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808140039 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.808160067 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808165073 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808173895 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808226109 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.808238983 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808245897 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808257103 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808260918 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808316946 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.808357000 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808362007 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808371067 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808376074 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808424950 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.808454037 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808459044 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808492899 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808515072 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.808527946 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808538914 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808549881 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.808592081 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808662891 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.808693886 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808697939 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808732033 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808753014 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.808779001 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808816910 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.808878899 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.808934927 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.837999105 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.839134932 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.839230061 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.881014109 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.881299019 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.881386995 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.935600996 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.935627937 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.936089993 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.936186075 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.936249018 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.936299086 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.936362028 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.936413050 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.936470985 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.936522961 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.936570883 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.936630011 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.936681032 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.936753035 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.936808109 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.936865091 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.936917067 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.936975002 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.937026024 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.937092066 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.937140942 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.937197924 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.937251091 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.937318087 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.937349081 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.938643932 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.938746929 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.970431089 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:06.970700979 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.970788956 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:06.970839024 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.001488924 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:07.001873970 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.001996040 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.002037048 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.045084953 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:07.045259953 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.045341969 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.076891899 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:07.077161074 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.077238083 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.077300072 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.077380896 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.077436924 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.077493906 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.077555895 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.077611923 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.077665091 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.077730894 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.077785969 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.077860117 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.077917099 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.077975035 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.090805054 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:07.093687057 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.093780994 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.093831062 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.093890905 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.093956947 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.094027042 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.094082117 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.094146013 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.094202042 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.094266891 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.122149944 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:07.122512102 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.122601986 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.122664928 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.165100098 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:07.167932987 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.168035030 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.168071032 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.197386026 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:07.199743032 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.209743023 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:07.210707903 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:07.211033106 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.211102009 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.211162090 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.211239100 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.211288929 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.211354971 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.211411953 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.211461067 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.211518049 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.211580038 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.211627007 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.211699963 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.211752892 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.211816072 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.211867094 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.211929083 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.211956024 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.213807106 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:07.215670109 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.257061005 CET156664971245.130.145.152192.168.2.9
                                                    Nov 30, 2024 00:04:07.259955883 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.260046005 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.260106087 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.260174990 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.260236025 CET4971215666192.168.2.945.130.145.152
                                                    Nov 30, 2024 00:04:07.260315895 CET4971215666192.168.2.945.130.145.152

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Nov 30, 2024 00:04:00.974044085 CET192.168.2.91.1.1.10x3b21Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Nov 30, 2024 00:03:56.133637905 CET1.1.1.1192.168.2.90xfd44No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                    Nov 30, 2024 00:03:56.133637905 CET1.1.1.1192.168.2.90xfd44No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                    Nov 30, 2024 00:04:01.111845970 CET1.1.1.1192.168.2.90x3b21No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                    Nov 30, 2024 00:04:01.111845970 CET1.1.1.1192.168.2.90x3b21No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                    Nov 30, 2024 00:04:01.111845970 CET1.1.1.1192.168.2.90x3b21No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false

                                                    HTTPS Proxied Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.949713104.26.13.2054437536C:\Users\user\Desktop\siveria.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-11-29 23:04:02 UTC100OUTGET / HTTP/1.1
                                                    Accept: text/html; text/plain; */*
                                                    Host: api.ipify.org
                                                    Cache-Control: no-cache
                                                    2024-11-29 23:04:02 UTC424INHTTP/1.1 200 OK
                                                    Date: Fri, 29 Nov 2024 23:04:02 GMT
                                                    Content-Type: text/plain
                                                    Content-Length: 12
                                                    Connection: close
                                                    Vary: Origin
                                                    CF-Cache-Status: DYNAMIC
                                                    Server: cloudflare
                                                    CF-RAY: 8ea63c08db618c53-EWR
                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1844&min_rtt=1836&rtt_var=705&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=738&delivery_rate=1532808&cwnd=213&unsent_bytes=0&cid=ad9d49e5816f4a77&ts=466&x=0"
                                                    2024-11-29 23:04:02 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 32 32 38
                                                    Data Ascii: 8.46.123.228


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:18:03:59
                                                    Start date:29/11/2024
                                                    Path:C:\Users\user\Desktop\siveria.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Users\user\Desktop\siveria.exe"
                                                    Imagebase:0x7ff756400000
                                                    File size:3'341'824 bytes
                                                    MD5 hash:684B14726C07F5BB3CE6F89CAD9A7A76
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000000.00000002.1562865457.000002574121F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:low
                                                    Has exited:true

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:6.3%
                                                      Dynamic/Decrypted Code Coverage:88.6%
                                                      Signature Coverage:23.8%
                                                      Total number of Nodes:2000
                                                      Total number of Limit Nodes:33
                                                      execution_graph 91520 2574144a41b 91521 2574144a433 _Receive_impl 91520->91521 91522 2574144a515 _Receive_impl 91521->91522 91525 2574144a8d0 91521->91525 91646 2574148e860 91522->91646 91524 2574144a543 91582 25741460040 91525->91582 91527 2574144a93f memcpy_s 91528 2574144a97e GetModuleFileNameW 91527->91528 91529 2574144a9c0 91528->91529 91529->91529 91653 25741416940 91529->91653 91531 2574144a9dd 91532 25741416940 65 API calls 91531->91532 91533 2574144abfe 91532->91533 91665 25741416bd0 91533->91665 91535 2574144ac0c 91677 25741425fd0 68 API calls 91535->91677 91537 2574144ac26 91538 25741416940 65 API calls 91537->91538 91539 2574144ae9d 91538->91539 91540 25741416bd0 65 API calls 91539->91540 91541 2574144aeab 91540->91541 91678 25741425fd0 68 API calls 91541->91678 91543 2574144aec6 91544 25741416940 65 API calls 91543->91544 91545 2574144b13e 91544->91545 91679 2574140d4a0 65 API calls 91545->91679 91547 2574144b15a 91680 25741425fd0 68 API calls 91547->91680 91549 2574144b16f 91550 25741416940 65 API calls 91549->91550 91551 2574144b61d 91550->91551 91552 25741416bd0 65 API calls 91551->91552 91553 2574144b62e 91552->91553 91681 25741425fd0 68 API calls 91553->91681 91555 2574144b64c 91556 25741416940 65 API calls 91555->91556 91557 2574144b8dd 91556->91557 91558 25741416bd0 65 API calls 91557->91558 91559 2574144b8ee 91558->91559 91682 25741425fd0 68 API calls 91559->91682 91561 2574144b90c 91562 25741416940 65 API calls 91561->91562 91563 2574144bb90 91562->91563 91564 25741416bd0 65 API calls 91563->91564 91565 2574144bba1 91564->91565 91683 25741425fd0 68 API calls 91565->91683 91567 2574144bbbf 91568 25741416940 65 API calls 91567->91568 91569 2574144bdaa 91568->91569 91570 25741416bd0 65 API calls 91569->91570 91571 2574144bdbb 91570->91571 91684 25741425fd0 68 API calls 91571->91684 91573 2574144bdd9 91574 25741416940 65 API calls 91573->91574 91575 2574144c0ef 91574->91575 91576 25741416bd0 65 API calls 91575->91576 91577 2574144c100 91576->91577 91685 25741425fd0 68 API calls 91577->91685 91579 2574144c11e 91686 2574140cf70 91579->91686 91583 257414600d3 91582->91583 91690 2574140d810 91583->91690 91585 257414600f8 _Receive_impl 91587 25741460647 91585->91587 91699 2574140eaf0 91585->91699 91809 2574140e240 68 API calls Concurrency::cancel_current_task 91587->91809 91589 25741460164 memcpy_s 91601 257414601a6 91589->91601 91705 2574142a910 91589->91705 91591 2574148e860 _Strcoll 3 API calls 91593 25741460239 91591->91593 91592 25741460289 91594 257414602cd 91592->91594 91595 25741460539 91592->91595 91593->91527 91722 257414256a0 91594->91722 91808 257414212f0 65 API calls 91595->91808 91596 2574146066f 91810 2574140cdc0 65 API calls 91596->91810 91600 25741460302 91605 257414603a2 91600->91605 91606 2574146031f 91600->91606 91601->91587 91645 25741460207 _Receive_impl 91601->91645 91602 25741460696 91811 25741490e88 91602->91811 91604 257414606a7 91816 2574140cdc0 65 API calls 91604->91816 91729 2574146c0b0 91605->91729 91606->91596 91608 25741460351 91606->91608 91610 257414213a0 69 API calls 91608->91610 91609 257414603b6 91616 257414603cd 91609->91616 91617 25741460450 91609->91617 91612 2574146035e 91610->91612 91615 25741423ff0 65 API calls 91612->91615 91613 257414606d0 91618 2574146037e 91615->91618 91616->91604 91620 257414603ff 91616->91620 91619 2574146c0b0 65 API calls 91617->91619 91782 25741414ac0 65 API calls 91618->91782 91622 25741460464 91619->91622 91744 257414213a0 91620->91744 91625 2574146c0b0 65 API calls 91622->91625 91645->91591 91647 2574148e869 91646->91647 91648 2574148ec3c IsProcessorFeaturePresent 91647->91648 91649 2574148e874 91647->91649 91650 2574148ec54 91648->91650 91649->91524 92795 2574148ee34 RtlCaptureContext RtlLookupFunctionEntry capture_previous_context 91650->92795 91652 2574148ec67 91652->91524 91655 25741416966 91653->91655 91661 25741416a64 91653->91661 91656 25741416a5f 91655->91656 91658 257414169ca 91655->91658 91659 25741416a22 91655->91659 91664 25741416971 ctype 91655->91664 92796 2574140b820 65 API calls 2 library calls 91656->92796 91658->91656 91662 257414169d7 91658->91662 91660 2574148e888 std::_Facet_Register 65 API calls 91659->91660 91660->91664 92797 2574140b8e0 65 API calls 91661->92797 91663 2574148e888 std::_Facet_Register 65 API calls 91662->91663 91663->91664 91664->91531 91666 25741416bfe 91665->91666 91670 25741416cb4 91666->91670 91671 25741416c1a ctype 91666->91671 91672 25741416cf3 91666->91672 91673 25741416c8d 91666->91673 91676 25741416c9e 91666->91676 91674 2574148e888 std::_Facet_Register 65 API calls 91670->91674 91671->91535 92799 2574140b8e0 65 API calls 91672->92799 91675 2574148e888 std::_Facet_Register 65 API calls 91673->91675 91673->91676 91674->91671 91675->91676 91676->91671 92798 2574140b820 65 API calls 2 library calls 91676->92798 91677->91537 91678->91543 91679->91547 91680->91549 91681->91555 91682->91561 91683->91567 91684->91573 91685->91579 91687 2574140cf8d 91686->91687 91688 25741490e88 Concurrency::cancel_current_task 2 API calls 91687->91688 91689 2574140cf9e 91688->91689 91693 2574140d850 91690->91693 91691 2574140d97a 91692 25741416bd0 65 API calls 91691->91692 91694 2574140d982 91692->91694 91693->91691 91696 2574140d896 91693->91696 91819 2574140d140 91694->91819 91698 2574140d8fa ctype 91696->91698 91818 2574142ec90 65 API calls 4 library calls 91696->91818 91698->91585 91700 2574140eb21 91699->91700 91837 2574149b5b0 91700->91837 91703 2574148e860 _Strcoll 3 API calls 91704 2574140ebc2 91703->91704 91704->91589 91885 25741424ab0 91705->91885 91712 2574142aa1f 91911 25741423520 61 API calls _Strcoll 91712->91911 91713 2574142aaa8 91721 2574142aa58 91713->91721 91913 2574140cdc0 65 API calls 91713->91913 91716 2574142aa31 91912 257414278a0 92 API calls 4 library calls 91716->91912 91717 2574142ab12 91719 25741490e88 Concurrency::cancel_current_task 2 API calls 91717->91719 91720 2574142ab23 91719->91720 91721->91592 92185 257414237f0 91722->92185 91724 257414256d6 92195 2574142ee00 91724->92195 91728 25741425745 91728->91600 91730 2574146c14e 91729->91730 91732 2574146c0cf 91729->91732 92720 2574146df40 65 API calls 91730->92720 91735 2574146c10a 91732->91735 92718 2574146e000 65 API calls 91732->92718 91733 2574146c168 92721 25741427ac0 91733->92721 91735->91609 91739 2574146c12f 92719 2574146e0c0 65 API calls 3 library calls 91739->92719 91742 2574146c13d 91743 25741490e88 Concurrency::cancel_current_task 2 API calls 91742->91743 91743->91730 92742 25741423620 91744->92742 91782->91645 91808->91601 91810->91602 91812 25741490ea7 91811->91812 91813 25741490ed0 RtlPcToFileHeader 91812->91813 91814 25741490ef2 RaiseException 91812->91814 91815 25741490ee8 91813->91815 91814->91604 91815->91814 91816->91613 91818->91698 91830 2574140d15f 91819->91830 91820 2574140d2c0 91827 2574140d2a7 91820->91827 91834 25741427fd0 65 API calls 4 library calls 91820->91834 91821 2574140d297 91823 2574140d35e 91821->91823 91821->91827 91822 2574140d26b 91822->91820 91822->91821 91836 257414245e0 65 API calls 91823->91836 91835 257414225d0 65 API calls ctype 91827->91835 91828 2574140d255 91828->91698 91830->91822 91831 2574140d24a 91830->91831 91833 2574140d9c0 65 API calls ctype 91831->91833 91833->91828 91834->91827 91835->91828 91839 2574149b5f2 91837->91839 91838 2574149b5fb 91841 2574148e860 _Strcoll 3 API calls 91838->91841 91839->91838 91840 2574149b70d 91839->91840 91842 2574149b653 GetFileAttributesExW 91839->91842 91880 2574149b984 CreateFileW GetLastError 91840->91880 91843 2574140eb3d 91841->91843 91846 2574149b6b8 91842->91846 91847 2574149b667 GetLastError 91842->91847 91843->91703 91845 2574149b730 91848 2574149b756 91845->91848 91849 2574149b736 91845->91849 91846->91838 91846->91840 91847->91838 91850 2574149b676 FindFirstFileW 91847->91850 91852 2574149b765 GetFileInformationByHandleEx 91848->91852 91872 2574149b803 91848->91872 91851 2574149b741 CloseHandle 91849->91851 91863 2574149b74f 91849->91863 91853 2574149b695 FindClose 91850->91853 91854 2574149b68a GetLastError 91850->91854 91855 2574149b8c5 91851->91855 91851->91863 91857 2574149b77f GetLastError 91852->91857 91858 2574149b7a5 91852->91858 91853->91846 91854->91838 91881 257414798b4 61 API calls __std_fs_directory_iterator_open 91855->91881 91856 2574149b81e GetFileInformationByHandleEx 91860 2574149b834 GetLastError 91856->91860 91861 2574149b858 91856->91861 91862 2574149b78d CloseHandle 91857->91862 91857->91863 91871 2574149b7c6 GetFileInformationByHandleEx 91858->91871 91858->91872 91860->91863 91868 2574149b846 CloseHandle 91860->91868 91864 2574149b86f 91861->91864 91865 2574149b8ab 91861->91865 91862->91863 91869 2574149b8d6 91862->91869 91863->91838 91864->91838 91870 2574149b875 CloseHandle 91864->91870 91865->91863 91866 2574149b8b1 CloseHandle 91865->91866 91866->91855 91866->91863 91867 2574149b8ca 91882 257414798b4 61 API calls __std_fs_directory_iterator_open 91867->91882 91868->91863 91873 2574149b8d0 91868->91873 91884 257414798b4 61 API calls __std_fs_directory_iterator_open 91869->91884 91870->91838 91870->91855 91871->91872 91875 2574149b7e2 GetLastError 91871->91875 91872->91856 91872->91861 91883 257414798b4 61 API calls __std_fs_directory_iterator_open 91873->91883 91875->91863 91879 2574149b7f0 CloseHandle 91875->91879 91879->91863 91879->91867 91880->91845 91914 2574148e888 91885->91914 91889 25741424b21 91930 25741424e10 91889->91930 91892 25741424bae 91893 25741424bbb 91892->91893 91945 2574149c8b8 6 API calls std::_Lockit::_Lockit 91892->91945 91900 2574142c3b0 91893->91900 91895 25741424bd6 91946 2574140cdc0 65 API calls 91895->91946 91897 25741424c16 91898 25741490e88 Concurrency::cancel_current_task 2 API calls 91897->91898 91899 25741424c27 91898->91899 91960 25741424500 91900->91960 91903 2574149cb28 91904 2574149cb6e 91903->91904 91910 2574142aa16 91904->91910 91965 2574149e200 91904->91965 91906 2574149cba1 91906->91910 91982 25741477e14 61 API calls _invalid_parameter_noinfo 91906->91982 91908 2574149cbbc 91908->91910 91983 25741473818 91908->91983 91910->91712 91910->91713 91911->91716 91912->91721 91913->91717 91916 2574148e893 std::_Facet_Register 91914->91916 91915 25741424b11 91921 2574149c5ec 91915->91921 91916->91915 91917 2574148e8bd 91916->91917 91947 2574148f8dc RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 91916->91947 91948 2574140b820 65 API calls 2 library calls 91917->91948 91920 2574148e8c3 91949 2574149bf8c 91921->91949 91923 2574149c60e 91929 2574149c652 ctype 91923->91929 91953 2574149c7e4 65 API calls std::_Facet_Register 91923->91953 91925 2574149c626 91954 2574149c814 62 API calls std::locale::_Setgloballocale 91925->91954 91927 2574149c631 91927->91929 91955 25741477620 11 API calls 2 library calls 91927->91955 91929->91889 91931 2574149bf8c std::_Lockit::_Lockit 6 API calls 91930->91931 91932 25741424e40 91931->91932 91933 2574149bf8c std::_Lockit::_Lockit 6 API calls 91932->91933 91935 25741424e65 91932->91935 91933->91935 91934 25741424edd 91936 2574148e860 _Strcoll 3 API calls 91934->91936 91935->91934 91957 2574140ca60 95 API calls 7 library calls 91935->91957 91937 25741424b52 91936->91937 91937->91892 91937->91895 91939 25741424eef 91940 25741424ef5 91939->91940 91941 25741424f56 91939->91941 91958 2574149c5ac 65 API calls std::_Facet_Register 91940->91958 91959 2574140c5a0 65 API calls 2 library calls 91941->91959 91944 25741424f5b 91945->91893 91946->91897 91947->91917 91948->91920 91950 2574149bfa0 91949->91950 91951 2574149bf9b 91949->91951 91950->91923 91956 2574147c42c 6 API calls std::_Lockit::_Lockit 91951->91956 91953->91925 91954->91927 91955->91929 91957->91939 91958->91934 91959->91944 91961 2574148e888 std::_Facet_Register 65 API calls 91960->91961 91962 25741424577 91961->91962 91963 2574149c5ec 72 API calls 91962->91963 91964 25741424587 91963->91964 91964->91713 91964->91903 91966 2574149e12c 91965->91966 91967 2574149e152 91966->91967 91969 2574149e185 91966->91969 92000 25741474e68 9 API calls _get_daylight 91967->92000 91971 2574149e198 91969->91971 91972 2574149e18b 91969->91972 91970 2574149e157 92001 25741478234 61 API calls _invalid_parameter_noinfo 91970->92001 91991 2574147d6a8 91971->91991 92002 25741474e68 9 API calls _get_daylight 91972->92002 91976 2574149e162 91976->91906 91977 2574149e1a2 91978 2574149e1b9 91977->91978 91979 2574149e1ac 91977->91979 91995 2574149f47c 91978->91995 92003 25741474e68 9 API calls _get_daylight 91979->92003 91982->91908 91984 25741473848 91983->91984 92141 257414736f4 91984->92141 91986 25741473861 91987 25741473886 91986->91987 92147 2574146f864 61 API calls 2 library calls 91986->92147 91989 2574147389b 91987->91989 92148 2574146f864 61 API calls 2 library calls 91987->92148 91989->91910 91992 2574147d6bf 91991->91992 92004 2574147d71c 91992->92004 91994 2574147d6ca 91994->91977 92023 2574149f0dc 91995->92023 91998 2574149f4d6 91998->91976 92000->91970 92001->91976 92002->91976 92003->91976 92009 2574147d74d 92004->92009 92005 2574147d7e6 92005->91994 92006 2574147d79c 92014 2574147da30 9 API calls 3 library calls 92006->92014 92008 2574147d7a9 92015 2574147d3c8 92008->92015 92009->92005 92009->92006 92013 2574147d7d3 92013->92005 92014->92008 92016 2574147d3fe 92015->92016 92017 2574147d3cd HeapFree 92015->92017 92016->92005 92021 2574147e1d0 6 API calls __crtLCMapStringW 92016->92021 92017->92016 92018 2574147d3e8 GetLastError 92017->92018 92019 2574147d3f5 Concurrency::details::SchedulerProxy::DeleteThis 92018->92019 92022 25741474e68 9 API calls _get_daylight 92019->92022 92021->92013 92022->92016 92028 2574149f117 __crtLCMapStringW 92023->92028 92025 2574149f3b5 92042 25741478234 61 API calls _invalid_parameter_noinfo 92025->92042 92027 2574149f2e7 92027->91998 92035 257414a0a48 92027->92035 92033 2574149f2de 92028->92033 92038 2574148c4ac 67 API calls 5 library calls 92028->92038 92030 2574149f349 92030->92033 92039 2574148c4ac 67 API calls 5 library calls 92030->92039 92032 2574149f368 92032->92033 92040 2574148c4ac 67 API calls 5 library calls 92032->92040 92033->92027 92041 25741474e68 9 API calls _get_daylight 92033->92041 92043 2574149fef8 92035->92043 92037 257414a0a75 92037->91998 92038->92030 92039->92032 92040->92033 92041->92025 92042->92027 92044 2574149ff0f 92043->92044 92045 2574149ff2d 92043->92045 92095 25741474e68 9 API calls _get_daylight 92044->92095 92045->92044 92048 2574149ff49 92045->92048 92047 2574149ff14 92096 25741478234 61 API calls _invalid_parameter_noinfo 92047->92096 92052 257414a0658 92048->92052 92051 2574149ff20 92051->92037 92097 257414a023c 92052->92097 92054 257414a069f 92055 257414a06e5 92054->92055 92056 257414a06cd 92054->92056 92113 2574148566c 92055->92113 92120 25741474e48 9 API calls _get_daylight 92056->92120 92059 257414a06ea 92061 257414a06f1 92059->92061 92062 257414a070a CreateFileW 92059->92062 92060 257414a06d2 92121 25741474e68 9 API calls _get_daylight 92060->92121 92122 25741474e48 9 API calls _get_daylight 92061->92122 92064 257414a07f0 GetFileType 92062->92064 92065 257414a0775 92062->92065 92069 257414a07fd GetLastError 92064->92069 92070 257414a084e 92064->92070 92068 257414a07bd GetLastError 92065->92068 92073 257414a0783 CreateFileW 92065->92073 92067 257414a06f6 92123 25741474e68 9 API calls _get_daylight 92067->92123 92124 25741474ddc 9 API calls 2 library calls 92068->92124 92125 25741474ddc 9 API calls 2 library calls 92069->92125 92127 25741485584 10 API calls 2 library calls 92070->92127 92073->92064 92073->92068 92075 257414a080c CloseHandle 92075->92060 92076 257414a083e 92075->92076 92126 25741474e68 9 API calls _get_daylight 92076->92126 92079 257414a0870 92081 257414a08c4 92079->92081 92128 257414a0444 72 API calls 2 library calls 92079->92128 92080 257414a0843 92080->92060 92086 257414a08cb 92081->92086 92130 2574149ffbc 70 API calls 2 library calls 92081->92130 92084 257414a0902 92085 257414a0911 92084->92085 92084->92086 92088 257414a06de 92085->92088 92089 257414a0990 CloseHandle CreateFileW 92085->92089 92129 2574147d540 64 API calls _invalid_parameter_noinfo 92086->92129 92088->92051 92090 257414a0a05 92089->92090 92091 257414a09d7 GetLastError 92089->92091 92090->92088 92131 25741474ddc 9 API calls 2 library calls 92091->92131 92093 257414a09e4 92132 257414857ac 10 API calls 2 library calls 92093->92132 92095->92047 92096->92051 92098 257414a0268 92097->92098 92105 257414a0282 92097->92105 92098->92105 92133 25741474e68 9 API calls _get_daylight 92098->92133 92100 257414a0277 92134 25741478234 61 API calls _invalid_parameter_noinfo 92100->92134 92102 257414a0351 92112 257414a03aa 92102->92112 92139 2574149de78 61 API calls 2 library calls 92102->92139 92103 257414a0300 92103->92102 92137 25741474e68 9 API calls _get_daylight 92103->92137 92105->92103 92135 25741474e68 9 API calls _get_daylight 92105->92135 92108 257414a0346 92138 25741478234 61 API calls _invalid_parameter_noinfo 92108->92138 92109 257414a02f5 92136 25741478234 61 API calls _invalid_parameter_noinfo 92109->92136 92112->92054 92117 2574148568f 92113->92117 92114 257414856bd 92114->92059 92115 257414856b8 92140 257414853bc 15 API calls 2 library calls 92115->92140 92117->92114 92117->92115 92118 2574148570e EnterCriticalSection 92117->92118 92118->92114 92119 2574148571d LeaveCriticalSection 92118->92119 92119->92117 92120->92060 92121->92088 92122->92067 92123->92060 92124->92060 92125->92075 92126->92080 92127->92079 92128->92081 92129->92088 92130->92084 92131->92093 92132->92090 92133->92100 92134->92105 92135->92109 92136->92103 92137->92108 92138->92102 92139->92112 92140->92114 92142 2574147370f 92141->92142 92144 2574147373d 92141->92144 92163 25741478168 61 API calls _invalid_parameter_noinfo 92142->92163 92146 2574147372f 92144->92146 92149 25741473770 92144->92149 92146->91986 92147->91987 92148->91989 92150 2574147378b 92149->92150 92151 257414737b0 92149->92151 92174 25741478168 61 API calls _invalid_parameter_noinfo 92150->92174 92161 257414737ab 92151->92161 92164 2574146ff3c 92151->92164 92160 257414737df 92160->92161 92162 2574147d3c8 Concurrency::details::SchedulerProxy::DeleteThis 9 API calls 92160->92162 92161->92146 92162->92161 92163->92146 92165 2574146ff62 92164->92165 92169 2574146ff93 92164->92169 92166 2574147990c _fread_nolock 61 API calls 92165->92166 92165->92169 92167 2574146ff83 92166->92167 92182 2574147ce18 61 API calls _invalid_parameter_noinfo 92167->92182 92170 2574147d808 92169->92170 92171 257414737cd 92170->92171 92172 2574147d81c 92170->92172 92175 2574147990c 92171->92175 92172->92171 92173 2574147d3c8 Concurrency::details::SchedulerProxy::DeleteThis 9 API calls 92172->92173 92173->92171 92174->92161 92176 257414737d5 92175->92176 92177 25741479915 92175->92177 92181 2574147d47c 64 API calls _invalid_parameter_noinfo 92176->92181 92183 25741474e68 9 API calls _get_daylight 92177->92183 92179 2574147991a 92184 25741478234 61 API calls _invalid_parameter_noinfo 92179->92184 92181->92160 92182->92169 92183->92179 92184->92176 92186 25741423946 92185->92186 92187 25741423823 92185->92187 92186->92187 92190 25741423953 92186->92190 92188 2574148e860 _Strcoll 3 API calls 92187->92188 92189 25741423852 92188->92189 92189->91724 92264 257414288c0 65 API calls 3 library calls 92190->92264 92192 25741423974 92193 25741490e88 Concurrency::cancel_current_task 2 API calls 92192->92193 92194 25741423985 92193->92194 92196 2574142ee54 92195->92196 92265 2574147494c 92196->92265 92200 2574142ef61 92288 2574140f1f0 92200->92288 92203 2574148e860 _Strcoll 3 API calls 92204 25741425739 92203->92204 92205 25741429f80 92204->92205 92206 2574142a291 92205->92206 92209 25741429fcb memcpy_s 92205->92209 92423 25741431e10 92206->92423 92482 2574142b5b0 65 API calls 92209->92482 92210 2574142c600 65 API calls 92214 2574142a2d0 92210->92214 92212 2574142a01b 92483 25741430c20 67 API calls 2 library calls 92212->92483 92218 2574142b780 67 API calls 92214->92218 92257 2574142a3d8 _Receive_impl 92214->92257 92215 2574142a28c _Receive_impl 92219 2574148e860 _Strcoll 3 API calls 92215->92219 92216 2574142a02b 92220 2574142c600 65 API calls 92216->92220 92217 257414237f0 65 API calls 92221 2574142a48c 92217->92221 92223 2574142a31d 92218->92223 92224 2574142a51c 92219->92224 92230 2574142a037 92220->92230 92222 25741423ff0 65 API calls 92221->92222 92226 2574142a4c6 92222->92226 92225 25741431af0 67 API calls 92223->92225 92224->91728 92227 2574142a343 92225->92227 92226->92215 92232 2574142a570 92226->92232 92233 2574142bd00 67 API calls 92227->92233 92228 2574142a1dd 92234 257414237f0 65 API calls 92228->92234 92229 2574142a225 92231 2574142a27f 92229->92231 92236 257414237f0 65 API calls 92229->92236 92263 2574142a1c4 _Receive_impl 92230->92263 92484 2574142b780 92230->92484 92612 2574142b3d0 65 API calls _Receive_impl 92231->92612 92613 25741423e90 63 API calls 92232->92613 92239 2574142a1f8 92234->92239 92236->92239 92244 25741423ff0 65 API calls 92239->92244 92240 2574142a083 92529 25741431af0 92240->92529 92241 2574142a588 92245 25741490e88 Concurrency::cancel_current_task 2 API calls 92241->92245 92244->92231 92257->92217 92257->92226 92257->92232 92261 2574142a5c7 92257->92261 92261->91728 92263->92228 92263->92229 92264->92192 92295 25741479eec GetLastError 92265->92295 92270 2574142c600 92271 2574142c623 92270->92271 92275 2574142c670 92270->92275 92326 2574142e200 92271->92326 92272 2574142e200 65 API calls 92272->92275 92274 2574142c628 92274->92275 92276 2574142e200 65 API calls 92274->92276 92275->92272 92286 2574142c6c3 92275->92286 92277 2574142c637 92276->92277 92278 2574142c64d 92277->92278 92279 2574142e200 65 API calls 92277->92279 92280 2574148e860 _Strcoll 3 API calls 92278->92280 92281 2574142c646 92279->92281 92282 2574142c66a 92280->92282 92281->92275 92281->92278 92282->92200 92283 2574142c7c8 92284 2574148e860 _Strcoll 3 API calls 92283->92284 92285 2574142c91b 92284->92285 92285->92200 92286->92283 92287 2574142e200 65 API calls 92286->92287 92287->92286 92289 2574140f227 92288->92289 92290 2574140f1fe 92288->92290 92289->92203 92290->92289 92422 2574140cdc0 65 API calls 92290->92422 92292 2574140f25e 92293 25741490e88 Concurrency::cancel_current_task 2 API calls 92292->92293 92294 2574140f26f 92293->92294 92296 25741479f2d FlsSetValue 92295->92296 92297 25741479f10 FlsGetValue 92295->92297 92299 25741479f1d 92296->92299 92300 25741479f3f 92296->92300 92298 25741479f27 92297->92298 92297->92299 92298->92296 92302 25741479f99 SetLastError 92299->92302 92322 2574147da30 9 API calls 3 library calls 92300->92322 92304 25741479fb9 92302->92304 92305 25741474955 92302->92305 92303 25741479f4e 92306 25741479f6c FlsSetValue 92303->92306 92307 25741479f5c FlsSetValue 92303->92307 92324 257414798b4 61 API calls __std_fs_directory_iterator_open 92304->92324 92318 2574147c178 92305->92318 92311 25741479f8a 92306->92311 92312 25741479f78 FlsSetValue 92306->92312 92310 25741479f65 92307->92310 92313 2574147d3c8 Concurrency::details::SchedulerProxy::DeleteThis 9 API calls 92310->92313 92323 25741479c9c 9 API calls _get_daylight 92311->92323 92312->92310 92315 25741479f6a 92313->92315 92315->92299 92316 25741479f92 92317 2574147d3c8 Concurrency::details::SchedulerProxy::DeleteThis 9 API calls 92316->92317 92317->92302 92319 2574142ef3a 92318->92319 92320 2574147c18d 92318->92320 92319->92270 92320->92319 92325 25741485c14 61 API calls 2 library calls 92320->92325 92322->92303 92323->92316 92325->92319 92327 2574142e223 92326->92327 92330 2574142e21d 92326->92330 92328 2574142e23a 92327->92328 92343 25741420ca0 92327->92343 92328->92330 92332 2574142e2d4 92328->92332 92329 2574142e2a7 92329->92274 92330->92329 92362 25741439fb0 92330->92362 92374 2574140cdc0 65 API calls 92332->92374 92334 2574142e316 92335 25741490e88 Concurrency::cancel_current_task 2 API calls 92334->92335 92336 2574142e327 92335->92336 92340 2574142e355 92336->92340 92375 25741428d10 92336->92375 92338 2574142e400 92338->92274 92339 2574142e200 65 API calls 92339->92340 92340->92338 92340->92339 92341 25741428d10 65 API calls 92340->92341 92341->92340 92344 25741420cdd 92343->92344 92346 25741420d51 92344->92346 92347 25741420d73 92344->92347 92351 25741420ced _Receive_impl 92344->92351 92345 2574148e860 _Strcoll 3 API calls 92348 25741420f1f 92345->92348 92387 25741474648 92346->92387 92350 25741474648 61 API calls 92347->92350 92348->92328 92356 25741420da1 ctype 92350->92356 92351->92345 92352 25741420ec1 92352->92351 92354 25741420fa7 92352->92354 92353 25741428d10 65 API calls 92353->92356 92355 25741420fd4 92354->92355 92361 25741420ca0 65 API calls 92354->92361 92355->92328 92356->92352 92356->92353 92358 25741474648 61 API calls 92356->92358 92360 25741420f57 92356->92360 92357 25741420feb 92357->92328 92358->92356 92360->92352 92404 25741477754 61 API calls 2 library calls 92360->92404 92361->92357 92363 25741439ffa 92362->92363 92372 2574143a02a ctype 92362->92372 92364 2574143a016 92363->92364 92367 2574143a07a 92363->92367 92363->92372 92366 2574143a156 92364->92366 92368 2574148e888 std::_Facet_Register 65 API calls 92364->92368 92419 2574140b820 65 API calls 2 library calls 92366->92419 92369 2574148e888 std::_Facet_Register 65 API calls 92367->92369 92368->92372 92369->92372 92371 2574143a15c 92373 2574143a113 _Receive_impl 92372->92373 92418 25741420640 65 API calls 92372->92418 92373->92329 92374->92334 92376 25741428e65 92375->92376 92381 25741428d3f 92375->92381 92420 2574140b8e0 65 API calls 92376->92420 92378 25741428da4 92380 2574148e888 std::_Facet_Register 65 API calls 92378->92380 92379 25741428e6a 92421 2574140b820 65 API calls 2 library calls 92379->92421 92386 25741428d8a ctype _Receive_impl 92380->92386 92381->92378 92383 25741428d97 92381->92383 92384 25741428dd3 92381->92384 92381->92386 92383->92378 92383->92379 92385 2574148e888 std::_Facet_Register 65 API calls 92384->92385 92385->92386 92386->92340 92388 25741474664 92387->92388 92392 25741474682 92387->92392 92411 25741474e68 9 API calls _get_daylight 92388->92411 92390 25741474669 92412 25741478234 61 API calls _invalid_parameter_noinfo 92390->92412 92395 2574147990c _fread_nolock 61 API calls 92392->92395 92401 257414746a6 92392->92401 92393 25741474718 92413 25741474e68 9 API calls _get_daylight 92393->92413 92394 25741474743 92405 25741474604 92394->92405 92395->92401 92398 2574147471d 92414 25741478234 61 API calls _invalid_parameter_noinfo 92398->92414 92400 25741474728 92415 25741490ab4 RtlUnwind 92400->92415 92401->92393 92401->92394 92403 25741474674 92403->92351 92404->92360 92406 25741474610 92405->92406 92410 25741474620 92405->92410 92416 25741474e68 9 API calls _get_daylight 92406->92416 92408 25741474615 92417 25741478234 61 API calls _invalid_parameter_noinfo 92408->92417 92410->92403 92411->92390 92412->92403 92413->92398 92414->92400 92415->92403 92416->92408 92417->92410 92419->92371 92421->92386 92422->92292 92424 25741431e8d 92423->92424 92425 25741432a5c 92423->92425 92426 2574142b780 67 API calls 92425->92426 92427 25741432a9c 92426->92427 92428 25741431af0 67 API calls 92427->92428 92429 25741432ac2 92428->92429 92430 2574142bd00 67 API calls 92429->92430 92431 25741432ad2 92430->92431 92432 25741432b3d 92431->92432 92433 25741432add 92431->92433 92620 25741423e90 63 API calls 92432->92620 92615 2574140eec0 92433->92615 92435 25741432b49 92436 25741490e88 Concurrency::cancel_current_task 2 API calls 92435->92436 92438 25741432b59 92436->92438 92621 25741423e90 63 API calls 92438->92621 92440 25741432b66 92441 25741490e88 Concurrency::cancel_current_task 2 API calls 92440->92441 92442 25741432b76 92441->92442 92622 25741423e90 63 API calls 92442->92622 92444 25741432b83 92445 25741490e88 Concurrency::cancel_current_task 2 API calls 92444->92445 92446 25741432b93 92445->92446 92623 25741434430 63 API calls 92446->92623 92448 25741432af1 92450 2574148e860 _Strcoll 3 API calls 92448->92450 92449 25741432ba0 92451 25741490e88 Concurrency::cancel_current_task 2 API calls 92449->92451 92452 2574142a2c4 92450->92452 92452->92210 92482->92212 92483->92216 92487 2574142b7ce 92484->92487 92486 2574142b81e 92489 25741423d70 65 API calls 92486->92489 92487->92486 92508 2574142b8ac _Receive_impl 92487->92508 92636 25741428560 92487->92636 92491 2574142b838 92489->92491 92490 2574142b912 92492 2574142b91e 92490->92492 92496 2574142bad1 92490->92496 92494 25741423d70 65 API calls 92491->92494 92493 2574142bd00 67 API calls 92492->92493 92499 2574142b92b 92493->92499 92495 2574142b852 92494->92495 92497 2574142b85f 92495->92497 92498 25741428d10 65 API calls 92495->92498 92496->92496 92501 2574142bb2d 92496->92501 92502 25741428560 65 API calls 92496->92502 92504 25741423d70 65 API calls 92497->92504 92498->92497 92500 2574142b987 92499->92500 92505 25741428560 65 API calls 92499->92505 92507 25741423d70 65 API calls 92500->92507 92503 25741423d70 65 API calls 92501->92503 92502->92501 92506 2574142bb47 92503->92506 92504->92508 92505->92500 92511 25741423d70 65 API calls 92506->92511 92509 2574142b9a6 92507->92509 92519 2574142bc79 _Receive_impl 92508->92519 92631 25741423d70 92508->92631 92510 25741423d70 65 API calls 92509->92510 92512 2574142b9bc 92510->92512 92513 2574142bb66 92511->92513 92515 25741423d70 65 API calls 92512->92515 92514 25741423d70 65 API calls 92513->92514 92521 2574142ba30 _Receive_impl 92514->92521 92516 2574142b9d6 92515->92516 92517 2574142b9e3 92516->92517 92518 25741428d10 65 API calls 92516->92518 92520 25741423d70 65 API calls 92517->92520 92518->92517 92519->92240 92520->92521 92521->92519 92521->92521 92522 2574142bc2d 92521->92522 92523 25741428560 65 API calls 92521->92523 92524 25741423d70 65 API calls 92522->92524 92523->92522 92525 2574142bc47 92524->92525 92525->92525 92526 25741423d70 65 API calls 92525->92526 92530 25741431b4f 92529->92530 92673 2574140ef10 65 API calls 2 library calls 92530->92673 92532 25741431b66 92674 2574140ebf0 92532->92674 92612->92215 92613->92241 92616 257414907d0 __std_exception_destroy 11 API calls 92615->92616 92617 2574140eeee 92616->92617 92618 257414907d0 __std_exception_destroy 11 API calls 92617->92618 92619 2574140eefb 92618->92619 92619->92448 92620->92435 92621->92440 92622->92444 92623->92449 92632 25741423dd2 92631->92632 92635 25741423d93 ctype 92631->92635 92656 25741429030 92632->92656 92634 25741423deb 92634->92490 92635->92490 92637 2574142869a 92636->92637 92641 25741428589 92636->92641 92670 2574140b8e0 65 API calls 92637->92670 92639 257414285ee 92642 2574148e888 std::_Facet_Register 65 API calls 92639->92642 92640 2574142869f 92671 2574140b820 65 API calls 2 library calls 92640->92671 92641->92639 92643 2574142861d 92641->92643 92644 257414285e1 92641->92644 92647 257414285d4 ctype 92641->92647 92642->92647 92646 2574148e888 std::_Facet_Register 65 API calls 92643->92646 92644->92639 92644->92640 92646->92647 92648 25741428667 ctype _Receive_impl 92647->92648 92649 2574142870c 92647->92649 92651 2574142875a 92647->92651 92652 25741428765 92647->92652 92648->92486 92650 2574148e888 std::_Facet_Register 65 API calls 92649->92650 92650->92648 92651->92649 92653 2574142879f 92651->92653 92654 2574148e888 std::_Facet_Register 65 API calls 92652->92654 92672 2574140b820 65 API calls 2 library calls 92653->92672 92654->92648 92657 257414291a6 92656->92657 92661 25741429068 92656->92661 92668 2574140b8e0 65 API calls 92657->92668 92659 257414291ab 92669 2574140b820 65 API calls 2 library calls 92659->92669 92660 2574148e888 std::_Facet_Register 65 API calls 92667 257414290b3 ctype _Receive_impl 92660->92667 92663 257414290fc 92661->92663 92664 257414290c0 92661->92664 92665 257414290cd 92661->92665 92661->92667 92666 2574148e888 std::_Facet_Register 65 API calls 92663->92666 92664->92659 92664->92665 92665->92660 92666->92667 92667->92634 92669->92667 92671->92647 92672->92648 92673->92532 92675 2574140ec2b 92674->92675 92676 2574140ed21 92675->92676 92677 25741428560 65 API calls 92675->92677 92678 25741423d70 65 API calls 92676->92678 92677->92676 92679 2574140ed3a 92678->92679 92680 25741423d70 65 API calls 92679->92680 92681 2574140ed53 92680->92681 92682 2574140ed60 92681->92682 92683 25741428d10 65 API calls 92681->92683 92684 25741423d70 65 API calls 92682->92684 92683->92682 92718->91739 92719->91742 92720->91733 92722 25741427b17 92721->92722 92723 2574140ebf0 65 API calls 92722->92723 92724 25741427b55 92723->92724 92795->91652 92796->91661 92798->91672 92800 25741466e1b RegOpenKeyExA 92801 25741466e45 RegQueryValueExA 92800->92801 92807 25741466e84 _Receive_impl 92800->92807 92801->92807 92802 25741466f1a 92805 2574148e860 _Strcoll 3 API calls 92802->92805 92803 25741466f14 RegCloseKey 92803->92802 92806 25741466f2d 92805->92806 92807->92802 92807->92803 92808 2574142c8de 92813 2574142d4b0 92808->92813 92811 2574148e860 _Strcoll 3 API calls 92812 2574142c91b 92811->92812 92814 2574142d4d6 92813->92814 92815 2574142d502 92814->92815 92816 25741439fb0 65 API calls 92814->92816 92817 2574142e200 65 API calls 92815->92817 92816->92815 92818 2574142c8e6 92817->92818 92818->92811 92819 2574146cb57 92820 2574146cb61 92819->92820 92825 2574146d050 92820->92825 92823 2574148e860 _Strcoll 3 API calls 92824 2574146ceb3 92823->92824 92826 2574146d08f 92825->92826 92831 2574146cb70 92825->92831 92827 2574146d308 92826->92827 92836 2574146d28d 92826->92836 92844 25741423d70 65 API calls 92826->92844 92845 2574140b5b0 63 API calls 92826->92845 92846 2574140b900 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll 92827->92846 92830 2574146d329 92847 2574146e760 65 API calls 92830->92847 92831->92823 92833 2574146d33f 92834 25741427ac0 65 API calls 92833->92834 92835 2574146d352 92834->92835 92837 25741490e88 Concurrency::cancel_current_task 2 API calls 92835->92837 92836->92831 92848 2574146e840 65 API calls 92836->92848 92837->92836 92839 2574146d38a 92840 25741427ac0 65 API calls 92839->92840 92841 2574146d39d 92840->92841 92842 25741490e88 Concurrency::cancel_current_task 2 API calls 92841->92842 92843 2574146d3ae 92842->92843 92844->92826 92845->92826 92846->92830 92847->92833 92848->92839 92849 2574144d080 92850 2574140eaf0 80 API calls 92849->92850 92851 2574144d0df 92850->92851 92852 2574140eaf0 80 API calls 92851->92852 92853 2574144d954 92852->92853 92864 2574144dd76 _Receive_impl 92853->92864 92912 2574140d4e0 92853->92912 92855 2574148e860 _Strcoll 3 API calls 92857 2574144dda1 92855->92857 92863 2574144da5d 92863->92864 92865 2574144ddbd 92863->92865 92864->92855 92866 257414279f0 65 API calls 92865->92866 92867 2574144dde5 92866->92867 92868 25741427ac0 65 API calls 92867->92868 92869 2574144ddfa 92868->92869 92870 25741490e88 Concurrency::cancel_current_task 2 API calls 92869->92870 92871 2574144de0d 92870->92871 92944 2574140e1d0 92871->92944 92915 2574140d509 92912->92915 92913 25741416940 65 API calls 92914 2574140d59a 92913->92914 92916 2574140d370 92914->92916 92915->92913 92917 2574140d3a0 92916->92917 92950 2574149b260 92917->92950 92920 2574140d43a 92933 2574144fdd0 92920->92933 92923 2574140d3f3 92924 2574140d48f 92923->92924 92956 257414227e0 92923->92956 92965 2574140c530 65 API calls Concurrency::cancel_current_task 92924->92965 92928 2574140d410 92962 2574149b2d0 GetLastError GetLastError __std_fs_convert_wide_to_narrow 92928->92962 92930 2574140d42f 92930->92920 92963 2574140c530 65 API calls Concurrency::cancel_current_task 92930->92963 92932 2574140d489 92964 2574140c160 65 API calls 2 library calls 92932->92964 92934 2574144fdf6 92933->92934 92985 25741450920 92934->92985 92936 2574144d9ab 92937 2574145f8f0 92936->92937 92991 2574145f020 92937->92991 92941 2574145f94a 92942 2574148e860 _Strcoll 3 API calls 92941->92942 92943 2574145f9cd 92942->92943 92943->92863 92945 2574140e1e9 92944->92945 93271 2574140db70 68 API calls _Receive_impl 92945->93271 92947 2574140e220 92948 25741490e88 Concurrency::cancel_current_task 2 API calls 92947->92948 92949 2574140e231 92948->92949 92966 257414869a4 92950->92966 92953 2574140d3ac 92953->92920 92953->92932 92955 2574149b2d0 GetLastError GetLastError __std_fs_convert_wide_to_narrow 92953->92955 92954 2574149b272 AreFileApisANSI 92954->92953 92955->92923 92957 257414227ed 92956->92957 92958 25741422804 92956->92958 92957->92928 92959 2574142281e memcpy_s 92958->92959 92971 25741428e80 92958->92971 92959->92928 92961 2574142286c 92961->92928 92962->92930 92964->92924 92967 25741479eec __std_fs_code_page 61 API calls 92966->92967 92968 257414869ad 92967->92968 92969 2574147c178 __std_fs_code_page 61 API calls 92968->92969 92970 257414869c6 92969->92970 92970->92953 92970->92954 92972 2574142900f 92971->92972 92974 25741428eaf 92971->92974 92983 2574140b8e0 65 API calls 92972->92983 92975 25741428f19 92974->92975 92979 25741428f48 92974->92979 92980 25741428f0c 92974->92980 92982 25741428eff memcpy_s ctype _Receive_impl 92974->92982 92977 2574148e888 std::_Facet_Register 65 API calls 92975->92977 92976 25741429014 92984 2574140b820 65 API calls 2 library calls 92976->92984 92977->92982 92981 2574148e888 std::_Facet_Register 65 API calls 92979->92981 92980->92975 92980->92976 92981->92982 92982->92961 92984->92982 92986 257414509e5 92985->92986 92989 25741450950 ctype 92985->92989 92990 257414545c0 66 API calls 4 library calls 92986->92990 92988 257414509fa 92988->92936 92989->92936 92990->92988 92992 2574140eaf0 80 API calls 92991->92992 92995 2574145f06f memcpy_s 92992->92995 92993 2574145f0a7 92994 2574145f7bf 92993->92994 93032 2574145f0af 92993->93032 93089 2574140e240 68 API calls Concurrency::cancel_current_task 92994->93089 92995->92993 92999 2574142a910 122 API calls 92995->92999 92995->93032 92997 2574148e860 _Strcoll 3 API calls 92998 2574145f751 92997->92998 92998->92941 93047 25741425310 92998->93047 93000 2574145f0ee 92999->93000 93002 2574145f545 93000->93002 93003 2574145f151 93000->93003 93001 2574145f7d6 93090 2574140cdc0 65 API calls 93001->93090 93052 2574143fdb0 93002->93052 93082 25741469b70 23 API calls 2 library calls 93003->93082 93008 2574145f163 93083 25741469d30 78 API calls 5 library calls 93008->93083 93012 2574145f800 93015 25741490e88 Concurrency::cancel_current_task 2 API calls 93012->93015 93014 2574145f174 93019 2574145f25c GetFileSize 93014->93019 93020 2574145f187 93014->93020 93021 2574145f811 93015->93021 93016 2574145f597 93018 2574143fdb0 67 API calls 93016->93018 93017 25741428560 65 API calls 93017->93016 93022 2574145f5aa 93018->93022 93024 2574145f29d 93019->93024 93025 2574145f278 memcpy_s 93019->93025 93020->93001 93023 2574145f1ce _Receive_impl 93020->93023 93071 2574146d640 93022->93071 93084 257414212f0 65 API calls 93023->93084 93024->93025 93029 25741428e80 65 API calls 93024->93029 93028 2574145f302 SetFilePointer ReadFile 93025->93028 93037 2574145f462 93028->93037 93040 2574145f351 93028->93040 93029->93028 93031 2574145f21f 93031->93032 93032->92997 93033 25741423620 65 API calls 93035 2574145f63b 93033->93035 93034 2574145f4b7 _Receive_impl 93086 257414212f0 65 API calls 93034->93086 93039 2574145f66d 93035->93039 93043 2574145f76c 93035->93043 93036 2574145f3d4 _Receive_impl 93085 257414212f0 65 API calls 93036->93085 93037->93001 93037->93034 93087 257414212f0 65 API calls 93039->93087 93040->93001 93040->93036 93088 2574140cdc0 65 API calls 93043->93088 93045 2574145f7ae 93046 25741490e88 Concurrency::cancel_current_task 2 API calls 93045->93046 93046->92994 93048 257414227e0 65 API calls 93047->93048 93049 2574142537a 93048->93049 93050 257414227e0 65 API calls 93049->93050 93051 2574142548d 93050->93051 93051->92941 93053 2574143fef3 93052->93053 93055 2574143fe0d 93052->93055 93139 2574140cdc0 65 API calls 93053->93139 93091 25741440bd0 93055->93091 93056 2574143fe32 93061 2574143fe69 93056->93061 93129 257414208a0 93056->93129 93058 2574143fec0 93067 2574143fcd0 93058->93067 93059 2574143ff35 93060 25741490e88 Concurrency::cancel_current_task 2 API calls 93059->93060 93060->93061 93061->93058 93140 2574140cdc0 65 API calls 93061->93140 93063 2574143ff8e 93064 25741490e88 Concurrency::cancel_current_task 2 API calls 93063->93064 93065 2574143ffa2 93064->93065 93068 2574143fd00 93067->93068 93069 25741440bd0 65 API calls 93068->93069 93070 2574143fd0f 93069->93070 93070->93016 93070->93017 93072 2574146d69d 93071->93072 93074 2574146d6b7 93071->93074 93072->93074 93081 25741420ca0 65 API calls 93072->93081 93073 2574146d75a 93076 25741424600 65 API calls 93073->93076 93078 2574146d765 _Receive_impl 93073->93078 93074->93073 93254 2574146f150 93074->93254 93076->93078 93077 2574148e860 _Strcoll 3 API calls 93079 2574145f60d 93077->93079 93078->93077 93080 2574146d829 93078->93080 93079->93001 93079->93033 93081->93074 93082->93008 93083->93014 93084->93031 93085->93031 93086->93031 93087->93032 93088->93045 93090->93012 93092 25741440c10 93091->93092 93096 25741440bed 93091->93096 93094 25741440c1e 93092->93094 93141 2574142af10 93092->93141 93093 25741440c0a 93093->93056 93094->93056 93096->93093 93165 2574140cdc0 65 API calls 93096->93165 93098 25741440c73 93099 25741490e88 Concurrency::cancel_current_task 2 API calls 93098->93099 93106 25741440c84 _Receive_impl 93099->93106 93100 25741440de5 93100->93056 93102 25741440fcc 93168 2574143f640 65 API calls ctype 93102->93168 93105 25741440fef 93169 25741434dd0 65 API calls _Strcoll 93105->93169 93106->93100 93106->93106 93166 2574143f640 65 API calls ctype 93106->93166 93107 25741440f99 93107->93102 93108 25741441152 93107->93108 93167 25741434dd0 65 API calls _Strcoll 93107->93167 93110 2574144117d 93108->93110 93173 2574143f4d0 65 API calls 2 library calls 93108->93173 93120 257414411a6 _Receive_impl 93110->93120 93174 2574143f050 65 API calls 2 library calls 93110->93174 93113 257414411b3 93116 257414411eb 93113->93116 93175 2574143f4d0 65 API calls 2 library calls 93113->93175 93114 2574144103d 93127 25741441069 93114->93127 93171 2574143f050 65 API calls 2 library calls 93114->93171 93115 25741441006 93115->93114 93115->93120 93115->93127 93170 2574143f4d0 65 API calls 2 library calls 93115->93170 93116->93120 93176 2574143f050 65 API calls 2 library calls 93116->93176 93122 2574148e860 _Strcoll 3 API calls 93120->93122 93123 257414412ea 93120->93123 93125 257414412cf 93122->93125 93124 25741434dd0 65 API calls 93124->93127 93125->93056 93126 2574143f4d0 65 API calls 93126->93127 93127->93113 93127->93120 93127->93124 93127->93126 93172 2574143f050 65 API calls 2 library calls 93127->93172 93130 257414208d3 93129->93130 93131 25741423430 62 API calls 93130->93131 93138 2574142092b 93130->93138 93133 257414208f6 93131->93133 93132 2574148e860 _Strcoll 3 API calls 93134 25741420999 93132->93134 93135 25741420916 93133->93135 93133->93138 93182 25741477d7c 93133->93182 93134->93061 93135->93138 93190 25741477374 93135->93190 93138->93132 93139->93059 93140->93063 93142 2574142afd0 93141->93142 93143 2574142af4e 93141->93143 93144 2574148e860 _Strcoll 3 API calls 93142->93144 93177 25741429f00 65 API calls 93143->93177 93146 2574142affd 93144->93146 93146->93094 93147 2574142af5b 93148 2574142afbd 93147->93148 93150 2574142b012 93147->93150 93148->93142 93178 2574142c530 65 API calls 2 library calls 93148->93178 93179 2574140cdc0 65 API calls 93150->93179 93152 2574142b054 93153 25741490e88 Concurrency::cancel_current_task 2 API calls 93152->93153 93154 2574142b065 93153->93154 93155 2574142af10 65 API calls 93154->93155 93156 2574142b0bb 93154->93156 93155->93156 93157 2574142b1c8 93156->93157 93159 2574142b18a 93156->93159 93181 2574140cdc0 65 API calls 93157->93181 93158 2574142b19b 93158->93094 93159->93158 93180 2574142c530 65 API calls 2 library calls 93159->93180 93162 2574142b20a 93163 25741490e88 Concurrency::cancel_current_task 2 API calls 93162->93163 93164 2574142b21b 93163->93164 93165->93098 93166->93107 93167->93107 93168->93105 93169->93115 93170->93114 93171->93127 93172->93127 93173->93110 93174->93120 93175->93116 93176->93120 93177->93147 93178->93142 93179->93152 93180->93158 93181->93162 93183 25741477dac 93182->93183 93199 25741477b0c 93183->93199 93185 25741477dc5 93187 25741477dea 93185->93187 93206 2574146f864 61 API calls 2 library calls 93185->93206 93188 25741477dff 93187->93188 93207 2574146f864 61 API calls 2 library calls 93187->93207 93188->93135 93191 2574147739d 93190->93191 93192 25741477388 93190->93192 93191->93192 93194 257414773a2 93191->93194 93228 25741474e68 9 API calls _get_daylight 93192->93228 93220 25741480274 93194->93220 93195 2574147738d 93229 25741478234 61 API calls _invalid_parameter_noinfo 93195->93229 93198 25741477398 93198->93138 93200 25741477b76 93199->93200 93201 25741477b36 93199->93201 93200->93201 93203 25741477b82 93200->93203 93214 25741478168 61 API calls _invalid_parameter_noinfo 93201->93214 93208 25741477c90 93203->93208 93204 25741477b5d 93204->93185 93206->93187 93207->93188 93209 25741477cd5 93208->93209 93210 25741477cc0 93208->93210 93215 25741477ba8 93209->93215 93210->93204 93212 2574146ff3c 61 API calls 93212->93210 93213 25741477cdf 93213->93210 93213->93212 93214->93204 93216 25741477c2b 93215->93216 93217 25741477bc2 93215->93217 93216->93213 93217->93216 93219 25741480fec 61 API calls 2 library calls 93217->93219 93219->93216 93221 257414802a4 93220->93221 93230 2574147fd80 93221->93230 93223 257414802bd 93226 257414802e3 93223->93226 93236 2574146f864 61 API calls 2 library calls 93223->93236 93227 257414802f8 93226->93227 93237 2574146f864 61 API calls 2 library calls 93226->93237 93227->93198 93228->93195 93229->93198 93231 2574147fdca 93230->93231 93232 2574147fd9b 93230->93232 93238 2574147fdec 93231->93238 93250 25741478168 61 API calls _invalid_parameter_noinfo 93232->93250 93235 2574147fdbb 93235->93223 93236->93226 93237->93227 93239 2574147fe30 93238->93239 93240 2574147fe07 93238->93240 93242 2574147990c _fread_nolock 61 API calls 93239->93242 93251 25741478168 61 API calls _invalid_parameter_noinfo 93240->93251 93243 2574147fe35 93242->93243 93244 2574147fec2 93243->93244 93245 2574147fe27 93243->93245 93246 2574147feb2 93243->93246 93244->93245 93253 2574147ff3c 61 API calls _fread_nolock 93244->93253 93245->93235 93252 25741480098 62 API calls 2 library calls 93246->93252 93249 2574147fec0 93249->93245 93250->93235 93251->93245 93252->93249 93253->93245 93265 2574146f080 93254->93265 93256 2574146f362 93256->93073 93258 2574146f39f 93270 2574140b820 65 API calls 2 library calls 93258->93270 93259 2574146f080 65 API calls 93264 2574146f18c ctype _Receive_impl 93259->93264 93261 2574146f3a5 93262 2574146f394 93269 2574140b8e0 65 API calls 93262->93269 93263 2574148e888 65 API calls std::_Facet_Register 93263->93264 93264->93256 93264->93258 93264->93259 93264->93262 93264->93263 93266 2574146f096 93265->93266 93267 2574146f0b3 93265->93267 93266->93267 93268 25741420ca0 65 API calls 93266->93268 93267->93264 93268->93267 93270->93261 93271->92947 93272 257414323c4 93273 2574142c600 65 API calls 93272->93273 93274 257414323d4 93273->93274 93275 2574145c600 93343 2574145f820 GetCurrentProcess OpenProcessToken 93275->93343 93278 2574145c64e 93348 2574146b9b0 GetCurrentProcess OpenProcessToken 93278->93348 93279 2574145c624 93550 2574145fb60 66 API calls 2 library calls 93279->93550 93282 2574145c62e 93551 2574146a780 93 API calls _Strcoll 93282->93551 93285 2574146b9b0 8 API calls 93287 2574145c666 93285->93287 93286 2574145c637 93289 2574145c642 ExitProcess 93286->93289 93356 25741468030 93287->93356 93289->93278 93290 2574145c670 93530 2574145d030 93290->93530 93292 2574145c6f6 _Receive_impl 93293 2574145c734 OpenMutexA 93292->93293 93299 2574145c8c6 93292->93299 93294 2574145c76d ExitProcess 93293->93294 93295 2574145c779 CreateMutexA 93293->93295 93294->93295 93534 257414566f0 93295->93534 93344 2574145f878 GetTokenInformation 93343->93344 93345 2574145f8b4 93343->93345 93344->93345 93346 2574148e860 _Strcoll 3 API calls 93345->93346 93347 2574145c620 93346->93347 93347->93278 93347->93279 93349 2574146ba1b LookupPrivilegeValueW 93348->93349 93350 2574146ba86 93348->93350 93349->93350 93351 2574146ba3c AdjustTokenPrivileges 93349->93351 93352 2574146ba8e CloseHandle 93350->93352 93353 2574146ba9a 93350->93353 93351->93350 93352->93353 93354 2574148e860 _Strcoll 3 API calls 93353->93354 93355 2574145c65a 93354->93355 93355->93285 93552 25741466c70 GetCurrentHwProfileW 93356->93552 93360 25741468139 93361 25741468183 93360->93361 93740 2574146fb34 68 API calls 93360->93740 93574 2574146d4f0 93361->93574 93364 25741468193 93367 257414681dc 93364->93367 93369 2574146820c ctype _Receive_impl 93364->93369 93741 257414789b0 93364->93741 93366 257414682da _Receive_impl 93368 2574148e860 _Strcoll 3 API calls 93366->93368 93367->93369 93370 257414789b0 62 API calls 93367->93370 93371 257414682ff 93368->93371 93369->93366 93372 2574146831c 93369->93372 93370->93367 93371->93290 93586 25741466540 93372->93586 93383 25741468030 181 API calls 93384 257414683bd 93383->93384 93639 25741465fc0 93384->93639 93386 257414683c7 93643 2574143d590 93386->93643 93388 257414683f1 93531 2574145d052 93530->93531 93532 25741450920 66 API calls 93531->93532 93533 2574145d066 93532->93533 93533->93292 93535 25741456721 93534->93535 94028 257414575e0 65 API calls _Receive_impl 93535->94028 93537 25741456e3c 93538 25741424600 65 API calls 93537->93538 93539 25741456e7f 93538->93539 94029 25741450040 93539->94029 93541 25741456eb7 93542 25741421900 65 API calls 93541->93542 93543 25741456f2b 93542->93543 93544 257414257c0 65 API calls 93543->93544 93545 25741456f3b 93544->93545 94036 25741425ad0 65 API calls 2 library calls 93545->94036 93547 25741456f51 _Receive_impl 93548 25741421900 65 API calls 93547->93548 93549 25741457089 93548->93549 93550->93282 93551->93286 93553 25741466cba 93552->93553 93554 25741466d19 93552->93554 93750 257414578f0 93553->93750 93557 2574148e860 _Strcoll 3 API calls 93554->93557 93556 25741466cc9 93556->93554 93759 2574146fb34 68 API calls 93556->93759 93558 25741466d91 93557->93558 93560 25741466290 93558->93560 93761 2574145f9e0 93560->93761 93564 25741466457 93565 25741466333 memcpy_s _Receive_impl 93565->93564 93573 25741466381 93565->93573 93772 257414586d0 96 API calls 93565->93772 93566 2574148e860 _Strcoll 3 API calls 93567 2574146643e 93566->93567 93567->93360 93569 257414663bd 93773 25741458830 95 API calls 2 library calls 93569->93773 93571 257414663e4 93774 2574141fe50 93571->93774 93573->93566 93575 2574146d539 93574->93575 93585 2574146d638 93574->93585 93578 2574146d59a ctype 93575->93578 93580 2574146d578 93575->93580 93581 2574146d5d6 93575->93581 93578->93364 93579 2574148e888 std::_Facet_Register 65 API calls 93583 2574146d591 93579->93583 93580->93579 93580->93583 93582 2574148e888 std::_Facet_Register 65 API calls 93581->93582 93582->93578 93583->93578 93792 2574140b820 65 API calls 2 library calls 93583->93792 93793 2574140b8e0 65 API calls 93585->93793 93587 25741466599 memcpy_s 93586->93587 93588 2574148e888 std::_Facet_Register 65 API calls 93587->93588 93589 25741466603 93588->93589 93794 2574142cad0 93589->93794 93591 25741466648 EnumDisplayDevicesW 93595 25741466709 93591->93595 93598 25741466665 _Receive_impl 93591->93598 93592 257414578f0 65 API calls 93592->93598 93594 25741466711 93596 2574148e860 _Strcoll 3 API calls 93594->93596 93595->93594 93599 25741423d70 65 API calls 93595->93599 93600 2574146682e 93596->93600 93597 257414666d1 EnumDisplayDevicesW 93597->93595 93597->93598 93598->93592 93598->93597 93601 2574146684f 93598->93601 93804 2574146dbf0 65 API calls 2 library calls 93598->93804 93599->93595 93602 25741466460 RegGetValueA 93600->93602 93603 257414664dd 93602->93603 93604 2574148e860 _Strcoll 3 API calls 93603->93604 93605 2574146651f 93604->93605 93606 25741466860 93605->93606 93607 257414668ef 93606->93607 93610 25741466900 _Receive_impl 93606->93610 93608 25741428560 65 API calls 93607->93608 93608->93610 93609 25741423d70 65 API calls 93609->93610 93610->93609 93611 257414669de 93610->93611 93615 25741466c4b 93610->93615 93806 2574149d0b4 GetNativeSystemInfo 93611->93806 93613 257414669e3 93614 25741450920 66 API calls 93613->93614 93616 25741466a84 93614->93616 93617 25741423d70 65 API calls 93616->93617 93618 25741466ace 93617->93618 93619 25741423d70 65 API calls 93618->93619 93621 25741466b28 _Receive_impl 93619->93621 93620 2574148e860 _Strcoll 3 API calls 93622 25741466c2e 93620->93622 93621->93615 93621->93620 93623 25741466150 93622->93623 93807 2574148f520 93623->93807 93626 257414661ac 93629 2574148e860 _Strcoll 3 API calls 93626->93629 93627 2574146619f 93628 257414578f0 65 API calls 93627->93628 93628->93626 93630 257414661de 93629->93630 93631 257414661f0 93630->93631 93632 2574148f520 _Strcoll 93631->93632 93633 25741466200 GetComputerNameW 93632->93633 93634 2574146624c 93633->93634 93635 2574146623f 93633->93635 93637 2574148e860 _Strcoll 3 API calls 93634->93637 93636 257414578f0 65 API calls 93635->93636 93636->93634 93638 2574146627e 93637->93638 93638->93383 93640 257414660c0 93639->93640 93809 25741465240 93640->93809 93642 257414660e4 _Receive_impl 93642->93386 93644 25741423ff0 65 API calls 93643->93644 93645 2574143d5c3 93644->93645 93646 2574148e888 std::_Facet_Register 65 API calls 93645->93646 93647 2574143d5d8 93646->93647 93648 257414229b0 65 API calls 93647->93648 93649 2574143d5f5 93648->93649 93650 2574148e860 _Strcoll 3 API calls 93649->93650 93651 2574143d60e 93650->93651 93651->93388 93740->93360 93742 257414789ea 93741->93742 93743 257414789c9 93741->93743 93744 25741479eec __std_fs_code_page 61 API calls 93742->93744 93743->93364 93745 257414789ef 93744->93745 93746 2574147c178 __std_fs_code_page 61 API calls 93745->93746 93747 25741478a08 93746->93747 93747->93743 94027 2574147d2ac 62 API calls 3 library calls 93747->94027 93749 25741478a3e 93749->93364 93751 2574145793e 93750->93751 93757 2574145791f _Receive_impl 93750->93757 93754 25741416940 65 API calls 93751->93754 93752 2574148e860 _Strcoll 3 API calls 93753 257414579de 93752->93753 93753->93556 93755 25741457967 93754->93755 93760 25741457a00 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll __std_fs_convert_wide_to_narrow 93755->93760 93757->93752 93758 257414579ec 93757->93758 93759->93556 93760->93757 93778 2574145dec0 93761->93778 93763 2574145fb42 93785 2574145dcd0 65 API calls Concurrency::cancel_current_task 93763->93785 93766 2574145fa2d 93766->93763 93767 25741416940 65 API calls 93766->93767 93768 2574145fa9e 93767->93768 93768->93763 93769 2574145fb07 _Receive_impl 93768->93769 93770 2574148e860 _Strcoll 3 API calls 93769->93770 93771 2574145fb2c GetVolumeInformationW 93770->93771 93771->93565 93772->93569 93773->93571 93775 2574141fe98 93774->93775 93776 2574141fefc 93775->93776 93777 25741424600 65 API calls 93775->93777 93776->93573 93777->93776 93779 2574145df3f 93778->93779 93780 2574145df20 93778->93780 93779->93780 93790 25741428b50 65 API calls 4 library calls 93779->93790 93784 2574145e055 93780->93784 93786 2574149b574 GetCurrentDirectoryW 93780->93786 93791 25741428b50 65 API calls 4 library calls 93780->93791 93784->93766 93787 2574149b586 93786->93787 93788 2574149b595 GetLastError 93786->93788 93787->93788 93789 2574149b58a 93787->93789 93788->93789 93789->93780 93790->93780 93791->93780 93792->93585 93795 2574142cafc 93794->93795 93803 2574142cb21 _Receive_impl 93794->93803 93796 2574142cc02 93795->93796 93798 2574142cb57 93795->93798 93799 2574142cb2e 93795->93799 93795->93803 93805 2574140b820 65 API calls 2 library calls 93796->93805 93800 2574148e888 std::_Facet_Register 65 API calls 93798->93800 93799->93796 93801 2574142cb3b 93799->93801 93800->93803 93802 2574148e888 std::_Facet_Register 65 API calls 93801->93802 93802->93803 93803->93591 93804->93598 93805->93803 93806->93613 93808 25741466160 GetUserNameW 93807->93808 93808->93626 93808->93627 93810 257414653e0 93809->93810 93810->93810 93811 257414653f7 InternetOpenA 93810->93811 93812 257414654b5 InternetOpenUrlA 93811->93812 93813 25741465422 93811->93813 93812->93813 93815 25741465529 HttpQueryInfoW 93812->93815 93826 257414658af 93813->93826 93833 25741465476 _Receive_impl 93813->93833 93817 25741465556 93815->93817 93818 2574146558f HttpQueryInfoW 93815->93818 93816 2574148e860 _Strcoll 3 API calls 93821 2574146549a 93816->93821 93817->93818 93819 257414655ec 93818->93819 93820 25741465618 InternetQueryDataAvailable 93818->93820 93839 25741474550 61 API calls 2 library calls 93819->93839 93823 25741465813 InternetCloseHandle 93820->93823 93824 25741465634 93820->93824 93821->93642 93823->93813 93824->93823 93824->93826 93828 257414656d9 InternetReadFile 93824->93828 93834 2574148e888 std::_Facet_Register 65 API calls 93824->93834 93838 2574146568e memcpy_s ctype _Receive_impl 93824->93838 93825 257414655fd 93825->93820 93829 25741428560 65 API calls 93825->93829 93840 2574140b820 65 API calls 2 library calls 93826->93840 93835 257414657cd _Receive_impl 93828->93835 93828->93838 93831 2574146560e 93829->93831 93830 257414658c0 93831->93820 93832 2574148e888 std::_Facet_Register 65 API calls 93832->93838 93833->93816 93834->93824 93835->93823 93835->93826 93836 25741429030 65 API calls 93836->93838 93837 257414657a6 InternetQueryDataAvailable 93837->93823 93837->93838 93838->93824 93838->93826 93838->93828 93838->93832 93838->93835 93838->93836 93838->93837 93839->93825 93840->93830 94027->93749 94028->93537 94030 257414237f0 65 API calls 94029->94030 94031 25741450076 94030->94031 94037 257414524b0 94031->94037 94035 25741450101 94035->93541 94036->93547 94040 257414524f4 94037->94040 94038 2574147494c 61 API calls 94039 257414525cc 94038->94039 94102 25741450a10 94039->94102 94040->94038 94042 257414500f5 94043 257414502c0 94042->94043 94044 257414505d1 94043->94044 94047 2574145030b memcpy_s 94043->94047 94129 25741453710 67 API calls 2 library calls 94044->94129 94046 25741450604 94048 25741450a10 65 API calls 94046->94048 94126 2574142b5b0 65 API calls 94047->94126 94053 25741450610 94048->94053 94050 2574145035b 94127 25741452840 67 API calls 2 library calls 94050->94127 94052 257414237f0 65 API calls 94056 257414507cc 94052->94056 94057 2574142b780 67 API calls 94053->94057 94098 25741450718 _Receive_impl 94053->94098 94054 257414505cc _Receive_impl 94058 2574148e860 _Strcoll 3 API calls 94054->94058 94055 2574145036b 94059 25741450a10 65 API calls 94055->94059 94060 25741423ff0 65 API calls 94056->94060 94061 2574145065d 94057->94061 94062 2574145085c 94058->94062 94069 25741450377 94059->94069 94064 25741450806 94060->94064 94063 25741431af0 67 API calls 94061->94063 94062->94035 94065 25741450683 94063->94065 94064->94054 94071 257414508b0 94064->94071 94072 2574142bd00 67 API calls 94065->94072 94066 2574145051d 94068 257414237f0 65 API calls 94066->94068 94067 25741450565 94070 257414505bf 94067->94070 94075 257414237f0 65 API calls 94067->94075 94073 25741450538 94068->94073 94074 2574142b780 67 API calls 94069->94074 94101 25741450504 _Receive_impl 94069->94101 94128 2574142b3d0 65 API calls _Receive_impl 94070->94128 94130 25741423e90 63 API calls 94071->94130 94087 25741450692 _Receive_impl 94072->94087 94082 25741423ff0 65 API calls 94073->94082 94078 257414503c3 94074->94078 94075->94073 94081 25741431af0 67 API calls 94078->94081 94079 257414508c8 94083 25741490e88 Concurrency::cancel_current_task 2 API calls 94079->94083 94086 257414503e9 94081->94086 94082->94070 94096 257414508d8 94083->94096 94084 257414907d0 __std_exception_destroy 11 API calls 94088 2574145070a 94084->94088 94085 257414508f7 94089 25741490e88 Concurrency::cancel_current_task 2 API calls 94085->94089 94090 2574142bd00 67 API calls 94086->94090 94087->94084 94094 25741450907 94087->94094 94087->94096 94091 257414907d0 __std_exception_destroy 11 API calls 94088->94091 94089->94094 94092 257414503f9 94090->94092 94091->94098 94092->94071 94093 2574145040e _Receive_impl 94092->94093 94095 257414907d0 __std_exception_destroy 11 API calls 94093->94095 94093->94096 94097 25741450479 94095->94097 94131 25741423e90 63 API calls 94096->94131 94099 257414907d0 __std_exception_destroy 11 API calls 94097->94099 94098->94052 94098->94064 94098->94071 94098->94094 94100 25741450487 _Receive_impl 94099->94100 94100->94096 94100->94101 94101->94066 94101->94067 94103 25741450a33 94102->94103 94107 25741450a80 94102->94107 94121 25741452180 65 API calls 94103->94121 94106 25741450a38 94106->94107 94122 25741452180 65 API calls 94106->94122 94124 25741450d70 65 API calls 94107->94124 94108 25741450bb7 94114 2574148e860 _Strcoll 3 API calls 94108->94114 94110 25741450a47 94111 25741450a5d 94110->94111 94123 25741452180 65 API calls 94110->94123 94113 2574148e860 _Strcoll 3 API calls 94111->94113 94116 25741450a7a 94113->94116 94117 25741450cb5 94114->94117 94115 25741450a56 94115->94107 94115->94111 94116->94042 94117->94042 94118 25741450ac1 94118->94108 94119 25741452180 65 API calls 94118->94119 94125 25741450d70 65 API calls 94118->94125 94119->94118 94121->94106 94122->94110 94123->94115 94124->94118 94125->94118 94126->94050 94127->94055 94128->94054 94129->94046 94130->94079 94131->94085 94132 25741484e91 94144 2574148bf24 94132->94144 94145 25741479eec __std_fs_code_page 61 API calls 94144->94145 94146 2574148bf2d 94145->94146 94149 257414798b4 61 API calls __std_fs_directory_iterator_open 94146->94149 94150 2574147918c 94151 257414791bd 94150->94151 94152 257414791a2 94150->94152 94151->94152 94154 257414791d6 94151->94154 94179 25741474e68 9 API calls _get_daylight 94152->94179 94156 257414791dc 94154->94156 94159 257414791f9 94154->94159 94155 257414791a7 94180 25741478234 61 API calls _invalid_parameter_noinfo 94155->94180 94181 25741474e68 9 API calls _get_daylight 94156->94181 94174 257414833d0 94159->94174 94164 25741479473 94169 257414792b6 94173 257414791b3 94169->94173 94201 25741483414 61 API calls _isindst 94169->94201 94170 25741479256 94170->94173 94200 25741483414 61 API calls _isindst 94170->94200 94175 257414791fe 94174->94175 94176 257414833df 94174->94176 94182 257414824e8 94175->94182 94178 257414833f8 94176->94178 94202 25741483240 94176->94202 94179->94155 94180->94173 94181->94173 94183 257414824f1 94182->94183 94184 25741479213 94182->94184 94281 25741474e68 9 API calls _get_daylight 94183->94281 94184->94164 94188 25741482518 94184->94188 94186 257414824f6 94282 25741478234 61 API calls _invalid_parameter_noinfo 94186->94282 94189 25741482521 94188->94189 94191 25741479224 94188->94191 94283 25741474e68 9 API calls _get_daylight 94189->94283 94191->94164 94194 25741482548 94191->94194 94192 25741482526 94284 25741478234 61 API calls _invalid_parameter_noinfo 94192->94284 94195 25741482551 94194->94195 94199 25741479235 94194->94199 94285 25741474e68 9 API calls _get_daylight 94195->94285 94197 25741482556 94286 25741478234 61 API calls _invalid_parameter_noinfo 94197->94286 94199->94164 94199->94169 94199->94170 94200->94173 94201->94173 94224 2574148ba84 94202->94224 94204 25741483297 94206 2574147e8bc wcsftime 10 API calls 94204->94206 94219 257414832ac 94204->94219 94223 2574148329b 94204->94223 94205 25741483340 94273 25741482e3c 72 API calls 7 library calls 94205->94273 94210 257414832ee 94206->94210 94208 257414832b4 94212 2574147d3c8 Concurrency::details::SchedulerProxy::DeleteThis 9 API calls 94208->94212 94211 257414832f6 94210->94211 94215 2574148ba84 wcsftime 69 API calls 94210->94215 94216 2574147d3c8 Concurrency::details::SchedulerProxy::DeleteThis 9 API calls 94211->94216 94214 257414832bc 94212->94214 94213 25741483348 94213->94208 94217 2574148e860 _Strcoll 3 API calls 94214->94217 94218 25741483318 94215->94218 94216->94219 94220 257414832cc 94217->94220 94218->94211 94221 25741483321 94218->94221 94219->94208 94233 257414830b8 94219->94233 94220->94178 94222 2574147d3c8 Concurrency::details::SchedulerProxy::DeleteThis 9 API calls 94221->94222 94222->94223 94223->94205 94223->94219 94231 2574148b98c 94224->94231 94225 2574148b9c3 94274 25741474e68 9 API calls _get_daylight 94225->94274 94227 2574148b9c8 94275 25741478234 61 API calls _invalid_parameter_noinfo 94227->94275 94230 2574148b9d4 94230->94204 94231->94224 94231->94225 94231->94230 94276 2574148b8f4 69 API calls wcsftime 94231->94276 94277 25741487fd8 61 API calls 2 library calls 94231->94277 94234 257414830cc wcsftime 94233->94234 94235 25741482548 _get_daylight 61 API calls 94234->94235 94236 257414830eb 94235->94236 94237 257414824e8 _get_daylight 61 API calls 94236->94237 94238 2574148322b 94236->94238 94239 257414830fc 94237->94239 94241 2574148ba84 wcsftime 69 API calls 94238->94241 94239->94238 94240 25741482518 _get_daylight 61 API calls 94239->94240 94243 2574148310d 94240->94243 94242 25741483297 94241->94242 94244 2574148329b 94242->94244 94246 257414832ac 94242->94246 94249 2574147e8bc wcsftime 10 API calls 94242->94249 94243->94238 94245 25741483115 94243->94245 94244->94246 94248 25741483340 94244->94248 94247 2574147d3c8 Concurrency::details::SchedulerProxy::DeleteThis 9 API calls 94245->94247 94252 257414832b4 94246->94252 94253 257414830b8 wcsftime 71 API calls 94246->94253 94250 25741483121 GetTimeZoneInformation 94247->94250 94280 25741482e3c 72 API calls 7 library calls 94248->94280 94254 257414832ee 94249->94254 94266 25741483200 wcsftime 94250->94266 94267 2574148313e memcpy_s 94250->94267 94256 2574147d3c8 Concurrency::details::SchedulerProxy::DeleteThis 9 API calls 94252->94256 94253->94252 94255 257414832f6 94254->94255 94259 2574148ba84 wcsftime 69 API calls 94254->94259 94260 2574147d3c8 Concurrency::details::SchedulerProxy::DeleteThis 9 API calls 94255->94260 94258 257414832bc 94256->94258 94257 25741483348 94257->94252 94261 2574148e860 _Strcoll 3 API calls 94258->94261 94262 25741483318 94259->94262 94260->94246 94263 257414832cc 94261->94263 94262->94255 94264 25741483321 94262->94264 94263->94208 94265 2574147d3c8 Concurrency::details::SchedulerProxy::DeleteThis 9 API calls 94264->94265 94265->94244 94266->94208 94268 257414869a4 __std_fs_code_page 61 API calls 94267->94268 94269 257414831d2 94268->94269 94278 25741483350 72 API calls wcsftime 94269->94278 94271 257414831e9 94279 25741483350 72 API calls wcsftime 94271->94279 94273->94213 94274->94227 94275->94230 94276->94231 94277->94231 94278->94271 94279->94266 94280->94257 94281->94186 94282->94184 94283->94192 94284->94191 94285->94197 94286->94199 94287 2574146c5cb 94288 2574146c5f1 94287->94288 94304 2574146c5dc 94287->94304 94289 2574146c5fa 94288->94289 94305 2574146c7bf 94288->94305 94292 257414227e0 65 API calls 94289->94292 94302 2574146c652 94289->94302 94290 2574146c86f 94294 2574146d050 67 API calls 94290->94294 94291 2574148e860 _Strcoll 3 API calls 94293 2574146ceb3 94291->94293 94292->94302 94296 2574146c888 94294->94296 94295 2574146d050 67 API calls 94295->94305 94300 2574146c570 3 API calls 94296->94300 94297 2574146c722 94299 2574146d050 67 API calls 94297->94299 94298 2574146d050 67 API calls 94298->94302 94303 2574146c75b 94299->94303 94300->94304 94301 2574146c570 3 API calls 94301->94305 94302->94297 94302->94298 94308 2574146c570 94302->94308 94307 2574146c570 3 API calls 94303->94307 94304->94291 94305->94290 94305->94295 94305->94301 94307->94304 94309 2574146c5a0 94308->94309 94310 2574148e860 _Strcoll 3 API calls 94309->94310 94311 2574146ceb3 94310->94311 94311->94302 94312 2574146c8c9 94313 2574146c8f4 94312->94313 94315 2574146c8df 94312->94315 94314 2574146c8fd 94313->94314 94324 2574146cac0 94313->94324 94321 2574146c95a memcpy_s 94314->94321 94323 25741428e80 65 API calls 94314->94323 94317 2574148e860 _Strcoll 3 API calls 94315->94317 94316 2574146cb29 94318 2574146c570 3 API calls 94316->94318 94319 2574146ceb3 94317->94319 94318->94315 94320 2574146c570 3 API calls 94320->94324 94322 2574146ca4a 94321->94322 94326 2574146c570 3 API calls 94321->94326 94325 2574146c570 3 API calls 94322->94325 94323->94321 94324->94316 94324->94320 94325->94315 94326->94321 94327 25741479aa8 94328 2574147990c _fread_nolock 61 API calls 94327->94328 94329 25741479ac7 94328->94329 94330 25741479acf 94329->94330 94331 25741479b08 94329->94331 94349 25741479a2c 61 API calls _invalid_parameter_noinfo 94329->94349 94331->94330 94333 25741479b49 94331->94333 94350 2574147e768 61 API calls 2 library calls 94331->94350 94338 25741479934 94333->94338 94336 25741479b3d 94336->94333 94351 25741480318 9 API calls 2 library calls 94336->94351 94339 2574147990c _fread_nolock 61 API calls 94338->94339 94340 25741479959 94339->94340 94341 257414799fa 94340->94341 94342 25741479969 94340->94342 94361 2574147ce18 61 API calls _invalid_parameter_noinfo 94341->94361 94344 25741479987 94342->94344 94345 257414799a5 94342->94345 94360 2574147ce18 61 API calls _invalid_parameter_noinfo 94344->94360 94347 25741479995 94345->94347 94352 25741480f48 94345->94352 94347->94330 94349->94331 94350->94336 94351->94333 94353 25741480f78 94352->94353 94362 25741480d7c 94353->94362 94355 25741480f91 94357 25741480fb7 94355->94357 94369 2574146f864 61 API calls 2 library calls 94355->94369 94356 25741480fcc 94356->94347 94357->94356 94370 2574146f864 61 API calls 2 library calls 94357->94370 94360->94347 94361->94347 94363 25741480dd3 94362->94363 94368 25741480da5 94362->94368 94364 25741480dec 94363->94364 94366 25741480e43 94363->94366 94377 25741478168 61 API calls _invalid_parameter_noinfo 94364->94377 94366->94368 94371 25741480e9c 94366->94371 94368->94355 94369->94357 94370->94356 94378 25741485868 94371->94378 94374 25741480eda SetFilePointerEx 94375 25741480ef2 GetLastError 94374->94375 94376 25741480ec9 _fread_nolock 94374->94376 94375->94376 94376->94368 94377->94368 94379 25741485871 94378->94379 94380 25741485886 94378->94380 94390 25741474e48 9 API calls _get_daylight 94379->94390 94385 25741480ec3 94380->94385 94392 25741474e48 9 API calls _get_daylight 94380->94392 94382 25741485876 94391 25741474e68 9 API calls _get_daylight 94382->94391 94385->94374 94385->94376 94386 257414858c1 94393 25741474e68 9 API calls _get_daylight 94386->94393 94388 257414858c9 94394 25741478234 61 API calls _invalid_parameter_noinfo 94388->94394 94390->94382 94391->94385 94392->94386 94393->94388 94394->94385 94395 7ff756411940 94398 7ff7564117d0 94395->94398 94397 7ff75641195d 94414 7ff7564117b0 94398->94414 94402 7ff7564118d8 94408 7ff756411917 _CallMemberFunction0 94402->94408 94472 7ff75640a560 94402->94472 94407 7ff75640a560 59 API calls 94407->94408 94408->94397 94411 7ff756411970 94 API calls 94413 7ff7564117e2 _CallMemberFunction0 94411->94413 94412 7ff75640a560 59 API calls 94412->94413 94413->94402 94413->94411 94413->94412 94420 7ff7564421cc 94413->94420 94423 7ff756417980 94413->94423 94493 7ff7564422ac GetSystemTimeAsFileTime 94414->94493 94417 7ff7564421f8 94495 7ff756445cb8 GetLastError 94417->94495 94421 7ff756445cb8 _Getctype 47 API calls 94420->94421 94422 7ff7564421d5 94421->94422 94422->94413 94424 7ff7564179b7 std::ios_base::_Init 94423->94424 94528 7ff756417c00 94424->94528 94432 7ff7564179fb 94433 7ff756406610 std::ios_base::_Init 50 API calls 94432->94433 94434 7ff756417a0d 94433->94434 94435 7ff756416330 50 API calls 94434->94435 94436 7ff756417a27 94435->94436 94437 7ff756406450 std::ios_base::_Init 47 API calls 94436->94437 94438 7ff756417a32 94437->94438 94439 7ff756406610 std::ios_base::_Init 50 API calls 94438->94439 94440 7ff756417a47 94439->94440 94441 7ff756416330 50 API calls 94440->94441 94442 7ff756417a64 94441->94442 94443 7ff756406450 std::ios_base::_Init 47 API calls 94442->94443 94444 7ff756417a72 94443->94444 94445 7ff756406610 std::ios_base::_Init 50 API calls 94444->94445 94446 7ff756417a87 94445->94446 94447 7ff756416330 50 API calls 94446->94447 94448 7ff756417aa4 94447->94448 94449 7ff756406450 std::ios_base::_Init 47 API calls 94448->94449 94450 7ff756417ab2 std::ios_base::_Init 94449->94450 94544 7ff756417dc0 94450->94544 94474 7ff75640a598 char_traits 94472->94474 95134 7ff7564079a0 94474->95134 94478 7ff75640a8eb 94480 7ff756455500 allocator 8 API calls 94478->94480 94479 7ff75640a64c Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::width 95138 7ff756407da0 94479->95138 94481 7ff75640a903 94480->94481 94482 7ff756411970 94481->94482 94483 7ff7564079a0 59 API calls 94482->94483 94484 7ff7564119b1 94483->94484 94492 7ff756411a17 Concurrency::details::WorkQueue::IsStructuredEmpty 94484->94492 95169 7ff75640a940 85 API calls 5 library calls 94484->95169 94485 7ff756407da0 50 API calls 94486 7ff756411bd2 94485->94486 94487 7ff756407950 59 API calls 94486->94487 94489 7ff756411bed 94487->94489 94490 7ff756455500 allocator 8 API calls 94489->94490 94491 7ff756411908 94490->94491 94491->94407 94492->94485 94494 7ff7564117c3 94493->94494 94494->94417 94496 7ff756445cf9 FlsSetValue 94495->94496 94497 7ff756445cdc FlsGetValue 94495->94497 94498 7ff756445ce9 94496->94498 94500 7ff756445d0b 94496->94500 94497->94498 94499 7ff756445cf3 94497->94499 94502 7ff756445d65 SetLastError 94498->94502 94499->94496 94518 7ff756445798 11 API calls 3 library calls 94500->94518 94504 7ff756442205 94502->94504 94505 7ff756445d85 94502->94505 94503 7ff756445d1a 94506 7ff756445d38 FlsSetValue 94503->94506 94507 7ff756445d28 FlsSetValue 94503->94507 94504->94413 94526 7ff756445324 47 API calls 2 library calls 94505->94526 94511 7ff756445d56 94506->94511 94512 7ff756445d44 FlsSetValue 94506->94512 94510 7ff756445d31 94507->94510 94519 7ff756445810 94510->94519 94525 7ff756445a68 11 API calls _Getctype 94511->94525 94512->94510 94516 7ff756445d5e 94517 7ff756445810 __free_lconv_mon 11 API calls 94516->94517 94517->94502 94518->94503 94520 7ff756445815 RtlFreeHeap 94519->94520 94524 7ff756445844 94519->94524 94521 7ff756445830 GetLastError 94520->94521 94520->94524 94522 7ff75644583d __free_lconv_mon 94521->94522 94527 7ff756445920 11 API calls memcpy_s 94522->94527 94524->94498 94525->94516 94527->94524 94529 7ff756417c13 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 94528->94529 94604 7ff7564184e0 94529->94604 94534 7ff756406610 94535 7ff756406637 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init char_traits 94534->94535 94681 7ff75640ac90 94535->94681 94538 7ff756416330 94713 7ff7564184b0 94538->94713 94541 7ff756406450 94729 7ff756407e40 94541->94729 94543 7ff756406463 std::ios_base::_Init 94543->94432 94545 7ff756417dfa Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init 94544->94545 94744 7ff75641b970 94545->94744 94610 7ff756418870 94604->94610 94607 7ff756418440 94656 7ff756418820 94607->94656 94611 7ff7564188a1 94610->94611 94614 7ff756418bc0 94611->94614 94615 7ff756418be2 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init 94614->94615 94620 7ff75641c470 94615->94620 94617 7ff756418c19 UnDecorator::getVbTableType 94618 7ff756455500 allocator 8 API calls 94617->94618 94619 7ff756417c33 94618->94619 94619->94607 94625 7ff75641c770 94620->94625 94622 7ff75641c497 UnDecorator::getVbTableType 94623 7ff756455500 allocator 8 API calls 94622->94623 94624 7ff75641c4fe 94623->94624 94624->94617 94630 7ff75641fd80 94625->94630 94631 7ff75641fdae 94630->94631 94632 7ff75641c788 94630->94632 94644 7ff756404160 RtlPcToFileHeader RaiseException std::_Xinvalid_argument std::_Facet_Register 94631->94644 94634 7ff75640cc20 94632->94634 94635 7ff75640cc35 allocator 94634->94635 94641 7ff75640cc31 94634->94641 94636 7ff75640cc4d 94635->94636 94637 7ff75640cc41 94635->94637 94639 7ff75640cc58 94636->94639 94640 7ff75640cc64 94636->94640 94653 7ff756404210 94637->94653 94645 7ff75640cd80 94639->94645 94643 7ff756404210 allocator 14 API calls 94640->94643 94641->94622 94643->94641 94644->94632 94646 7ff75640cda8 94645->94646 94647 7ff75640cda3 94645->94647 94648 7ff756404210 allocator 14 API calls 94646->94648 94649 7ff756404160 allocator RtlPcToFileHeader RaiseException 94647->94649 94650 7ff75640cdb3 94648->94650 94649->94646 94651 7ff756442154 _invalid_parameter_noinfo_noreturn 47 API calls 94650->94651 94652 7ff75640cdd4 94650->94652 94651->94650 94652->94641 94654 7ff756455554 std::_Facet_Register 14 API calls 94653->94654 94655 7ff756404223 94654->94655 94655->94641 94657 7ff756418851 94656->94657 94660 7ff756418b40 94657->94660 94661 7ff756418b62 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init 94660->94661 94666 7ff75641c3d0 94661->94666 94663 7ff756418b99 UnDecorator::getVbTableType 94664 7ff756455500 allocator 8 API calls 94663->94664 94665 7ff7564179c4 94664->94665 94665->94534 94671 7ff75641c700 94666->94671 94668 7ff75641c3f7 UnDecorator::getVbTableType 94669 7ff756455500 allocator 8 API calls 94668->94669 94670 7ff75641c45e 94669->94670 94670->94663 94676 7ff75641fd40 94671->94676 94674 7ff75640cc20 allocator 50 API calls 94675 7ff75641c720 94674->94675 94675->94668 94677 7ff75641fd6e 94676->94677 94678 7ff75641c718 94676->94678 94680 7ff756404160 RtlPcToFileHeader RaiseException std::_Xinvalid_argument std::_Facet_Register 94677->94680 94678->94674 94680->94678 94694 7ff75640c520 94681->94694 94685 7ff75640acd5 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init 94686 7ff75640c520 std::ios_base::_Init 8 API calls 94685->94686 94689 7ff75640ad11 Concurrency::details::WorkQueue::IsStructuredEmpty UnDecorator::getVbTableType 94685->94689 94687 7ff75640ad8a 94686->94687 94699 7ff75640c470 94687->94699 94692 7ff756455500 allocator 8 API calls 94689->94692 94693 7ff75640665c 94692->94693 94693->94538 94695 7ff75640c542 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init _Min_value _Max_value 94694->94695 94696 7ff756455500 allocator 8 API calls 94695->94696 94697 7ff75640acc6 94696->94697 94697->94685 94698 7ff756404310 50 API calls std::_Xinvalid_argument 94697->94698 94698->94685 94700 7ff75640c4ac _Max_value 94699->94700 94701 7ff756455500 allocator 8 API calls 94700->94701 94702 7ff75640ad9f 94701->94702 94703 7ff75640cac0 94702->94703 94706 7ff75640a910 94703->94706 94705 7ff75640caf9 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init allocator 94705->94689 94709 7ff75640c5f0 94706->94709 94710 7ff75640c608 allocator 94709->94710 94711 7ff75640cc20 allocator 50 API calls 94710->94711 94712 7ff75640a930 94711->94712 94712->94705 94716 7ff75641bd20 94713->94716 94717 7ff75641bd67 94716->94717 94718 7ff75641bd8c 94717->94718 94726 7ff75641c730 50 API calls Concurrency::details::WorkQueue::IsStructuredEmpty 94717->94726 94720 7ff756455500 allocator 8 API calls 94718->94720 94721 7ff756416360 94720->94721 94721->94541 94722 7ff75641bdc6 Concurrency::details::WorkQueue::IsStructuredEmpty UnDecorator::getVbTableType 94727 7ff75641f9f0 50 API calls 2 library calls 94722->94727 94724 7ff75641be52 94728 7ff75641c540 47 API calls 2 library calls 94724->94728 94726->94722 94727->94724 94728->94718 94730 7ff756407e5d Concurrency::details::WorkQueue::IsStructuredEmpty UnDecorator::getVbTableType 94729->94730 94731 7ff756407e99 UnDecorator::getVbTableType 94730->94731 94733 7ff7564097a0 94730->94733 94731->94543 94736 7ff7564083c0 94733->94736 94739 7ff75640bce0 94736->94739 94738 7ff7564083e2 94738->94731 94741 7ff75640bcf3 allocator 94739->94741 94740 7ff75640bcfa UnDecorator::getVbTableType 94740->94738 94741->94740 94743 7ff756404230 47 API calls _invalid_parameter_noinfo_noreturn 94741->94743 94743->94740 94745 7ff75641b9b8 Concurrency::details::WorkQueue::IsStructuredEmpty _Byte_length _Find_unchecked 94744->94745 94764 7ff75641bbf0 94745->94764 94748 7ff756455500 allocator 8 API calls 94749 7ff75641ba3b 94748->94749 94765 7ff75641bc21 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init 94764->94765 94768 7ff75641bcb0 UnDecorator::getVbTableType 94765->94768 94774 7ff75641c6c0 94765->94774 94769 7ff756455500 allocator 8 API calls 94768->94769 94771 7ff75641ba28 94769->94771 94771->94748 94775 7ff75641c6d8 94774->94775 94776 7ff75641c6e4 94775->94776 94786 7ff756411010 50 API calls std::_Xinvalid_argument 94775->94786 94782 7ff75641c9f0 94776->94782 94783 7ff75641ca38 Concurrency::details::WorkQueue::IsStructuredEmpty 94782->94783 94786->94776 95135 7ff7564079bd std::ios_base::good 95134->95135 95137 7ff7564079e4 std::ios_base::good 95135->95137 95147 7ff7564094c0 59 API calls allocator 95135->95147 95137->94479 95139 7ff756407dbc std::ios_base::good 95138->95139 95148 7ff756409670 95139->95148 95142 7ff756407950 95163 7ff75645b640 __uncaught_exceptions 95142->95163 95144 7ff75640795e 95145 7ff75640798d 95144->95145 95167 7ff7564095a0 50 API calls 2 library calls 95144->95167 95145->94478 95147->95137 95149 7ff756409697 95148->95149 95152 7ff756405820 95149->95152 95153 7ff75640587a 95152->95153 95159 7ff756405900 95152->95159 95155 7ff75640588f std::make_error_code 95153->95155 95160 7ff7564577d4 RtlPcToFileHeader RaiseException 95153->95160 95161 7ff7564057c0 50 API calls std::ios_base::_Init 95155->95161 95157 7ff7564058ef 95162 7ff7564577d4 RtlPcToFileHeader RaiseException 95157->95162 95159->95142 95160->95155 95161->95157 95162->95159 95163->95144 95164 7ff7564674e4 95163->95164 95168 7ff756457cb8 8 API calls __vcrt_FlsGetValue 95164->95168 95166 7ff7564674ed 95166->95144 95167->95145 95168->95166 95169->94492 95170 25741420af0 95171 25741420b08 95170->95171 95172 25741420b14 ctype 95170->95172 95173 25741420b25 ctype 95172->95173 95174 25741420c5e 95172->95174 95177 25741477a44 95172->95177 95174->95173 95176 25741477a44 _fread_nolock 70 API calls 95174->95176 95176->95173 95180 25741477a64 95177->95180 95179 25741477a5c 95179->95172 95181 25741477a8e 95180->95181 95182 25741477abd 95180->95182 95181->95182 95183 25741477ada 95181->95183 95184 25741477a9d memcpy_s 95181->95184 95182->95179 95189 257414777e4 95183->95189 95204 25741474e68 9 API calls _get_daylight 95184->95204 95186 25741477ab2 95205 25741478234 61 API calls _invalid_parameter_noinfo 95186->95205 95192 25741477813 memcpy_s 95189->95192 95200 2574147782d 95189->95200 95190 2574147781d 95226 25741474e68 9 API calls _get_daylight 95190->95226 95192->95190 95195 25741477882 memcpy_s ctype 95192->95195 95192->95200 95196 25741477a05 memcpy_s 95195->95196 95197 2574147990c _fread_nolock 61 API calls 95195->95197 95195->95200 95206 2574147d8c8 95195->95206 95228 25741474e68 9 API calls _get_daylight 95195->95228 95229 25741478234 61 API calls _invalid_parameter_noinfo 95195->95229 95230 2574148092c 95195->95230 95295 25741474e68 9 API calls _get_daylight 95196->95295 95197->95195 95200->95182 95202 25741477822 95227 25741478234 61 API calls _invalid_parameter_noinfo 95202->95227 95204->95186 95205->95182 95207 2574147d8e5 95206->95207 95211 2574147d910 95206->95211 95321 25741474e68 9 API calls _get_daylight 95207->95321 95208 2574147d8f5 95208->95195 95210 2574147d8ea 95322 25741478234 61 API calls _invalid_parameter_noinfo 95210->95322 95211->95208 95213 2574147d94c 95211->95213 95323 25741480318 9 API calls 2 library calls 95211->95323 95215 2574147990c _fread_nolock 61 API calls 95213->95215 95216 2574147d95e 95215->95216 95296 2574148080c 95216->95296 95218 2574147d96b 95218->95208 95219 2574147990c _fread_nolock 61 API calls 95218->95219 95220 2574147d9a0 95219->95220 95220->95208 95221 2574147990c _fread_nolock 61 API calls 95220->95221 95222 2574147d9ac 95221->95222 95222->95208 95223 2574147990c _fread_nolock 61 API calls 95222->95223 95224 2574147d9b9 95223->95224 95225 2574147990c _fread_nolock 61 API calls 95224->95225 95225->95208 95226->95202 95227->95200 95228->95195 95229->95195 95231 25741480954 95230->95231 95232 2574148096d 95230->95232 95341 25741474e48 9 API calls _get_daylight 95231->95341 95234 25741480d47 95232->95234 95242 257414809b8 95232->95242 95356 25741474e48 9 API calls _get_daylight 95234->95356 95235 25741480959 95342 25741474e68 9 API calls _get_daylight 95235->95342 95238 25741480d4c 95357 25741474e68 9 API calls _get_daylight 95238->95357 95240 25741480962 95240->95195 95241 257414809c1 95343 25741474e48 9 API calls _get_daylight 95241->95343 95242->95240 95242->95241 95248 257414809f2 95242->95248 95244 257414809cd 95358 25741478234 61 API calls _invalid_parameter_noinfo 95244->95358 95245 257414809c6 95344 25741474e68 9 API calls _get_daylight 95245->95344 95249 25741480a19 95248->95249 95250 25741480a53 95248->95250 95251 25741480a26 95248->95251 95249->95251 95256 25741480a42 95249->95256 95252 2574147e8bc wcsftime 10 API calls 95250->95252 95345 25741474e48 9 API calls _get_daylight 95251->95345 95254 25741480a64 95252->95254 95257 2574147d3c8 Concurrency::details::SchedulerProxy::DeleteThis 9 API calls 95254->95257 95255 25741480a2b 95346 25741474e68 9 API calls _get_daylight 95255->95346 95333 2574148996c 95256->95333 95260 25741480a6e 95257->95260 95263 2574147d3c8 Concurrency::details::SchedulerProxy::DeleteThis 9 API calls 95260->95263 95262 25741480a32 95347 25741478234 61 API calls _invalid_parameter_noinfo 95262->95347 95267 25741480a75 95263->95267 95264 25741480bee 95268 25741480bf3 ReadFile 95264->95268 95266 25741480b81 GetConsoleMode 95266->95264 95269 25741480b95 95266->95269 95270 25741480a98 95267->95270 95271 25741480a7d 95267->95271 95272 25741480c19 95268->95272 95273 25741480d0d GetLastError 95268->95273 95269->95268 95275 25741480b9f ReadConsoleW 95269->95275 95350 25741480fec 61 API calls 2 library calls 95270->95350 95348 25741474e68 9 API calls _get_daylight 95271->95348 95272->95273 95279 25741480be2 95272->95279 95276 25741480bc9 95273->95276 95277 25741480d18 95273->95277 95275->95279 95280 25741480bc3 GetLastError 95275->95280 95294 25741480a3d 95276->95294 95351 25741474ddc 9 API calls 2 library calls 95276->95351 95354 25741474e68 9 API calls _get_daylight 95277->95354 95287 25741480c52 95279->95287 95288 25741480c77 95279->95288 95279->95294 95280->95276 95282 2574147d3c8 Concurrency::details::SchedulerProxy::DeleteThis 9 API calls 95282->95240 95283 25741480a82 95349 25741474e48 9 API calls _get_daylight 95283->95349 95285 25741480d1d 95355 25741474e48 9 API calls _get_daylight 95285->95355 95352 25741480544 63 API calls 3 library calls 95287->95352 95291 25741480cfb 95288->95291 95288->95294 95353 25741480384 62 API calls _fread_nolock 95291->95353 95293 25741480d08 95293->95294 95294->95282 95295->95202 95297 25741480836 95296->95297 95302 25741480866 95296->95302 95324 25741474e48 9 API calls _get_daylight 95297->95324 95299 2574148083b 95325 25741474e68 9 API calls _get_daylight 95299->95325 95301 2574148087f 95326 25741474e48 9 API calls _get_daylight 95301->95326 95302->95301 95303 257414808bd 95302->95303 95305 257414808c6 95303->95305 95306 257414808db 95303->95306 95329 25741474e48 9 API calls _get_daylight 95305->95329 95313 257414808f8 95306->95313 95314 2574148090d 95306->95314 95307 25741480884 95327 25741474e68 9 API calls _get_daylight 95307->95327 95310 2574148088c 95328 25741478234 61 API calls _invalid_parameter_noinfo 95310->95328 95311 257414808cb 95330 25741474e68 9 API calls _get_daylight 95311->95330 95331 25741474e68 9 API calls _get_daylight 95313->95331 95316 2574148092c _fread_nolock 70 API calls 95314->95316 95320 25741480843 95316->95320 95318 257414808fd 95332 25741474e48 9 API calls _get_daylight 95318->95332 95320->95218 95321->95210 95322->95208 95323->95213 95324->95299 95325->95320 95326->95307 95327->95310 95328->95320 95329->95311 95330->95310 95331->95318 95332->95320 95334 25741489982 95333->95334 95335 25741489975 95333->95335 95337 25741480b62 95334->95337 95360 25741474e68 9 API calls _get_daylight 95334->95360 95359 25741474e68 9 API calls _get_daylight 95335->95359 95337->95264 95337->95266 95339 257414899b9 95361 25741478234 61 API calls _invalid_parameter_noinfo 95339->95361 95341->95235 95342->95240 95343->95245 95344->95244 95345->95255 95346->95262 95347->95294 95348->95283 95349->95294 95350->95256 95351->95294 95352->95294 95353->95293 95354->95285 95355->95294 95356->95238 95357->95244 95358->95240 95359->95337 95360->95339 95361->95337 95362 25741417633 95368 2574140da40 95362->95368 95364 25741417666 FindNextFileW 95365 25741417684 95364->95365 95366 2574148e860 _Strcoll 3 API calls 95365->95366 95367 257414176ab 95366->95367 95369 2574140da58 _Receive_impl 95368->95369 95369->95364 95370 2574142d8d4 95371 2574142d639 95370->95371 95372 2574142d625 95370->95372 95374 2574142e200 65 API calls 95371->95374 95373 25741428d10 65 API calls 95372->95373 95373->95371 95375 2574142d5b0 95374->95375 95376 2574145fc10 95377 2574145fc40 95376->95377 95378 2574149b5b0 80 API calls 95377->95378 95379 2574145fc59 95378->95379 95380 2574148e860 _Strcoll 3 API calls 95379->95380 95381 2574145fc96 95380->95381

                                                      Executed Functions

                                                      Function 0000025741465B70 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 225windowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Object$DeleteMetricsSystem$CreateSelectStream_$CapsCompatibleCriticalDeviceReleaseSection$BitmapEnterLeaveReadResetSizeStream
                                                      • String ID:
                                                      • API String ID: 3214587331-3916222277
                                                      • Opcode ID: 7f29424d3ead8c8ab7e32e0c66aef27a74aa28fe3180dede61f6c59901bdf73b
                                                      • Instruction ID: ee7a60c1de5b07f8e8bafa29eb776f1eea6e2bb05774d9853d578f701bb94cc8
                                                      • Opcode Fuzzy Hash: 7f29424d3ead8c8ab7e32e0c66aef27a74aa28fe3180dede61f6c59901bdf73b
                                                      • Instruction Fuzzy Hash: D1B16E72248BC086E760EB25F8583AAB3B1F799B81F408515DA8E57B69DF3CC085CB44
                                                      Function 000002574149B5B0 Relevance: 27.2, APIs: 18, Instructions: 229fileCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 40 2574149b5b0-2574149b5f0 41 2574149b5f2-2574149b5f9 40->41 42 2574149b605-2574149b60e 40->42 41->42 43 2574149b5fb-2574149b600 41->43 44 2574149b610-2574149b613 42->44 45 2574149b62a-2574149b62c 42->45 48 2574149b884-2574149b8aa call 2574148e860 43->48 44->45 49 2574149b615-2574149b61d 44->49 46 2574149b882 45->46 47 2574149b632-2574149b636 45->47 46->48 50 2574149b63c-2574149b63f 47->50 51 2574149b70d-2574149b734 call 2574149b984 47->51 53 2574149b61f-2574149b621 49->53 54 2574149b623-2574149b626 49->54 55 2574149b641-2574149b649 50->55 56 2574149b653-2574149b665 GetFileAttributesExW 50->56 63 2574149b756-2574149b75f 51->63 64 2574149b736-2574149b73f 51->64 53->45 53->54 54->45 55->56 60 2574149b64b-2574149b64d 55->60 61 2574149b6b8-2574149b6c7 56->61 62 2574149b667-2574149b670 GetLastError 56->62 60->51 60->56 66 2574149b6cb-2574149b6cd 61->66 62->48 65 2574149b676-2574149b688 FindFirstFileW 62->65 69 2574149b813-2574149b81c 63->69 70 2574149b765-2574149b77d GetFileInformationByHandleEx 63->70 67 2574149b74f-2574149b751 64->67 68 2574149b741-2574149b749 CloseHandle 64->68 71 2574149b695-2574149b6b6 FindClose 65->71 72 2574149b68a-2574149b690 GetLastError 65->72 73 2574149b6cf-2574149b6d7 66->73 74 2574149b6d9-2574149b707 66->74 67->48 68->67 75 2574149b8c5-2574149b8ca call 257414798b4 68->75 76 2574149b81e-2574149b832 GetFileInformationByHandleEx 69->76 77 2574149b86b-2574149b86d 69->77 78 2574149b77f-2574149b78b GetLastError 70->78 79 2574149b7a5-2574149b7be 70->79 71->66 72->48 73->51 73->74 74->46 74->51 97 2574149b8cb-2574149b8d0 call 257414798b4 75->97 81 2574149b834-2574149b840 GetLastError 76->81 82 2574149b858-2574149b868 76->82 85 2574149b86f-2574149b873 77->85 86 2574149b8ab-2574149b8af 77->86 83 2574149b78d-2574149b798 CloseHandle 78->83 84 2574149b79e-2574149b7a0 78->84 79->69 87 2574149b7c0-2574149b7c4 79->87 81->84 91 2574149b846-2574149b851 CloseHandle 81->91 82->77 83->84 92 2574149b8d7-2574149b8df call 257414798b4 83->92 84->48 85->46 93 2574149b875-2574149b880 CloseHandle 85->93 88 2574149b8b1-2574149b8bc CloseHandle 86->88 89 2574149b8be-2574149b8c3 86->89 94 2574149b7c6-2574149b7e0 GetFileInformationByHandleEx 87->94 95 2574149b80c 87->95 88->75 88->89 89->48 98 2574149b8d1-2574149b8d6 call 257414798b4 91->98 99 2574149b853 91->99 93->46 93->75 101 2574149b7e2-2574149b7ee GetLastError 94->101 102 2574149b803-2574149b80a 94->102 96 2574149b810 95->96 96->69 97->98 98->92 99->84 101->84 106 2574149b7f0-2574149b7fb CloseHandle 101->106 102->96 106->97 109 2574149b801 106->109 109->84
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
                                                      • String ID:
                                                      • API String ID: 2398595512-0
                                                      • Opcode ID: ae06ef96b620ec177ea6819a3a1ac38214177ad565b87e13f1ccf53398ca1eb7
                                                      • Instruction ID: a83ee46e8b188c2301f07777c7b4243fa98c96d2a92db2c9d58c3f1506fe1701
                                                      • Opcode Fuzzy Hash: ae06ef96b620ec177ea6819a3a1ac38214177ad565b87e13f1ccf53398ca1eb7
                                                      • Instruction Fuzzy Hash: CA91B5317A8E0146F774EB7DBC08F6962B0A74A7B6F184714D9B66B6D4DB38C804874C
                                                      Function 0000025741468030 Relevance: 22.6, APIs: 3, Strings: 9, Instructions: 1600COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Name$DevicesDisplayEnum$ComputerCurrentFileGlobalMemoryModuleProfileStatusUserValuewcsftime
                                                      • String ID: %d-%m-%Y, %H:%M:%S$computer_name$cpu$gpu$ram$system$time$timezone$user_name
                                                      • API String ID: 2509368203-1182675529
                                                      • Opcode ID: 83b68417b8bc51af44e4411a1981e3471f5f661200eb30e4b38870ee685f36e4
                                                      • Instruction ID: 6807714679e32ded52f105391bd3af06f910480d0d803bafa700863c28130d39
                                                      • Opcode Fuzzy Hash: 83b68417b8bc51af44e4411a1981e3471f5f661200eb30e4b38870ee685f36e4
                                                      • Instruction Fuzzy Hash: 7FF29E72658FC185EB20DF68E8843DD77B1F789799F409215EA8D27BA9DB78C280C704
                                                      Function 000002574141D570 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 862libraryloaderCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 605 2574141d570-2574141d66f LoadLibraryA 606 2574141e530-2574141e53a 605->606 607 2574141d675-2574141da30 GetProcAddress * 6 605->607 608 2574141e549-2574141e54c 606->608 609 2574141e53c-2574141e53e 606->609 607->606 610 2574141da36-2574141da39 607->610 611 2574141e557-2574141e586 call 2574148e860 608->611 612 2574141e54e-2574141e551 FreeLibrary 608->612 609->608 610->606 613 2574141da3f-2574141da42 610->613 612->611 613->606 616 2574141da48-2574141da4b 613->616 616->606 617 2574141da51-2574141da54 616->617 617->606 619 2574141da5a-2574141da5d 617->619 619->606 620 2574141da63-2574141da71 619->620 621 2574141da75-2574141da77 620->621 621->606 622 2574141da7d-2574141da89 621->622 622->606 623 2574141da8f-2574141da98 622->623 624 2574141daa0-2574141dabb 623->624 626 2574141e517-2574141e523 624->626 627 2574141dac1-2574141dadf 624->627 626->624 628 2574141e529 626->628 627->626 630 2574141dae5-2574141daf7 627->630 628->606 631 2574141dafd 630->631 632 2574141e503-2574141e512 630->632 633 2574141db02-2574141db53 call 2574148e888 631->633 632->626 638 2574141db59-2574141db60 633->638 639 2574141ddd2 633->639 638->639 640 2574141db66-2574141dc5f call 257414578f0 call 25741425310 call 257414255e0 638->640 641 2574141ddd4-2574141dddb 639->641 667 2574141dc60-2574141dc68 640->667 643 2574141e051-2574141e08d 641->643 644 2574141dde1-2574141dde8 641->644 652 2574141e327-2574141e329 643->652 653 2574141e093-2574141e0a1 643->653 644->643 646 2574141ddee-2574141dedb call 257414578f0 call 25741425310 call 257414255e0 644->646 679 2574141dee2-2574141deea 646->679 658 2574141e32f-2574141e458 call 257414286b0 call 25741421900 call 257414286b0 call 25741421900 call 25741423ff0 call 2574148e888 call 257414451b0 652->658 659 2574141e4d5-2574141e4eb call 257414200f0 652->659 656 2574141e0a7-2574141e0ae 653->656 657 2574141e320-2574141e323 653->657 656->657 664 2574141e0b4-2574141e1a8 call 257414578f0 call 25741425310 call 257414255e0 656->664 657->652 662 2574141e325 657->662 752 2574141e45a-2574141e45c 658->752 753 2574141e464-2574141e477 call 257414237f0 658->753 674 2574141e4f1-2574141e4fc 659->674 675 2574141db00 659->675 662->652 695 2574141e1b0-2574141e1b7 664->695 667->667 672 2574141dc6a-2574141dcc4 call 257414286b0 call 25741426bc0 call 25741423ff0 667->672 701 2574141dcf7-2574141dd21 672->701 702 2574141dcc6-2574141dcd7 672->702 674->632 675->633 679->679 684 2574141deec-2574141df45 call 257414286b0 call 25741426bc0 call 25741423ff0 679->684 715 2574141df47-2574141df58 684->715 716 2574141df78-2574141dfa2 684->716 695->695 699 2574141e1b9-2574141e212 call 257414286b0 call 25741426bc0 call 25741423ff0 695->699 764 2574141e245-2574141e26e 699->764 765 2574141e214-2574141e225 699->765 710 2574141dd59-2574141dd7f 701->710 711 2574141dd23-2574141dd37 701->711 706 2574141dcd9-2574141dcec 702->706 707 2574141dcf2 call 2574148e880 702->707 706->707 713 2574141e5e1-2574141e5e6 call 25741478254 706->713 707->701 721 2574141ddb7-2574141ddd0 710->721 722 2574141dd81-2574141dd95 710->722 718 2574141dd39-2574141dd4c 711->718 719 2574141dd52-2574141dd57 call 2574148e880 711->719 726 2574141e5e7-2574141e5ec call 25741478254 713->726 723 2574141df5a-2574141df6d 715->723 724 2574141df73 call 2574148e880 715->724 727 2574141dfda-2574141e000 716->727 728 2574141dfa4-2574141dfb8 716->728 718->719 718->726 719->710 721->641 732 2574141dd97-2574141ddaa 722->732 733 2574141ddb0-2574141ddb5 call 2574148e880 722->733 723->724 739 2574141e5f3-2574141e5f8 call 25741478254 723->739 724->716 734 2574141e5ed-2574141e5f2 call 25741478254 726->734 736 2574141e038-2574141e04a 727->736 737 2574141e002-2574141e016 727->737 742 2574141dfba-2574141dfcd 728->742 743 2574141dfd3-2574141dfd8 call 2574148e880 728->743 732->733 732->734 733->721 734->739 736->643 755 2574141e018-2574141e02b 737->755 756 2574141e031-2574141e036 call 2574148e880 737->756 751 2574141e5f9-2574141e5fe call 25741478254 739->751 742->743 742->751 743->727 759 2574141e5ff-2574141e604 call 25741478254 751->759 766 2574141e58d-2574141e5da call 257414239b0 call 257414279f0 call 25741427ac0 call 25741490e88 752->766 767 2574141e462 752->767 773 2574141e47b-2574141e487 753->773 755->756 755->759 756->736 786 2574141e605-2574141e60a call 25741478254 759->786 774 2574141e270-2574141e284 764->774 775 2574141e2a4-2574141e2ca 764->775 770 2574141e227-2574141e23a 765->770 771 2574141e240 call 2574148e880 765->771 800 2574141e5db-2574141e5e0 call 25741478254 766->800 767->773 770->771 770->786 771->764 781 2574141e489-2574141e4ac 773->781 782 2574141e4ae-2574141e4b8 call 25741430610 773->782 779 2574141e29f call 2574148e880 774->779 780 2574141e286-2574141e299 774->780 784 2574141e2cc-2574141e2e0 775->784 785 2574141e300-2574141e319 775->785 779->775 780->779 790 2574141e587-2574141e58c call 25741478254 780->790 792 2574141e4bd-2574141e4ce call 25741423ff0 781->792 782->792 795 2574141e2fb call 2574148e880 784->795 796 2574141e2e2-2574141e2f5 784->796 785->657 790->766 792->659 795->785 796->795 796->800 800->713
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AddressProc$Library$FreeLoad
                                                      • String ID: cannot use push_back() with $system$vault
                                                      • API String ID: 2449869053-1741236777
                                                      • Opcode ID: bcc85765481068b8fd945525afbc24a0629afffb76e85141ea71ca942364fe08
                                                      • Instruction ID: f9a55391575fb44af5d223b017cd8e2cdda7e948a51d357cf33b7fc54c410383
                                                      • Opcode Fuzzy Hash: bcc85765481068b8fd945525afbc24a0629afffb76e85141ea71ca942364fe08
                                                      • Instruction Fuzzy Hash: DF924972249FC489DB619F69E8883DD73B4F749798F204215EA9C6BB99EF74C284C304
                                                      Function 0000025741445970 Relevance: 17.8, Strings: 14, Instructions: 304COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 812 25741445970-257414459b0 813 257414459b6-257414459c0 812->813 814 25741445aaf-25741445ab8 812->814 815 25741445aa6-25741445aac 813->815 816 257414459c6-257414459ce 813->816 817 25741445aba-25741445ac6 814->817 818 25741445b02-25741445b14 call 2574149b4c0 814->818 815->814 819 257414459db-257414459df 816->819 820 257414459d0-257414459d5 816->820 822 25741445ac8-25741445ad8 817->822 823 25741445ada-25741445ae1 call 25741452660 817->823 833 25741445b56-25741445b5a 818->833 834 25741445b16-25741445b1a 818->834 825 25741445a38-25741445a3a 819->825 826 257414459e1-257414459ea 819->826 820->815 820->819 828 25741445ae6-25741445b00 call 2574140e2a0 822->828 823->828 825->814 830 25741445a3c-25741445a6c 825->830 831 257414459ec 826->831 832 257414459ef-25741445a06 call 2574149b5b0 826->832 835 25741445b5e-25741445b64 828->835 837 25741445a6e-25741445a80 830->837 838 25741445a9f-25741445aa1 830->838 831->832 850 25741445a08-25741445a12 832->850 851 25741445a14-25741445a17 832->851 833->835 840 25741445b20-25741445b26 834->840 841 25741445b6a-25741445b6c 835->841 842 25741445cb3-25741445cc0 call 2574140e4f0 835->842 837->838 843 25741445a82-25741445a94 837->843 847 25741445cc2-25741445cf2 call 2574148e860 838->847 845 25741445b28-25741445b30 840->845 846 25741445b54 840->846 849 25741445b70-25741445b73 841->849 842->847 843->838 868 25741445a96-25741445a99 843->868 852 25741445b3f-25741445b50 call 2574149b4c0 845->852 853 25741445b32-25741445b36 845->853 846->833 856 25741445b79-25741445b81 849->856 857 25741445cf5-25741445d29 849->857 850->825 860 25741445a19-25741445a1c 851->860 861 25741445a36 851->861 852->840 874 25741445b52 852->874 853->846 859 25741445b38-25741445b3d 853->859 866 25741445b87-25741445bba call 2574149b4e0 * 2 856->866 867 25741445cf3 856->867 864 25741445d2b-25741445d36 857->864 865 25741445d55-25741445d57 857->865 859->846 859->852 860->861 869 25741445a1e-25741445a21 860->869 861->825 864->865 871 25741445d38-25741445d4a 864->871 865->847 882 25741445bbc 866->882 883 25741445bbf-25741445bd2 call 2574140d020 866->883 867->857 868->838 869->861 873 25741445a23-25741445a26 869->873 871->865 880 25741445d4c-25741445d4f 871->880 873->861 876 25741445a28-25741445a2b 873->876 874->833 876->825 877 25741445a2d-25741445a34 876->877 877->825 877->861 880->865 882->883 886 25741445c2d-25741445c37 883->886 887 25741445bd4-25741445bdb 883->887 890 25741445d5c-25741445d61 call 257414245e0 886->890 891 25741445c3d-25741445c49 886->891 888 25741445bdd-25741445be1 887->888 889 25741445be3 887->889 888->889 892 25741445be7-25741445bea 888->892 889->892 894 25741445c4b 891->894 895 25741445c4e-25741445c64 call 2574149b4c0 891->895 892->886 896 25741445bec 892->896 894->895 895->849 901 25741445c6a-25741445c6e 895->901 900 25741445bf0-25741445bfc 896->900 902 25741445c0c-25741445c0f 900->902 903 25741445bfe-25741445c02 900->903 904 25741445c70-25741445c76 901->904 902->886 906 25741445c11-25741445c1d 902->906 903->902 905 25741445c04-25741445c0a 903->905 907 25741445ca7-25741445ca9 904->907 908 25741445c78-25741445c80 904->908 905->900 905->902 909 25741445c25-25741445c2b 906->909 910 25741445c1f-25741445c23 906->910 913 25741445cab-25741445cad 907->913 911 25741445c90-25741445ca1 call 2574149b4c0 908->911 912 25741445c82-25741445c86 908->912 909->886 909->906 910->886 910->909 911->904 917 25741445ca3-25741445ca5 911->917 912->907 914 25741445c88-25741445c8e 912->914 913->842 913->849 914->907 914->911 917->913
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .$@$@$cannot use push_back() with $chrome_key$content$directory_iterator::directory_iterator$exists$filename$key$prefs.js$recursive_directory_iterator::operator++$recursive_directory_iterator::recursive_directory_iterator$status
                                                      • API String ID: 0-4287193513
                                                      • Opcode ID: d85864b6336acd62be5f7280330fa91da0aadc80efc30bd9caf6eb99ab158536
                                                      • Instruction ID: 31f8243a5a921b379815dabb12b18e25c5001da9b325cd48dad4067bd1860240
                                                      • Opcode Fuzzy Hash: d85864b6336acd62be5f7280330fa91da0aadc80efc30bd9caf6eb99ab158536
                                                      • Instruction Fuzzy Hash: F1C1A3326C8F8486EF60AF2DE84836D63B1F745B99F544221EB996B794DF34C841C748
                                                      Function 000002574145C600 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 173synchronizationCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 987 2574145c600-2574145c622 call 2574145f820 990 2574145c64e-2574145c700 call 2574146b9b0 * 2 call 25741468030 call 2574145d030 987->990 991 2574145c624-2574145c64d call 2574145fb60 call 2574146a780 call 25741422660 ExitProcess 987->991 1006 2574145c734-2574145c76b OpenMutexA 990->1006 1007 2574145c702-2574145c714 990->1007 991->990 1010 2574145c76d-2574145c778 ExitProcess 1006->1010 1011 2574145c779-2574145c7b0 CreateMutexA call 257414566f0 call 2574145fca0 1006->1011 1008 2574145c716-2574145c729 1007->1008 1009 2574145c72f call 2574148e880 1007->1009 1008->1009 1012 2574145c8c6-2574145c8cb call 25741478254 1008->1012 1009->1006 1010->1011 1022 2574145c7be-2574145c821 call 25741468330 call 2574141d570 call 2574141e610 call 2574141ecb0 call 2574141f9e0 call 2574141ca10 call 2574144cab0 call 2574144f7a0 call 25741411b90 call 2574141add0 call 25741419680 call 2574145d260 call 2574141bf40 call 257414177d0 call 25741414b70 call 25741417aa0 call 25741464a30 1011->1022 1023 2574145c7b2-2574145c7bd ExitProcess 1011->1023 1019 2574145c8cc-2574145c8d1 call 25741478254 1012->1019 1060 2574145c826-2574145c836 call 2574145bcc0 1022->1060 1023->1022 1064 2574145c84a-2574145c851 1060->1064 1065 2574145c838-2574145c844 ReleaseMutex CloseHandle 1060->1065 1066 2574145c859-2574145c865 1064->1066 1067 2574145c853-2574145c858 call 2574145c8e0 1064->1067 1065->1064 1069 2574145c867-2574145c879 1066->1069 1070 2574145c895-2574145c8c5 call 2574148e860 1066->1070 1067->1066 1072 2574145c87b-2574145c88e 1069->1072 1073 2574145c890 call 2574148e880 1069->1073 1072->1019 1072->1073 1073->1070
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Process$Exit$MutexOpenToken$CreateCurrentFileInformationInitializeModuleName
                                                      • String ID: SeDebugPrivilege$SeImpersonatePrivilege
                                                      • API String ID: 470559343-3768118664
                                                      • Opcode ID: 8fc456fc9e2cb3d1df6ff90fb808432f92b3fc1d1a0525f9aef9fe2426dfab3f
                                                      • Instruction ID: 7fecae28817705dcf3f8b06d1cb4bcccfc9a5f9a0d91e3ce80384b4dce5647f2
                                                      • Opcode Fuzzy Hash: 8fc456fc9e2cb3d1df6ff90fb808432f92b3fc1d1a0525f9aef9fe2426dfab3f
                                                      • Instruction Fuzzy Hash: 7361C36169CE8041EA10BB6CFC5D3AEA3B4FB85396F510511EB8D66AD6DF38C0448B08
                                                      Function 0000025741414B70 Relevance: 15.3, APIs: 3, Strings: 5, Instructions: 1343registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseOpenQueryValue
                                                      • String ID: content$directory_iterator::directory_iterator$exists$filename$status
                                                      • API String ID: 3677997916-3429737954
                                                      • Opcode ID: 472e3ad5d3f6a61d744a71a03de640d67c750eb007932b83e436428a4ad86246
                                                      • Instruction ID: ae2975e35501073c8e533adae43d0551a0e4be30182d2acd634e9305af150787
                                                      • Opcode Fuzzy Hash: 472e3ad5d3f6a61d744a71a03de640d67c750eb007932b83e436428a4ad86246
                                                      • Instruction Fuzzy Hash: A2E27C72658FC089EB61AF28EC883DD33B5F785799F504216EA5C2BA99DF74C684C304
                                                      Function 0000025741412CA0 Relevance: 14.8, APIs: 3, Strings: 5, Instructions: 789registryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1504 25741412ca0-25741412d72 1505 25741412d75-25741412d7c 1504->1505 1505->1505 1506 25741412d7e-25741412efe call 257414286b0 1505->1506 1509 25741412f01-25741412f09 1506->1509 1509->1509 1510 25741412f0b-25741412f93 call 257414286b0 1509->1510 1513 25741412f96-25741412f9e 1510->1513 1513->1513 1514 25741412fa0-2574141302a call 257414286b0 RegOpenKeyExA 1513->1514 1517 257414130ee-257414130f5 1514->1517 1518 25741413030-25741413072 RegQueryValueExA 1514->1518 1519 257414130f7 RegCloseKey 1517->1519 1520 257414130fd-25741413168 call 25741435c20 1517->1520 1518->1517 1521 25741413074-257414130b2 call 257414286b0 call 257414228e0 1518->1521 1519->1520 1526 2574141316a-2574141317c 1520->1526 1527 2574141319c-257414131af 1520->1527 1535 257414130b4-257414130c5 1521->1535 1536 257414130e5-257414130ea 1521->1536 1529 25741413197 call 2574148e880 1526->1529 1530 2574141317e-25741413191 1526->1530 1531 2574141382b-25741413836 1527->1531 1532 257414131b5-257414131f5 call 2574140eaf0 1527->1532 1529->1527 1530->1529 1539 257414139d1-257414139d6 call 25741478254 1530->1539 1537 25741413838-2574141384e 1531->1537 1538 2574141386e-25741413890 1531->1538 1551 257414139a7-257414139a9 1532->1551 1552 257414131fb-257414131fe 1532->1552 1542 257414130c7-257414130da 1535->1542 1543 257414130e0 call 2574148e880 1535->1543 1536->1517 1544 25741413869 call 2574148e880 1537->1544 1545 25741413850-25741413863 1537->1545 1547 25741413892-257414138a6 1538->1547 1548 257414138c6-257414138e0 1538->1548 1567 257414139d7-257414139e9 call 2574140e1d0 1539->1567 1542->1543 1553 257414139cb-257414139d0 call 25741478254 1542->1553 1543->1536 1544->1538 1545->1544 1555 257414139f0-257414139f5 call 25741478254 1545->1555 1558 257414138a8-257414138bb 1547->1558 1559 257414138c1 call 2574148e880 1547->1559 1549 257414138e2-257414138f6 1548->1549 1550 25741413916-25741413930 1548->1550 1560 257414138f8-2574141390b 1549->1560 1561 25741413911 call 2574148e880 1549->1561 1564 25741413962-257414139a6 call 2574148e860 1550->1564 1565 25741413932-25741413946 1550->1565 1568 257414139ab 1551->1568 1569 257414139b6-257414139ca call 2574140e240 1551->1569 1552->1531 1563 25741413204-2574141322b call 2574140d020 1552->1563 1553->1539 1583 257414139f6-25741413a05 call 2574140e1d0 1555->1583 1558->1559 1570 25741413a1e-25741413a23 call 25741478254 1558->1570 1559->1548 1560->1561 1572 25741413a24-25741413a29 call 25741478254 1560->1572 1561->1550 1593 2574141329c-25741413305 call 25741416940 call 25741425140 1563->1593 1594 2574141322d 1563->1594 1578 25741413948-2574141395b 1565->1578 1579 2574141395d call 2574148e880 1565->1579 1596 257414139ea-257414139ef call 25741478254 1567->1596 1568->1531 1569->1553 1570->1572 1578->1579 1588 257414139b0-257414139b5 call 25741478254 1578->1588 1579->1564 1603 25741413a06-25741413a0b call 25741478254 1583->1603 1588->1569 1593->1567 1615 2574141330b-2574141331a 1593->1615 1601 25741413230-25741413237 1594->1601 1596->1555 1605 25741413239-2574141323d 1601->1605 1606 2574141323f-25741413246 1601->1606 1614 25741413a0c-25741413a11 call 25741478254 1603->1614 1605->1606 1610 25741413248-2574141324b 1605->1610 1606->1601 1606->1610 1610->1593 1613 2574141324d 1610->1613 1616 25741413250-2574141325c 1613->1616 1631 25741413a12-25741413a17 call 25741478254 1614->1631 1618 2574141331c-25741413332 1615->1618 1619 25741413352-25741413382 1615->1619 1620 2574141326e-25741413271 1616->1620 1621 2574141325e-25741413262 1616->1621 1626 2574141334d call 2574148e880 1618->1626 1627 25741413334-25741413347 1618->1627 1622 2574141338c-257414133cb call 2574140e8c0 1619->1622 1623 25741413384-25741413388 1619->1623 1620->1593 1624 25741413273-25741413277 1620->1624 1621->1620 1628 25741413264-2574141326a 1621->1628 1638 257414133da-25741413404 call 2574140e9a0 1622->1638 1639 257414133cd-257414133d6 1622->1639 1623->1622 1630 25741413280-2574141328c 1624->1630 1626->1619 1627->1596 1627->1626 1628->1616 1633 2574141326c 1628->1633 1635 2574141328e-25741413292 1630->1635 1636 25741413294-2574141329a 1630->1636 1642 25741413a18-25741413a1d call 2574140cf70 1631->1642 1633->1593 1635->1593 1635->1636 1636->1593 1636->1630 1646 2574141340a 1638->1646 1647 25741413789-25741413793 1638->1647 1639->1638 1642->1570 1648 25741413410-25741413431 call 2574140eaf0 1646->1648 1649 257414137bf-257414137c9 1647->1649 1650 25741413795-2574141379f 1647->1650 1659 25741413441-25741413444 1648->1659 1660 25741413433-2574141343b 1648->1660 1651 257414137cb-257414137d5 1649->1651 1652 257414137f5-257414137fc 1649->1652 1650->1649 1654 257414137a1-257414137b3 1650->1654 1651->1652 1655 257414137d7-257414137e9 1651->1655 1652->1531 1657 257414137fe-25741413808 1652->1657 1654->1649 1662 257414137b5-257414137be 1654->1662 1655->1652 1667 257414137eb-257414137f4 1655->1667 1657->1531 1661 2574141380a-2574141381e 1657->1661 1664 2574141344a-25741413461 call 2574145f8f0 1659->1664 1665 25741413769-25741413783 call 2574140e7b0 1659->1665 1660->1583 1660->1659 1661->1531 1671 25741413820-2574141382a 1661->1671 1662->1649 1674 25741413467-257414134b0 call 25741423a40 call 2574140d4e0 call 2574140d370 1664->1674 1675 2574141375d-25741413764 call 2574140f380 1664->1675 1665->1647 1665->1648 1667->1652 1671->1531 1685 257414134b2 1674->1685 1686 257414134b5-25741413554 call 25741425310 call 257414255e0 call 257414286b0 call 25741421900 call 25741423ff0 1674->1686 1675->1665 1685->1686 1697 25741413587-2574141359f 1686->1697 1698 25741413556-25741413567 1686->1698 1701 257414135d2-257414135ea 1697->1701 1702 257414135a1-257414135b2 1697->1702 1699 25741413569-2574141357c 1698->1699 1700 25741413582 call 2574148e880 1698->1700 1699->1603 1699->1700 1700->1697 1706 257414135ec-25741413602 1701->1706 1707 25741413622-25741413643 1701->1707 1704 257414135cd call 2574148e880 1702->1704 1705 257414135b4-257414135c7 1702->1705 1704->1701 1705->1614 1705->1704 1710 2574141361d call 2574148e880 1706->1710 1711 25741413604-25741413617 1706->1711 1707->1642 1708 25741413649-2574141375c call 2574143d590 call 257414286b0 call 25741421900 call 25741423ff0 call 257414229b0 call 25741421900 call 257414229b0 call 25741421900 call 257414217a0 call 25741423ff0 1707->1708 1708->1675 1710->1707 1711->1631 1711->1710
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseOpenQueryValue
                                                      • String ID: content$directory_iterator::directory_iterator$exists$filename$status
                                                      • API String ID: 3677997916-3429737954
                                                      • Opcode ID: 20b0abc57c6f6c76ae53fbfa68efc0c9fdaf881e402e06b3d89e769f3233422e
                                                      • Instruction ID: eb1bdc7456b4fbd3623fbc37245ed742a3eff774915524c0f23220a85fd3369d
                                                      • Opcode Fuzzy Hash: 20b0abc57c6f6c76ae53fbfa68efc0c9fdaf881e402e06b3d89e769f3233422e
                                                      • Instruction Fuzzy Hash: 1F827A72654FC48AEB20AF29EC883DD73B1F7897A9F115211EA9D27B99DB34C584C304
                                                      Function 0000025741482E3C Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335timeCOMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1733 25741482e3c-25741482e77 call 257414824d8 call 257414824e0 call 25741482548 1740 257414830a1-257414830ed call 25741478284 call 257414824d8 call 257414824e0 call 25741482548 1733->1740 1741 25741482e7d-25741482e88 call 257414824e8 1733->1741 1767 257414830f3-257414830fe call 257414824e8 1740->1767 1768 2574148322b-25741483299 call 25741478284 call 2574148ba84 1740->1768 1741->1740 1747 25741482e8e-25741482e98 1741->1747 1749 25741482eba-25741482ebe 1747->1749 1750 25741482e9a-25741482e9d 1747->1750 1753 25741482ec1-25741482ec9 1749->1753 1752 25741482ea0-25741482eab 1750->1752 1755 25741482eb6-25741482eb8 1752->1755 1756 25741482ead-25741482eb4 1752->1756 1753->1753 1757 25741482ecb-25741482ede call 2574147e8bc 1753->1757 1755->1749 1759 25741482ee7-25741482ef5 1755->1759 1756->1752 1756->1755 1764 25741482ee0-25741482ee2 call 2574147d3c8 1757->1764 1765 25741482ef6-25741482f02 call 2574147d3c8 1757->1765 1764->1759 1774 25741482f09-25741482f11 1765->1774 1767->1768 1776 25741483104-2574148310f call 25741482518 1767->1776 1785 257414832a7-257414832aa 1768->1785 1786 2574148329b-257414832a2 1768->1786 1774->1774 1777 25741482f13-25741482f24 call 25741487fd8 1774->1777 1776->1768 1787 25741483115-25741483138 call 2574147d3c8 GetTimeZoneInformation 1776->1787 1777->1740 1788 25741482f2a-25741482f80 call 257414a1650 * 4 call 25741482d58 1777->1788 1791 257414832e1-257414832f4 call 2574147e8bc 1785->1791 1792 257414832ac 1785->1792 1790 25741483337-2574148333a 1786->1790 1799 25741483200-2574148322a call 257414824d0 call 257414824c0 call 257414824c8 1787->1799 1800 2574148313e-2574148315f 1787->1800 1845 25741482f82-25741482f86 1788->1845 1795 257414832af 1790->1795 1796 25741483340-25741483348 call 25741482e3c 1790->1796 1806 257414832ff-2574148331a call 2574148ba84 1791->1806 1807 257414832f6 1791->1807 1792->1795 1803 257414832b4-257414832e0 call 2574147d3c8 call 2574148e860 1795->1803 1804 257414832af call 257414830b8 1795->1804 1796->1803 1808 25741483161-25741483167 1800->1808 1809 2574148316a-25741483171 1800->1809 1804->1803 1832 25741483321-25741483333 call 2574147d3c8 1806->1832 1833 2574148331c-2574148331f 1806->1833 1814 257414832f8-257414832fd call 2574147d3c8 1807->1814 1808->1809 1815 25741483173-2574148317b 1809->1815 1816 25741483185 1809->1816 1814->1792 1815->1816 1822 2574148317d-25741483183 1815->1822 1825 25741483187-257414831fb call 257414a1650 * 4 call 257414869a4 call 25741483350 * 2 1816->1825 1822->1825 1825->1799 1832->1790 1833->1814 1847 25741482f88 1845->1847 1848 25741482f8c-25741482f90 1845->1848 1847->1848 1848->1845 1850 25741482f92-25741482fb7 call 25741474550 1848->1850 1856 25741482fba-25741482fbe 1850->1856 1858 25741482fc0-25741482fcb 1856->1858 1859 25741482fcd-25741482fd1 1856->1859 1858->1859 1861 25741482fd3-25741482fd7 1858->1861 1859->1856 1864 25741483058-2574148305c 1861->1864 1865 25741482fd9-25741483001 call 25741474550 1861->1865 1866 25741483063-25741483070 1864->1866 1867 2574148305e-25741483060 1864->1867 1873 2574148301f-25741483023 1865->1873 1874 25741483003 1865->1874 1869 25741483072-25741483088 call 25741482d58 1866->1869 1870 2574148308b-2574148309a call 257414824d0 call 257414824c0 1866->1870 1867->1866 1869->1870 1870->1740 1873->1864 1879 25741483025-25741483043 call 25741474550 1873->1879 1877 25741483006-2574148300d 1874->1877 1877->1873 1880 2574148300f-2574148301d 1877->1880 1885 2574148304f-25741483056 1879->1885 1880->1873 1880->1877 1885->1864 1886 25741483045-25741483049 1885->1886 1886->1864 1887 2574148304b 1886->1887 1887->1885
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _get_daylight$_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                      • String ID: Eastern Standard Time$Eastern Summer Time
                                                      • API String ID: 355007559-239921721
                                                      • Opcode ID: d27e707e32a7a668b79f18f39980f86f66c1361dc0c94ac41fd5faca01788e5a
                                                      • Instruction ID: 65e055bc4aac660322d32144e1db58e3d7a274e38b970e09ad7967c94e31a6a4
                                                      • Opcode Fuzzy Hash: d27e707e32a7a668b79f18f39980f86f66c1361dc0c94ac41fd5faca01788e5a
                                                      • Instruction Fuzzy Hash: 02D1157A788A4086E720FF2AFD587A963B1F784B96F455025EE1963EC6DB38C441C348
                                                      Function 0000025741465240 Relevance: 13.9, APIs: 9, Instructions: 408networkfileCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1888 25741465240-257414653de 1889 257414653e0-257414653e7 1888->1889 1889->1889 1890 257414653e9-2574146541c call 257414286b0 InternetOpenA 1889->1890 1893 257414654b5-257414654cc 1890->1893 1894 25741465422-25741465438 1890->1894 1896 257414654ce 1893->1896 1897 257414654d1-257414654f8 InternetOpenUrlA 1893->1897 1895 25741465440-25741465448 1894->1895 1898 2574146547b-257414654b4 call 2574148e860 1895->1898 1899 2574146544a-2574146545b 1895->1899 1896->1897 1900 25741465529-25741465554 HttpQueryInfoW 1897->1900 1901 257414654fa-25741465524 1897->1901 1902 2574146545d-25741465470 1899->1902 1903 25741465476 call 2574148e880 1899->1903 1905 25741465556-2574146558a 1900->1905 1906 2574146558f-257414655ea HttpQueryInfoW 1900->1906 1901->1895 1902->1903 1907 257414658b5-257414658ba call 25741478254 1902->1907 1903->1898 1905->1906 1909 257414655ec-25741465602 call 25741474550 1906->1909 1910 25741465618-2574146562e InternetQueryDataAvailable 1906->1910 1924 257414658bb-257414658c0 call 2574140b820 1907->1924 1909->1910 1923 25741465604-25741465613 call 25741428560 1909->1923 1916 25741465813-25741465866 InternetCloseHandle 1910->1916 1917 25741465634-25741465639 1910->1917 1922 2574146586f-25741465878 1916->1922 1920 25741465640-25741465646 1917->1920 1920->1916 1925 2574146564c-25741465666 1920->1925 1922->1898 1929 2574146587e-2574146588f 1922->1929 1923->1910 1927 257414656d9-257414656f1 InternetReadFile 1925->1927 1928 25741465668-2574146566e 1925->1928 1936 257414657cd-257414657d4 1927->1936 1937 257414656f7-257414656fc 1927->1937 1932 2574146569c-2574146569f call 2574148e888 1928->1932 1933 25741465670-25741465677 1928->1933 1929->1903 1934 25741465895-257414658a8 1929->1934 1944 257414656a4-257414656d4 call 257414a1650 1932->1944 1933->1924 1938 2574146567d-25741465688 call 2574148e888 1933->1938 1934->1907 1940 257414658aa 1934->1940 1936->1916 1942 257414657d6-257414657e7 1936->1942 1937->1936 1941 25741465702-2574146570d 1937->1941 1949 257414658af-257414658b4 call 25741478254 1938->1949 1958 2574146568e-2574146569a 1938->1958 1940->1903 1945 2574146573f-25741465759 call 25741429030 1941->1945 1946 2574146570f-2574146573d call 257414a0fb0 1941->1946 1947 257414657e9-257414657fc 1942->1947 1948 25741465802-2574146580f call 2574148e880 1942->1948 1944->1927 1961 2574146575a-25741465761 1945->1961 1946->1961 1947->1948 1947->1949 1948->1916 1949->1907 1958->1944 1963 25741465763-25741465774 1961->1963 1964 257414657a4 1961->1964 1965 25741465776-25741465789 1963->1965 1966 2574146578f-257414657a2 call 2574148e880 1963->1966 1967 257414657a6-257414657bc InternetQueryDataAvailable 1964->1967 1965->1949 1965->1966 1966->1967 1967->1916 1969 257414657be-257414657c8 1967->1969 1969->1920
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Internet$Query$AvailableDataHttpInfoOpen$CloseConcurrency::cancel_current_taskFileHandleRead
                                                      • String ID:
                                                      • API String ID: 1475545111-0
                                                      • Opcode ID: 22cc0de2f830c730963fd45c5dceac6d0a861e7d35ac65e13c62ef2f343c9383
                                                      • Instruction ID: 31c40a8130fffc7fa48f93eed7ca3c981909fa68f18204d04eb99e1a46354662
                                                      • Opcode Fuzzy Hash: 22cc0de2f830c730963fd45c5dceac6d0a861e7d35ac65e13c62ef2f343c9383
                                                      • Instruction Fuzzy Hash: CD026A72A58F9486EB10DB69F84439EB7B5F795799F200215EE9C67BA8DF38C080C704
                                                      Function 00000257414A0658 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1971 257414a0658-257414a06cb call 257414a023c 1974 257414a06e5-257414a06ef call 2574148566c 1971->1974 1975 257414a06cd-257414a06d6 call 25741474e48 1971->1975 1980 257414a06f1-257414a0708 call 25741474e48 call 25741474e68 1974->1980 1981 257414a070a-257414a0773 CreateFileW 1974->1981 1982 257414a06d9-257414a06e0 call 25741474e68 1975->1982 1980->1982 1984 257414a07f0-257414a07fb GetFileType 1981->1984 1985 257414a0775-257414a077b 1981->1985 1999 257414a0a26-257414a0a46 1982->1999 1991 257414a07fd-257414a0838 GetLastError call 25741474ddc CloseHandle 1984->1991 1992 257414a084e-257414a0855 1984->1992 1988 257414a07bd-257414a07eb GetLastError call 25741474ddc 1985->1988 1989 257414a077d-257414a0781 1985->1989 1988->1982 1989->1988 1997 257414a0783-257414a07bb CreateFileW 1989->1997 1991->1982 2005 257414a083e-257414a0849 call 25741474e68 1991->2005 1995 257414a0857-257414a085b 1992->1995 1996 257414a085d-257414a0860 1992->1996 2002 257414a0866-257414a08bb call 25741485584 1995->2002 1996->2002 2003 257414a0862 1996->2003 1997->1984 1997->1988 2010 257414a08da-257414a090b call 2574149ffbc 2002->2010 2011 257414a08bd-257414a08c9 call 257414a0444 2002->2011 2003->2002 2005->1982 2016 257414a0911-257414a0953 2010->2016 2017 257414a090d-257414a090f 2010->2017 2011->2010 2018 257414a08cb 2011->2018 2020 257414a0975-257414a0980 2016->2020 2021 257414a0955-257414a0959 2016->2021 2019 257414a08cd-257414a08d5 call 2574147d540 2017->2019 2018->2019 2019->1999 2024 257414a0986-257414a098a 2020->2024 2025 257414a0a24 2020->2025 2021->2020 2023 257414a095b-257414a0970 2021->2023 2023->2020 2024->2025 2027 257414a0990-257414a09d5 CloseHandle CreateFileW 2024->2027 2025->1999 2028 257414a0a0a-257414a0a1f 2027->2028 2029 257414a09d7-257414a0a05 GetLastError call 25741474ddc call 257414857ac 2027->2029 2028->2025 2029->2028
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                      • String ID:
                                                      • API String ID: 1617910340-0
                                                      • Opcode ID: 9219a76bbf5b0a68fd8075754a2c2160bfaa822f6e476498c8a23ea95eed312f
                                                      • Instruction ID: a0f9595786dd8caf4f3b3a592d6a2918f8323a6091b92067a1ffc94ca63f90d5
                                                      • Opcode Fuzzy Hash: 9219a76bbf5b0a68fd8075754a2c2160bfaa822f6e476498c8a23ea95eed312f
                                                      • Instruction Fuzzy Hash: 6DC1D137728E4086EB10EFA9E8947AC3771F349BA9F120305DE2AAB394CB34C451C344
                                                      Function 0000025741446350 Relevance: 13.4, APIs: 1, Strings: 6, Instructions: 1136COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2034 25741446350-257414469ee call 2574140d4e0 call 2574140d370 2042 257414469f0-257414469f7 2034->2042 2042->2042 2043 257414469f9-2574144a9b7 call 25741435c20 call 2574140d810 call 2574140eaf0 call 2574140e240 call 25741478254 * 3 call 2574140e1d0 call 25741478254 call 257414239b0 call 257414279f0 call 25741427ac0 call 25741490e88 call 25741478254 * 2 call 2574140cf70 call 2574140e0c0 call 2574140e1d0 call 2574140e240 call 25741478254 call 2574140e1d0 * 2 call 25741478254 call 257414239b0 call 257414279f0 call 25741427ac0 call 25741490e88 call 25741478254 call 2574140e0c0 call 2574140cf70 call 25741478254 call 2574140e240 call 25741478254 * 3 call 2574140e1d0 call 25741478254 call 257414239b0 call 257414279f0 call 25741427ac0 call 25741490e88 call 25741478254 * 2 call 2574140cf70 call 2574140e0c0 call 2574140e1d0 call 2574140e240 call 2574140e1d0 * 4 call 2574140cf70 call 2574140e1d0 * 3 call 2574140cf70 call 25741478254 * 3 call 25741460040 call 257414a1650 GetModuleFileNameW 2042->2043 2173 2574144a9c0-2574144a9c9 2043->2173 2173->2173 2174 2574144a9cb-2574144abde call 25741416940 2173->2174 2177 2574144abe1-2574144abea 2174->2177 2177->2177 2178 2574144abec-2574144ae7d call 25741416940 call 25741416bd0 call 25741425fd0 2177->2178 2188 2574144ae80-2574144ae89 2178->2188 2188->2188 2189 2574144ae8b-2574144b11e call 25741416940 call 25741416bd0 call 25741425fd0 2188->2189 2199 2574144b121-2574144b12a 2189->2199 2199->2199 2200 2574144b12c-2574144b600 call 25741416940 call 2574140d4a0 call 25741425fd0 2199->2200 2213 2574144b603-2574144b60c 2200->2213 2213->2213 2214 2574144b60e-2574144b8bd call 25741416940 call 25741416bd0 call 25741425fd0 2213->2214 2224 2574144b8c0-2574144b8c9 2214->2224 2224->2224 2225 2574144b8cb-2574144bb70 call 25741416940 call 25741416bd0 call 25741425fd0 2224->2225 2235 2574144bb73-2574144bb7c 2225->2235 2235->2235 2236 2574144bb7e-2574144bd8b call 25741416940 call 25741416bd0 call 25741425fd0 2235->2236 2246 2574144bd90-2574144bd99 2236->2246 2246->2246 2247 2574144bd9b-2574144c0c7 call 25741416940 call 25741416bd0 call 25741425fd0 2246->2247 2257 2574144c0d0-2574144c0d8 2247->2257 2257->2257 2258 2574144c0da-2574144c326 call 25741416940 call 25741416bd0 call 25741425fd0 call 2574140cf70 call 25741445d70 2257->2258
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: __std_fs_convert_wide_to_narrow$__std_fs_code_page
                                                      • String ID: cannot use push_back() with $directory_iterator::directory_iterator$exists$recursive_directory_iterator::operator++$recursive_directory_iterator::recursive_directory_iterator$status
                                                      • API String ID: 3645842244-1862120484
                                                      • Opcode ID: de5a621f2f067d1123de94e788919e3c44fbe91b6b887da37095cf4d544f4034
                                                      • Instruction ID: 79dc4effc579e9a2adbb1512dd7c863efc2313b3c057a27046b968809f40a6ff
                                                      • Opcode Fuzzy Hash: de5a621f2f067d1123de94e788919e3c44fbe91b6b887da37095cf4d544f4034
                                                      • Instruction Fuzzy Hash: F5D20272659FC886D6709B19F88139BB3A0F7D8784F505225EACC63B59EB7CC254CB08
                                                      Function 00000257414120B0 Relevance: 12.9, APIs: 3, Strings: 4, Instructions: 684registryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2272 257414120b0-25741412182 2273 25741412185-2574141218c 2272->2273 2273->2273 2274 2574141218e-257414122ea call 257414286b0 2273->2274 2277 257414122f0-257414122f8 2274->2277 2277->2277 2278 257414122fa-25741412378 call 257414286b0 2277->2278 2281 25741412380-25741412388 2278->2281 2281->2281 2282 2574141238a-25741412411 call 257414286b0 RegOpenKeyExA 2281->2282 2285 25741412417-25741412456 RegQueryValueExA 2282->2285 2286 257414124ee-257414124f5 2282->2286 2285->2286 2289 2574141245c-257414124a9 call 257414286b0 call 257414228e0 2285->2289 2287 257414124f7 RegCloseKey 2286->2287 2288 257414124fd-2574141256e call 25741435c20 2286->2288 2287->2288 2294 25741412570-25741412582 2288->2294 2295 257414125a2-257414125b5 2288->2295 2303 257414124ab-257414124bf 2289->2303 2304 257414124df-257414124e7 2289->2304 2300 2574141259d call 2574148e880 2294->2300 2301 25741412584-25741412597 2294->2301 2297 257414125bb-25741412601 call 2574140eaf0 2295->2297 2298 25741412aa3-25741412aae 2295->2298 2317 25741412607-2574141260a 2297->2317 2318 25741412c25-25741412c27 2297->2318 2305 25741412ae9-25741412b0e 2298->2305 2306 25741412ab0-25741412ac9 2298->2306 2300->2295 2301->2300 2307 25741412c55-25741412c5a call 25741478254 2301->2307 2310 257414124da call 2574148e880 2303->2310 2311 257414124c1-257414124d4 2303->2311 2304->2286 2315 25741412b10-25741412b24 2305->2315 2316 25741412b44-25741412b5e 2305->2316 2312 25741412acb-25741412ade 2306->2312 2313 25741412ae4 call 2574148e880 2306->2313 2339 25741412c5b-25741412c70 call 2574140e1d0 2307->2339 2310->2304 2311->2310 2319 25741412c4f-25741412c54 call 25741478254 2311->2319 2312->2313 2323 25741412c71-25741412c76 call 25741478254 2312->2323 2313->2305 2326 25741412b3f call 2574148e880 2315->2326 2327 25741412b26-25741412b39 2315->2327 2320 25741412b60-25741412b74 2316->2320 2321 25741412b94-25741412bae 2316->2321 2317->2298 2333 25741412610-2574141262d call 25741425140 2317->2333 2328 25741412c29 2318->2328 2329 25741412c34-25741412c4e call 2574140e240 2318->2329 2319->2307 2334 25741412b8f call 2574148e880 2320->2334 2335 25741412b76-25741412b89 2320->2335 2337 25741412be0-25741412c24 call 2574148e860 2321->2337 2338 25741412bb0-25741412bc4 2321->2338 2352 25741412c77-25741412c7c call 25741478254 2323->2352 2326->2316 2327->2326 2330 25741412c8f-25741412c94 call 25741478254 2327->2330 2328->2298 2329->2319 2344 25741412c95-25741412c9a call 25741478254 2330->2344 2333->2339 2363 25741412633-2574141264e 2333->2363 2334->2321 2335->2334 2335->2344 2347 25741412bdb call 2574148e880 2338->2347 2348 25741412bc6-25741412bd9 2338->2348 2339->2323 2347->2337 2348->2347 2356 25741412c2e-25741412c33 call 25741478254 2348->2356 2368 25741412c7d-25741412c82 call 25741478254 2352->2368 2356->2329 2366 25741412658-2574141268e call 2574140e8c0 2363->2366 2367 25741412650-25741412654 2363->2367 2373 2574141269d-257414126be call 2574140e9a0 2366->2373 2374 25741412690-25741412699 2366->2374 2367->2366 2375 25741412c83-25741412c88 call 25741478254 2368->2375 2379 25741412a01-25741412a0b 2373->2379 2380 257414126c4-257414126c8 2373->2380 2374->2373 2385 25741412c89-25741412c8e call 2574140cf70 2375->2385 2382 25741412a37-25741412a41 2379->2382 2383 25741412a0d-25741412a17 2379->2383 2384 257414126d0-257414126e5 call 2574145f8f0 2380->2384 2388 25741412a6d-25741412a74 2382->2388 2389 25741412a43-25741412a4d 2382->2389 2383->2382 2386 25741412a19-25741412a2b 2383->2386 2397 257414126eb-25741412737 call 25741423a40 call 2574140d4e0 call 2574140d370 2384->2397 2398 257414129de-257414129fb call 2574140f380 call 2574140e7b0 2384->2398 2385->2330 2386->2382 2399 25741412a2d-25741412a36 2386->2399 2388->2298 2391 25741412a76-25741412a80 2388->2391 2389->2388 2393 25741412a4f-25741412a61 2389->2393 2391->2298 2395 25741412a82-25741412a96 2391->2395 2393->2388 2406 25741412a63-25741412a6c 2393->2406 2395->2298 2407 25741412a98-25741412aa2 2395->2407 2417 25741412739 2397->2417 2418 2574141273c-257414127db call 25741425310 call 257414255e0 call 257414286b0 call 25741421900 call 25741423ff0 2397->2418 2398->2379 2398->2384 2399->2382 2406->2388 2407->2298 2417->2418 2429 2574141280e-25741412826 2418->2429 2430 257414127dd-257414127ee 2418->2430 2433 25741412828-25741412839 2429->2433 2434 25741412859-25741412871 2429->2434 2431 25741412809 call 2574148e880 2430->2431 2432 257414127f0-25741412803 2430->2432 2431->2429 2432->2352 2432->2431 2438 2574141283b-2574141284e 2433->2438 2439 25741412854 call 2574148e880 2433->2439 2435 257414128a9-257414128c7 2434->2435 2436 25741412873-25741412889 2434->2436 2435->2385 2442 257414128cd-257414129dd call 2574143d590 call 257414286b0 call 25741421900 call 25741423ff0 call 257414229b0 call 25741421900 call 257414229b0 call 25741421900 call 257414217a0 call 25741423ff0 2435->2442 2440 2574141288b-2574141289e 2436->2440 2441 257414128a4 call 2574148e880 2436->2441 2438->2368 2438->2439 2439->2434 2440->2375 2440->2441 2441->2435 2442->2398
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseOpenQueryValue
                                                      • String ID: content$directory_iterator::directory_iterator$exists$filename
                                                      • API String ID: 3677997916-1400943384
                                                      • Opcode ID: 68768bc645ac95e4c95eb440dc93f8c540b607143ad5665fe4d970794abdf418
                                                      • Instruction ID: f36318809a494d7a90203699e0dac56f9221c3b041e9da9cee520c0a18dd5e7c
                                                      • Opcode Fuzzy Hash: 68768bc645ac95e4c95eb440dc93f8c540b607143ad5665fe4d970794abdf418
                                                      • Instruction Fuzzy Hash: 11724B72654FC489EB209F39E8843DD77B0F789799F209215EA9C6BB99DB34C680C344
                                                      Function 000002574145F020 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 451fileCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2465 2574145f020-2574145f0a5 call 2574140eaf0 2468 2574145f0a7-2574145f0a9 2465->2468 2469 2574145f0b1-2574145f0b4 2465->2469 2470 2574145f0af 2468->2470 2471 2574145f7c0-2574145f7d6 call 2574140e240 2468->2471 2472 2574145f0c7-2574145f0e0 call 257414a1650 2469->2472 2473 2574145f0b6-2574145f0c2 2469->2473 2470->2473 2480 2574145f7d7-2574145f7dc call 25741478254 2471->2480 2482 2574145f0e5-2574145f14b call 2574142a910 2472->2482 2483 2574145f0e2 2472->2483 2474 2574145f73f-2574145f76b call 2574148e860 2473->2474 2488 2574145f7dd-2574145f811 call 2574140bbd0 call 2574140cdc0 call 25741490e88 2480->2488 2489 2574145f545-2574145f57f call 2574143fdb0 call 2574143fcd0 2482->2489 2490 2574145f151-2574145f159 2482->2490 2483->2482 2506 2574145f59e-2574145f62c call 2574143fdb0 call 2574146d640 2489->2506 2507 2574145f581-2574145f592 call 25741428560 2489->2507 2493 2574145f15e-2574145f181 call 25741469b70 call 25741469d30 2490->2493 2494 2574145f15b 2490->2494 2510 2574145f25c-2574145f276 GetFileSize 2493->2510 2511 2574145f187-2574145f19d 2493->2511 2494->2493 2506->2488 2534 2574145f632-2574145f636 call 25741423620 2506->2534 2513 2574145f597 2507->2513 2517 2574145f29d-2574145f2b3 2510->2517 2518 2574145f278-2574145f29b 2510->2518 2515 2574145f1d3-2574145f257 call 257414212f0 2511->2515 2516 2574145f19f-2574145f1b3 2511->2516 2513->2506 2535 2574145f72b-2574145f73a call 2574149c92c 2515->2535 2522 2574145f1ce call 2574148e880 2516->2522 2523 2574145f1b5-2574145f1c8 2516->2523 2519 2574145f2e5-2574145f2fd call 25741428e80 2517->2519 2520 2574145f2b5-2574145f2e3 call 257414a1650 2517->2520 2525 2574145f302-2574145f34b SetFilePointer ReadFile 2518->2525 2519->2525 2520->2525 2522->2515 2523->2480 2523->2522 2529 2574145f351-2574145f3a3 2525->2529 2530 2574145f462-2574145f486 2525->2530 2543 2574145f3d9-2574145f45d call 257414212f0 2529->2543 2544 2574145f3a5-2574145f3b9 2529->2544 2540 2574145f4bc-2574145f540 call 257414212f0 2530->2540 2541 2574145f488-2574145f49c 2530->2541 2542 2574145f63b-2574145f63e 2534->2542 2535->2474 2540->2535 2545 2574145f49e-2574145f4b1 2541->2545 2546 2574145f4b7 call 2574148e880 2541->2546 2548 2574145f66d-2574145f727 call 257414212f0 2542->2548 2549 2574145f640-2574145f667 2542->2549 2543->2535 2550 2574145f3bb-2574145f3ce 2544->2550 2551 2574145f3d4 call 2574148e880 2544->2551 2545->2480 2545->2546 2546->2540 2548->2535 2549->2548 2555 2574145f76c-2574145f76f 2549->2555 2550->2480 2550->2551 2551->2543 2559 2574145f77a-2574145f78b 2555->2559 2560 2574145f771-2574145f778 2555->2560 2562 2574145f78f-2574145f7bf call 2574140bbd0 call 2574140cdc0 call 25741490e88 2559->2562 2560->2562 2562->2471
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: File$PointerReadSize
                                                      • String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                      • API String ID: 404940565-15404121
                                                      • Opcode ID: 8a6d885830327671914bb6c3149c98cc56e027b430994eaa85517cbf64ee3189
                                                      • Instruction ID: 77b27332112121020a95218ff5df254ff699ca081c15ae9a860f089a473e8d69
                                                      • Opcode Fuzzy Hash: 8a6d885830327671914bb6c3149c98cc56e027b430994eaa85517cbf64ee3189
                                                      • Instruction Fuzzy Hash: 09323322658BC489EB20DF28EC943DD37B1F785B89F408216DB4D6BB99EB74C645C305
                                                      Function 00000257414830B8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                      • String ID: Eastern Standard Time$Eastern Summer Time
                                                      • API String ID: 3458911817-239921721
                                                      • Opcode ID: a0b2f147c5ed72e73a9ba99eccd64d774068bd057930b9dd808764ab5dc4e304
                                                      • Instruction ID: 5ff00438f95f5bedb3acb8fc371d11c080caa19486d6339ad68a4d01251f7fcc
                                                      • Opcode Fuzzy Hash: a0b2f147c5ed72e73a9ba99eccd64d774068bd057930b9dd808764ab5dc4e304
                                                      • Instruction Fuzzy Hash: 6F51B63A698E4086E710FF2AFD88799B770F748786F455125EA4D63F96DB38C440C748
                                                      Function 000002574147918C Relevance: 9.2, APIs: 6, Instructions: 227COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 1405656091-0
                                                      • Opcode ID: cd6fea744430340711cd49b3e9bdbfdb1b852b0eb5a7692198664b91c055b650
                                                      • Instruction ID: f988c5f103ea1d132d13c465a34da973818dcc0e9908966f5ec3f6b9fb665f60
                                                      • Opcode Fuzzy Hash: cd6fea744430340711cd49b3e9bdbfdb1b852b0eb5a7692198664b91c055b650
                                                      • Instruction Fuzzy Hash: 92812DB3744B454BEB58AF7CED093A833B5E754B9AF049139DA099BB89EB38D400C744
                                                      Function 0000025741429F80 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 417COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: __std_exception_destroy
                                                      • String ID: value
                                                      • API String ID: 2453523683-494360628
                                                      • Opcode ID: a2a9cf4f55d7cd52c19a97d3e34afe1538980acb87aee68f786d4bc6a835557a
                                                      • Instruction ID: 18553227906a875220e42a2d626c875b595c8a3adb6cfd4ce7e9e751ab0eb58f
                                                      • Opcode Fuzzy Hash: a2a9cf4f55d7cd52c19a97d3e34afe1538980acb87aee68f786d4bc6a835557a
                                                      • Instruction Fuzzy Hash: DC029062668FC085EB00EB78E8883AD6771E7857E5F205251FA9D23BDADB78C1C5C704
                                                      Function 000002574141E610 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                      • String ID: [PID:
                                                      • API String ID: 420147892-2210602247
                                                      • Opcode ID: 12e82fd6f53b6948c2f59faf1b5c19f0e0070b98848420f9bfaf1ad188466b2a
                                                      • Instruction ID: 412e6812f6556b0d12a4651896a62227108a54a4b60712acc6d583698fc3435b
                                                      • Opcode Fuzzy Hash: 12e82fd6f53b6948c2f59faf1b5c19f0e0070b98848420f9bfaf1ad188466b2a
                                                      • Instruction Fuzzy Hash: 53E1AF72658FC085EB21EB29E8883DD77B5F3897A5F504215EA9D27B99DF38C280C704
                                                      Function 000002574146B9B0 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                      • String ID:
                                                      • API String ID: 3038321057-0
                                                      • Opcode ID: d2de06470b4ed8e39d37734a47601b9eff7cf65b32299141bc4bcc42cf026e17
                                                      • Instruction ID: 1971dc1cd83cc6f7422aa258ba63001fc0bfeb27cc71006e026f1733ef61cb79
                                                      • Opcode Fuzzy Hash: d2de06470b4ed8e39d37734a47601b9eff7cf65b32299141bc4bcc42cf026e17
                                                      • Instruction Fuzzy Hash: 5821AD72218F8082E760DF66F84835AB3B0F788B85F998125EA8967B58DF7CC544CB44
                                                      Function 000002574144D080 Relevance: 6.8, Strings: 5, Instructions: 599COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: cannot use push_back() with $directory_iterator::directory_iterator$exists$prefs.js$status
                                                      • API String ID: 0-2713369562
                                                      • Opcode ID: 530093359433c2104b27cd2024875a0caaa98504d8860aec8f3fc6e35a1c616a
                                                      • Instruction ID: e7dd2b128ec14d938aaad85d24a6048a4b01bfd0016a22e3d17164b162946242
                                                      • Opcode Fuzzy Hash: 530093359433c2104b27cd2024875a0caaa98504d8860aec8f3fc6e35a1c616a
                                                      • Instruction Fuzzy Hash: C3524532689FC484E6B1AB19F8853DAB3A4F7C9791F505225DACC63B59EF38C194CB04
                                                      Function 0000025741464A30 Relevance: 6.4, APIs: 4, Instructions: 417networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: recv$Cleanupclosesocket
                                                      • String ID:
                                                      • API String ID: 146070474-0
                                                      • Opcode ID: 291ab67ec37c4886968f7cfee0b6914d163485efd4581897f4bc263c6bc3d4b3
                                                      • Instruction ID: 42fd6cd965f22a1e0906bfa82e25397faf3513e4eb32994c8f801e01eb1c4c7e
                                                      • Opcode Fuzzy Hash: 291ab67ec37c4886968f7cfee0b6914d163485efd4581897f4bc263c6bc3d4b3
                                                      • Instruction Fuzzy Hash: 951283B265CFC081EA21AB19F8583DEA771F7997A5F104601EAAD17ADADF7CC480C704
                                                      Function 000002574141CA10 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 671COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Cred$EnumerateFree
                                                      • String ID: cannot use push_back() with
                                                      • API String ID: 3403564193-4122110429
                                                      • Opcode ID: 0331d4039e2689bd0f1e0fe0fb631d56562d39c931422b286e1f31765caf7a05
                                                      • Instruction ID: 3f238d6fe2ce27e48d92303ccc074bf41cfa052ac11387bbd696bb0e9649acba
                                                      • Opcode Fuzzy Hash: 0331d4039e2689bd0f1e0fe0fb631d56562d39c931422b286e1f31765caf7a05
                                                      • Instruction Fuzzy Hash: BA626E72654FC489EB209F69EC883DD7771F7897A8F504215EAAC27B99DB34C284C704
                                                      Function 00007FF7564034C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47nativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: MemoryVirtual$ProtectQuery
                                                      • String ID: 0
                                                      • API String ID: 1355999870-4108050209
                                                      • Opcode ID: 89413ede3b1e85be20c8f272e65a27b8bfe40e2a2e38e4141ba162e5d23f76ce
                                                      • Instruction ID: 6820346bdfd82e4e1cea10727c1ef5c488e19b3f490b334caa01c14313cc03f2
                                                      • Opcode Fuzzy Hash: 89413ede3b1e85be20c8f272e65a27b8bfe40e2a2e38e4141ba162e5d23f76ce
                                                      • Instruction Fuzzy Hash: 3F215136A18B8586E750DB14F85031BB7A5FB887A4F940335EAAD03BA8DF7DD144CB10
                                                      Function 00000257414676A0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 217timeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: InformationTimeZone
                                                      • String ID: [UTC
                                                      • API String ID: 565725191-1715286942
                                                      • Opcode ID: d9464a4284bb91225a1d7d0a54c87c35ecca44aa388f45f9a5593c8af6dcd576
                                                      • Instruction ID: c706ff1620a8311c11e38328446ba55ce744b331f7b97ae15aeaeb58f10dea1a
                                                      • Opcode Fuzzy Hash: d9464a4284bb91225a1d7d0a54c87c35ecca44aa388f45f9a5593c8af6dcd576
                                                      • Instruction Fuzzy Hash: 9CB16B32619FC88AD7718F29E84029AB7A4F79C788F105315EBCC57B59EB78C290CB44
                                                      Function 0000025741457BA0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CryptDataFreeLocalUnprotect
                                                      • String ID:
                                                      • API String ID: 1561624719-0
                                                      • Opcode ID: 3f0d2640eba4d0f7871c2ec703edcb503dbe0d7ea7d03094cd3af9045bbe76bf
                                                      • Instruction ID: 28192617d250184835470b82a20a2054be1aa038fb92f8b091ebbea280a543f7
                                                      • Opcode Fuzzy Hash: 3f0d2640eba4d0f7871c2ec703edcb503dbe0d7ea7d03094cd3af9045bbe76bf
                                                      • Instruction Fuzzy Hash: 28416932658B80CEE3209F78E8543DD37B4F75878CF454229EB8816E8ADB79C1A4C748
                                                      Function 00000257414673F0 Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: DriveLogicalStrings
                                                      • String ID:
                                                      • API String ID: 2022863570-0
                                                      • Opcode ID: 8e3b062baa65b3adcedbfaa3c8c3a2baafa25a4fda972cf0885935351d305318
                                                      • Instruction ID: 9f45f730cdb132153591f3f39d5ba2b313ae35c4dc4c9153a63d8955a3965fb4
                                                      • Opcode Fuzzy Hash: 8e3b062baa65b3adcedbfaa3c8c3a2baafa25a4fda972cf0885935351d305318
                                                      • Instruction Fuzzy Hash: B351D272A58F8082E710DF28F88439EB7B1F7847A8F105205EA9C23AA9DB7CD591D744
                                                      Function 0000025741466150 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: NameUser
                                                      • String ID:
                                                      • API String ID: 2645101109-0
                                                      • Opcode ID: abf913a544c6f9fdd308559da787f240108ca61f3614bb29fccc85bbbd2848d6
                                                      • Instruction ID: b55e2cd147f5c7ed129d740369b7ccb031bf4ef7bf7b24737440e2354acdb035
                                                      • Opcode Fuzzy Hash: abf913a544c6f9fdd308559da787f240108ca61f3614bb29fccc85bbbd2848d6
                                                      • Instruction Fuzzy Hash: 6801807265CB8082E761DF25FC4439EB3B0F798788F440221EA8D52A59DBBCC194CB48
                                                      Function 0000025741466860 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: cores
                                                      • API String ID: 0-2370456839
                                                      • Opcode ID: fe515266003fe55dfc7e8ae5ee8a2d40e19cf9c944be5782509e409a5110e389
                                                      • Instruction ID: 6d0bd90e7233971dcf4de18ba805bf910e68486792d47b1ef887af45403ac4a2
                                                      • Opcode Fuzzy Hash: fe515266003fe55dfc7e8ae5ee8a2d40e19cf9c944be5782509e409a5110e389
                                                      • Instruction Fuzzy Hash: 6CC1E5A3E58F808AF710DF78E84439D7771E3997A8F105305EE9826A9ADB78C185C344
                                                      Function 000002574146D050 Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: \u%04x
                                                      • API String ID: 0-2916071157
                                                      • Opcode ID: 9ac3e7affe24433a80f30ef63aa62ecbe97607ee0ab98c7cb77dcaf1733d29dc
                                                      • Instruction ID: 451dac307cbfc6356c049f0e47986e72f127d056f9615f6441e9ffdf29cba163
                                                      • Opcode Fuzzy Hash: 9ac3e7affe24433a80f30ef63aa62ecbe97607ee0ab98c7cb77dcaf1733d29dc
                                                      • Instruction Fuzzy Hash: 2D8128A2748E8481EB50EB6AF9587AE6770F785B89F448022DF8E23795DF3CC515C308
                                                      Function 000002574146C5CB Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ":
                                                      • API String ID: 0-3662656813
                                                      • Opcode ID: b93e25f0a904a3fdb20e69b3e425758cacba5d6e5c85d4380c12b44ffc6d98ea
                                                      • Instruction ID: 307e01f57ebefe760250583a68274248110135103fdc878b207e5bbe763adf07
                                                      • Opcode Fuzzy Hash: b93e25f0a904a3fdb20e69b3e425758cacba5d6e5c85d4380c12b44ffc6d98ea
                                                      • Instruction Fuzzy Hash: 8D9102B6308A8581DB20AF2AE59879E77B1F789FC9F449002CB9E17B64CF39C559C704
                                                      Function 0000025741425310 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 0000025741425399
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                                                      • API String ID: 0-1713319389
                                                      • Opcode ID: a7242879f608aa47813c865fc74e262a7c273f84777ad565790803f492419e94
                                                      • Instruction ID: 53f2927d84f294f9b32bc2df0907f719b80bf6dac084cf4aff7c4c020972eeb4
                                                      • Opcode Fuzzy Hash: a7242879f608aa47813c865fc74e262a7c273f84777ad565790803f492419e94
                                                      • Instruction Fuzzy Hash: 1D41D26361DAE04AD702CB39941137DBFB2E366B89F1C8192EBD49B746D63DC246CB10
                                                      Function 000002574141ECB0 Relevance: .7, Instructions: 715COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 16929085a2809700f7e6120af2448b151afb213f61650590a721622a5fc3bec1
                                                      • Instruction ID: 7db7ce65c4c9e4e1eebb8d249f8a9a370016a14f5ca96b6ae3601b7396a5d4da
                                                      • Opcode Fuzzy Hash: 16929085a2809700f7e6120af2448b151afb213f61650590a721622a5fc3bec1
                                                      • Instruction Fuzzy Hash: 3E727972A58FC489EB20DB69E88439D73B1F789798F504315EE9C27B99DB38C285C704
                                                      Function 000002574140F730 Relevance: .3, Instructions: 344COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 36858761d405c8643adca0cf25a5f486efcbae373011479bc70ee2842979bacb
                                                      • Instruction ID: 23d9b5ac648052cea429ca508ced331c6bc103f92d222c8fb36d98ea53e11372
                                                      • Opcode Fuzzy Hash: 36858761d405c8643adca0cf25a5f486efcbae373011479bc70ee2842979bacb
                                                      • Instruction Fuzzy Hash: 71F16072A59F848AEB209B69F84535D77B0F78C7A8F104315EEDC57B99EB38C1908B04
                                                      Function 000002574140FE20 Relevance: .3, Instructions: 336COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d5c8e505c1d7a2333d561fde428fcf7b6707646c04ef95b1d6c81df208e18fc9
                                                      • Instruction ID: 78137c0dbb64bdb356f99147aece4ebdae2d92aa0cfc23f9f7e0436e25a3af48
                                                      • Opcode Fuzzy Hash: d5c8e505c1d7a2333d561fde428fcf7b6707646c04ef95b1d6c81df208e18fc9
                                                      • Instruction Fuzzy Hash: E2F15072659F888AEB208B69F84435D77B0F388798F204315EEDC67B99EB38C180C744
                                                      Function 0000025741410450 Relevance: .3, Instructions: 336COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a4f4003e368775a12f3e26b8bcd7a19ab426d4c5a44f7e389710894b07600909
                                                      • Instruction ID: b90badb3e4f92195de6ac3ec3b8a25ccb247c4e0aa4dff5d68dd8b4f7139cdba
                                                      • Opcode Fuzzy Hash: a4f4003e368775a12f3e26b8bcd7a19ab426d4c5a44f7e389710894b07600909
                                                      • Instruction Fuzzy Hash: D7F16172A59F848AEB208B69F84535D77B4F38C7A8F100315EEDC57B99EB38C1908744
                                                      Function 0000025741411B90 Relevance: .3, Instructions: 283COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d12017943797bcc216a0679c74680cc699fdba263cc3b3351d69ab3b0d2667b8
                                                      • Instruction ID: a0e1673bbc8b8cbe3bcdf10efeff0fba0e890bbdb56f3ec8ad3fabaad5e83ca5
                                                      • Opcode Fuzzy Hash: d12017943797bcc216a0679c74680cc699fdba263cc3b3351d69ab3b0d2667b8
                                                      • Instruction Fuzzy Hash: 33D19032B98F8089F710DBB8E8483EC37B2E75579CF115255EA4C36B9ADB349195C388
                                                      Function 000002574145EBF0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 194windowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 110 2574145ebf0-2574145ec2b call 2574145e970 113 2574145ec2d-2574145ec3c EnterCriticalSection 110->113 114 2574145ec6c 110->114 115 2574145ec3e-2574145ec60 GdiplusStartup 113->115 116 2574145ec90-2574145ecaa LeaveCriticalSection GdipGetImageEncodersSize 113->116 117 2574145ec71-2574145ec8f call 2574148e860 114->117 115->116 118 2574145ec62-2574145ec66 LeaveCriticalSection 115->118 116->114 120 2574145ecac-2574145ecbf 116->120 118->114 122 2574145ecfb-2574145ed09 call 257414783d8 120->122 123 2574145ecc1-2574145ecca call 2574145e700 120->123 128 2574145ed0b-2574145ed0e 122->128 129 2574145ed10-2574145ed1a 122->129 130 2574145eccc-2574145ecd6 123->130 131 2574145ecf8 123->131 132 2574145ed1e 128->132 129->132 133 2574145ecd8 130->133 134 2574145ece2-2574145ecf6 call 2574148f520 130->134 131->122 135 2574145ed21-2574145ed24 132->135 133->134 134->135 137 2574145ed26-2574145ed2b 135->137 138 2574145ed30-2574145ed3e GdipGetImageEncoders 135->138 140 2574145ee9e-2574145eea1 137->140 141 2574145ee89-2574145ee8e 138->141 142 2574145ed44-2574145ed4d 138->142 145 2574145eea3-2574145eea7 140->145 146 2574145eec4-2574145eec6 140->146 141->140 143 2574145ed7f 142->143 144 2574145ed4f-2574145ed5d 142->144 147 2574145ed86-2574145ed96 143->147 148 2574145ed60-2574145ed6b 144->148 149 2574145eeb0-2574145eec2 call 25741477620 145->149 146->117 150 2574145ed98-2574145eda9 147->150 151 2574145edaf-2574145edcb 147->151 152 2574145ed6d-2574145ed72 148->152 153 2574145ed78-2574145ed7d 148->153 149->146 150->141 150->151 156 2574145edcd-2574145ee26 GdipCreateBitmapFromScan0 GdipSaveImageToStream 151->156 157 2574145ee38-2574145ee77 GdipCreateBitmapFromHBITMAP GdipSaveImageToStream 151->157 152->153 158 2574145ee2d-2574145ee31 152->158 153->143 153->148 159 2574145ee28-2574145ee2b 156->159 160 2574145ee36 156->160 161 2574145ee79 157->161 162 2574145ee90-2574145ee9d GdipDisposeImage 157->162 158->147 163 2574145ee7c-2574145ee83 GdipDisposeImage 159->163 160->162 161->163 162->140 163->141
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream
                                                      • String ID: &
                                                      • API String ID: 1703174404-3042966939
                                                      • Opcode ID: dd964381881d80bb3d13f7f21f812b9ad7ab8c9b9795b3d442a88d8ae0dd4017
                                                      • Instruction ID: fe862fda0a3d46b00af2d4ddaa428d116d8ac163e2f1c58a2f1f9da9499c80e8
                                                      • Opcode Fuzzy Hash: dd964381881d80bb3d13f7f21f812b9ad7ab8c9b9795b3d442a88d8ae0dd4017
                                                      • Instruction Fuzzy Hash: 3B917C32344E418AEB20EF28FC18798B7B0F7587AAF564615EF096BA94DB34C645C348
                                                      Function 000002574145FCA0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 226networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 918 2574145fca0-2574145fdc6 call 257414658d0 call 2574143d590 call 257414286b0 call 25741421900 call 257414286b0 call 25741421900 call 25741423ff0 WSAStartup 933 2574145fdcc-2574145fdec socket 918->933 934 2574145fe87 918->934 935 2574145fe81 WSACleanup 933->935 936 2574145fdf2-2574145fe1e htons 933->936 937 2574145fe89-2574145fe91 934->937 935->934 938 2574145ff29-2574145ff5a call 2574145eed0 call 257414226d0 936->938 939 2574145fe24-2574145fe34 call 2574146d830 936->939 940 2574145fe93-2574145fea4 937->940 941 2574145fec4-2574145ff05 call 2574148e860 937->941 960 2574145ff5c-2574145ff72 938->960 961 2574145ff92-2574145ffaf call 2574145eed0 938->961 953 2574145fe39-2574145fe65 inet_pton connect 939->953 954 2574145fe36 939->954 942 2574145fea6-2574145feb9 940->942 943 2574145febf call 2574148e880 940->943 942->943 947 2574146002b-25741460030 call 25741478254 942->947 943->941 962 25741460031-25741460036 call 25741478254 947->962 958 2574145fe6b-2574145fe72 953->958 959 2574145ff06-2574145ff10 953->959 954->953 958->939 964 2574145fe74-2574145fe7b closesocket 958->964 959->938 963 2574145ff12-2574145ff1b 959->963 965 2574145ff8d call 2574148e880 960->965 966 2574145ff74-2574145ff87 960->966 972 2574145ffb4-2574145ffd8 call 257414226d0 961->972 969 2574145ff1d 963->969 970 2574145ff20-2574145ff28 call 25741424600 963->970 964->935 965->961 966->962 966->965 969->970 970->938 978 2574145ffda-2574145fff0 972->978 979 25741460014-25741460020 972->979 980 25741460007-2574146000c call 2574148e880 978->980 981 2574145fff2-25741460005 978->981 979->937 980->979 981->980 982 25741460025-2574146002a call 25741478254 981->982 982->947
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
                                                      • String ID: geo$system
                                                      • API String ID: 213021568-2364779556
                                                      • Opcode ID: dd839d3d8d5df49058ab2b6196a7efd16563513751f89a78c1e98554545a861d
                                                      • Instruction ID: 55c02581eb6822a0610e36e894131dfa59c3724fd1a488d8051e8ea2f438c191
                                                      • Opcode Fuzzy Hash: dd839d3d8d5df49058ab2b6196a7efd16563513751f89a78c1e98554545a861d
                                                      • Instruction Fuzzy Hash: 68B1B062B98E8085FB00EBB9FC583DC3372A7447AAF415216DE1D37AE9DA34C546C348
                                                      Function 000002574148092C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2569 2574148092c-25741480952 2570 25741480954-25741480968 call 25741474e48 call 25741474e68 2569->2570 2571 2574148096d-25741480971 2569->2571 2589 25741480d5e 2570->2589 2573 25741480d47-25741480d53 call 25741474e48 call 25741474e68 2571->2573 2574 25741480977-2574148097e 2571->2574 2591 25741480d59 call 25741478234 2573->2591 2574->2573 2576 25741480984-257414809b2 2574->2576 2576->2573 2579 257414809b8-257414809bf 2576->2579 2583 257414809c1-257414809d3 call 25741474e48 call 25741474e68 2579->2583 2584 257414809d8-257414809db 2579->2584 2583->2591 2587 257414809e1-257414809e7 2584->2587 2588 25741480d43-25741480d45 2584->2588 2587->2588 2593 257414809ed-257414809f0 2587->2593 2592 25741480d61-25741480d78 2588->2592 2589->2592 2591->2589 2593->2583 2596 257414809f2-25741480a17 2593->2596 2598 25741480a19-25741480a1b 2596->2598 2599 25741480a4a-25741480a51 2596->2599 2602 25741480a42-25741480a48 2598->2602 2603 25741480a1d-25741480a24 2598->2603 2600 25741480a53-25741480a7b call 2574147e8bc call 2574147d3c8 * 2 2599->2600 2601 25741480a26-25741480a3d call 25741474e48 call 25741474e68 call 25741478234 2599->2601 2632 25741480a98-25741480ac3 call 25741480fec 2600->2632 2633 25741480a7d-25741480a93 call 25741474e68 call 25741474e48 2600->2633 2630 25741480bd0 2601->2630 2604 25741480ac8-25741480adf 2602->2604 2603->2601 2603->2602 2607 25741480ae1-25741480ae9 2604->2607 2608 25741480b5a-25741480b64 call 2574148996c 2604->2608 2607->2608 2611 25741480aeb-25741480aed 2607->2611 2621 25741480b6a-25741480b7f 2608->2621 2622 25741480bee 2608->2622 2611->2608 2615 25741480aef-25741480b05 2611->2615 2615->2608 2619 25741480b07-25741480b13 2615->2619 2619->2608 2626 25741480b15-25741480b17 2619->2626 2621->2622 2624 25741480b81-25741480b93 GetConsoleMode 2621->2624 2628 25741480bf3-25741480c13 ReadFile 2622->2628 2624->2622 2629 25741480b95-25741480b9d 2624->2629 2626->2608 2631 25741480b19-25741480b31 2626->2631 2634 25741480c19-25741480c21 2628->2634 2635 25741480d0d-25741480d16 GetLastError 2628->2635 2629->2628 2637 25741480b9f-25741480bc1 ReadConsoleW 2629->2637 2640 25741480bd3-25741480bdd call 2574147d3c8 2630->2640 2631->2608 2641 25741480b33-25741480b3f 2631->2641 2632->2604 2633->2630 2634->2635 2643 25741480c27 2634->2643 2638 25741480d33-25741480d36 2635->2638 2639 25741480d18-25741480d2e call 25741474e68 call 25741474e48 2635->2639 2645 25741480be2-25741480bec 2637->2645 2646 25741480bc3 GetLastError 2637->2646 2650 25741480bc9-25741480bcb call 25741474ddc 2638->2650 2651 25741480d3c-25741480d3e 2638->2651 2639->2630 2640->2592 2641->2608 2649 25741480b41-25741480b43 2641->2649 2653 25741480c2e-25741480c43 2643->2653 2645->2653 2646->2650 2649->2608 2658 25741480b45-25741480b55 2649->2658 2650->2630 2651->2640 2653->2640 2654 25741480c45-25741480c50 2653->2654 2660 25741480c52-25741480c6b call 25741480544 2654->2660 2661 25741480c77-25741480c7f 2654->2661 2658->2608 2669 25741480c70-25741480c72 2660->2669 2665 25741480c81-25741480c93 2661->2665 2666 25741480cfb-25741480d08 call 25741480384 2661->2666 2670 25741480c95 2665->2670 2671 25741480cee-25741480cf6 2665->2671 2666->2669 2669->2640 2673 25741480c9a-25741480ca1 2670->2673 2671->2640 2674 25741480ca3-25741480ca7 2673->2674 2675 25741480cdd-25741480ce8 2673->2675 2676 25741480cc3 2674->2676 2677 25741480ca9-25741480cb0 2674->2677 2675->2671 2679 25741480cc9-25741480cd9 2676->2679 2677->2676 2678 25741480cb2-25741480cb6 2677->2678 2678->2676 2680 25741480cb8-25741480cc1 2678->2680 2679->2673 2681 25741480cdb 2679->2681 2680->2679 2681->2671
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: f3fc50aa6c1617f97820c214b6f357f8593fa625a947542fe4ec2dfdbb2d532b
                                                      • Instruction ID: 5d46f80895b03e57a5109b90d46ebc7d28f7253444c641acb137db4b2bad9e6b
                                                      • Opcode Fuzzy Hash: f3fc50aa6c1617f97820c214b6f357f8593fa625a947542fe4ec2dfdbb2d532b
                                                      • Instruction Fuzzy Hash: F5C1F5362ACF8481F761AF5DBC083AD77B4F781B92F550111DA5927B91CB78C845C329
                                                      Function 000002574145EA50 Relevance: 9.0, APIs: 6, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
                                                      • String ID:
                                                      • API String ID: 4268643673-0
                                                      • Opcode ID: f5a1ecfcc53808b035d0d15b7c47fae7049546fa7d089acffeffd9e0bb2d86bb
                                                      • Instruction ID: 615b0224bbcb6efcef1cd6bc261929fe564cc91eba6fa37679f2696cb9bf7263
                                                      • Opcode Fuzzy Hash: f5a1ecfcc53808b035d0d15b7c47fae7049546fa7d089acffeffd9e0bb2d86bb
                                                      • Instruction Fuzzy Hash: 1B116A32206F4081EB14EF69FC58118B374FB48FA6B684615EA6D262A4CF38C996C744
                                                      Function 00007FF756417980 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00007FF756417C00: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00007FF756417C0E
                                                        • Part of subcall function 00007FF756406610: char_traits.LIBCPMTD ref: 00007FF75640663D
                                                        • Part of subcall function 00007FF756417DC0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF756417ED5
                                                      • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF756417AFA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Concurrency::details::_CriticalLock::_ProcessorReentrantScoped_lockScoped_lock::~_Virtual$Concurrency::RootRoot::char_traits
                                                      • String ID: EnterCriticalSection$LeaveCriticalSection$LoadAcceleratorsA$LoadAcceleratorsW
                                                      • API String ID: 2378420206-1394853731
                                                      • Opcode ID: 04327c45c70a67150be1c73c2e078c6eac2a998af2c452a8fcebf7652b8d46cf
                                                      • Instruction ID: 3b80584d0220ed13193e1f06b005b3302c4ee2dbde85209324ff3ed4758f539f
                                                      • Opcode Fuzzy Hash: 04327c45c70a67150be1c73c2e078c6eac2a998af2c452a8fcebf7652b8d46cf
                                                      • Instruction Fuzzy Hash: 46511F7255D98691EA30FB54E8513EBE360FBD0344F941432E28D47AAADF3CD649CB90
                                                      Function 00007FF756417FD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF7564180EF
                                                      • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF756418197
                                                        • Part of subcall function 00007FF7564577D4: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF75645651B), ref: 00007FF756457824
                                                        • Part of subcall function 00007FF7564577D4: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF75645651B), ref: 00007FF756457865
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$ExceptionFileHeaderRaise
                                                      • String ID: 1.3.1.zlib-ng
                                                      • API String ID: 543713560-992988628
                                                      • Opcode ID: 8956c29817721c66e9a5c783700e556b24576ee2f69ddabf96bd024d6e1e8483
                                                      • Instruction ID: fa8cb291644f783f04d6f5a02c65c63794f89817b46dce4c15ac0cdd018262e5
                                                      • Opcode Fuzzy Hash: 8956c29817721c66e9a5c783700e556b24576ee2f69ddabf96bd024d6e1e8483
                                                      • Instruction Fuzzy Hash: BF61383261CA818AD670EB14E8513EBB3A0FBC8344F940135E6CD87A99DF3CD644CB50
                                                      Function 0000025741466460 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Value
                                                      • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                      • API String ID: 3702945584-1787575317
                                                      • Opcode ID: ca02e5c3ed8e0fc6be14c1ad152ff79eaac3ff22c286f7938fb5c96ca43ff221
                                                      • Instruction ID: 60db4164e4336c056875d81abc1d3b01af12673285799154366cd8bd9ce0e473
                                                      • Opcode Fuzzy Hash: ca02e5c3ed8e0fc6be14c1ad152ff79eaac3ff22c286f7938fb5c96ca43ff221
                                                      • Instruction Fuzzy Hash: 4B115E32648B8082EB20DF25F84939AB3B4F799788F504216EA9C57B59DFBCC155CB44
                                                      Function 0000025741464DB7 Relevance: 4.7, APIs: 3, Instructions: 182networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Cleanupclosesocketrecv
                                                      • String ID:
                                                      • API String ID: 3447645871-0
                                                      • Opcode ID: b571f2713da83870eaa957895cad21978606f6aafd953b6e90a0d736581c1e0c
                                                      • Instruction ID: 4f3910d715327e626c8411f9b6af413c10e43baeb3f67ee01df79655f163ba1b
                                                      • Opcode Fuzzy Hash: b571f2713da83870eaa957895cad21978606f6aafd953b6e90a0d736581c1e0c
                                                      • Instruction Fuzzy Hash: 709193B3A58FC081EA21AB19F85839E6771E7997E5F105301EAAC27AD9DF7CC481C704
                                                      Function 0000025741467151 Relevance: 4.7, APIs: 3, Instructions: 163registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseEnumOpen
                                                      • String ID:
                                                      • API String ID: 1332880857-0
                                                      • Opcode ID: 8e5eb19068908a0246fe692763bd47c61a41966e209536983c2467e7175155ec
                                                      • Instruction ID: dbb06d4b97d4decff6aeb5363460bfb726acf6481f0e6bce437afc9c73e36d92
                                                      • Opcode Fuzzy Hash: 8e5eb19068908a0246fe692763bd47c61a41966e209536983c2467e7175155ec
                                                      • Instruction Fuzzy Hash: 247180B2A48F8585EB10EB69F84839D6770F7857A9F104206EFA927AD9DB78C0C1C704
                                                      Function 00007FF75640D7F0 Relevance: 4.6, APIs: 3, Instructions: 112COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF75640D8DD
                                                      • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF75640D9C0
                                                      • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF75640D9E9
                                                        • Part of subcall function 00007FF756406610: char_traits.LIBCPMTD ref: 00007FF75640663D
                                                        • Part of subcall function 00007FF75640DAA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF75640DAB8
                                                        • Part of subcall function 00007FF75640DB00: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF75640DB13
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Concurrency::details::Work$EmptyQueue::Structured$Base::ContextIdentityQueue$char_traits
                                                      • String ID:
                                                      • API String ID: 2573577243-0
                                                      • Opcode ID: f26d7d76682de479d1a510b7515a2100360f65aa1e8371ebd0398830a94be955
                                                      • Instruction ID: d099b7c617f92339ad0338b12db1df866f84b52e712c214622ae3dcf87087ba9
                                                      • Opcode Fuzzy Hash: f26d7d76682de479d1a510b7515a2100360f65aa1e8371ebd0398830a94be955
                                                      • Instruction Fuzzy Hash: 6151296660CBD291DA20BB15E8513EBB360FBC4790F844032E6CD4BB6ADF2CD649CB50
                                                      Function 00000257414670E0 Relevance: 4.6, APIs: 3, Instructions: 96registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: EnumOpen
                                                      • String ID:
                                                      • API String ID: 3231578192-0
                                                      • Opcode ID: d80f14cf87453080268adb68deae75d6ba4fc3d7dfc0e44dc0fd8621660a0c44
                                                      • Instruction ID: 024a5d60880309542e65d1b5a9e64f63eba62b26249ca43d12bf0bac85a4179c
                                                      • Opcode Fuzzy Hash: d80f14cf87453080268adb68deae75d6ba4fc3d7dfc0e44dc0fd8621660a0c44
                                                      • Instruction Fuzzy Hash: 7F318D72654B8586E720DFA9FC4879E7374F78479DF200215EE9927B54DB38C192C704
                                                      Function 00007FF7564117D0 Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: CallFunction0Member$char_traits
                                                      • String ID:
                                                      • API String ID: 1927575840-0
                                                      • Opcode ID: b3a0a285e39b8cf687cbf5e33b540a6d49c497df54d9ecd142d2dcea34095149
                                                      • Instruction ID: 413dd22e5bdb739aa61dd4a93082f20f2406d78c114ceada7c64da171f8bcbc0
                                                      • Opcode Fuzzy Hash: b3a0a285e39b8cf687cbf5e33b540a6d49c497df54d9ecd142d2dcea34095149
                                                      • Instruction Fuzzy Hash: 5A318275A0DA4285E620FB21EC5017BF7A1FB85784F984135E2CD47696EF7CE600CBA0
                                                      Function 0000025741466E1B Relevance: 4.6, APIs: 3, Instructions: 68registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseOpenQueryValue
                                                      • String ID:
                                                      • API String ID: 3677997916-0
                                                      • Opcode ID: 8656d0007ab639087827527d9889e82898aae9a570ea373c7e4ee7fdbf52c9ac
                                                      • Instruction ID: 4f91431576de9b5c5275ea8d8f775fdead016812a0c28b0dba70c6b1a11223b1
                                                      • Opcode Fuzzy Hash: 8656d0007ab639087827527d9889e82898aae9a570ea373c7e4ee7fdbf52c9ac
                                                      • Instruction Fuzzy Hash: 8621D4B2758F8081EE60EB29F85436EA370F7C57E9F405211FA8D52A99DE3CC084CB04
                                                      Function 00007FF7564182A0 Relevance: 4.6, APIs: 3, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: ProcessToken$CurrentInformationOpen
                                                      • String ID:
                                                      • API String ID: 2743777493-0
                                                      • Opcode ID: 722ab832dbefb05b570a67b2cccdef345e5e387398dfdff30b5f0e262e84267a
                                                      • Instruction ID: ead7d553596cced532dcdbd6529b6e0cc69d6aa5ac8d006a689631e7f641646f
                                                      • Opcode Fuzzy Hash: 722ab832dbefb05b570a67b2cccdef345e5e387398dfdff30b5f0e262e84267a
                                                      • Instruction Fuzzy Hash: 49214A6262C68185EB40EB10E8543AFBB60FB82344FD81035F68E47A99DF3DD609CB60
                                                      Function 00000257414658D0 Relevance: 4.6, APIs: 3, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Info$User
                                                      • String ID:
                                                      • API String ID: 2017065092-0
                                                      • Opcode ID: 877c1b4e073b3a87c3d7ac6068cbd316133fc0437c9f32c249d117db553f0db1
                                                      • Instruction ID: 03fa9d2b828edda5407fab165a55d261d6b4fed1ad038842f8aada1490b28fec
                                                      • Opcode Fuzzy Hash: 877c1b4e073b3a87c3d7ac6068cbd316133fc0437c9f32c249d117db553f0db1
                                                      • Instruction Fuzzy Hash: 73119D32A18B8182D7509F65F81471EB7A2F780BC9F045125EB8517B59DF7CD490CB48
                                                      Function 000002574145F820 Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ProcessToken$CurrentInformationOpen
                                                      • String ID:
                                                      • API String ID: 2743777493-0
                                                      • Opcode ID: 1c225c442ed3ae12c114120d81f2afce391d37106ff629cfd40a7a8c2f449ed4
                                                      • Instruction ID: ca6f3401c362c69ef0b8434207f87e25cf6c6c1a04665562aa4400909c8d8400
                                                      • Opcode Fuzzy Hash: 1c225c442ed3ae12c114120d81f2afce391d37106ff629cfd40a7a8c2f449ed4
                                                      • Instruction Fuzzy Hash: 7A112B32658F8082E750AF1AF85435BB3B0F788B81F559125EB99A7B68CF3CC405CB44
                                                      Function 0000025741484F60 Relevance: 4.5, APIs: 3, Instructions: 15COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Process$CurrentExitTerminate
                                                      • String ID:
                                                      • API String ID: 1703294689-0
                                                      • Opcode ID: 3909df8ddc6717e2b276abcc8b7868d121cee5230461283d2778d4ce90183b93
                                                      • Instruction ID: 99e6124b0dcb84396436d418f7844054df69cd408a6556b6a86bd571e11f9180
                                                      • Opcode Fuzzy Hash: 3909df8ddc6717e2b276abcc8b7868d121cee5230461283d2778d4ce90183b93
                                                      • Instruction Fuzzy Hash: 00D09E14798F0452EB59BBB8BCAD36C52795B99717F48142C9A032A793CD3984494208
                                                      Function 0000025741421EB0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 153COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Concurrency::cancel_current_task
                                                      • String ID:
                                                      • API String ID: 118556049-3916222277
                                                      • Opcode ID: 447391518ede7914d4c29b4a62a83f77a5c4a6751e45bdb10a96ec0dd38cbb10
                                                      • Instruction ID: d668009f79587e8e03dfdeb64ad9c0c04aa43858da235ceca3add72948d24f15
                                                      • Opcode Fuzzy Hash: 447391518ede7914d4c29b4a62a83f77a5c4a6751e45bdb10a96ec0dd38cbb10
                                                      • Instruction Fuzzy Hash: 3B516872248F4496EA159F2AE89835C33B1F388BD5F554622CB5D63BA4CF79C0A1C304
                                                      Function 0000025741466C70 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CurrentProfile
                                                      • String ID: Unknown
                                                      • API String ID: 2104809126-1654365787
                                                      • Opcode ID: 9620c529eb467c2ec69f9554772d2bcda9f57316b6868f94ab05b6f1bde0fce9
                                                      • Instruction ID: 956675653dddadfe0e5eb2ae5cae39dfabbf51d9d71077e2cfa9389577d17f92
                                                      • Opcode Fuzzy Hash: 9620c529eb467c2ec69f9554772d2bcda9f57316b6868f94ab05b6f1bde0fce9
                                                      • Instruction Fuzzy Hash: AC31ED2362CFC086E710DF29F84439AA770F799B88F541215FBC922A0ACB7CC695CB04
                                                      Function 00007FF75640FAE0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @
                                                      • API String ID: 0-2766056989
                                                      • Opcode ID: b337b7728e22acf7a85b468339197ec44de5b842342dd1561fc2dcb21d3dd529
                                                      • Instruction ID: 1287d972d62093bed46ef9ef29e3f01374857592c87ad9a97f8e4cf56997c84c
                                                      • Opcode Fuzzy Hash: b337b7728e22acf7a85b468339197ec44de5b842342dd1561fc2dcb21d3dd529
                                                      • Instruction Fuzzy Hash: 1631C73661CB918AD7A0EB25E85062BBBE1F788794F540535FA8D87B58DF3CD6408F10
                                                      Function 0000025741428560 Relevance: 3.2, APIs: 2, Instructions: 192COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Concurrency::cancel_current_task
                                                      • String ID:
                                                      • API String ID: 118556049-0
                                                      • Opcode ID: ab78ee7b280dee4b339cfacbdd5f4efef219837c15ca3b66dc2c74eeaae5e93f
                                                      • Instruction ID: 6162c231d2561c6e01ff7abdca4e03f7d8798b372805bb1a9476e900c664cf0c
                                                      • Opcode Fuzzy Hash: ab78ee7b280dee4b339cfacbdd5f4efef219837c15ca3b66dc2c74eeaae5e93f
                                                      • Instruction Fuzzy Hash: C0512A623C9F4185FE24BB19BD0839C62B1E744BF6F5806209E6D2B7D6DE78C1D28308
                                                      Function 000002574145EED0 Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FolderFreeKnownPathTask
                                                      • String ID:
                                                      • API String ID: 969438705-0
                                                      • Opcode ID: ae204a587ab0ef826eab955bf18b5cfd079d10c08874d19813b769850f893d30
                                                      • Instruction ID: 365932dd2a0d031efcd143ca1572c5ca80e404d63b6825eafa7aeae71da45275
                                                      • Opcode Fuzzy Hash: ae204a587ab0ef826eab955bf18b5cfd079d10c08874d19813b769850f893d30
                                                      • Instruction Fuzzy Hash: 86317272A58B8081E620DF29F89435EB771F7997F4F205315FAAC23A99DB7CC1818B44
                                                      Function 0000025741474648 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: 77ff38050bbf038ec147631c291faae903e00292372ea36fba1d268a897535c6
                                                      • Instruction ID: 66318e1ffa8d42be2c33b1da68342f95810bfdeaeebc34313f7ec7345797f21e
                                                      • Opcode Fuzzy Hash: 77ff38050bbf038ec147631c291faae903e00292372ea36fba1d268a897535c6
                                                      • Instruction Fuzzy Hash: 3031C132299E4482EE51FB18FC597BD7371E795B92F590111E62E673D2EB38C501C308
                                                      Function 000002574145D510 Relevance: 3.1, APIs: 2, Instructions: 69registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseOpen
                                                      • String ID:
                                                      • API String ID: 47109696-0
                                                      • Opcode ID: f1dca321947a1367f0d55f51290a78f41f5e328790fa86022a41bb21031095aa
                                                      • Instruction ID: e7175152095e1c2c6b487f3f809073c3e39700480df718b98bbc46c3d0d91d93
                                                      • Opcode Fuzzy Hash: f1dca321947a1367f0d55f51290a78f41f5e328790fa86022a41bb21031095aa
                                                      • Instruction Fuzzy Hash: 29212961758E8441EE50EB2AFC5839AA370EB88BC9F094121FE4D27B99DF38C081C708
                                                      Function 000002574145C7CC Relevance: 3.1, APIs: 2, Instructions: 58synchronizationCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
                                                      • String ID:
                                                      • API String ID: 420082584-0
                                                      • Opcode ID: bece3b694530cfbeca66faa9e7e0d6adff72bc4c5de40ce38d1c4fa0504811a1
                                                      • Instruction ID: c798633d720528393ab3cb6f9a8f2775db45729044b78ccb6405f083855d1df3
                                                      • Opcode Fuzzy Hash: bece3b694530cfbeca66faa9e7e0d6adff72bc4c5de40ce38d1c4fa0504811a1
                                                      • Instruction Fuzzy Hash: 4A21E661ACCE8041F911B7BCBC2F3ED5274AF853A3F265A10EA59355D79E388040952D
                                                      Function 000002574145C7FD Relevance: 3.0, APIs: 2, Instructions: 47synchronizationCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandleMutexReleaserecv
                                                      • String ID:
                                                      • API String ID: 2659716615-0
                                                      • Opcode ID: dd2cc705cdbd18044620e585c3dda16eabb8828c2173ec8563691370528ef67d
                                                      • Instruction ID: 064675dea1a61902c573278f63bc9c8ada83d8d6e8859623fad9cf465103147c
                                                      • Opcode Fuzzy Hash: dd2cc705cdbd18044620e585c3dda16eabb8828c2173ec8563691370528ef67d
                                                      • Instruction Fuzzy Hash: B311E562ACCE8041F911B77CFC2E39D52B0AB857A3F155600EEA9766D79E38C080D61D
                                                      Function 0000025741480E9C Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorFileLastPointer
                                                      • String ID:
                                                      • API String ID: 2976181284-0
                                                      • Opcode ID: 85342b8448b5f83962e520861b5040a532baca975cc467821ece28218af4e603
                                                      • Instruction ID: c58437a8a4d4c519177b78fc0e2aba4442f7c95cefec4c499d54aa1eb85cf7e6
                                                      • Opcode Fuzzy Hash: 85342b8448b5f83962e520861b5040a532baca975cc467821ece28218af4e603
                                                      • Instruction Fuzzy Hash: C9119166228F8081DB50EB29B81826AA3B1E745BF5F584311EE792BBD9CF78C451C744
                                                      Function 00007FF75640D750 Relevance: 3.0, APIs: 2, Instructions: 33libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: AddressLibraryLoadProc
                                                      • String ID:
                                                      • API String ID: 2574300362-0
                                                      • Opcode ID: bd71bcfb797b50c55a6df7201416778f22323b2fa91c79af38a8b0c2d0370c92
                                                      • Instruction ID: a9173f560edd53e05a0ee093795054bce0d4fc00625b62c743bc88fa1361cea1
                                                      • Opcode Fuzzy Hash: bd71bcfb797b50c55a6df7201416778f22323b2fa91c79af38a8b0c2d0370c92
                                                      • Instruction Fuzzy Hash: 3601277A51CB9585D760AB11E88032BBBA0F7887A4F541535E6CE46B68CF3CC2988B14
                                                      Function 000002574148E888 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                      • String ID:
                                                      • API String ID: 1173176844-0
                                                      • Opcode ID: ad7fb39d7d0572768195cdb96d88edf57c93c5d00d8eaa663e4c704e5b7bea2c
                                                      • Instruction ID: 58ec4745b2c2bef0a437be6cf9e0a96dab75869725da3b1c63a7fa45bd80a546
                                                      • Opcode Fuzzy Hash: ad7fb39d7d0572768195cdb96d88edf57c93c5d00d8eaa663e4c704e5b7bea2c
                                                      • Instruction Fuzzy Hash: 4CE01208BE9D0945FD2932BE3D1D37901700F89373E1C1B2059757AAD3AA348691825C
                                                      Function 00007FF756445810 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlFreeHeap.NTDLL(?,?,00007FF756445929,00007FF75644ACD6,?,?,?,00007FF75644B053,?,?,00000000,00007FF75644B9B9,?,?,?,00007FF75644B8EB), ref: 00007FF756445826
                                                      • GetLastError.KERNEL32(?,?,00007FF756445929,00007FF75644ACD6,?,?,?,00007FF75644B053,?,?,00000000,00007FF75644B9B9,?,?,?,00007FF75644B8EB), ref: 00007FF756445830
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 485612231-0
                                                      • Opcode ID: d1c0f4e6f877c9d6cfcd8a19c59eeb7a423ced942baaa3383c8ac58c4f15d072
                                                      • Instruction ID: 8672d995eaa1d690921cf5001f774aa0af2a7f1b02c50ddf6cdf718f5bb3ca78
                                                      • Opcode Fuzzy Hash: d1c0f4e6f877c9d6cfcd8a19c59eeb7a423ced942baaa3383c8ac58c4f15d072
                                                      • Instruction Fuzzy Hash: 3EE08690F1868242FF0C7BB2AC5707796515F85742FCC4430CC0D42291FE6C66614730
                                                      Function 000002574147D3C8 Relevance: 2.5, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 485612231-0
                                                      • Opcode ID: b7253a55b1276d1b57d670979138b52c86c30a15e8b70f9b8b054cc625f4c6ce
                                                      • Instruction ID: 8884740e962e5c1a52af35c2ed9b38e8189730c34be2b2e4c87f8c4bdf84ed34
                                                      • Opcode Fuzzy Hash: b7253a55b1276d1b57d670979138b52c86c30a15e8b70f9b8b054cc625f4c6ce
                                                      • Instruction Fuzzy Hash: 1FE02B40F9EE0082FF0CB7FAFC0C37402B15F84703F4844208825B6252ED384881C308
                                                      Function 000002574146F150 Relevance: 1.7, APIs: 1, Instructions: 189COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Concurrency::cancel_current_task
                                                      • String ID:
                                                      • API String ID: 118556049-0
                                                      • Opcode ID: d63ebc105d5abc37252f6722bce4805a7eacf3ede7e52188f506b751404bdf16
                                                      • Instruction ID: 9f281c768b4845a970f0772fc8cdcdf6ffec8435da24b2b81b62a89b3e050528
                                                      • Opcode Fuzzy Hash: d63ebc105d5abc37252f6722bce4805a7eacf3ede7e52188f506b751404bdf16
                                                      • Instruction Fuzzy Hash: C761DDA6348E8084EA14EF1AE96836D27B1E305FDDF548511CEAD277D5DB3DC886C328
                                                      Function 000002574140E2A0 Relevance: 1.7, APIs: 1, Instructions: 175COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: __std_fs_directory_iterator_open
                                                      • String ID:
                                                      • API String ID: 4007087469-0
                                                      • Opcode ID: 78e5213647ace45075edf6087831abaa0f8ba198e697805de991843f31cd1620
                                                      • Instruction ID: ea26a1ac5ac51f1483ff74b14ffc14abcde3455ff1964fd25c256d99bbb298c0
                                                      • Opcode Fuzzy Hash: 78e5213647ace45075edf6087831abaa0f8ba198e697805de991843f31cd1620
                                                      • Instruction Fuzzy Hash: 8F61E562B98F50C5FB10EF6EE8883AC27B1E7447A9F014621DE1937BD5DA34C6A18348
                                                      Function 0000025741428E80 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Concurrency::cancel_current_task
                                                      • String ID:
                                                      • API String ID: 118556049-0
                                                      • Opcode ID: a8aacd0e09e70c30a057030473103bdc4b4d673ec162f3d824773e17bae67f6b
                                                      • Instruction ID: 0ebe2574289135ab38377224e9dcc27640f86c128dcdc2b1a42454c96f55de1a
                                                      • Opcode Fuzzy Hash: a8aacd0e09e70c30a057030473103bdc4b4d673ec162f3d824773e17bae67f6b
                                                      • Instruction Fuzzy Hash: F841C466388F8485EA10AF19F90839D67B2F749BE5F540625DF6D1B785DF38C1819308
                                                      Function 0000025741439FB0 Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Concurrency::cancel_current_task
                                                      • String ID:
                                                      • API String ID: 118556049-0
                                                      • Opcode ID: 80ccde4e7c2d8776a33b8b5ec777cda77ddfdc7c818af9bd46593884588d75f0
                                                      • Instruction ID: 976777a4bd36ea94de88a179ad438e653af3ee4fa56fae4f86668079a245cea3
                                                      • Opcode Fuzzy Hash: 80ccde4e7c2d8776a33b8b5ec777cda77ddfdc7c818af9bd46593884588d75f0
                                                      • Instruction Fuzzy Hash: B7418466398F8886DA14EF59F94826EA3B4F745BD1F608615ABAD63BC5DF38C0408304
                                                      Function 0000025741429030 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Concurrency::cancel_current_task
                                                      • String ID:
                                                      • API String ID: 118556049-0
                                                      • Opcode ID: 12c4cc18f2389066702bc8e6ef1789d8670b28c52f417b9bd8ae0a600ec8364e
                                                      • Instruction ID: 59d1571bb2a49d8d5c1ea049d3ec3fb548b4f2aa8e272b33de1226f50d14a52c
                                                      • Opcode Fuzzy Hash: 12c4cc18f2389066702bc8e6ef1789d8670b28c52f417b9bd8ae0a600ec8364e
                                                      • Instruction Fuzzy Hash: 1F412362348F5485FE10BB5AFC0C3ADA361B304BD5F584625AF6D2B7C6DE78C1818308
                                                      Function 0000025741424600 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Concurrency::cancel_current_task
                                                      • String ID:
                                                      • API String ID: 118556049-0
                                                      • Opcode ID: dc511a26a12705d76694ff1619be8eba9153e3b67eb34daa764a6c8bc34486a7
                                                      • Instruction ID: 8626275312d4bc30cea0a47545b12e3ea7972e0a35d5cbdd91608fe5e85a1d66
                                                      • Opcode Fuzzy Hash: dc511a26a12705d76694ff1619be8eba9153e3b67eb34daa764a6c8bc34486a7
                                                      • Instruction Fuzzy Hash: 51312822389E5488FE25BF1AFD083AC12B1D345FE6F5846219E2D27BC5DE78C5C19348
                                                      Function 000002574147D8C8 Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: 506399ceb7efd258d9ee9312528a7fb0108d3bcc24f039aa6e7519c78468f3b6
                                                      • Instruction ID: c495930f84346b8eec37f94b9b93d83a0ce29399ad01c50cdef203dcdff981de
                                                      • Opcode Fuzzy Hash: 506399ceb7efd258d9ee9312528a7fb0108d3bcc24f039aa6e7519c78468f3b6
                                                      • Instruction Fuzzy Hash: 6D412672168B4083FB74AB1CF84836D73B0F756B92F100202DAAAA37D0CB38C402C759
                                                      Function 000002574146EF10 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Concurrency::cancel_current_task
                                                      • String ID:
                                                      • API String ID: 118556049-0
                                                      • Opcode ID: a3953ac7336e44fab3f50ac145ac912ae4d0ac3cf29e2fc59394371e0dce0deb
                                                      • Instruction ID: 415983a04de71713b995b3c5c397a27e6cfec210aadc6ac37f7dd3ccb3994a27
                                                      • Opcode Fuzzy Hash: a3953ac7336e44fab3f50ac145ac912ae4d0ac3cf29e2fc59394371e0dce0deb
                                                      • Instruction Fuzzy Hash: 4F3191B2349F8095EA24EF19F8583AEA3B0A344BD5F6446259BAD27785DF3CC1518308
                                                      Function 0000025741428D10 Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Concurrency::cancel_current_task
                                                      • String ID:
                                                      • API String ID: 118556049-0
                                                      • Opcode ID: 27f586df748ef508ccb615be2881a253bd13044cfe7f89549f543d09785045d6
                                                      • Instruction ID: e03d9d52c0df24ba3c8c9373e095d3eb0b78702a2662beb6e862b25e7c713372
                                                      • Opcode Fuzzy Hash: 27f586df748ef508ccb615be2881a253bd13044cfe7f89549f543d09785045d6
                                                      • Instruction Fuzzy Hash: 7A312B72399F8185EE14BB19BD4835DA2B1E314BF5F5846219E6D2B7D5DA38C082C308
                                                      Function 0000025741466290 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: InformationVolume
                                                      • String ID:
                                                      • API String ID: 2039140958-0
                                                      • Opcode ID: 9b54662dfc31b99104d5a64d46f481d5e14be556eb9875cdf2309875b13e82c8
                                                      • Instruction ID: 1c34d08bfd18eec895577fb967f554c115e0b66dd121edbea4cd1a7a46b678c4
                                                      • Opcode Fuzzy Hash: 9b54662dfc31b99104d5a64d46f481d5e14be556eb9875cdf2309875b13e82c8
                                                      • Instruction Fuzzy Hash: DD519E32A58F808AE710DF68E84839D7770F389798F504211EB9C63A99DF78C684CB44
                                                      Function 00007FF756417DC0 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00007FF75641B970: _Byte_length.LIBCPMTD ref: 00007FF75641B9F6
                                                      • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF756417ED5
                                                        • Part of subcall function 00007FF75641BA40: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF75641BA6A
                                                        • Part of subcall function 00007FF75641BAA0: _Byte_length.LIBCPMTD ref: 00007FF75641BB26
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Byte_lengthConcurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
                                                      • String ID:
                                                      • API String ID: 2675252387-0
                                                      • Opcode ID: 8cf2c1331036d997b2d5cbdfd09f9a6dace60c7598b65e1a7ef6aa7a93a04358
                                                      • Instruction ID: 64368a94a9516d8adc78cfe862368c20c085449e7ff9ced7e8ce8e41a0a62307
                                                      • Opcode Fuzzy Hash: 8cf2c1331036d997b2d5cbdfd09f9a6dace60c7598b65e1a7ef6aa7a93a04358
                                                      • Instruction Fuzzy Hash: 8851197261DA8591DA60FB15E8503EBB3A1FBC8780FC44032EA8D47B69DE3CD649CB50
                                                      Function 00007FF75640BA90 Relevance: 1.6, APIs: 1, Instructions: 95COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00007FF75640C520: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF75640C53D
                                                        • Part of subcall function 00007FF75640C520: _Max_value.LIBCPMTD ref: 00007FF75640C562
                                                        • Part of subcall function 00007FF75640C520: _Min_value.LIBCPMTD ref: 00007FF75640C590
                                                      • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF75640BB3C
                                                        • Part of subcall function 00007FF756404310: std::_Xinvalid_argument.LIBCPMT ref: 00007FF75640431B
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Concurrency::details::EmptyQueue::StructuredWork$Max_valueMin_valueXinvalid_argumentstd::_
                                                      • String ID:
                                                      • API String ID: 142707115-0
                                                      • Opcode ID: 60dc388cca3665f00380207ba0fc440bb0a5f3e9cb1ca1dbde5340a79cbc7bc9
                                                      • Instruction ID: 3e3b4ea532709d9182dd65a7b41780b09875aa57eb6dc5db90b0722742e71bdc
                                                      • Opcode Fuzzy Hash: 60dc388cca3665f00380207ba0fc440bb0a5f3e9cb1ca1dbde5340a79cbc7bc9
                                                      • Instruction Fuzzy Hash: 2951C33662DB8581DA50EB16F89026BB7A0F7C9B90F501026EACE47B2ACF3CD1508B40
                                                      Function 00000257414229B0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0000025741422AB8
                                                        • Part of subcall function 000002574140B820: __std_exception_copy.LIBVCRUNTIME ref: 000002574140B868
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Concurrency::cancel_current_task__std_exception_copy
                                                      • String ID:
                                                      • API String ID: 317858897-0
                                                      • Opcode ID: 69cb05f06bfac6c23d9b563a1144b6f5c1505051c04b41afb44361278751c17a
                                                      • Instruction ID: f9c22a921d83c1fbf52c95eb4b3c79245043afcbe0ef7049813fd281187df01e
                                                      • Opcode Fuzzy Hash: 69cb05f06bfac6c23d9b563a1144b6f5c1505051c04b41afb44361278751c17a
                                                      • Instruction Fuzzy Hash: 7821F722749F4045EA28BB19B9043A963A0E754BE5F244B219A7C23FD1EA78C5D3C344
                                                      Function 000002574148080C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: a24f7c79d48368e33d7deb9d4eeecb52ce7ec7a6106812cc151fd4020b53ad0d
                                                      • Instruction ID: bf82ad9d1990dfb13bdc3371fdda8c1c0a259a78dea227bb9b819b22b9a9507f
                                                      • Opcode Fuzzy Hash: a24f7c79d48368e33d7deb9d4eeecb52ce7ec7a6106812cc151fd4020b53ad0d
                                                      • Instruction Fuzzy Hash: 5531B12667CE4085F7917B5EFC4936C26B0B780BB2F460605EA25377D2CB78C481C769
                                                      Function 00007FF75640F580 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8832b93c38650351119958a3682aaab50e8cbc8b9dc0623d89af5356b64ee8a2
                                                      • Instruction ID: 0ecac6312384b89b59ca225130406da6048890a3d71b33103a6eff9b7c4187ff
                                                      • Opcode Fuzzy Hash: 8832b93c38650351119958a3682aaab50e8cbc8b9dc0623d89af5356b64ee8a2
                                                      • Instruction Fuzzy Hash: EF313C6262CB9181DA90BB52E84036BE7A0FBC47E0F445435FECD4BB69DF6CD2018B50
                                                      Function 0000025741484E91 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: HandleModule$AddressFreeLibraryProc
                                                      • String ID:
                                                      • API String ID: 3947729631-0
                                                      • Opcode ID: 9e03c0276b42d0bae273c9ceb8b8abd1e24865752fa8da44abca3c0ffcb1668a
                                                      • Instruction ID: 2b681c19fda7cf2bd36145c47888cfafd98e555ed55600198d16ea2f3b9ff2d7
                                                      • Opcode Fuzzy Hash: 9e03c0276b42d0bae273c9ceb8b8abd1e24865752fa8da44abca3c0ffcb1668a
                                                      • Instruction Fuzzy Hash: C4219036A44B408AEB64AF68E8583EC37F0F35471DF580629E72966ED5DB34C484CB44
                                                      Function 000002574149FEF8 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: 4bdd7c7df9abbb715da046ae302baf4d590079e7e30464498c50f0bf6b7ea38d
                                                      • Instruction ID: 6da4a3411949c6e50d46776b403bb0c3016997e32b2b2e4c7de98dab9eae7a94
                                                      • Opcode Fuzzy Hash: 4bdd7c7df9abbb715da046ae302baf4d590079e7e30464498c50f0bf6b7ea38d
                                                      • Instruction Fuzzy Hash: 3421C632228E8087DB61AF2CF85476977B0F786B95F684215EB5D576D9DB38C4008B04
                                                      Function 000002574149E200 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: 277766cc613ac521deff1262cc5973a4c6dda0ce244441028124d0478fb53980
                                                      • Instruction ID: 7f408c823b055e9bd268fc0b16d1635be1e516cc1a1a4946ad315a4af25f49c8
                                                      • Opcode Fuzzy Hash: 277766cc613ac521deff1262cc5973a4c6dda0ce244441028124d0478fb53980
                                                      • Instruction Fuzzy Hash: 03118B7236DE4081EA60BF69FC057AFA370B786F91F484411EB8477796CB38C5008749
                                                      Function 00007FF75640E170 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 292d0802afc3662b8a44df9434c69ee7ab1bc2423aa3cf29da608adeab93335d
                                                      • Instruction ID: 79b7064b38db9da7c1cd24940db7fe12ae62ddf253a6610c21f5e5c44ef3d13c
                                                      • Opcode Fuzzy Hash: 292d0802afc3662b8a44df9434c69ee7ab1bc2423aa3cf29da608adeab93335d
                                                      • Instruction Fuzzy Hash: BE21412251CAD181DAB0FB10E8513ABE7A1FB84394F988535E6CD87A99CF2CD254CB10
                                                      Function 00007FF75641BBF0 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF75641BC1C
                                                        • Part of subcall function 00007FF75641F7D0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF75641F846
                                                        • Part of subcall function 00007FF75641F7D0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF75641F855
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Concurrency::details::EmptyQueue::StructuredWork
                                                      • String ID:
                                                      • API String ID: 2595383736-0
                                                      • Opcode ID: d187d2a0eb802e6f176a8c328b985804572825bb7962f1620d6111e602d056cd
                                                      • Instruction ID: ce7bc9fbe8961d173b65119d6bc668d81e3e6fcb66375b0d4baba1d0f38b870c
                                                      • Opcode Fuzzy Hash: d187d2a0eb802e6f176a8c328b985804572825bb7962f1620d6111e602d056cd
                                                      • Instruction Fuzzy Hash: BA21F876618F8881DA10EB15F89125BB7A0F7C9BC4F941126EACD43B69DF3CD250CB40
                                                      Function 00007FF756418750 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF75641875E
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Concurrency::details::EmptyQueue::StructuredWork
                                                      • String ID:
                                                      • API String ID: 1865873047-0
                                                      • Opcode ID: f8c7e8331dde7540c220ec2cf53b80f18e0f368c2e7c04878d69dbed098d0d54
                                                      • Instruction ID: d0c93fccecff99e74d7e922dca84e8f6088b92393486627aa10e46875b38a180
                                                      • Opcode Fuzzy Hash: f8c7e8331dde7540c220ec2cf53b80f18e0f368c2e7c04878d69dbed098d0d54
                                                      • Instruction Fuzzy Hash: 00117436619F8885DB609F1AE88035EB7A0F7C8B94F545126EBCD47B69CF3CC5508B50
                                                      Function 00007FF75641B970 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _Byte_length.LIBCPMTD ref: 00007FF75641B9F6
                                                        • Part of subcall function 00007FF75641BBF0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF75641BC1C
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Byte_lengthConcurrency::details::EmptyQueue::StructuredWork
                                                      • String ID:
                                                      • API String ID: 2180140624-0
                                                      • Opcode ID: 3d721e314f6597f4f5539cc87ca23b51fab7460f1361a429639f5c59ef1ee461
                                                      • Instruction ID: e57f4037c40b15b2d87cfb752bc74c41fe3c5937f47f446c5581730f72a4de9f
                                                      • Opcode Fuzzy Hash: 3d721e314f6597f4f5539cc87ca23b51fab7460f1361a429639f5c59ef1ee461
                                                      • Instruction Fuzzy Hash: 09112436518A8182DA50EB25F89119BB7A0FBC9790FA41126EBCD47B29DF3CC211CB40
                                                      Function 00007FF75641BAA0 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00007FF75641BB70: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF75641BB7E
                                                      • _Byte_length.LIBCPMTD ref: 00007FF75641BB26
                                                        • Part of subcall function 00007FF75641BBF0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF75641BC1C
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Byte_lengthConcurrency::details::Concurrency::details::_CriticalEmptyLock::_Queue::ReentrantScoped_lockScoped_lock::~_StructuredWork
                                                      • String ID:
                                                      • API String ID: 3730899627-0
                                                      • Opcode ID: 44c7796c75c25c5c7709d50e7aab81eaeec602659a9d168cd4e954b65d0e7a9e
                                                      • Instruction ID: e92309d7a68b23325420f411fb8a7d47b6c5351cc39cb094f63491073b2ae723
                                                      • Opcode Fuzzy Hash: 44c7796c75c25c5c7709d50e7aab81eaeec602659a9d168cd4e954b65d0e7a9e
                                                      • Instruction Fuzzy Hash: E911F476518A8582DA50EB25F89119BB7A0FBC9780FA40126EBCD43B69DF3CC6518B40
                                                      Function 00007FF756407E40 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF756407E74
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Concurrency::details::EmptyQueue::StructuredWork
                                                      • String ID:
                                                      • API String ID: 1865873047-0
                                                      • Opcode ID: 30fd8099ffd4be0d4f69dd9a583985dde0d8b0850e5991a20b1c7c05a0df383f
                                                      • Instruction ID: a23069213d9632c64d65346da9fd7e292dca4b0efdb526c2986aa61a30f5bf66
                                                      • Opcode Fuzzy Hash: 30fd8099ffd4be0d4f69dd9a583985dde0d8b0850e5991a20b1c7c05a0df383f
                                                      • Instruction Fuzzy Hash: 0C112E26619B4181DA20FB16E44036FB7A0FBC8BE4F481135EA8D47B65CF7CC6408B50
                                                      Function 00007FF75640F6A0 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: type_info::_name_internal_method
                                                      • String ID:
                                                      • API String ID: 3713626258-0
                                                      • Opcode ID: 76e54cbdeb55244470ca4b8c1149c975881fede5f5229d85922bdbd701fbbbd6
                                                      • Instruction ID: a18c03271c92c477980dbd22613467224ca4eda1a1a93e3972fb35c68c3a007f
                                                      • Opcode Fuzzy Hash: 76e54cbdeb55244470ca4b8c1149c975881fede5f5229d85922bdbd701fbbbd6
                                                      • Instruction Fuzzy Hash: 53010C7662CB9681D690BB16F84026BA3A0FB84BD4F846431FECE4B759DF2CD2108B50
                                                      Function 0000025741460E00 Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: send
                                                      • String ID:
                                                      • API String ID: 2809346765-0
                                                      • Opcode ID: 10723b900c3d3fb221c2729e0f2ab508e71a113b43aaaf7fd55bda6ca2804ccb
                                                      • Instruction ID: 2ef4bb5a7c94888490619d7418f0768198b5615e43ac1985cbe5e978d44228eb
                                                      • Opcode Fuzzy Hash: 10723b900c3d3fb221c2729e0f2ab508e71a113b43aaaf7fd55bda6ca2804ccb
                                                      • Instruction Fuzzy Hash: 4501AD71718A9485EB509F1AFD44619A7B0F788FE4F485231EE5D13B48EB38C8818704
                                                      Function 00007FF75640CD80 Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo_noreturn
                                                      • String ID:
                                                      • API String ID: 3668304517-0
                                                      • Opcode ID: 5b003b8cca513f1d9bd291702dbd346b7f7ce6d2eb4d71e1a0a6965b61c62195
                                                      • Instruction ID: 48bef7e39d27d4f303bc6dc25a1c26c65723d957b84fb6b8f298990ac7939872
                                                      • Opcode Fuzzy Hash: 5b003b8cca513f1d9bd291702dbd346b7f7ce6d2eb4d71e1a0a6965b61c62195
                                                      • Instruction Fuzzy Hash: CA014062619B5681DA60BB28E88131BE7D4FF887A4F840231E69D86BD4DF3CC6508714
                                                      Function 00007FF75641C9F0 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF75641CA33
                                                        • Part of subcall function 00007FF75640A910: allocator.LIBCONCRTD ref: 00007FF75640A92B
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Concurrency::details::EmptyQueue::StructuredWorkallocator
                                                      • String ID:
                                                      • API String ID: 1755220593-0
                                                      • Opcode ID: e9dd5059331e962bb0aad71984c047b5081c9f2cc64489ca351a57fb079b81be
                                                      • Instruction ID: 88417fb65a6f583388827e135e5517aa063559b141057bd270b997a1b62895ae
                                                      • Opcode Fuzzy Hash: e9dd5059331e962bb0aad71984c047b5081c9f2cc64489ca351a57fb079b81be
                                                      • Instruction Fuzzy Hash: D2016036619F8482CA60DB0AF89011EB7A4F7C9B94F504125FBCD87B29DF3CD2618B00
                                                      Function 0000025741417633 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileFindNext
                                                      • String ID:
                                                      • API String ID: 2029273394-0
                                                      • Opcode ID: 752fe5805e453647425062ce64daa4e53c54a82ad0d646f83825288564bb7983
                                                      • Instruction ID: e22c290b51a62c26cbc860cc76c04906938e6d5154f57ae9b7ab5cde03269c62
                                                      • Opcode Fuzzy Hash: 752fe5805e453647425062ce64daa4e53c54a82ad0d646f83825288564bb7983
                                                      • Instruction Fuzzy Hash: D601122625CEC085EA70DB56F89839AB374F7C8B95F544022DE8D53B59DE39C886CB04
                                                      Function 0000025741477374 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: 68ea0e6e30933e9dd76abf56f21314c638998a57c534cc3687c594a1fb5b02e7
                                                      • Instruction ID: 2daa678991f72d87ee94d4b8c80524e68267695af988058a3c5981ba1fc2085d
                                                      • Opcode Fuzzy Hash: 68ea0e6e30933e9dd76abf56f21314c638998a57c534cc3687c594a1fb5b02e7
                                                      • Instruction Fuzzy Hash: A8E0923226DE4181EB647BADB94E26C61706B447F6F944321AA34126C6DB3484608719
                                                      Function 00007FF756455554 Relevance: 1.5, APIs: 1, Instructions: 21COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                      • String ID:
                                                      • API String ID: 680105476-0
                                                      • Opcode ID: eab2c86477353e2fdf37daf347e1d7af9a32534bc8376d8c7edc6a9f128f6aaa
                                                      • Instruction ID: c981bb0658e24542b20557aae1b95346aa0369144abb6048522e8796d100a383
                                                      • Opcode Fuzzy Hash: eab2c86477353e2fdf37daf347e1d7af9a32534bc8376d8c7edc6a9f128f6aaa
                                                      • Instruction Fuzzy Hash: D1E0EC40E1918F06FE6C31A59C2617B81450F697B0EAC1B30DD3E486DFAD1CB6918534
                                                      Function 00007FF75641BA40 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF75641BA6A
                                                        • Part of subcall function 00007FF756417FD0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF7564180EF
                                                        • Part of subcall function 00007FF756417FD0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF756418197
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
                                                      • String ID:
                                                      • API String ID: 2443641946-0
                                                      • Opcode ID: a00cf0b1ec4db13d273557ccddcb421bc2b4e8bce47aca48317bcbe3f147d040
                                                      • Instruction ID: 6c0980d7a46f97c7c5ea4d831ad810f14ac907aa8d69e944dc9b8f583c108337
                                                      • Opcode Fuzzy Hash: a00cf0b1ec4db13d273557ccddcb421bc2b4e8bce47aca48317bcbe3f147d040
                                                      • Instruction Fuzzy Hash: 86F0D4B2518A8086C660EB55E84111FF7A0F7C8794F541125FACD87B2ADF7CC2508F44
                                                      Function 000002574149B4C0 Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileFindNext
                                                      • String ID:
                                                      • API String ID: 2029273394-0
                                                      • Opcode ID: 4c4c8cee82cd6a4053d517c558a7f02c966df0e611948d3254852e902a6fda01
                                                      • Instruction ID: fa47dc26e21525833f9e9c739e0addd92346db8ebf835a4a68fb4c6e1b4a459f
                                                      • Opcode Fuzzy Hash: 4c4c8cee82cd6a4053d517c558a7f02c966df0e611948d3254852e902a6fda01
                                                      • Instruction Fuzzy Hash: 75C09B15F9DD41D1E6947BBB7C8A79251F0D759723F4C0030C50494150DE3C85D7D719
                                                      Function 00007FF75640A910 Relevance: 1.5, APIs: 1, Instructions: 9COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: allocator
                                                      • String ID:
                                                      • API String ID: 3447690668-0
                                                      • Opcode ID: 69c9719d4dd52abe98a264028dc470e26ea7d52536d19f2f10ff87e1f9baad59
                                                      • Instruction ID: 7fb9af1e08adcd37f9e2e8e1315d079769af651253580d2d5cd6bc1e050db599
                                                      • Opcode Fuzzy Hash: 69c9719d4dd52abe98a264028dc470e26ea7d52536d19f2f10ff87e1f9baad59
                                                      • Instruction Fuzzy Hash: 27C0C96AA29B84C1CA04EB12F88100AB760F7C8BC0F809421EA8E03729DF38C1518B00
                                                      Function 000002574149D0B4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: InfoNativeSystem
                                                      • String ID:
                                                      • API String ID: 1721193555-0
                                                      • Opcode ID: ebb3c2d15c06801dfe805b6087078b0f501a5fe9f8c446694f4975735c5f9cad
                                                      • Instruction ID: cc47b7edc34319ad9bfaa5be88fafb39ea33c9042e6d1f47c7d46443515cb448
                                                      • Opcode Fuzzy Hash: ebb3c2d15c06801dfe805b6087078b0f501a5fe9f8c446694f4975735c5f9cad
                                                      • Instruction Fuzzy Hash: F3B09236B18CC0C3C612FB08EC86119B331F794B0AFD00010E28E42624CE2CCA2A8E04
                                                      Function 00007FF7564464BC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • HeapAlloc.KERNEL32(?,?,00000028,00007FF756455573,?,?,?,00007FF7564010A8), ref: 00007FF7564464FA
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: AllocHeap
                                                      • String ID:
                                                      • API String ID: 4292702814-0
                                                      • Opcode ID: 31f5e82480b86c694179d874989cf1b3d096565e770f3be7cb9178f83f4d8f72
                                                      • Instruction ID: 0462984f2cd68e575ad227088a3a36d3ff23d95eaa8fee37fb0f4de9b30b621c
                                                      • Opcode Fuzzy Hash: 31f5e82480b86c694179d874989cf1b3d096565e770f3be7cb9178f83f4d8f72
                                                      • Instruction Fuzzy Hash: A2F0FE90F0924755FF547A61AD1267BD1805F847B6F8C4630D92E856C6DE2CE680C630
                                                      Function 000002574147E8BC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocHeap
                                                      • String ID:
                                                      • API String ID: 4292702814-0
                                                      • Opcode ID: eba47d0c810211a009f984e3ce810decee2d7cb9fb39a7e87e15bbee8ef19542
                                                      • Instruction ID: 956f471839f1229cc56ecdb38634f994c4f5ecd92ee54dd4debcf03b3bef9879
                                                      • Opcode Fuzzy Hash: eba47d0c810211a009f984e3ce810decee2d7cb9fb39a7e87e15bbee8ef19542
                                                      • Instruction Fuzzy Hash: DCF0A04238DE4944FE9977BABC1C3B592B05B887B6F4D0B209D36B62C2DA3CC5808318
                                                      Function 00007FF7564026C0 Relevance: 1.3, APIs: 1, Instructions: 17memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: bb55d3c25760e0320b4c92f21841f287c01ac31988aa5e77e6438427710fe636
                                                      • Instruction ID: 365ecd8dd157b6ddb33ae9855c14901a15bef9a7124941e18c3858051ec674cc
                                                      • Opcode Fuzzy Hash: bb55d3c25760e0320b4c92f21841f287c01ac31988aa5e77e6438427710fe636
                                                      • Instruction Fuzzy Hash: ADE03232A1CB8582C620AB05E84031BBBA0F789784F600524EACC46B68CF7DD6648B00

                                                      Non-executed Functions

                                                      Function 0000025741437CEB Relevance: 29.3, APIs: 2, Strings: 14, Instructions: 1339COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0000025741439311
                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00000257414393E6
                                                        • Part of subcall function 000002574140BA80: __std_exception_copy.LIBVCRUNTIME ref: 000002574140BAC3
                                                        • Part of subcall function 0000025741490E88: RtlPcToFileHeader.KERNEL32 ref: 0000025741490ED8
                                                        • Part of subcall function 0000025741490E88: RaiseException.KERNEL32 ref: 0000025741490F19
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Concurrency::cancel_current_task$ExceptionFileHeaderRaise__std_exception_copy
                                                      • String ID: "$#base$#include$*$/$No closed word$Unexpected eof$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
                                                      • API String ID: 145623376-3561477107
                                                      • Opcode ID: 9a2298355cdf98c0c19ce5257dcc77b7fb2469bb566b3b47b8d8a959356f52cd
                                                      • Instruction ID: f91ef93b8ea7749c889b052c633c11c0781661f51eb2a4d53cd8e2776241ea7d
                                                      • Opcode Fuzzy Hash: 9a2298355cdf98c0c19ce5257dcc77b7fb2469bb566b3b47b8d8a959356f52cd
                                                      • Instruction Fuzzy Hash: B3D28F72389EC986EB70AF29EC483EC63B1E7457D9F444211CA5D2BA99DF74C685C308
                                                      Function 00007FF75644FF2C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                      • API String ID: 808467561-2761157908
                                                      • Opcode ID: f599b05029d98f237293d086c6c8cbc83094781c7e8eddfec9504f7173d138ad
                                                      • Instruction ID: 54bf55e83568fa2fa58ca0f46ab77a1bf54179ef5618c1f0a0264297fc2452c5
                                                      • Opcode Fuzzy Hash: f599b05029d98f237293d086c6c8cbc83094781c7e8eddfec9504f7173d138ad
                                                      • Instruction Fuzzy Hash: 9FB2E876E182828BE765DF64D8407FEB7A1FB64B44F885135DE0D57A88DB38AB00CB50
                                                      Function 000002574146A780 Relevance: 16.6, APIs: 8, Strings: 1, Instructions: 839stringCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: lstrcatlstrcpy$Object$AcquireAllocateInitializeLockMemoryUninitializeVirtual
                                                      • String ID: 0
                                                      • API String ID: 3636535045-4108050209
                                                      • Opcode ID: ddf47bfd185a9b812a7d6d648a0717e0b54138d9b1669b27fbe14ef61e0f60d0
                                                      • Instruction ID: 317499bfc6c010b16279b080fb6de249b3a06872f326dc7d5766a32c06757bd7
                                                      • Opcode Fuzzy Hash: ddf47bfd185a9b812a7d6d648a0717e0b54138d9b1669b27fbe14ef61e0f60d0
                                                      • Instruction Fuzzy Hash: B3B2893662AF948AD7818F69F88165EB3B5F788B88B106215FECD57F18EB38C154C740
                                                      Function 00007FF756432B97 Relevance: 12.0, Strings: 9, Instructions: 793COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                      • API String ID: 0-2665694366
                                                      • Opcode ID: 8dab440fc9059f63e4ec5b970c608ca424db9a839ae67d8aedf904f713204985
                                                      • Instruction ID: 9112f7880c00ea79e4868bc0730455488186e2a6605912d3facc1c7b3188da4e
                                                      • Opcode Fuzzy Hash: 8dab440fc9059f63e4ec5b970c608ca424db9a839ae67d8aedf904f713204985
                                                      • Instruction Fuzzy Hash: B462F832B046A987E7A49F15D998F7F77A9EB44380F494139EA4A437C0DB3CDA84CB50
                                                      Function 00007FF75644CE44 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
                                                      • String ID: utf8
                                                      • API String ID: 3069159798-905460609
                                                      • Opcode ID: f952dde8d3cd7788e963193f5ea5aa1e92811ebc708004aabb464cf43692a041
                                                      • Instruction ID: 0827787063c45e6694934c9481faa190da133861ff23d622b699956195928136
                                                      • Opcode Fuzzy Hash: f952dde8d3cd7788e963193f5ea5aa1e92811ebc708004aabb464cf43692a041
                                                      • Instruction Fuzzy Hash: 0D917B32E0874286EB64BB21DC422BAA3A5EB45B86F8C4131DE4C47795EF3CE651C360
                                                      Function 00007FF75644D88C Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                      • String ID:
                                                      • API String ID: 2591520935-0
                                                      • Opcode ID: c4ae29048c0868d5221bcf0fbd91c5e5467cd0d186a5bb531500621032177dec
                                                      • Instruction ID: 0d451ed4075fbf3f91830aed44061661e64c02c42cf1a8f62c9626475cfc40a6
                                                      • Opcode Fuzzy Hash: c4ae29048c0868d5221bcf0fbd91c5e5467cd0d186a5bb531500621032177dec
                                                      • Instruction Fuzzy Hash: 07717962F186428AFF51BB60DC526BEA7A0BF48785F884035CA0D67795EF3CE645C320
                                                      Function 00007FF756441E68 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                      • String ID:
                                                      • API String ID: 1239891234-0
                                                      • Opcode ID: ce7e3796c7a5bb2387eca005e84a3121ab51e1fc44c73afe5079a6031630cece
                                                      • Instruction ID: b700bf3aac2845eada6fa0aae34508418884ddeaf799264bb4eca6e20cbb8748
                                                      • Opcode Fuzzy Hash: ce7e3796c7a5bb2387eca005e84a3121ab51e1fc44c73afe5079a6031630cece
                                                      • Instruction Fuzzy Hash: 23318236A18B8185D760DF25EC402BEB3A4FB84754F980136EA9D43B58EF38D655C710
                                                      Function 0000025741413A30 Relevance: 7.7, APIs: 1, Strings: 3, Instructions: 699COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Crypt$AlgorithmProvider$CloseGenerateOpenPropertySymmetric
                                                      • String ID: content$filename$ios_base::badbit set
                                                      • API String ID: 4024084497-879919306
                                                      • Opcode ID: 41fbaf792d795717714e91d8dde3fa3885405ae078dd94e1a7e96cd12b450092
                                                      • Instruction ID: 7b57cd35ae35e2f13cbba99464a573ed3eb55cc49781bfd0c112d7d2953972c3
                                                      • Opcode Fuzzy Hash: 41fbaf792d795717714e91d8dde3fa3885405ae078dd94e1a7e96cd12b450092
                                                      • Instruction Fuzzy Hash: 0882113215DFC585EAB19B18F8843DAB3A4F7C9381F505226EACD52B69EF78C194CB04
                                                      Function 00000257414198CD Relevance: 7.4, Strings: 5, Instructions: 1142COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: config$content$filename$status$users
                                                      • API String ID: 0-2677590375
                                                      • Opcode ID: f8b0f1709f333bd9866b3879c8fff69ecfcb3be96692accb681bc184fb3af1c9
                                                      • Instruction ID: 1ab78084c7123eea1ce3641ee22f58f44044053c78e5334d3fa81b489ec7a66e
                                                      • Opcode Fuzzy Hash: f8b0f1709f333bd9866b3879c8fff69ecfcb3be96692accb681bc184fb3af1c9
                                                      • Instruction Fuzzy Hash: 96C26C62695FC189DB30AF38EC883DD2371F785799F505212DA9D6BA9AEF34C684C304
                                                      Function 000002574149D804 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 000002574149D887
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: DebugDebuggerErrorLastOutputPresentString
                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                      • API String ID: 389471666-631824599
                                                      • Opcode ID: 9ee4415ca50324c33a3d5a57874f9cc99ad178eb9645fb895110d63af1d9e2c1
                                                      • Instruction ID: b8adb11ddfcb3b74cd240e784ea0a9b8a81759dae0e4262d9c406a8e18aa063a
                                                      • Opcode Fuzzy Hash: 9ee4415ca50324c33a3d5a57874f9cc99ad178eb9645fb895110d63af1d9e2c1
                                                      • Instruction Fuzzy Hash: B7119E32354F40A3F704EB2AFA483A932B4FB04346F448024D74996A91EF78D4B4C708
                                                      Function 00007FF7564230B0 Relevance: 7.0, Strings: 5, Instructions: 719COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0$0$d$d$d
                                                      • API String ID: 0-911316061
                                                      • Opcode ID: be84b10c0d2d45635747b94c10be12c5baf49aa36d94cf40a0aca8293bbb7e80
                                                      • Instruction ID: 575f67ca0420f065754e7ba6d1e8aff2ee384f61f116688c8432fe2aef4db66c
                                                      • Opcode Fuzzy Hash: be84b10c0d2d45635747b94c10be12c5baf49aa36d94cf40a0aca8293bbb7e80
                                                      • Instruction Fuzzy Hash: B27217766186818AE764CF19E4807ABF7A2F7C9744F544126EB8E83B98DB3DD841CF10
                                                      Function 000002574148F908 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                      • String ID:
                                                      • API String ID: 2933794660-0
                                                      • Opcode ID: 4ffc0ff1ccd2cf120a16052376350404e0c91ed7b37e0d63ec5629fc76b72274
                                                      • Instruction ID: 1d9ad15797d57a988251ea12a28aeda20aecbccf89f7f0e07b58144fd3ee6bb8
                                                      • Opcode Fuzzy Hash: 4ffc0ff1ccd2cf120a16052376350404e0c91ed7b37e0d63ec5629fc76b72274
                                                      • Instruction Fuzzy Hash: 78117026754F008AEB00DF64FC483A873B4F318759F441E21EA2D567A4DF78C1548744
                                                      Function 00007FF7564322E8 Relevance: 5.5, Strings: 4, Instructions: 453COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $header crc mismatch$unknown compression method$unknown header flags set
                                                      • API String ID: 0-4074041902
                                                      • Opcode ID: 5fd275a1f547e5e5e246a265f17631c6e5570a77d34065937c2ebc4c447087f8
                                                      • Instruction ID: 67e63298491471355cf6ffffbc7731468cf34eff38a00723570a0088a57cd312
                                                      • Opcode Fuzzy Hash: 5fd275a1f547e5e5e246a265f17631c6e5570a77d34065937c2ebc4c447087f8
                                                      • Instruction Fuzzy Hash: 7312A372B043D987E7A5AF19C888B3BBAA9FF44784F594534DA4947790CB38EA80C750
                                                      Function 00007FF75644FA90 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: memcpy_s
                                                      • String ID:
                                                      • API String ID: 1502251526-0
                                                      • Opcode ID: 57a8bb62846f71c15516153ffb7b4828fa003a6834a4406426bc392e6d140f03
                                                      • Instruction ID: c20ec2db94585584f5b00d2ac8dc8f67a884dc0000ce94c480d4fb05023b5f8c
                                                      • Opcode Fuzzy Hash: 57a8bb62846f71c15516153ffb7b4828fa003a6834a4406426bc392e6d140f03
                                                      • Instruction Fuzzy Hash: 65C12272B1868687E764DF1AA58466BF791F7C8B85F888135DF4A43784DB3CEA01CB00
                                                      Function 00007FF75644D308 Relevance: 4.7, APIs: 3, Instructions: 167COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: InfoLocale$ErrorLastValue_invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 1791019856-0
                                                      • Opcode ID: ffb303f14084d201689acfaa42d903f902045a7f0c7723b67fadfb05f0f86b60
                                                      • Instruction ID: 923c046591d107c7bb2df9d641010e0a850ddb0d4c4d26ef438e158e22eeac30
                                                      • Opcode Fuzzy Hash: ffb303f14084d201689acfaa42d903f902045a7f0c7723b67fadfb05f0f86b60
                                                      • Instruction Fuzzy Hash: 5D61C272E0854286EB34AF11E9522BEB3A1FB44786F884135CB9E87695DF3CF651C720
                                                      Function 00007FF7564227B0 Relevance: 4.2, Strings: 3, Instructions: 488COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0$0$d
                                                      • API String ID: 0-3608139397
                                                      • Opcode ID: 5c76ddb99ef15a809886bb458ee614dacd124281dc7315fd32f47024dea49008
                                                      • Instruction ID: 1a13df5896803dc41814808f01865d0afbd7404bb7977a07be684fd6d640e415
                                                      • Opcode Fuzzy Hash: 5c76ddb99ef15a809886bb458ee614dacd124281dc7315fd32f47024dea49008
                                                      • Instruction Fuzzy Hash: 2B32157261C6818BD760CF19E4807ABF7A2F7C9744F544126EA8A83BA8DB7DD581CF10
                                                      Function 00007FF75643A140 Relevance: 4.2, Strings: 3, Instructions: 407COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: invalid distance code$invalid distance too far back$invalid literal/length code
                                                      • API String ID: 0-3255898291
                                                      • Opcode ID: 7a605b2cea8ad5d7cbca8e7681ee519b81b1658c2b26500f27ae4b4ec54e850d
                                                      • Instruction ID: 4a7febf949ebf7219aa59eca2528b2d86b34d5b73d5095d870356a3ed66cd4ba
                                                      • Opcode Fuzzy Hash: 7a605b2cea8ad5d7cbca8e7681ee519b81b1658c2b26500f27ae4b4ec54e850d
                                                      • Instruction Fuzzy Hash: 41F14972B0C6D983DB589F15985867EBB92E7C57C4F588139EA8D03B88DE3CD984CB10
                                                      Function 00007FF756438C30 Relevance: 4.2, Strings: 3, Instructions: 407COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: invalid distance code$invalid distance too far back$invalid literal/length code
                                                      • API String ID: 0-3255898291
                                                      • Opcode ID: e5486bf6340005e40ec32ce1de8edf0dcb03f50dc41d0fbeeae64139bd64bd70
                                                      • Instruction ID: c097ef949944455f3481361e9d14d252520e93f0e64879819bbc784420f4f2f2
                                                      • Opcode Fuzzy Hash: e5486bf6340005e40ec32ce1de8edf0dcb03f50dc41d0fbeeae64139bd64bd70
                                                      • Instruction Fuzzy Hash: A1F11832B0C69987DB949F15985467EFBA2EBC57C4F588139EA8E03788DE3CDA44C710
                                                      Function 00007FF75643CA20 Relevance: 4.0, Strings: 3, Instructions: 252COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $0$@
                                                      • API String ID: 0-2347541974
                                                      • Opcode ID: eeca5f65d7def711a2938bc2b9d1f084d0224f6aa778e8f803134c364f27b88c
                                                      • Instruction ID: 4933d5ff8f3d5773f2284e90f6fba791959cf628fd47cf3ebea58ef808ba9089
                                                      • Opcode Fuzzy Hash: eeca5f65d7def711a2938bc2b9d1f084d0224f6aa778e8f803134c364f27b88c
                                                      • Instruction Fuzzy Hash: 17B18267D28FC641F6138B3954429B5F310AFFF3D0A64A327FEE475612AB68A7818314
                                                      Function 0000025741431AF0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 239COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: __std_exception_copy
                                                      • String ID: parse_error
                                                      • API String ID: 592178966-3903021949
                                                      • Opcode ID: b885a082d793ee80b873f81d266700831fac8e7b555c931ae118d27a38319675
                                                      • Instruction ID: 3a711b63aa2ed6ed5d922b1fa34fe82e0a20daf89808d7a468bc71d3f4cccca9
                                                      • Opcode Fuzzy Hash: b885a082d793ee80b873f81d266700831fac8e7b555c931ae118d27a38319675
                                                      • Instruction Fuzzy Hash: 2BA1C462B54F8489FB10EF79E8483AD6371E7897E9F105711EA5C26ADADF34C181C344
                                                      Function 00007FF7564491E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: InfoLocale
                                                      • String ID: GetLocaleInfoEx
                                                      • API String ID: 2299586839-2904428671
                                                      • Opcode ID: 9b4a3f26f7b91ef26a560136e31b55ba1280cb57d4f7cd41046f5acf592c097e
                                                      • Instruction ID: 72c62e1a9051d97433c0ba7a956e0bc79c148d333a762df6b4aa431ea07c6377
                                                      • Opcode Fuzzy Hash: 9b4a3f26f7b91ef26a560136e31b55ba1280cb57d4f7cd41046f5acf592c097e
                                                      • Instruction Fuzzy Hash: 2A018F21F08B8186EB44AB56B8414ABE760AF89BD1FAC8035DE4D03B55DE3CD641C390
                                                      Function 000002574145C8E0 Relevance: 3.4, APIs: 2, Instructions: 391COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExecuteFileModuleNameShell
                                                      • String ID:
                                                      • API String ID: 1703432166-0
                                                      • Opcode ID: a7338904e57405cb7424316b332a1e38ca99d4c22208ccb12818e04892214995
                                                      • Instruction ID: 105a3cf807e1f8e4f7ed2b3c15ddb1b9f687a2347fcc65ec263ff6b22504fb1f
                                                      • Opcode Fuzzy Hash: a7338904e57405cb7424316b332a1e38ca99d4c22208ccb12818e04892214995
                                                      • Instruction Fuzzy Hash: EB122872629FC48ADB808F29E88469EB3B5F788798F506215FEDD57B58EB78C150C700
                                                      Function 00007FF756448758 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: ExceptionRaise_clrfp
                                                      • String ID:
                                                      • API String ID: 15204871-0
                                                      • Opcode ID: a1839167aa180c42619ad643ddb8024cdd347c0831b0529f6c74a26638d682ba
                                                      • Instruction ID: 73cf2a541da016888a889c5b2292ab7c0657a560693f77f9f0046fd61d66f353
                                                      • Opcode Fuzzy Hash: a1839167aa180c42619ad643ddb8024cdd347c0831b0529f6c74a26638d682ba
                                                      • Instruction Fuzzy Hash: 45B17B73A04B898FEB55DF29C846369BBA0F784B89F588821DB5D837A4CB3AD451C710
                                                      Function 0000025741458B00 Relevance: 3.0, Strings: 2, Instructions: 529COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %$+
                                                      • API String ID: 0-2626897407
                                                      • Opcode ID: 2905ef894ddc9819a68913b84647b8305ba226602fcd5b943371844175bbe5ab
                                                      • Instruction ID: 1945db40e04c7284f83e8a28f106bb1ae64cebf92b7dda104a0c10dd898545da
                                                      • Opcode Fuzzy Hash: 2905ef894ddc9819a68913b84647b8305ba226602fcd5b943371844175bbe5ab
                                                      • Instruction Fuzzy Hash: DE226823798E808AFB11DBA9E8683ED63B1E754799F054611EF4927BC9DF38C445C348
                                                      Function 0000025741410A80 Relevance: 2.7, Strings: 2, Instructions: 226COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: dumps$emoji
                                                      • API String ID: 0-2873254224
                                                      • Opcode ID: 9c1d1d90ca4f88bc8268b0322e863aaa792dfa8aa99b6ae742cb4d4f1446b717
                                                      • Instruction ID: c6767a0afeac04c7919ed9ba264527a18a5fa7b748b54510104a3b484eeb965c
                                                      • Opcode Fuzzy Hash: 9c1d1d90ca4f88bc8268b0322e863aaa792dfa8aa99b6ae742cb4d4f1446b717
                                                      • Instruction Fuzzy Hash: CCB10B22968FC486E761CB29F88025AB7B4F799784F115315FBCD23B59DB38D291CB04
                                                      Function 00007FF756446CD8 Relevance: 2.6, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: e+000$gfff
                                                      • API String ID: 0-3030954782
                                                      • Opcode ID: eae3eaedb716b390790cfcc6eb53f328968db58e854ae428f084f307bb2cca52
                                                      • Instruction ID: a443b5fba692f2beb1e5cf1ab0e6717b0d13c8b1a324f412207405f9ce89e4b3
                                                      • Opcode Fuzzy Hash: eae3eaedb716b390790cfcc6eb53f328968db58e854ae428f084f307bb2cca52
                                                      • Instruction Fuzzy Hash: 9A5159A2F186C546E7249E35DC4276AEBD1E744B94F9C8231CB6C4BAC5CF3ED5848710
                                                      Function 0000025741440AC0 Relevance: 2.0, APIs: 1, Instructions: 470COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Concurrency::cancel_current_task
                                                      • String ID:
                                                      • API String ID: 118556049-0
                                                      • Opcode ID: 6605e0d46bb03ba56f522f97e79a71f05f38da00fcb732d196618f5e6b8406c8
                                                      • Instruction ID: 6769a47c0d2113cbe7471cbb72a1391e129669f7d4809f8a807b63af19394e7e
                                                      • Opcode Fuzzy Hash: 6605e0d46bb03ba56f522f97e79a71f05f38da00fcb732d196618f5e6b8406c8
                                                      • Instruction Fuzzy Hash: 4C02BD62799F8486EB10EFA9E84839E7371E348BD9F044222DE9C27799DF34D495C384
                                                      Function 00007FF756449CD8 Relevance: 1.9, APIs: 1, Instructions: 373COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Info
                                                      • String ID:
                                                      • API String ID: 1807457897-0
                                                      • Opcode ID: f303fb9edb89c9981dcaa8221041ff2017a834cce71cc05f93e29e86dd0c05cc
                                                      • Instruction ID: df3cfc485b718c1f862ed9a4550cadc51f68134dcca43b33ee02a9f086453eb1
                                                      • Opcode Fuzzy Hash: f303fb9edb89c9981dcaa8221041ff2017a834cce71cc05f93e29e86dd0c05cc
                                                      • Instruction Fuzzy Hash: 1C128F22E18BC186E751DF28D8452FEB3A4FB59748F899235EB8C42656DF39E2D4C310
                                                      Function 0000025741486A68 Relevance: 1.9, APIs: 1, Instructions: 373COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Info
                                                      • String ID:
                                                      • API String ID: 1807457897-0
                                                      • Opcode ID: 34bb98c3edea38196bc2890941daf16f7b3cf89dc383ed318ce956197c2a0362
                                                      • Instruction ID: 8618458851cdb9b888326f82e4a26ce9ae87740d1e2dbdb95ed68d7b03edebce
                                                      • Opcode Fuzzy Hash: 34bb98c3edea38196bc2890941daf16f7b3cf89dc383ed318ce956197c2a0362
                                                      • Instruction Fuzzy Hash: D112CC22A08BC486E791DF3CA8183ED73B4F759749F059226EF9893692EB34D1C5C704
                                                      Function 00007FF75644A448 Relevance: 1.8, APIs: 1, Instructions: 337COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f25a4eb04e97a1cbd05bf3468fe75687d39b44580424cbd94dd95bbadaa425fa
                                                      • Instruction ID: 088b75b8c55b3133e06eb39d2524f91e5873dedcd45d9fdd220884a7c4a0a17a
                                                      • Opcode Fuzzy Hash: f25a4eb04e97a1cbd05bf3468fe75687d39b44580424cbd94dd95bbadaa425fa
                                                      • Instruction Fuzzy Hash: 98E14F32A08B9186E720EB61E8512EFB7A4F755B88F844532DF8E53B56EF78D245C310
                                                      Function 000002574143BAB0 Relevance: 1.7, APIs: 1, Instructions: 221COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Concurrency::cancel_current_task
                                                      • String ID:
                                                      • API String ID: 118556049-0
                                                      • Opcode ID: 1fbfef3e63d2319619a5e63a60d6c4d77880160888e7311b6829c17497faaf30
                                                      • Instruction ID: 1119849049c7ac9fbd6008e1fc83b8233c6698ee9b70e4a0a666766650a9e4c9
                                                      • Opcode Fuzzy Hash: 1fbfef3e63d2319619a5e63a60d6c4d77880160888e7311b6829c17497faaf30
                                                      • Instruction Fuzzy Hash: 4EA19C22719F988AEB10CB69E8883AC77B0F359B89F544416DF8D63B99DB38C191C314
                                                      Function 000002574143B780 Relevance: 1.7, APIs: 1, Instructions: 220COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Concurrency::cancel_current_task
                                                      • String ID:
                                                      • API String ID: 118556049-0
                                                      • Opcode ID: a9167eaa65478a799c7f3ec9e29dde26aa86ec3791fbfc1cbc06c4d1a3e3b434
                                                      • Instruction ID: d3d99440b40bd4110538b2a9f1ac80a5882720e23d6788dacab2d5f67671bf6c
                                                      • Opcode Fuzzy Hash: a9167eaa65478a799c7f3ec9e29dde26aa86ec3791fbfc1cbc06c4d1a3e3b434
                                                      • Instruction Fuzzy Hash: 63A19B22719F988AEB00DBA9E8843AC77B0F759789F544516DF8D67B59DB38C091C308
                                                      Function 00007FF75644D550 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: ErrorLastValue$InfoLocale
                                                      • String ID:
                                                      • API String ID: 673564084-0
                                                      • Opcode ID: 1fc60497d60af84bc3a25616b2cbffb7f0d58d90d82e0e4919eba903a1a3e98e
                                                      • Instruction ID: 25b1206c5189286c9070214765656aa50daaadfaf8c6708e2c5bee58fa1be0c0
                                                      • Opcode Fuzzy Hash: 1fc60497d60af84bc3a25616b2cbffb7f0d58d90d82e0e4919eba903a1a3e98e
                                                      • Instruction Fuzzy Hash: 01318432E0868286EB24AF21E8523BFB3A1FB89745F885135DA4D83695DF3CE651C710
                                                      Function 00007FF75644D1A0 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00007FF756445CB8: GetLastError.KERNEL32 ref: 00007FF756445CC7
                                                        • Part of subcall function 00007FF756445CB8: FlsGetValue.KERNEL32 ref: 00007FF756445CDC
                                                        • Part of subcall function 00007FF756445CB8: SetLastError.KERNEL32 ref: 00007FF756445D67
                                                      • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF75644D98F,?,00000000,00000092,?,?,00000000,?,00007FF7564442C1), ref: 00007FF75644D23E
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$EnumLocalesSystemValue
                                                      • String ID:
                                                      • API String ID: 3029459697-0
                                                      • Opcode ID: 381a7898935054535fb9b37bad717d8d2f933d4e212882dca7d474c99c627ba2
                                                      • Instruction ID: bf4af0bcd35b666dfa2ec97f7db5130a53887b42f185618038da0ebcd0aa7890
                                                      • Opcode Fuzzy Hash: 381a7898935054535fb9b37bad717d8d2f933d4e212882dca7d474c99c627ba2
                                                      • Instruction Fuzzy Hash: 2D11E763E086458AEB15AF15E8812B9BBA0FB40FA1F884135DA59433C4DE38D7D1C750
                                                      Function 00007FF75644D758 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00007FF756445CB8: GetLastError.KERNEL32 ref: 00007FF756445CC7
                                                        • Part of subcall function 00007FF756445CB8: FlsGetValue.KERNEL32 ref: 00007FF756445CDC
                                                        • Part of subcall function 00007FF756445CB8: SetLastError.KERNEL32 ref: 00007FF756445D67
                                                      • GetLocaleInfoW.KERNEL32(?,?,?,00007FF75644D502), ref: 00007FF75644D78F
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$InfoLocaleValue
                                                      • String ID:
                                                      • API String ID: 3796814847-0
                                                      • Opcode ID: 453c54bd9860f3c2c2274d73c6c0209dd6e7591276c886d4b974ba9ca7b18a21
                                                      • Instruction ID: b63def10e2e3050018b589f6496b8d2a64e9192f3f1ab523e2dd2692cacfd6a6
                                                      • Opcode Fuzzy Hash: 453c54bd9860f3c2c2274d73c6c0209dd6e7591276c886d4b974ba9ca7b18a21
                                                      • Instruction Fuzzy Hash: 01115C32F1C65243E778B725E842A7FA260EB44765F9C4231D66E436C4EE29DA818310
                                                      Function 00007FF75644D270 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00007FF756445CB8: GetLastError.KERNEL32 ref: 00007FF756445CC7
                                                        • Part of subcall function 00007FF756445CB8: FlsGetValue.KERNEL32 ref: 00007FF756445CDC
                                                        • Part of subcall function 00007FF756445CB8: SetLastError.KERNEL32 ref: 00007FF756445D67
                                                      • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF75644D94B,?,00000000,00000092,?,?,00000000,?,00007FF7564442C1), ref: 00007FF75644D2EE
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$EnumLocalesSystemValue
                                                      • String ID:
                                                      • API String ID: 3029459697-0
                                                      • Opcode ID: a8334e6b54be681260e95f2da46ab40b3b68223c67b0e278abaffbc4ce1ac67b
                                                      • Instruction ID: 34e2d48c87db6e6bc49dbe7549f9bb9720d05d2cccc8461da46a7062bf8f7386
                                                      • Opcode Fuzzy Hash: a8334e6b54be681260e95f2da46ab40b3b68223c67b0e278abaffbc4ce1ac67b
                                                      • Instruction Fuzzy Hash: DD01F572F0828146EB146F55E8817FAB6A1FB407A6F888231C669472C4DF7CD680C710
                                                      Function 00007FF756448E4C Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF7564491AF,?,?,?,?,?,?,?,?,00000000,00007FF75644C7F0), ref: 00007FF756448E9B
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: EnumLocalesSystem
                                                      • String ID:
                                                      • API String ID: 2099609381-0
                                                      • Opcode ID: 22e6d56a2479983aa24c821f7915748be8a8f683883795b8a980db0dd1babcfa
                                                      • Instruction ID: 30a09925cf99fd1eec79976fa81496294bae7e7c6a6e9af05a25e6ef562be9c2
                                                      • Opcode Fuzzy Hash: 22e6d56a2479983aa24c821f7915748be8a8f683883795b8a980db0dd1babcfa
                                                      • Instruction Fuzzy Hash: D7F01D71A08B8183E704EB19ED911AAB372EB98B80F9C4035DA4D87765CF3CD5A0C310
                                                      Function 000002574147DAE0 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: EnumLocalesSystem
                                                      • String ID:
                                                      • API String ID: 2099609381-0
                                                      • Opcode ID: 17140df511fe09419b9fc83be2d2c34c2fb9fdba42dd4bc62a26aeb66c77a399
                                                      • Instruction ID: 4a8865c9ce270a40a8dac227f8fa4e96a9d677cd819da2fbae9ba07a1c89e56a
                                                      • Opcode Fuzzy Hash: 17140df511fe09419b9fc83be2d2c34c2fb9fdba42dd4bc62a26aeb66c77a399
                                                      • Instruction Fuzzy Hash: B7F06875748F4083E744EB1AFC94295B371F7987C1F255025EA5993369CE3CC551C708
                                                      Function 00007FF756446844 Relevance: 1.5, Strings: 1, Instructions: 254COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: gfffffff
                                                      • API String ID: 0-1523873471
                                                      • Opcode ID: 7f8d784388c29e50a9ea76849624ee7fdd6d3f0132adaebc282318182cf08c6d
                                                      • Instruction ID: 5982858acc5a68dc5ab10cd2840aa5fe99d66918af16a87ba696533ebdc20330
                                                      • Opcode Fuzzy Hash: 7f8d784388c29e50a9ea76849624ee7fdd6d3f0132adaebc282318182cf08c6d
                                                      • Instruction Fuzzy Hash: 76A17762F087D686EB21DF25A8017ABBB94EB51B84F488032DF8D47785DE3DE645C310
                                                      Function 00007FF7564402A8 Relevance: 1.5, Strings: 1, Instructions: 247COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID: 0-3916222277
                                                      • Opcode ID: d37ea77a3cce38cd321032bb1ff835da33d935561b5e8104ad0e6f6f8b8a62f8
                                                      • Instruction ID: e61d4326a3346df44deb509f1f65b72acbdb9c8e7ee414ba5a30e5210b89bdb0
                                                      • Opcode Fuzzy Hash: d37ea77a3cce38cd321032bb1ff835da33d935561b5e8104ad0e6f6f8b8a62f8
                                                      • Instruction Fuzzy Hash: A3B1BE72D087458AE764EF28C85227EBBA0E745F49FA80135CB4E47395CF39D661C724
                                                      Function 00007FF75645209C Relevance: 1.4, APIs: 1, Instructions: 145COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLastError.KERNEL32 ref: 00007FF756452141
                                                        • Part of subcall function 00007FF756445798: HeapAlloc.KERNEL32(?,?,00000000,00007FF756445E92,?,?,?,00007FF756445929,?,?,?,?,00007FF75644650C,?,?,00000028), ref: 00007FF7564457ED
                                                        • Part of subcall function 00007FF756445810: RtlFreeHeap.NTDLL(?,?,00007FF756445929,00007FF75644ACD6,?,?,?,00007FF75644B053,?,?,00000000,00007FF75644B9B9,?,?,?,00007FF75644B8EB), ref: 00007FF756445826
                                                        • Part of subcall function 00007FF756445810: GetLastError.KERNEL32(?,?,00007FF756445929,00007FF75644ACD6,?,?,?,00007FF75644B053,?,?,00000000,00007FF75644B9B9,?,?,?,00007FF75644B8EB), ref: 00007FF756445830
                                                        • Part of subcall function 00007FF756454700: _invalid_parameter_noinfo.LIBCMT ref: 00007FF756454733
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: ErrorHeapLast$AllocFree_invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 916656526-0
                                                      • Opcode ID: 053a47b18b98772e483d4cb8cedf15fedaac31aca4fa50d076ed251903ccc722
                                                      • Instruction ID: 728ba1b14ec60c1a215c2f673a3c5af3f28efcc58d6c99b5382292aab6e68dc3
                                                      • Opcode Fuzzy Hash: 053a47b18b98772e483d4cb8cedf15fedaac31aca4fa50d076ed251903ccc722
                                                      • Instruction Fuzzy Hash: FF41C321F1964342FA307A226C517BBE690AFA57C0FC85536EE4D47B89EE3DE6018620
                                                      Function 00007FF7564166E0 Relevance: 1.0, Instructions: 996COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9a24e7cebadb25e1a1071a985e3153bb70c692dd492349961dac4431c1ac8243
                                                      • Instruction ID: 161e07e5f089ff6a964711fca9ff3358ee0c017a6b00b8a63cfa7641c21e6a0c
                                                      • Opcode Fuzzy Hash: 9a24e7cebadb25e1a1071a985e3153bb70c692dd492349961dac4431c1ac8243
                                                      • Instruction Fuzzy Hash: C1A26BF6304A4087DB08CA9DE0A572AF766E3C8B90F44513AE75B877A8DE7CD855CB04
                                                      Function 00007FF756416730 Relevance: .9, Instructions: 934COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3cca1694c4598a210c22f8f475ca8cb19f43e7237f1ec9f88dcea8dcebb1f8f2
                                                      • Instruction ID: 043d1bd3dcbeca4356ade009636ecdf095cfafa45db118e47c457106ffa0812d
                                                      • Opcode Fuzzy Hash: 3cca1694c4598a210c22f8f475ca8cb19f43e7237f1ec9f88dcea8dcebb1f8f2
                                                      • Instruction Fuzzy Hash: 63926AF5304A4087DB08CA9DE0A572AB766E3C8B90F44513AE75B877E8DE7CD895CB04
                                                      Function 00007FF7564423EC Relevance: .5, Instructions: 535COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 84c0cb83c689dd070a6176691960342bf1b6f8408e44a1f4b5d5845a74465e3e
                                                      • Instruction ID: 2e0c7197d27c00c4391e2fceb621181a8efe98ebfaec4c266672a5810f9da1cf
                                                      • Opcode Fuzzy Hash: 84c0cb83c689dd070a6176691960342bf1b6f8408e44a1f4b5d5845a74465e3e
                                                      • Instruction Fuzzy Hash: 5242AB21D7DE4686E663AF35EC52937E724BF523C5F848333E80E36555EF6CA6428220
                                                      Function 00007FF7564381D0 Relevance: .5, Instructions: 490COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0cbc041faab4c4b85c301c09ae377af77968fd4b1b396d05bf3904191bd81879
                                                      • Instruction ID: d0a5e677131f163c01c127908b9561db3c4b13a92d747ef5fe718d745acb8605
                                                      • Opcode Fuzzy Hash: 0cbc041faab4c4b85c301c09ae377af77968fd4b1b396d05bf3904191bd81879
                                                      • Instruction Fuzzy Hash: C112D1727101644BEA44EB2AE86C4BA37D2F79C78E7C56027FB894F349C62DA504D721
                                                      Function 00007FF756434C30 Relevance: .5, Instructions: 459COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b6634bdd44a1fa22541afa8fe710b752d6f9a0eae90cea3df49b852092a4059f
                                                      • Instruction ID: bf2971ab6bbbb35e479b352ac0b19f8e9d4fee1e3cb6c5a0d2e015607fde07b1
                                                      • Opcode Fuzzy Hash: b6634bdd44a1fa22541afa8fe710b752d6f9a0eae90cea3df49b852092a4059f
                                                      • Instruction Fuzzy Hash: C112C432B1829687D7289F26D9406BEB7A1FB457C5F840031EBC947784DB3DE6A09B60
                                                      Function 00007FF7564139E0 Relevance: .5, Instructions: 456COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 642dc4f14b60206c0f6215a59d388f5b7023f11b53123760bd48b8ccc2892c3b
                                                      • Instruction ID: a9d0df47433d729632484541a538db234b4f0fdc4cfdd1c4e966a2cb56abc5f8
                                                      • Opcode Fuzzy Hash: 642dc4f14b60206c0f6215a59d388f5b7023f11b53123760bd48b8ccc2892c3b
                                                      • Instruction Fuzzy Hash: 5D221B72A1C2818FD365DA29E45076BFBE2E7C9304F548139F69DC3A99DA3CE9008F54
                                                      Function 00007FF7564407B4 Relevance: .3, Instructions: 327COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ec41fcf7318b3fdb136675af6d95facf500f9601c2ec072af153a2977cac78c0
                                                      • Instruction ID: 5a56e39e39a960a9d953e8d362c0899b858101e953d6f064fb02ed8cae092d09
                                                      • Opcode Fuzzy Hash: ec41fcf7318b3fdb136675af6d95facf500f9601c2ec072af153a2977cac78c0
                                                      • Instruction Fuzzy Hash: 95D1E522E0864285FB68AF29895227FB7A0EF45F49F9C4135CE0D17695CF3DEA61C360
                                                      Function 0000025741455AB0 Relevance: .3, Instructions: 323COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 34fb1097c6f2363caac24c1e5b45ae24c1a6ca50cb597d280e611698873f3a91
                                                      • Instruction ID: 9b3668f0b8192ea3ab6c4dfb9da2d961eb15aff6ec2f399210e9e7cca2328ed0
                                                      • Opcode Fuzzy Hash: 34fb1097c6f2363caac24c1e5b45ae24c1a6ca50cb597d280e611698873f3a91
                                                      • Instruction Fuzzy Hash: E9C1D1B3A146948BE355CF2CD40195D7BA0F398B84F40A629EF56C3B01E778E9A5CF80
                                                      Function 00007FF756444110 Relevance: .3, Instructions: 309COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 4023145424-0
                                                      • Opcode ID: ccdc4cc223566a9e700b4a92f04d3f31291b7a6cb77f8d2068ca2b5d0f3811b7
                                                      • Instruction ID: c271928056e0a0bca11d4378c95650e56d8ac0840c2d6f9569faec22d19b85e9
                                                      • Opcode Fuzzy Hash: ccdc4cc223566a9e700b4a92f04d3f31291b7a6cb77f8d2068ca2b5d0f3811b7
                                                      • Instruction Fuzzy Hash: ADC1C726E0868245EB60EF629C127BBA7A0FB947C9FC84235DE4D47A94EF3CD645C310
                                                      Function 000002574147A924 Relevance: .3, Instructions: 309COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 4023145424-0
                                                      • Opcode ID: a2379e98abae736fe33e8b4f9fedcc0141c51f1be06055089ccb01d873b85599
                                                      • Instruction ID: d312cff8088a233e9c4238eb34719bd22accdf0b1e628452fb2f93e6bb2475fd
                                                      • Opcode Fuzzy Hash: a2379e98abae736fe33e8b4f9fedcc0141c51f1be06055089ccb01d873b85599
                                                      • Instruction Fuzzy Hash: FEC1086A348F8086EB60BB6AEC143AA27B1F7847CAF684015DE9D67BD4DF38C545C704
                                                      Function 00007FF75643C550 Relevance: .3, Instructions: 280COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 46f11c4fce7bcea95ba431acbf49a59f23e7ae597986c30c574894197be224cf
                                                      • Instruction ID: f1f84912f0fd2ff75228dceffdffdffe8e63d09e19cb80973890dc2344bacaf5
                                                      • Opcode Fuzzy Hash: 46f11c4fce7bcea95ba431acbf49a59f23e7ae597986c30c574894197be224cf
                                                      • Instruction Fuzzy Hash: 37B1A497E28FCA41F613973D5442576E311AFFB3D0A79E323FDE430A11AB54A6C58224
                                                      Function 00007FF75644C8B4 Relevance: .3, Instructions: 271COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$Value_invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 1500699246-0
                                                      • Opcode ID: 016909b738e5124339fad153d3415a28628c645a638055c2929be9a92ab91f6c
                                                      • Instruction ID: 9ccaa5e23981ea41f34e2808577eb130ad4d718c81b02fb7eea90d4dfbb25a21
                                                      • Opcode Fuzzy Hash: 016909b738e5124339fad153d3415a28628c645a638055c2929be9a92ab91f6c
                                                      • Instruction Fuzzy Hash: 7AB1A872E1878682EB64EF21D8126BBB351FB54B89F8C4131DA59836C9DF3CE641C760
                                                      Function 00007FF756463DA0 Relevance: .2, Instructions: 207COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: d98f4d47e0a857b1cf393355eb1c2583f24a2c3040599a4cd7810a84d3a9fbd0
                                                      • Instruction ID: a48f769a110d8c2dfa7a9faefbe5f7111e2cee795e5ae09b195e779f77930367
                                                      • Opcode Fuzzy Hash: d98f4d47e0a857b1cf393355eb1c2583f24a2c3040599a4cd7810a84d3a9fbd0
                                                      • Instruction Fuzzy Hash: E481D572A04A9186EB64EF25D88137E73A0FB44B98F888636EF1E57785CF38D651C350
                                                      Function 00007FF756439C10 Relevance: .2, Instructions: 204COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 976ad66ee5da2cf88b50c9bfd367b15b8b9c24bdb5795f368fa9833ed7feb0ee
                                                      • Instruction ID: 2928cbe91ec0ecee974360bc20f9e6e4a0449ff2a45677f72ecbc19031d19d47
                                                      • Opcode Fuzzy Hash: 976ad66ee5da2cf88b50c9bfd367b15b8b9c24bdb5795f368fa9833ed7feb0ee
                                                      • Instruction Fuzzy Hash: 2D715A61F387C547F716473CA8021B6D655AFE23C5F94E332F98836A96FB2C92828304
                                                      Function 00007FF756447358 Relevance: .2, Instructions: 198COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 47cc90599417af31cb42002b1ceffe57e88da7026f26894e3c97641a83985020
                                                      • Instruction ID: 57f414b37382f66f4861b5a934958ec4613cbc06067613d52d9ca5ce1540c06e
                                                      • Opcode Fuzzy Hash: 47cc90599417af31cb42002b1ceffe57e88da7026f26894e3c97641a83985020
                                                      • Instruction Fuzzy Hash: 98811372E0878186E774DB29988237BBA91FB857D4F984235DA8D07B89CF3DD601CB10
                                                      Function 00007FF756437F90 Relevance: .2, Instructions: 160COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e6fef933332038a432e0cbe0650c9c98f510f7709ea3c3125d6e13103ebde481
                                                      • Instruction ID: 66f54772f44f0a0cce6898f5f45fe558371406c4f474bc7b2dc8a1f440f7dd7c
                                                      • Opcode Fuzzy Hash: e6fef933332038a432e0cbe0650c9c98f510f7709ea3c3125d6e13103ebde481
                                                      • Instruction Fuzzy Hash: 6751D3B1F580E50BDFAC433DA835F79ADD59B82350B4DE039E191C9BDBE01E8242AB54
                                                      Function 000002574147F7E6 Relevance: .2, Instructions: 160COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: afd72482e03d17e0c267891211c2a08fffdf3b2de236a6c27577c882ac387638
                                                      • Instruction ID: ffbfe3d9718a4498a9ae2adddb1b223295281669fccc3796b8d8a629d7c83891
                                                      • Opcode Fuzzy Hash: afd72482e03d17e0c267891211c2a08fffdf3b2de236a6c27577c882ac387638
                                                      • Instruction Fuzzy Hash: 8F51387265CB8086EB74EB2DB848369BAA0F3467D4F144225DABA63BD9D73CC5008B14
                                                      Function 00007FF75643F7EC Relevance: .1, Instructions: 145COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                                                      • Instruction ID: bddff93895798ae2f994d8b674f26ba6501942e29c301b065662b1bb5cb18313
                                                      • Opcode Fuzzy Hash: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                                                      • Instruction Fuzzy Hash: FF51A636B18655C5E7A89F2AC45027AB7A0EB44F98FAC4131CE4D17794CF3AEA83C750
                                                      Function 00007FF75643FBF4 Relevance: .1, Instructions: 145COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                                                      • Instruction ID: 6d7e2d2034bfaaa23a485fb50217e9f73f29562907ac7714659b87abbc0cdc3e
                                                      • Opcode Fuzzy Hash: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                                                      • Instruction Fuzzy Hash: 4E51C672B18A5585E7A49B29C44433AB7A0FB45F98FAC4131CE4D477A4CF3AEA83C750
                                                      Function 00007FF75643F9F0 Relevance: .1, Instructions: 145COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
                                                      • Instruction ID: f55ce141d914aae6143592e32931702f21d562a44636843a7e3b7c9eb2553ad3
                                                      • Opcode Fuzzy Hash: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
                                                      • Instruction Fuzzy Hash: 6451D972B1865585E7A4AB29C45023EB7A0EB44F98FAC4131CE4C17794DF3AEE83C750
                                                      Function 000002574147579C Relevance: .1, Instructions: 145COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                                                      • Instruction ID: 74f3d2c5a42d9c60148aac22d0cadfb77e2ca52aec38310401b78f10b7a15621
                                                      • Opcode Fuzzy Hash: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                                                      • Instruction Fuzzy Hash: D951D172668E5086EB249F2DE85832C37B0E345F69F298115CE996F7A4CB32CC53C784
                                                      Function 00007FF7564528CC Relevance: .1, Instructions: 126COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 485612231-0
                                                      • Opcode ID: 252e97116b409d639cb7cf3346977e6c479a1c19db0d37f8eb51e4ebf816e3a9
                                                      • Instruction ID: 0dbf94fac640b68d4fd056ab9c1230c718babf1beece550fdef9024da0b85369
                                                      • Opcode Fuzzy Hash: 252e97116b409d639cb7cf3346977e6c479a1c19db0d37f8eb51e4ebf816e3a9
                                                      • Instruction Fuzzy Hash: 6941B032B14A5582EF18DF2AD96516AA3A2FB58FD0B8D9433DE0D87B58DF3DD6418300
                                                      Function 00007FF75643CFA0 Relevance: .1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e3993780a94f75fabcfaabf439322e03bb81cee0a4827234de154ef40bcba7dd
                                                      • Instruction ID: 9ce496e4d42fc4ecd0bffe7962153ce384791a3ad7a290ccfd9e250d75bfa9c8
                                                      • Opcode Fuzzy Hash: e3993780a94f75fabcfaabf439322e03bb81cee0a4827234de154ef40bcba7dd
                                                      • Instruction Fuzzy Hash: B031CD56D19BC945E602EB39AC42232E390BF9A790FE4D321EEF474555EF1CF2444714
                                                      Function 00007FF75643AF56 Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3e816ee9afbbd517afeac584de8933918a4fef5f7729cbd70fe33994d3c5995a
                                                      • Instruction ID: 2fa86ed1a07721dd0dcf3fe807388df18e06487fac30650a44189e44ca7dffc6
                                                      • Opcode Fuzzy Hash: 3e816ee9afbbd517afeac584de8933918a4fef5f7729cbd70fe33994d3c5995a
                                                      • Instruction Fuzzy Hash: CE219C97C1DBCD45E602AF3E9C82172E350BF9A790FA4E321EDF434411AF18B2944714
                                                      Function 00007FF75643CEB2 Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 93c464e3852cc5915b9151c8cba22a9675c3ba6e6f19de27809d4dbd020f5729
                                                      • Instruction ID: c7f75d17a904b6bcf5dbd9ed02b5b13e71179aa7fb6980d95d8785f560346b15
                                                      • Opcode Fuzzy Hash: 93c464e3852cc5915b9151c8cba22a9675c3ba6e6f19de27809d4dbd020f5729
                                                      • Instruction Fuzzy Hash: 7E118DC7C5AB5D05E603AF3F5CC2061E250AF6A5947B8E762EDF034121FB2572D94314
                                                      Function 00007FF756449AA0 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 31e39b6c27bf28f0e056e49cbc12428bf1b6f050c7fc376ff2e6193081efeec9
                                                      • Instruction ID: b60ff33a15b7e301f4808ec03717a0ad6de5d09b26cc6e89023ee1cf303dda49
                                                      • Opcode Fuzzy Hash: 31e39b6c27bf28f0e056e49cbc12428bf1b6f050c7fc376ff2e6193081efeec9
                                                      • Instruction Fuzzy Hash: 63F06871B186968BDB98DF28A823A2A77D1F718780F94853AD58DC3B08DF3D90908F14
                                                      Function 0000025741454A30 Relevance: 28.7, APIs: 19, Instructions: 177processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandle$Process32Token$InformationNextOpenProcess$ConvertCreateErrorFirstLastSnapshotStringToolhelp32
                                                      • String ID:
                                                      • API String ID: 3925315391-0
                                                      • Opcode ID: b7cdb7a7c6588e50aaab37c0fa57b8db1cd1071ffc72c1321cf755afb8342ce3
                                                      • Instruction ID: b575529d2629cfe6c7de2b83cb432fa7c170b8d33f7473f0044ed7a92be601b7
                                                      • Opcode Fuzzy Hash: b7cdb7a7c6588e50aaab37c0fa57b8db1cd1071ffc72c1321cf755afb8342ce3
                                                      • Instruction Fuzzy Hash: CD819132258F8082E751EF5AFC5836AB3B4F788B96F450015DE896BB58EF78C405CB04
                                                      Function 00007FF756404C00 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Yarn$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                      • String ID: bad locale name
                                                      • API String ID: 3904239083-1405518554
                                                      • Opcode ID: fdf93c7b3725d3de9480c70fc984c330f16ff8bafd09a5e6a50b7f6b76af3ea8
                                                      • Instruction ID: 3fa38170beae2c965788366fc0cccecc54f2c4dd23a65e122fa7d6ed11adeee5
                                                      • Opcode Fuzzy Hash: fdf93c7b3725d3de9480c70fc984c330f16ff8bafd09a5e6a50b7f6b76af3ea8
                                                      • Instruction Fuzzy Hash: CC114F61A4EB4682DE00F72AE89126F9360FFC7B84F941035EA8E1B76BCE2DD5518714
                                                      Function 0000025741469B70 Relevance: 13.6, APIs: 9, Instructions: 117COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Session$ListProcess$CurrentRegisterResourcesStart
                                                      • String ID:
                                                      • API String ID: 3299295986-0
                                                      • Opcode ID: 4ddc3a5b4f8c6342cd3dcf0c0e78daa6693b2bbe667ef408570da53bc05ca548
                                                      • Instruction ID: ad4c1e2291ab2165354f1a3c76a80c0617697c81d0f995110ba5a57ff597d94b
                                                      • Opcode Fuzzy Hash: 4ddc3a5b4f8c6342cd3dcf0c0e78daa6693b2bbe667ef408570da53bc05ca548
                                                      • Instruction Fuzzy Hash: 8A515072B58A508AFB10DFA9F85879D73B1F74874AF504129DE0A67B98DF38C806C744
                                                      Function 00007FF7564035B0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 181COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: HandleHeaderImageModule
                                                      • String ID: .data$.mrdata$ntdll.dll
                                                      • API String ID: 1307054163-825320017
                                                      • Opcode ID: 540e6d451a2b33d2f7aa5391ba2a9d0ff351769d0afe938c76c5a5a31751ba7e
                                                      • Instruction ID: dae3911b46d03da24273eb2928660a83e55db731a86f42e788993cfca29a8e8a
                                                      • Opcode Fuzzy Hash: 540e6d451a2b33d2f7aa5391ba2a9d0ff351769d0afe938c76c5a5a31751ba7e
                                                      • Instruction Fuzzy Hash: CBA14A32618B8686E7A0EB15E84036BFBA4F788794F944135EACD47BA8DF3CD544CB10
                                                      Function 00007FF756448EC8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF7564495D0,?,?,?,?,00007FF75644DBCD,?,?,?,?,00007FF75645B3F8), ref: 00007FF756449044
                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF7564495D0,?,?,?,?,00007FF75644DBCD,?,?,?,?,00007FF75645B3F8), ref: 00007FF756449050
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: AddressFreeLibraryProc
                                                      • String ID: api-ms-$ext-ms-
                                                      • API String ID: 3013587201-537541572
                                                      • Opcode ID: 88c23d9036aded5f7076838acfe0058b8650966d7edef86c05992df23181fc12
                                                      • Instruction ID: 69119591c53906b9b7a79a567868f540b727426fc034db52fc0da11b9981c1dd
                                                      • Opcode Fuzzy Hash: 88c23d9036aded5f7076838acfe0058b8650966d7edef86c05992df23181fc12
                                                      • Instruction Fuzzy Hash: F941F431F19A0286FA16AB16AC2157BA396BF45BE0F8C4135DD0D87784EF3CE645C320
                                                      Function 000002574147DB5C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AddressFreeLibraryProc
                                                      • String ID: api-ms-$ext-ms-
                                                      • API String ID: 3013587201-537541572
                                                      • Opcode ID: ca7c09baf792878f96d911292d21648074434898d998409f668d6f16be7d0add
                                                      • Instruction ID: d659d8a3dd5c729655cb69f50e1a345ffb96f533fb450c718b7d2f2a84edf412
                                                      • Opcode Fuzzy Hash: ca7c09baf792878f96d911292d21648074434898d998409f668d6f16be7d0add
                                                      • Instruction Fuzzy Hash: 314126213A9F1085FB16EB1ABC0876663F9B744BE2F4945269D2D7B788DE38C805C308
                                                      Function 00007FF75644146C Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID: f$p$p
                                                      • API String ID: 3215553584-1995029353
                                                      • Opcode ID: 35f128cec712ba658e9c7200868182dc03db665a37542de7a91c1d423a514665
                                                      • Instruction ID: a12c380de65df78317ef05bcde636c9db7245e7742e4e466be02e921c35a3ff3
                                                      • Opcode Fuzzy Hash: 35f128cec712ba658e9c7200868182dc03db665a37542de7a91c1d423a514665
                                                      • Instruction Fuzzy Hash: 59128231E0C18386FB24BA55E8566BBF6A1FB40752FCC4535D689476C4DF3CE6848B24
                                                      Function 00000257414738F0 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID: f$p$p
                                                      • API String ID: 3215553584-1995029353
                                                      • Opcode ID: eea83e675726579202ae46558f478e57f494447b85c4049c91ddb9471f815998
                                                      • Instruction ID: bfdc7e9512b80b56edf4f3544c9291e3de592247f48e0b589ebf4a35024cb614
                                                      • Opcode Fuzzy Hash: eea83e675726579202ae46558f478e57f494447b85c4049c91ddb9471f815998
                                                      • Instruction Fuzzy Hash: CE12E77264C94286FB60BB1DFA5C3B976B1F780B52FC84125E6F5676C4D738C8848B18
                                                      Function 00007FF7564535B8 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: 2111bb826fba5276a3a9dd84415bba117cbc3f7a0067bdd87d396387dbaf4657
                                                      • Instruction ID: d45028c38e2382b16ebd49e10ed1d3e371cf05dedd576630dfe68ad51fdf9774
                                                      • Opcode Fuzzy Hash: 2111bb826fba5276a3a9dd84415bba117cbc3f7a0067bdd87d396387dbaf4657
                                                      • Instruction Fuzzy Hash: 1AC1F562E0C78691E7267B15A8402BFFB91EBA0B80FDD4135ED4D03399EE7DE6458321
                                                      Function 00007FF75641EFC0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 241COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Fence64Read
                                                      • String ID: +$0123456789abcdefghijklmnopqrstuvwxyz$4$4$d
                                                      • API String ID: 3999070443-264949567
                                                      • Opcode ID: 1743ddae81d6ea49377a863fa6a1ec82f2316a6d258534a902e75a0a57e9bff6
                                                      • Instruction ID: 8bdd25240e45bfd738be9d843fccf83a4dd909261a2a2d8f3a9d2c03006b24a6
                                                      • Opcode Fuzzy Hash: 1743ddae81d6ea49377a863fa6a1ec82f2316a6d258534a902e75a0a57e9bff6
                                                      • Instruction Fuzzy Hash: B0C1CA7250DBC48ADBA1CB19F4803AAB7A0F399790F504125E6CE43B98DB7DD595CF10
                                                      Function 00007FF75645AF88 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF75645B18F,?,?,00000000,00007FF756457CE2,?,?,?,00007FF7564674ED), ref: 00007FF75645B00D
                                                      • GetLastError.KERNEL32(?,?,?,00007FF75645B18F,?,?,00000000,00007FF756457CE2,?,?,?,00007FF7564674ED), ref: 00007FF75645B01B
                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF75645B18F,?,?,00000000,00007FF756457CE2,?,?,?,00007FF7564674ED), ref: 00007FF75645B045
                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF75645B18F,?,?,00000000,00007FF756457CE2,?,?,?,00007FF7564674ED), ref: 00007FF75645B0B3
                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF75645B18F,?,?,00000000,00007FF756457CE2,?,?,?,00007FF7564674ED), ref: 00007FF75645B0BF
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                      • String ID: api-ms-
                                                      • API String ID: 2559590344-2084034818
                                                      • Opcode ID: 0d0ac073453aeb45f407a3059d888d0c76c4a1015270bd98423673d19d5896fd
                                                      • Instruction ID: 7d8b6ad61627192363fe9232ea1b403600e366a11f48616261fe3093c12700cd
                                                      • Opcode Fuzzy Hash: 0d0ac073453aeb45f407a3059d888d0c76c4a1015270bd98423673d19d5896fd
                                                      • Instruction Fuzzy Hash: 2431A621A1A64291EE12BB16AD10576E3D4FF5AFA0F8D4536DD2D07398DF3CE6458320
                                                      Function 00007FF756445CB8 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Value$ErrorLast
                                                      • String ID:
                                                      • API String ID: 2506987500-0
                                                      • Opcode ID: 0e9a261044974c98fe15c55c3d55f2b3032747381efac69e6f322ca96625eeb5
                                                      • Instruction ID: 5ca085258f2c1f432f8525e19fb7b55a5ad0de9ea93f58f5513880dad6e7f55b
                                                      • Opcode Fuzzy Hash: 0e9a261044974c98fe15c55c3d55f2b3032747381efac69e6f322ca96625eeb5
                                                      • Instruction Fuzzy Hash: 88212120E0D58242FE5C77219E5B17FE2865F487B2FDC4B34D83E066D5EE6CB6418620
                                                      Function 00007FF7564549EC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                      • String ID: CONOUT$
                                                      • API String ID: 3230265001-3130406586
                                                      • Opcode ID: 143c3a3f26d5e4478db14557210d9b5f5d56c35c52044c9f27410f3b50e0fd75
                                                      • Instruction ID: b1cde305bbd8fc9ed3140b535801e5e1668945078a96718e2771d32411e9a828
                                                      • Opcode Fuzzy Hash: 143c3a3f26d5e4478db14557210d9b5f5d56c35c52044c9f27410f3b50e0fd75
                                                      • Instruction Fuzzy Hash: 41118431B18B4186E7509B52EC5432AE7A0FB98FE4F880234DD5D87B94DF3CD9148754
                                                      Function 000002574148C8CC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                      • String ID: CONOUT$
                                                      • API String ID: 3230265001-3130406586
                                                      • Opcode ID: 53dac6272d403f79ff27e653aa55d51cb6535fcae6368453f164039c5e4e95e8
                                                      • Instruction ID: 81546dc73bbf9de6aa0efbfedce8f5d8c49080b357b9de05c84adad6b6ea5bd9
                                                      • Opcode Fuzzy Hash: 53dac6272d403f79ff27e653aa55d51cb6535fcae6368453f164039c5e4e95e8
                                                      • Instruction Fuzzy Hash: C611B231758F8086E750EF5AFC58369A2B4F388FE6F044224EA5D97B94CF38C8448748
                                                      Function 00007FF756428020 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 458COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: &$e$nan
                                                      • API String ID: 0-1192993855
                                                      • Opcode ID: 07c1dcf7fe85bbc1e067f6de4f926c6fb306207c60ad19f74a8bddca7f9c4e8f
                                                      • Instruction ID: 18f41c549501ffc87874c678e0d05017064d814450fe06b5a79e7668abf02533
                                                      • Opcode Fuzzy Hash: 07c1dcf7fe85bbc1e067f6de4f926c6fb306207c60ad19f74a8bddca7f9c4e8f
                                                      • Instruction Fuzzy Hash: 5D42D23260DAC589D6B1AB15E8903EFB7A5F788740F984126CACD83B99DF3CD644CB50
                                                      Function 00007FF756429120 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 457COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: &$e$nan
                                                      • API String ID: 0-1192993855
                                                      • Opcode ID: 7952403a15a35431d6767a2053f8123c38403e361d52805be08b9de745fd9cb8
                                                      • Instruction ID: 901b3ab4d269e7832e89c6ea1ac355881e6f394c5be128bd60307210f07fa7a6
                                                      • Opcode Fuzzy Hash: 7952403a15a35431d6767a2053f8123c38403e361d52805be08b9de745fd9cb8
                                                      • Instruction Fuzzy Hash: B842E33260CAC589D6B19B16E8903EFB7A5F789780F984126CACD83B59DF3CD644CB50
                                                      Function 00007FF756429C20 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 457COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: &$e$nan
                                                      • API String ID: 0-1192993855
                                                      • Opcode ID: 5bed7973e5487bab54717232cb26603583bcbfed259e19c44ec6817ed4f113ea
                                                      • Instruction ID: 22468072a1694254e9131b791b5000c39fc823d6c8afd8c97efffc39e07c8db9
                                                      • Opcode Fuzzy Hash: 5bed7973e5487bab54717232cb26603583bcbfed259e19c44ec6817ed4f113ea
                                                      • Instruction Fuzzy Hash: 9E42E23260CAC589D6B1DA15E8903EFB7A5F789780F944026DACD83B99DF3CD684CB50
                                                      Function 00007FF75645D26C Relevance: 9.2, APIs: 6, Instructions: 206COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: ByteCharMultiStringWide
                                                      • String ID:
                                                      • API String ID: 2829165498-0
                                                      • Opcode ID: 2b2fdd1503a79b380a1020f4e969409d4e922ebcf1c0befb99e6f4eb1a253c2d
                                                      • Instruction ID: 97356e07d03548cc69b81d45e308537ee034da0cef7093063a734b0567eb117b
                                                      • Opcode Fuzzy Hash: 2b2fdd1503a79b380a1020f4e969409d4e922ebcf1c0befb99e6f4eb1a253c2d
                                                      • Instruction Fuzzy Hash: F9819172A0878186EB209F25984026EA7E5FF547A8F984231EE5D47BD8DF3CD6448714
                                                      Function 0000025741470840 Relevance: 9.2, APIs: 6, Instructions: 157COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID:
                                                      • API String ID: 3215553584-0
                                                      • Opcode ID: 619b2885e3fd1682f6a864358b33df5452abb606e6c6f730ccce56a3fdc98189
                                                      • Instruction ID: b40d82a5ad57c6f72c58e81f99f46af15a4dd286d4769f630243dea2b5233d5d
                                                      • Opcode Fuzzy Hash: 619b2885e3fd1682f6a864358b33df5452abb606e6c6f730ccce56a3fdc98189
                                                      • Instruction Fuzzy Hash: 5051867218EF8485F792BF6CF8643AD37B1A757B45F498042C6E867386CA398446C70A
                                                      Function 00007FF756445E30 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLastError.KERNEL32(?,?,?,00007FF756445929,?,?,?,?,00007FF75644650C,?,?,00000028,00007FF756455573), ref: 00007FF756445E3F
                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF756445929,?,?,?,?,00007FF75644650C,?,?,00000028,00007FF756455573), ref: 00007FF756445E75
                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF756445929,?,?,?,?,00007FF75644650C,?,?,00000028,00007FF756455573), ref: 00007FF756445EA2
                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF756445929,?,?,?,?,00007FF75644650C,?,?,00000028,00007FF756455573), ref: 00007FF756445EB3
                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF756445929,?,?,?,?,00007FF75644650C,?,?,00000028,00007FF756455573), ref: 00007FF756445EC4
                                                      • SetLastError.KERNEL32(?,?,?,00007FF756445929,?,?,?,?,00007FF75644650C,?,?,00000028,00007FF756455573), ref: 00007FF756445EDF
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Value$ErrorLast
                                                      • String ID:
                                                      • API String ID: 2506987500-0
                                                      • Opcode ID: cf8115dcaa5ee2122fb104c4df6f54fc23ab72e4ca67caacefd1d5263795953b
                                                      • Instruction ID: 96078f38e08e17e320aa7aff2df47ba1941e7ccfab768af89a47472e598e1c22
                                                      • Opcode Fuzzy Hash: cf8115dcaa5ee2122fb104c4df6f54fc23ab72e4ca67caacefd1d5263795953b
                                                      • Instruction Fuzzy Hash: BE111230E0C68241FA5873229E9717FE2965F487B2FEC4734D93E466D5EE6CB6418320
                                                      Function 000002574140DCE0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 281COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: __std_exception_destroy$ApisFile__std_fs_code_page
                                                      • String ID: ", "$: "
                                                      • API String ID: 741338541-747220369
                                                      • Opcode ID: f498b8f5e8a97fd21941d0d66b2b90442ce225ea58df12b1bc0806c1167bf2bc
                                                      • Instruction ID: 0d6abb256ea01de3b5650fa82a728e5c4e3f3e4e2439ac2be0e9706b8aad685f
                                                      • Opcode Fuzzy Hash: f498b8f5e8a97fd21941d0d66b2b90442ce225ea58df12b1bc0806c1167bf2bc
                                                      • Instruction Fuzzy Hash: 32B1CF72758E8086EB00EF69E8483AD2371E749BC9F508521EF5D27B99DF38C595C388
                                                      Function 00007FF75641DB90 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 272COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Load_relaxed_4std::_
                                                      • String ID: %$e$o$u
                                                      • API String ID: 1853752696-1884988985
                                                      • Opcode ID: 5fa3bfed00eb7f098b7cf37669c34e1e722c137927b02883ea76b391b0f2ab52
                                                      • Instruction ID: 86e0b0eb4c440a8b84d1dda88cb7baba51fce2e5cbcc30bed604b47e6a3cba2e
                                                      • Opcode Fuzzy Hash: 5fa3bfed00eb7f098b7cf37669c34e1e722c137927b02883ea76b391b0f2ab52
                                                      • Instruction Fuzzy Hash: 5DE1E37260CBC589DA61DB15E8903EFB7A0F788784F944126EA8D83B69DF7CD544CB40
                                                      Function 00007FF756428B30 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 260COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Mpunct
                                                      • String ID: .$0$0
                                                      • API String ID: 4240859931-1691970187
                                                      • Opcode ID: e9687b47ea457237dee4bdc78be1e40fba84c5c64e038008681aa2fe3be40f6b
                                                      • Instruction ID: 62c295d0c01e55d5b0818067f05bac514d4da7ec86ca20b2ed126111a408464f
                                                      • Opcode Fuzzy Hash: e9687b47ea457237dee4bdc78be1e40fba84c5c64e038008681aa2fe3be40f6b
                                                      • Instruction Fuzzy Hash: D1D1D936209BC995DAA1DB1AE4903EEB761F7C8B84F948022DF8D43B69DF39C545CB10
                                                      Function 00007FF756402020 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 224COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • allocator.LIBCONCRTD ref: 00007FF7564023D2
                                                        • Part of subcall function 00007FF7564066C0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF7564066DD
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Concurrency::details::EmptyQueue::StructuredWorkallocator
                                                      • String ID: eax$ebx$rax$rbx
                                                      • API String ID: 1755220593-2388916327
                                                      • Opcode ID: c01962a9961ff03dcf299c024bebee3a4452aa249518325b59cd457b6bb118a3
                                                      • Instruction ID: 805eb628463b0e6584cbb41be2a6c4eb9e0bb3aa19f615d1fbabec9de568bb60
                                                      • Opcode Fuzzy Hash: c01962a9961ff03dcf299c024bebee3a4452aa249518325b59cd457b6bb118a3
                                                      • Instruction Fuzzy Hash: CAD13223918BD189E331DF389C413EA77B0FBA9748F446225EAC85BA5ADF789344C351
                                                      Function 00007FF75641B1E0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 195COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Fence64Read
                                                      • String ID: inf$nan$nan(ind)$nan(snan)
                                                      • API String ID: 3999070443-3276396208
                                                      • Opcode ID: e246f93cfd8b01a24d44e219b48bef0b546a2f143c45bedcdc11885149c42856
                                                      • Instruction ID: 0177743eb34d9bc099c61560036e10ab27c5d6491b315345e66109b945ab6caf
                                                      • Opcode Fuzzy Hash: e246f93cfd8b01a24d44e219b48bef0b546a2f143c45bedcdc11885149c42856
                                                      • Instruction Fuzzy Hash: B7A1096660DBC4C5EAB0DB15E8903ABA7A0F7C8790F944136EA8E43B98DF3CD544CB50
                                                      Function 00007FF75641D630 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 187COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Fence64Read
                                                      • String ID: 0123456789abcdefghijklmnopqrstuvwxyz$0p+0$1$4
                                                      • API String ID: 3999070443-1197085086
                                                      • Opcode ID: 22605e3e1ccf5c9f3454907df50a8bf921d3aa5bdd4aa9ee1894e77eaf097de2
                                                      • Instruction ID: 36f67b05b7556091bec6f81049eaa138618a68e0d44cb43b2d4a70eada2614f2
                                                      • Opcode Fuzzy Hash: 22605e3e1ccf5c9f3454907df50a8bf921d3aa5bdd4aa9ee1894e77eaf097de2
                                                      • Instruction Fuzzy Hash: E3A1A27660DBC485DBA0DB09F8903AAB7A5F388B90F548125EACD47BA8CF7CD544CB11
                                                      Function 00007FF75641AE00 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 183COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Load_relaxed_4std::_
                                                      • String ID: inf$nan$nan(ind)$nan(snan)
                                                      • API String ID: 1853752696-3276396208
                                                      • Opcode ID: 464d97ded6cad5ea3cc5b8df829cfb978308b82cca82f5cc6969c81aa40300fb
                                                      • Instruction ID: b855e5dc1358d0bc3da4b1171da7d976b6bd814a869f48ed54110e7e99d50481
                                                      • Opcode Fuzzy Hash: 464d97ded6cad5ea3cc5b8df829cfb978308b82cca82f5cc6969c81aa40300fb
                                                      • Instruction Fuzzy Hash: 2CA1C57660DBC586EBB0DB15E8807ABB7A0F789780F944126EA8D43B98DF3CD544CB50
                                                      Function 00007FF75641AAC0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 156COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Fence64Read
                                                      • String ID: inf$nan$nan(ind)$nan(snan)
                                                      • API String ID: 3999070443-3276396208
                                                      • Opcode ID: d5b88743fa5b3b07afb4db1eeea1c002ad18bbf23253e37765dc3445f34048a6
                                                      • Instruction ID: c2dc39e2e64201fff8b02b23eee1d737b498261a214e264be16cdefb37931b0d
                                                      • Opcode Fuzzy Hash: d5b88743fa5b3b07afb4db1eeea1c002ad18bbf23253e37765dc3445f34048a6
                                                      • Instruction Fuzzy Hash: 64814C6260CBC485DAA0DB15E8503ABB7A1FBC9790FA44136EACE43B98DF3CD144CB51
                                                      Function 00007FF75641A7D0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 144COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Load_relaxed_4std::_
                                                      • String ID: inf$nan$nan(ind)$nan(snan)
                                                      • API String ID: 1853752696-3276396208
                                                      • Opcode ID: 72cc235c785df8f3571cec6a84209a645bb403642a45b9f3071a678ad278a7e8
                                                      • Instruction ID: f7a06f3c1244afc798cab9b409292cfe842c61d13dfc9ab0ea5d72d59ba5c9ae
                                                      • Opcode Fuzzy Hash: 72cc235c785df8f3571cec6a84209a645bb403642a45b9f3071a678ad278a7e8
                                                      • Instruction Fuzzy Hash: B871F97261CBC589DB60DB15E8903ABB7A0FB85780F945026EACD43BA8DF3CD584CB51
                                                      Function 00007FF75641A4E0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 141COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Fence64Read
                                                      • String ID: inf$nan$nan(ind)$nan(snan)
                                                      • API String ID: 3999070443-3276396208
                                                      • Opcode ID: 70d59d2c9d76d07b0f33b11adfc2aa066c03e6bbcb9822e25dfa6d8139c5e202
                                                      • Instruction ID: e0105627bb5aed74577d57b80dc39a4629fde789b8f4cb37e3c2edbf91061dea
                                                      • Opcode Fuzzy Hash: 70d59d2c9d76d07b0f33b11adfc2aa066c03e6bbcb9822e25dfa6d8139c5e202
                                                      • Instruction Fuzzy Hash: 3F71296260CBC885DA60DB16F85036BB7A0F789790FA44136EADD47B99DF3CD184CB50
                                                      Function 00007FF75641A250 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 129COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Load_relaxed_4std::_
                                                      • String ID: inf$nan$nan(ind)$nan(snan)
                                                      • API String ID: 1853752696-3276396208
                                                      • Opcode ID: d5adf79395b74f9d5280ca903bbc3249ff26270c4855bacc272925e682a68ccf
                                                      • Instruction ID: a6af2b836df9f1f756474ad7cf52c7c92d2de4badb9f616d9228096c75d2687e
                                                      • Opcode Fuzzy Hash: d5adf79395b74f9d5280ca903bbc3249ff26270c4855bacc272925e682a68ccf
                                                      • Instruction Fuzzy Hash: 1961F47260CBC589DA609B15E8803ABF7A0F785784FA44026EACD87B69DF3CD585CB50
                                                      Function 00007FF7564275D0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 100COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Fac_nodeFac_node::_allocatorstd::_
                                                      • String ID: Invalid format string.$^$invalid fill character '{'
                                                      • API String ID: 598859312-3800272876
                                                      • Opcode ID: ad42ce789a6cde225e893fa38872b060042fd1935f330b2a9c7aacee0af1ed30
                                                      • Instruction ID: a1fde321def2d54dad6e170f5bb84003ef23d5d56612d5c8db8454ce9130c168
                                                      • Opcode Fuzzy Hash: ad42ce789a6cde225e893fa38872b060042fd1935f330b2a9c7aacee0af1ed30
                                                      • Instruction Fuzzy Hash: AB41412250DBC189D670AB25E88036BE7A1F7C9794FA81535E6CD43BAADF3CD6448B10
                                                      Function 00007FF75644DE14 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                      • String ID: CorExitProcess$mscoree.dll
                                                      • API String ID: 4061214504-1276376045
                                                      • Opcode ID: b098b623c8c7801e5285911e96efcdbd3b420d839b436883500a26a7c39cdebe
                                                      • Instruction ID: 992f70196928b226e6d67a194485ad0e51fbcb6dc4f379b5b4d86e1deea0d13c
                                                      • Opcode Fuzzy Hash: b098b623c8c7801e5285911e96efcdbd3b420d839b436883500a26a7c39cdebe
                                                      • Instruction Fuzzy Hash: F9F0C2A1B08B0281FB10AB24EC8537BE360AF94BA1FD80635C56E455E4CF3CD248C320
                                                      Function 00007FF75644843C Relevance: 7.7, APIs: 5, Instructions: 196COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: _set_statfp
                                                      • String ID:
                                                      • API String ID: 1156100317-0
                                                      • Opcode ID: 7ad41c2085167253e11841c847abdc28045ab084f43f852668cbe7a267bd0bec
                                                      • Instruction ID: cf13d1e7524ca283c7fbc35d96a6328aa7ef61e2c1f44df17736009fd1dc31b7
                                                      • Opcode Fuzzy Hash: 7ad41c2085167253e11841c847abdc28045ab084f43f852668cbe7a267bd0bec
                                                      • Instruction Fuzzy Hash: 93814712D1CA468DF2F2BB34AC5237BE2A0EF55395F9C5231E94E26594DF3CE7818620
                                                      Function 00007FF756449894 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: _set_statfp
                                                      • String ID:
                                                      • API String ID: 1156100317-0
                                                      • Opcode ID: e65ba792651367d839098e214d5891407b2dde01c0b567b7a4e043ebbfca8b6f
                                                      • Instruction ID: 71c05f62f0ad3f99e12f4656951ae98cc4c7d0be135ee66e75d7666079f57d83
                                                      • Opcode Fuzzy Hash: e65ba792651367d839098e214d5891407b2dde01c0b567b7a4e043ebbfca8b6f
                                                      • Instruction Fuzzy Hash: 91119472E18A0349F6943128DC5737F93417F94376FDC0635E66E067EA8E1CAB41A120
                                                      Function 00007FF756445EF8 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF756441DF7,?,?,00000000,00007FF756442092,?,?,?,?,?,00007FF75644201E), ref: 00007FF756445F17
                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF756441DF7,?,?,00000000,00007FF756442092,?,?,?,?,?,00007FF75644201E), ref: 00007FF756445F36
                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF756441DF7,?,?,00000000,00007FF756442092,?,?,?,?,?,00007FF75644201E), ref: 00007FF756445F5E
                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF756441DF7,?,?,00000000,00007FF756442092,?,?,?,?,?,00007FF75644201E), ref: 00007FF756445F6F
                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF756441DF7,?,?,00000000,00007FF756442092,?,?,?,?,?,00007FF75644201E), ref: 00007FF756445F80
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Value
                                                      • String ID:
                                                      • API String ID: 3702945584-0
                                                      • Opcode ID: 599f45f996d19451c8b2a229de22a9c688dca7130503bd761d5e478bd2defdca
                                                      • Instruction ID: f2250c142104268b830bdbf08dc98aea3fc015b8aceefd5302b74d9b29805992
                                                      • Opcode Fuzzy Hash: 599f45f996d19451c8b2a229de22a9c688dca7130503bd761d5e478bd2defdca
                                                      • Instruction Fuzzy Hash: AF113D20E0D68242FE5C7722AD5717BE2869F487B2FDC4734E82D466D5EE6CB6418221
                                                      Function 00007FF756445D8C Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Value
                                                      • String ID:
                                                      • API String ID: 3702945584-0
                                                      • Opcode ID: b77b770852fc01411a0c66b1882f58713974e64d821ee1e4b1b057d686c5eaee
                                                      • Instruction ID: d35754564f1336df3c8df76c1a2d15bc86e3057d75f96ef71630d82537383086
                                                      • Opcode Fuzzy Hash: b77b770852fc01411a0c66b1882f58713974e64d821ee1e4b1b057d686c5eaee
                                                      • Instruction Fuzzy Hash: 2B11EC20E0928341FE5C77269C971BBE2864F49372FDC5B34D93E0A2C2ED6CB6519230
                                                      Function 00007FF75640AFD0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 407COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Mpunct$std::ios_base::width
                                                      • String ID: @
                                                      • API String ID: 1355946870-2766056989
                                                      • Opcode ID: 23e837240074d2248eaa6e84e28edfd629583ca9120122449e8306abbf3755b7
                                                      • Instruction ID: 9c06cd088347edf3c5d65dd7350d36f67fa618da5734f0894faeae9b6f5c0bdf
                                                      • Opcode Fuzzy Hash: 23e837240074d2248eaa6e84e28edfd629583ca9120122449e8306abbf3755b7
                                                      • Instruction Fuzzy Hash: 2512283260DAC985DAB0AB15E8943EFA7A1F7C8790F844136DACD47B69DE7CC645CB00
                                                      Function 0000025741429990 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 237COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: std::_$GetcollLocinfo::_Locinfo_ctorLockitLockit::_
                                                      • String ID: bad locale name
                                                      • API String ID: 1287851536-1405518554
                                                      • Opcode ID: 21633944dd2c6dfadbdf1e8318949ade1173bd104d2b491eb5dcde31cda3e0aa
                                                      • Instruction ID: 7ba70ed958a5aca01c099baca6f2508cfa275fdc7a7caab0e5f6d41424e0d272
                                                      • Opcode Fuzzy Hash: 21633944dd2c6dfadbdf1e8318949ade1173bd104d2b491eb5dcde31cda3e0aa
                                                      • Instruction Fuzzy Hash: E191AD72745F808AEF14EFB9F89839C3371EB44B99F444165DB5D27A8ADE34C4918348
                                                      Function 00007FF75641E280 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 231COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Load_relaxed_4std::_
                                                      • String ID: +$0123456789abcdefghijklmnopqrstuvwxyz$d
                                                      • API String ID: 1853752696-121654361
                                                      • Opcode ID: 114d9d9c213bd84ef5e71c4c351011e52d5e67b59f85d736c31e102dd82b51f1
                                                      • Instruction ID: 94c9daaa862797549cc982356899074bf1fdcc6b7203f3d9ab8d4b2d605b4819
                                                      • Opcode Fuzzy Hash: 114d9d9c213bd84ef5e71c4c351011e52d5e67b59f85d736c31e102dd82b51f1
                                                      • Instruction Fuzzy Hash: 33C1EF7661C6C58AD7A0DB59E4807AABBA0F388740F50812AE7CE83B98DB7CD444CF50
                                                      Function 00007FF75641D260 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 186COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Load_relaxed_4std::_
                                                      • String ID: 0123456789abcdefghijklmnopqrstuvwxyz$0p+0$1
                                                      • API String ID: 1853752696-64391948
                                                      • Opcode ID: 87ffbadd58718491a0f75fa8edb27ea73874d19d2365bb681a35b88d33976b5c
                                                      • Instruction ID: 5917caf96ff7808b5831d6fd05f9e9c600bef62660253481956dc55cc0d13e82
                                                      • Opcode Fuzzy Hash: 87ffbadd58718491a0f75fa8edb27ea73874d19d2365bb681a35b88d33976b5c
                                                      • Instruction Fuzzy Hash: DDA1927661CBC889D7A0DF19E4803AAB7A0F789B84F549025EACE47B58CF7CD544CB11
                                                      Function 000002574140CA60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: std::_$GetctypeLocinfo::_Locinfo_ctorLockitLockit::_
                                                      • String ID: bad locale name
                                                      • API String ID: 1612978173-1405518554
                                                      • Opcode ID: 461f5172515d6199666a23d78f3aff95217434da73e3bc5dd098c4cb94a6e218
                                                      • Instruction ID: bbbef62bb2d8f2570efce2a74e113e4fc478625ffa96fa81ce4e0ec30b96fdac
                                                      • Opcode Fuzzy Hash: 461f5172515d6199666a23d78f3aff95217434da73e3bc5dd098c4cb94a6e218
                                                      • Instruction Fuzzy Hash: 7051373274AF40CAEB10EFB9F8983AD33B5EB44749F444425DA8936A99DF34C525D348
                                                      Function 00007FF756405820 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • std::make_error_code.LIBCPMTD ref: 00007FF7564058D8
                                                        • Part of subcall function 00007FF7564577D4: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF75645651B), ref: 00007FF756457824
                                                        • Part of subcall function 00007FF7564577D4: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF75645651B), ref: 00007FF756457865
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFileHeaderRaisestd::make_error_code
                                                      • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                      • API String ID: 504923140-1866435925
                                                      • Opcode ID: 37625c85163a6a2edd9043ea699a6532f1f35351b076ec396d6e3d08002ad281
                                                      • Instruction ID: 154502cc3326339d6f01cd3884bf778396707e17bd2800abf6b95bb6b1735931
                                                      • Opcode Fuzzy Hash: 37625c85163a6a2edd9043ea699a6532f1f35351b076ec396d6e3d08002ad281
                                                      • Instruction Fuzzy Hash: 46214C72A1C781D6E774EB14E85126BB7A0FB88350F984435EACD87A98DF3CD614CB10
                                                      Function 00007FF75644E294 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: FileWrite$ConsoleErrorLastOutput
                                                      • String ID:
                                                      • API String ID: 2718003287-0
                                                      • Opcode ID: 8006df4a7e49d247def26c2c7127d35bc6642300e1a35ffac0c40609046d0867
                                                      • Instruction ID: 8024ba1eb98cfa353fc49c4da1378aac7d9a434965450ea027c65130b8d3369f
                                                      • Opcode Fuzzy Hash: 8006df4a7e49d247def26c2c7127d35bc6642300e1a35ffac0c40609046d0867
                                                      • Instruction Fuzzy Hash: 7FD1E132F18A808AE711DFB5D8406ADB7B2FB44798B888235CF5D97B99DE38D516C310
                                                      Function 00007FF75644EBBC Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF75644EBA7), ref: 00007FF75644ECD8
                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF75644EBA7), ref: 00007FF75644ED63
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: ConsoleErrorLastMode
                                                      • String ID:
                                                      • API String ID: 953036326-0
                                                      • Opcode ID: 105dd8715a37432a8ca5a6fa959f0c984e635dbff9f10a33cd2e20e3aea9f4a0
                                                      • Instruction ID: 38cdece68d9dc0c416be8419aad8e31e92f4277ef1f2acb88c8366c04b888e5a
                                                      • Opcode Fuzzy Hash: 105dd8715a37432a8ca5a6fa959f0c984e635dbff9f10a33cd2e20e3aea9f4a0
                                                      • Instruction Fuzzy Hash: 0C91F772F0865285F750EF659C816BEABA0FB44B89F9C8139DE0E57684CF38D542C720
                                                      Function 00007FF756407520 Relevance: 6.2, APIs: 4, Instructions: 185COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Concurrency::details::Decorator::getEmptyQueue::StructuredTableTypeWork
                                                      • String ID:
                                                      • API String ID: 4081100948-0
                                                      • Opcode ID: 433dcc4501cc22be7c96191e04221bbceba203970fa6bf234e56f01351b521ae
                                                      • Instruction ID: b076d77b1181f50481439db7bee1e759680ad4f6e6f367aa78e8a2a6a92db1c3
                                                      • Opcode Fuzzy Hash: 433dcc4501cc22be7c96191e04221bbceba203970fa6bf234e56f01351b521ae
                                                      • Instruction Fuzzy Hash: 8691F53261DAD585EA71AB15E8503EFA7A0FBC8790F841032DACD47BA9DE3CD640CB50
                                                      Function 00000257414278A0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                      • String ID:
                                                      • API String ID: 1168246061-0
                                                      • Opcode ID: fce11bbf2716b712929d21612f2a8f238f427733906def6abb3c40e1e27c6ea6
                                                      • Instruction ID: d06bfad9e676cbdf8263f71246bfeb9c6cde13dba97c2d328f55686332cc28ab
                                                      • Opcode Fuzzy Hash: fce11bbf2716b712929d21612f2a8f238f427733906def6abb3c40e1e27c6ea6
                                                      • Instruction Fuzzy Hash: B9417F76298F4080FB11EB1AFC58399A770F399BE6F191211EA8D677A5DF38C481C708
                                                      Function 000002574149B8E0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563116781.00000257413E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000257413E0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_257413e0000_siveria.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Handle$AddressAttributesCloseErrorFeatureFileLastModulePresentProcProcessor__std_fs_open_handle
                                                      • String ID:
                                                      • API String ID: 156590933-0
                                                      • Opcode ID: 6a84e7cc61d3f6faa1a02f0b285c9e89f06a54f244136a8e8d2e5cb925bd3053
                                                      • Instruction ID: 07c5745f04f133008a5d268826ef31d1ca1ff4290fb95229b8e66e0772e1c7ba
                                                      • Opcode Fuzzy Hash: 6a84e7cc61d3f6faa1a02f0b285c9e89f06a54f244136a8e8d2e5cb925bd3053
                                                      • Instruction Fuzzy Hash: DE11A33127CE4085EB50AB7DB8CCF3A6671D7867B2F144614FAB667AE5DA38C4408B0C
                                                      Function 00007FF756456530 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                      • String ID:
                                                      • API String ID: 2933794660-0
                                                      • Opcode ID: a6819c37be0477cab6629fe85bd40332cbc882bfc7744020e340a307dd6c19ab
                                                      • Instruction ID: 3a189eb2d49c03d008bd6e8fdee5da53a35f192f3f049d202627040109c69256
                                                      • Opcode Fuzzy Hash: a6819c37be0477cab6629fe85bd40332cbc882bfc7744020e340a307dd6c19ab
                                                      • Instruction Fuzzy Hash: 3D115E32B14F058AEB00DF61EC552BA73A4FB18758F880E31DA6D86BA4DF38D1A4C350
                                                      Function 00007FF756408830 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 356COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Mpunctstd::ios_base::width
                                                      • String ID: @
                                                      • API String ID: 1954291571-2766056989
                                                      • Opcode ID: 03687c50ff717027d4cbf97da90ce4cd140f58e9f754c6eefb8b4b0b970cbde7
                                                      • Instruction ID: 1bdf104f71b140ed4ac99858d5e5f6801ddc8df320274a7eeb44fda6aa74d88e
                                                      • Opcode Fuzzy Hash: 03687c50ff717027d4cbf97da90ce4cd140f58e9f754c6eefb8b4b0b970cbde7
                                                      • Instruction Fuzzy Hash: 45022A3260DAD585DAB0AB15E8943EFA7A1F7C8790F884132DACD47B69DE7CC645CB00
                                                      Function 00007FF75641E860 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 274COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Fence64Read
                                                      • String ID: B$e
                                                      • API String ID: 3999070443-1081078989
                                                      • Opcode ID: c5527d5727164a535ea70a8198cdfd9bb409c33ca9616b643965ae659df559ff
                                                      • Instruction ID: 44fa665b50d021e9a7bc30c888523d9ae6a3b7b24fee7b7f688f52f2aa6ad4d8
                                                      • Opcode Fuzzy Hash: c5527d5727164a535ea70a8198cdfd9bb409c33ca9616b643965ae659df559ff
                                                      • Instruction Fuzzy Hash: 40E1F0B661CBC589DAA0DB15E8903ABB7A0F788784F944126EBCD83B58DF3CD145CB50
                                                      Function 00007FF75642B990 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 265COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _Ptr_base.LIBCMTD ref: 00007FF75642BBD3
                                                        • Part of subcall function 00007FF75640B830: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF75640B84F
                                                        • Part of subcall function 00007FF75640B830: std::locale::_Getfacet.LIBCPMTD ref: 00007FF75640B87C
                                                        • Part of subcall function 00007FF7564186A0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF7564186DD
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: std::_$Fac_nodeFac_node::_GetfacetListLockitLockit::_Ptr_basestd::locale::_
                                                      • String ID: integral cannot be stored in char$x
                                                      • API String ID: 221360887-211560653
                                                      • Opcode ID: 37da2e45b0d7b3146df98e9d44cab3b08f691e1043df3819007dde9a53eafa5e
                                                      • Instruction ID: 198cb1ecc92b07a614c221d6686daf8740f55fefaf11e3ccc0c5bd15fe1cf117
                                                      • Opcode Fuzzy Hash: 37da2e45b0d7b3146df98e9d44cab3b08f691e1043df3819007dde9a53eafa5e
                                                      • Instruction Fuzzy Hash: 86E1273260CBC585D7B1AB15E8943EBBBA1F785744F884126DACC83BA9DF2DD644CB10
                                                      Function 00007FF75642C340 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _Ptr_base.LIBCMTD ref: 00007FF75642C57E
                                                        • Part of subcall function 00007FF75640B830: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF75640B84F
                                                        • Part of subcall function 00007FF75640B830: std::locale::_Getfacet.LIBCPMTD ref: 00007FF75640B87C
                                                        • Part of subcall function 00007FF7564186A0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF7564186DD
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: std::_$Fac_nodeFac_node::_GetfacetListLockitLockit::_Ptr_basestd::locale::_
                                                      • String ID: integral cannot be stored in char$x
                                                      • API String ID: 221360887-211560653
                                                      • Opcode ID: 1077f688a18f0bb061bb1737b16c4c955e09df886ced37da15a21ec57a8cb352
                                                      • Instruction ID: d42953749331030b461f6a53e4bd34df24b143938e0ee7acfa0f4559f7a6cd0d
                                                      • Opcode Fuzzy Hash: 1077f688a18f0bb061bb1737b16c4c955e09df886ced37da15a21ec57a8cb352
                                                      • Instruction Fuzzy Hash: BBE1063260CBC585D6B0EB15E8843EBB7A1F785784F984126DACD83BA9DF2DD544CB10
                                                      Function 00007FF75642D500 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _Ptr_base.LIBCMTD ref: 00007FF75642D748
                                                        • Part of subcall function 00007FF75640B830: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF75640B84F
                                                        • Part of subcall function 00007FF75640B830: std::locale::_Getfacet.LIBCPMTD ref: 00007FF75640B87C
                                                        • Part of subcall function 00007FF7564186A0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF7564186DD
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: std::_$Fac_nodeFac_node::_GetfacetListLockitLockit::_Ptr_basestd::locale::_
                                                      • String ID: integral cannot be stored in char$x
                                                      • API String ID: 221360887-211560653
                                                      • Opcode ID: 4b244738b26a5789b77ad3fd3cb99100bb612cdf3abe259f1d14dde2a12ef4b0
                                                      • Instruction ID: 918ba37e322f13d6be484864a8a914cc38aaf26460a7a2d6747049d091ef94c1
                                                      • Opcode Fuzzy Hash: 4b244738b26a5789b77ad3fd3cb99100bb612cdf3abe259f1d14dde2a12ef4b0
                                                      • Instruction Fuzzy Hash: 67E1173260CAC599E770AB15E8943EBB7A1FBC9740F844126DACC43BA9DF2CD544CB10
                                                      Function 00007FF75642DDF0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _Ptr_base.LIBCMTD ref: 00007FF75642E038
                                                        • Part of subcall function 00007FF75640B830: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF75640B84F
                                                        • Part of subcall function 00007FF75640B830: std::locale::_Getfacet.LIBCPMTD ref: 00007FF75640B87C
                                                        • Part of subcall function 00007FF7564186A0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF7564186DD
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: std::_$Fac_nodeFac_node::_GetfacetListLockitLockit::_Ptr_basestd::locale::_
                                                      • String ID: integral cannot be stored in char$x
                                                      • API String ID: 221360887-211560653
                                                      • Opcode ID: 1596abfdd457b49d8574ff87fe7b334aa10946dc342344dab65ebbd4e4ec0ae5
                                                      • Instruction ID: aca3d35c43be31991fccac7f8d535e9af8f4e9a82f6b6bc661a00101af577e03
                                                      • Opcode Fuzzy Hash: 1596abfdd457b49d8574ff87fe7b334aa10946dc342344dab65ebbd4e4ec0ae5
                                                      • Instruction Fuzzy Hash: 35E1273260CBC599D670AB15E8943EBB7A1FB89740F984126DACD43BA9DF3CD644CB10
                                                      Function 00007FF75642CC20 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _Ptr_base.LIBCMTD ref: 00007FF75642CE5E
                                                        • Part of subcall function 00007FF75640B830: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF75640B84F
                                                        • Part of subcall function 00007FF75640B830: std::locale::_Getfacet.LIBCPMTD ref: 00007FF75640B87C
                                                        • Part of subcall function 00007FF7564186A0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF7564186DD
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: std::_$Fac_nodeFac_node::_GetfacetListLockitLockit::_Ptr_basestd::locale::_
                                                      • String ID: integral cannot be stored in char$x
                                                      • API String ID: 221360887-211560653
                                                      • Opcode ID: f68e61a9b24bcdbe501b4cb4a8be31105e4a74e301578b4c8d38f57891bf8768
                                                      • Instruction ID: 5f9177fce34b2d7b964954e62c75bad2037e0b1eb92b13940166686f55c8c4a1
                                                      • Opcode Fuzzy Hash: f68e61a9b24bcdbe501b4cb4a8be31105e4a74e301578b4c8d38f57891bf8768
                                                      • Instruction Fuzzy Hash: CFE1163260CBC585E6B0AB15E8843EBB7A1F785780F984126DACD43BA9DF3DD644CB50
                                                      Function 00007FF756443E7C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: _invalid_parameter_noinfo
                                                      • String ID: .$_.,
                                                      • API String ID: 3215553584-3384562259
                                                      • Opcode ID: 5005c32137a548dfb07fd7f872a37727fbf1990c54d12e514ca1fba1ab344483
                                                      • Instruction ID: a023df576c9d7a4936a68aef0fecc1adb3deae37904dd1089f3bdc10ee98eff6
                                                      • Opcode Fuzzy Hash: 5005c32137a548dfb07fd7f872a37727fbf1990c54d12e514ca1fba1ab344483
                                                      • Instruction Fuzzy Hash: D541F721E0924245FB76BA268C432BBE2A1EF51F61FEC0631DA1D076C5DF3DEB558220
                                                      Function 00007FF7564291FF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: isnan
                                                      • String ID: nan$p
                                                      • API String ID: 3207536064-2149505255
                                                      • Opcode ID: 212ba282b589994af6719a8786fa105b4abc7be932bc5a6e8be15af795549e72
                                                      • Instruction ID: ceb7eef813bf141a305138d118b7715ca29d1a60355efc31546e3f91719e1289
                                                      • Opcode Fuzzy Hash: 212ba282b589994af6719a8786fa105b4abc7be932bc5a6e8be15af795549e72
                                                      • Instruction Fuzzy Hash: FC51A47260DBC588D6B19A16E8503EFB6A5F785740F944026CACD86B89DF3CD240CB50
                                                      Function 00007FF7564280FF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: isnan
                                                      • String ID: nan$p
                                                      • API String ID: 3207536064-2149505255
                                                      • Opcode ID: 9322a994478f8a1e71212c7b64208aeab5a97f826a7379df3ff919e47543f4b3
                                                      • Instruction ID: e46b18d590e8044e224c9e4536e0777d56a326d50de07b2039842c1a355e34cf
                                                      • Opcode Fuzzy Hash: 9322a994478f8a1e71212c7b64208aeab5a97f826a7379df3ff919e47543f4b3
                                                      • Instruction Fuzzy Hash: AC51B37260DBC588E7B19B15E8403EFB6A5F788740F984025CACD86B99DF3DD244CB60
                                                      Function 00007FF756429CFF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: isnan
                                                      • String ID: nan$p
                                                      • API String ID: 3207536064-2149505255
                                                      • Opcode ID: 9481a30ab3fd2cd97439ded438629b95f0626152fff0811fa843788489d09e16
                                                      • Instruction ID: 74fcd5e04df9977b4e4a1f1abc1977e9c7c5359357ce8530803cb23a36014f97
                                                      • Opcode Fuzzy Hash: 9481a30ab3fd2cd97439ded438629b95f0626152fff0811fa843788489d09e16
                                                      • Instruction Fuzzy Hash: 3A51A37260DBC588D6B19B15E8503EFB7A9F785780F944026CACD86B99DF7DD280CB10
                                                      Function 00007FF75644E92C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: ErrorFileLastWrite
                                                      • String ID: U
                                                      • API String ID: 442123175-4171548499
                                                      • Opcode ID: 803ea60b07f2bfd039fe1532e5b1b15e9d3e37eaacb6a5ccb339d6080fddc9c5
                                                      • Instruction ID: 2089f9f25383671ebae3057b8d55c3ce893b3a08c2f6695a9cc074bfe0a39308
                                                      • Opcode Fuzzy Hash: 803ea60b07f2bfd039fe1532e5b1b15e9d3e37eaacb6a5ccb339d6080fddc9c5
                                                      • Instruction Fuzzy Hash: 5741D672B18A8181DB60EF25E8457BAB761FB98784F884031EE8D87798EF3CD501C710
                                                      Function 00007FF7564278B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Concurrency::details::_SchedulerScheduler::_
                                                      • String ID: Invalid format string.$Missing precision specifier.
                                                      • API String ID: 2780765137-617221873
                                                      • Opcode ID: 4ca59656c3cc1c0764987cb03f835006a52b7bc3725c2088db24ddf1b17c7d77
                                                      • Instruction ID: 14f8fa12e8a62480b63a1169465e7dd5f5340775939248b4cb90411443575282
                                                      • Opcode Fuzzy Hash: 4ca59656c3cc1c0764987cb03f835006a52b7bc3725c2088db24ddf1b17c7d77
                                                      • Instruction Fuzzy Hash: 96316D2250DBC585EA50EB55E89012FF7A6FB88790F980532E6CD83B69CFBCD610CB50
                                                      Function 00007FF756427761 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Fac_nodeFac_node::_std::_
                                                      • String ID: ^$invalid fill character '{'
                                                      • API String ID: 1114552684-1467272599
                                                      • Opcode ID: 719a7894ea2433418be1f6a2a8793a54ba95e5472bef42d9267058544f7ac8f4
                                                      • Instruction ID: d6b85cac345b85152bcef31645a37bae7f6906ca99e505dcb02866554e8c9de9
                                                      • Opcode Fuzzy Hash: 719a7894ea2433418be1f6a2a8793a54ba95e5472bef42d9267058544f7ac8f4
                                                      • Instruction Fuzzy Hash: 3F21861260DBC584D671E715E88037FE751E7C9794FA81432EACD43BAACE6CD644CB10
                                                      Function 00007FF756430060 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Ptr_base
                                                      • String ID: x
                                                      • API String ID: 897191226-2363233923
                                                      • Opcode ID: a98be8c2056132d05dbec4f152304ae5764991d5042131e464acb9f7d0bc06b8
                                                      • Instruction ID: 1955b789ba6277f885d486f8ce4795eece354240b8166aa3e8f85101ffee6ebd
                                                      • Opcode Fuzzy Hash: a98be8c2056132d05dbec4f152304ae5764991d5042131e464acb9f7d0bc06b8
                                                      • Instruction Fuzzy Hash: F6313861A1C5C585FF24A715DC4013BEB70BB86BC4FA84532EA8D07A99CF2EDA44CB54
                                                      Function 00007FF7564303B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Ptr_base
                                                      • String ID: x
                                                      • API String ID: 897191226-2363233923
                                                      • Opcode ID: 9bfe9e957daf48727a13c624664f7626c2dd4fb6e28bca9134fae2d2c54b9db9
                                                      • Instruction ID: 82fb7c1c3429503ab1da3b97f6261fba4e9e7c7063705ffdf736b4a2e3b7909a
                                                      • Opcode Fuzzy Hash: 9bfe9e957daf48727a13c624664f7626c2dd4fb6e28bca9134fae2d2c54b9db9
                                                      • Instruction Fuzzy Hash: F031A851A1C6C581EB24A705DC5023BEB70FB91BC4FA84531E6CD07A99CF2DDB44CB50
                                                      Function 00007FF756430920 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: Ptr_base
                                                      • String ID: x
                                                      • API String ID: 897191226-2363233923
                                                      • Opcode ID: 7016c2d3df3c20257f2f836e6a0a8dc63c202ef464d6a10d065f226a5f5ba269
                                                      • Instruction ID: 80815f33209908b25c36cac2f1af62a16a8c18103afb76906ddc370d4329da97
                                                      • Opcode Fuzzy Hash: 7016c2d3df3c20257f2f836e6a0a8dc63c202ef464d6a10d065f226a5f5ba269
                                                      • Instruction Fuzzy Hash: BA315451B1C5C581EB24B715E84423BE7B0FB86BC4FA84532EB8D07A99CF2DDA45CB50
                                                      Function 00007FF7564577D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF75645651B), ref: 00007FF756457824
                                                      • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF75645651B), ref: 00007FF756457865
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1563649995.00007FF756401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756400000, based on PE: true
                                                      • Associated: 00000000.00000002.1563628496.00007FF756400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75646B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563707432.00007FF75671D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563859066.00007FF756729000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1563877909.00007FF75672C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff756400000_siveria.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFileHeaderRaise
                                                      • String ID: csm
                                                      • API String ID: 2573137834-1018135373
                                                      • Opcode ID: c503307943bf2825cf6e1cf168de274f8e029fc4329f5c4f3fb9745047db57ca
                                                      • Instruction ID: 31984ab9befa6e46ce9f735d6a773fe36c655b96e2486fde12aec4f0c3f2273d
                                                      • Opcode Fuzzy Hash: c503307943bf2825cf6e1cf168de274f8e029fc4329f5c4f3fb9745047db57ca
                                                      • Instruction Fuzzy Hash: 52112E32618B8182EB219F15E84026BB7E4FB98B94F984635DE8C07768DF3CD651C740